Date: Fri, 20 May 2016 16:27:40 +0300 From: Max <maximos@als.nnov.ru> To: freebsd-pf@FreeBSD.org Subject: Re: fragments processing Message-ID: <856294d7-a71c-811b-cc3e-31b81af2d79c@als.nnov.ru> In-Reply-To: <0ED6BC86-1DDF-4C80-9C05-6ED19049AB92@FreeBSD.org> References: <93ccf602-31d6-fe36-4ccc-96ab1a1e2cc1@als.nnov.ru> <0ED6BC86-1DDF-4C80-9C05-6ED19049AB92@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello, Kristof. 20.05.2016 11:53, Kristof Provost пишет: > Hi Max, > > > On 19 May 2016, at 19:49, Max wrote: >> The number of used frags (almost) never decreases. I don't have >> enough experience in programming. But I guess that the problem may be >> in "frag->fr_timeout = time_second;" in pf_fillup_fragment() >> (pf_norm.c). It should be "frag->fr_timeout = time_uptime;". >> Actually, I don't now the difference between those variables. So, >> correct me if I'm wrong. >> > I think you’re right. If I’m reading the code right time_second is > unix time, > but time_uptime is the number of seconds the system has been up. > > Either one should work, but we have to be consistent. > The rest of the code seems to use time_uptime, so this untested patch > should fix your problem. > > diff --git a/sys/netpfil/pf/pf_norm.c b/sys/netpfil/pf/pf_norm.c > index a2841a2..dbc8818 100644 > --- a/sys/netpfil/pf/pf_norm.c > +++ b/sys/netpfil/pf/pf_norm.c > @@ -374,7 +374,7 @@ pf_fillup_fragment(struct pf_fragment_cmp *key, > struct pf_frent *frent, > } > > *(struct pf_fragment_cmp *)frag = *key; > - frag->fr_timeout = time_second; > + frag->fr_timeout = time_uptime; > frag->fr_maxlen = frent->fe_len; > TAILQ_INIT(&frag->fr_queue); > I rebuilt the kernel. It seems the problem is gone. >> P.P.S. I confirm the bug >> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201519. > > It’s on my list, but unfortunately it’s a very long list. I'll wait for the patch. Thank you. > > Regards, > Kristof Here are some statistics: # sh -c "while true ; do date; { vmstat -z; pfctl -si; } | sed -n '1p;/frag/p'; echo; sleep 5; done" Fri May 20 13:07:11 MSK 2016 ITEM SIZE LIMIT USED FREE REQ FAIL SLEEP pf frags: 120, 0, 0, 132, 71, 0, 0 pf frag entries: 40, 5000, 0, 600, 147, 0, 0 fragment 4 0.0/s ... Fri May 20 16:07:16 MSK 2016 ITEM SIZE LIMIT USED FREE REQ FAIL SLEEP pf frags: 120, 0, 0, 132, 761, 0, 0 pf frag entries: 40, 5000, 0, 600, 1531, 0, 0 fragment 4 0.0/s Fri May 20 16:07:21 MSK 2016 ITEM SIZE LIMIT USED FREE REQ FAIL SLEEP pf frags: 120, 0, 1, 131, 771, 0, 0 pf frag entries: 40, 5000, 1, 599, 1551, 0, 0 fragment 5 0.0/s ... Fri May 20 16:07:56 MSK 2016 ITEM SIZE LIMIT USED FREE REQ FAIL SLEEP pf frags: 120, 0, 1, 131, 771, 0, 0 pf frag entries: 40, 5000, 1, 599, 1551, 0, 0 fragment 5 0.0/s Fri May 20 16:08:01 MSK 2016 ITEM SIZE LIMIT USED FREE REQ FAIL SLEEP pf frags: 120, 0, 0, 132, 771, 0, 0 pf frag entries: 40, 5000, 0, 600, 1551, 0, 0 fragment 5 0.0/s ... Fri May 20 16:11:12 MSK 2016 ITEM SIZE LIMIT USED FREE REQ FAIL SLEEP pf frags: 120, 0, 0, 132, 771, 0, 0 pf frag entries: 40, 5000, 0, 600, 1551, 0, 0 fragment 5 0.0/s Fri May 20 16:11:17 MSK 2016 ITEM SIZE LIMIT USED FREE REQ FAIL SLEEP pf frags: 120, 0, 1, 131, 781, 0, 0 pf frag entries: 40, 5000, 1, 599, 1571, 0, 0 fragment 6 0.0/s ... Fri May 20 16:11:42 MSK 2016 ITEM SIZE LIMIT USED FREE REQ FAIL SLEEP pf frags: 120, 0, 1, 131, 781, 0, 0 pf frag entries: 40, 5000, 1, 599, 1571, 0, 0 fragment 6 0.0/s Fri May 20 16:11:47 MSK 2016 ITEM SIZE LIMIT USED FREE REQ FAIL SLEEP pf frags: 120, 0, 0, 132, 781, 0, 0 pf frag entries: 40, 5000, 0, 600, 1571, 0, 0 fragment 6 0.0/s
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?856294d7-a71c-811b-cc3e-31b81af2d79c>