From owner-freebsd-stable@FreeBSD.ORG Wed Feb 29 13:28:51 2012 Return-Path: Delivered-To: stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 099861065672; Wed, 29 Feb 2012 13:28:51 +0000 (UTC) (envelope-from slackbie@gmail.com) Received: from mail-yx0-f182.google.com (mail-yx0-f182.google.com [209.85.213.182]) by mx1.freebsd.org (Postfix) with ESMTP id 9CB228FC14; Wed, 29 Feb 2012 13:28:50 +0000 (UTC) Received: by yenq7 with SMTP id q7so1525998yen.13 for ; Wed, 29 Feb 2012 05:28:50 -0800 (PST) Received-SPF: pass (google.com: domain of slackbie@gmail.com designates 10.50.37.236 as permitted sender) client-ip=10.50.37.236; Authentication-Results: mr.google.com; spf=pass (google.com: domain of slackbie@gmail.com designates 10.50.37.236 as permitted sender) smtp.mail=slackbie@gmail.com; dkim=pass header.i=slackbie@gmail.com Received: from mr.google.com ([10.50.37.236]) by 10.50.37.236 with SMTP id b12mr277765igk.36.1330522129997 (num_hops = 1); Wed, 29 Feb 2012 05:28:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=H0cd2kwjZXoEWXO+7XhwLyJ1O/BJviJR1QRGu475CT0=; b=H7hR2lOLItLdDBh6Iojc+Bzjns6n6iaBoQI2APUuJ1cAv+73jRxVSOZv04akMy5wpw zjz94q8hMozOfY9y4GQJhRjqqVG/iro3TRU+wPnLiB1nEPVN4X0vwGwBYfspVYTEMmL7 qjAKb1Yf2euN75O4fGPYDE+76EUd5K2Dyg37A= MIME-Version: 1.0 Received: by 10.50.37.236 with SMTP id b12mr232181igk.36.1330522129939; Wed, 29 Feb 2012 05:28:49 -0800 (PST) Received: by 10.42.1.68 with HTTP; Wed, 29 Feb 2012 05:28:49 -0800 (PST) In-Reply-To: <20120228163740.Horde.-AvCD5jmRSRPTPTEkzY476A@webmail.leidinger.net> References: <20120221143537.Horde.deyFDZjmRSRPQ52pxBIpnLA@webmail.leidinger.net> <4F4BA707.5070608@wasikowski.net> <4F4C3FE7.3040802@FreeBSD.org> <20120228163740.Horde.-AvCD5jmRSRPTPTEkzY476A@webmail.leidinger.net> Date: Wed, 29 Feb 2012 20:28:49 +0700 Message-ID: From: "~Lst" To: Alexander Leidinger Content-Type: text/plain; charset=ISO-8859-2 Content-Transfer-Encoding: quoted-printable Cc: stable@freebsd.org, current@freebsd.org Subject: Re: [CFT] modular kernel config X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Feb 2012 13:28:51 -0000 On Tue, Feb 28, 2012 at 10:37 PM, Alexander Leidinger wrote: > Quoting ~Lst (from Tue, 28 Feb 2012 16:38:43 +0700): > >> 2012/2/28 Steve Wills : >>> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> On 02/27/12 10:53, =A3ukasz W=B1sikowski wrote: >>>> >>>> W dniu 2012-02-22 23:31, Bjoern A. Zeeb pisze: >>>> >>>>> You cannot ship that on by default for non-tecnical reasons in a >>>>> kernel. =A0Please do not commit a kernel config that can be booted >>>>> (no LINT cannot be booted) with these on without consulting >>>>> appropriate hats upfront. >>>>> >>>>> >>>>>> - ALTQ - SW_WATCHDOG - QUOTA - IPSTEALTH (disabled in >>>>>> loader.conf) - IPFIREWALL_FORWARD (touches every packet, power >>>>>> users which need a bigger PPS but not this feature can >>>>>> recompile the kernel, discussed with julian@) - FLOWTABLE >>>>>> (disabled in loader.conf) >>>>> >>>>> Which is not the same as it's not 100% disabled and will still >>>>> allocate memory. >>>> >>>> >>>> FLOWTABLE on 8.x crashed BGP routers (kern/144917). I don't know if >>>> it is fixed by now, but this kind of potential problematic features >>>> should not be enabled by default. >>>> >>> >>> Agree, I've run into problems with FLOWTABLE (with just the features >>> that were enabled by default in 8.0) when routers changed MAC >>> addresses. As far as I understand it, FLOWTABLE is both broken and >>> abandoned (but if I'm wrong, please let me know). >>> >>> So, IMHO, not only should it not be enabled by default, but given that >>> it was disabled complete in 8.x after 8.0 (too lazy to look at exactly >>> when right now), I think it shouldn't even be included, since that >>> might encourage users to try it out only to encounter problems with it. >>> >>> Steve >>> >> >> Definitely yes, I'd some problems too with FLOWTABLE running for router. >> So I have to disabled in kernel and sysctl. > > > To make sure I understand you correctly: Did you disabled it with the > sysctl/loader-tunable and everything was OK again, or did you had to remo= ve > it from the kernel config (disabling via sysctl was not enough) to resolv= e > the issue? > > I have one report where a person has issue with FLOWTABLE, but disabling = it > via the sysctl/loader-tunable was enough to address his concerns. > > Bye, > Alexander. > I had to remove it from the kernel config and in my cased disabling via sysctl was not enough to resolve the issue Rgds, -- Lasta Yani