Date: Tue, 29 Jan 2002 13:05:36 +0100 From: Walter Hop <walter@binity.com> To: "Patrick O'Reilly" <patrick@mip.co.za> Cc: "FreeBSD Question List" <freebsd-questions@freebsd.org> Subject: Re: ipfw and dymmynet - packets getting into tight loops, or what? (no solution) Message-ID: <4987117478.20020129130536@binity.com> In-Reply-To: <NDBBIMKICMDGDMNOOCAIOEMPEBAA.patrick@mip.co.za> References: <NDBBIMKICMDGDMNOOCAIOEMPEBAA.patrick@mip.co.za>
next in thread | previous in thread | raw e-mail | index | archive | help
[in reply to patrick@mip.co.za, 29/01/2002] > Here is part of my firewall ruleset, as shown by 'ipfw show': > ---------------------------------- > 01000 30954 18484949 divert 8660 ip from any to any via xl0 > 01000 101831 17836728 divert 8661 ip from any to any via xl1 > <snip> > 10010 50595268 38817317697 pipe 110 tcp from any to x.x.x.10 25 out xmit xl1 > 10011 1921940 103490898 pipe 110 tcp from any 25 to x.x.x.10 out xmit xl1 > 10012 2723 123257 pipe 111 tcp from x.x.x.10 25 to any in recv xl1 > 10013 383 305398 pipe 111 tcp from x.x.x.10 to any 25 in recv xl1 > ---------------------------------- > > * I'm running natd on both interfaces I suspect this is a problem with natd, as I am experiencing a very similar problem. I use natd to share my dialup connection. Now that connection tends to stall for a minute or so every few hours. In such a situation, natd cannot "output" the packet and starts looping. This creates gigabytes of traffic (which is only counted, not REALLY transmitted), while this is going on natd is using up 98% CPU. The situation becomes normal again when the connection is responsive again and natd can rewrite its packets. Maybe the ipfw pipe causes the same problem, as natd cannot transmit packets quick enough (and starts looping). Is natd using up a large percentage of your CPU as well? Could you try to do a tcpdump on the xl1 interface when it is under stress, to see which packets are going through it? Are the packets tenthousands of repetitive similar packets? If so, natd might be the source. What happens if you kill natd for a second? Does the packet flood stop? (I haven't solved this problem myself; also we might be talking about different issues, if so I apologize) -- Walter Hop <walter@binity.com> Updated contact information: http://www.binity.com/~walter/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4987117478.20020129130536>