Date: Sun, 27 May 2001 16:25:34 -0500 From: Bill Fumerola <billf@mu.org> To: Pekka Savola <pekkas@netcore.fi> Cc: freebsd-bugs@FreeBSD.org Subject: Re: kern/27661: >1000 ipfw rules and heavy traffic crash the system Message-ID: <20010527162534.J37979@elvis.mu.org> In-Reply-To: <Pine.LNX.4.33.0105272307350.25129-100000@netcore.fi>; from pekkas@netcore.fi on Sun, May 27, 2001 at 11:23:18PM %2B0300 References: <20010527135954.F37979@elvis.mu.org> <Pine.LNX.4.33.0105272307350.25129-100000@netcore.fi>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, May 27, 2001 at 11:23:18PM +0300, Pekka Savola wrote:
> On Sun, 27 May 2001, Bill Fumerola wrote:
> > On Sat, May 26, 2001 at 11:20:02PM -0700, Pekka Savola wrote:
> >
> > > Subject: Re: kern/27661: >1000 ipfw rules and heavy traffic crash the system
> >
> > I've put 3000 non-matching (and counting+matching) rules on systems
> > while pushing max traffic before without locking up.
>
> I'm sure you're talking about serious traffic here, countable in
> dozens of megabits, as this appears to be a requirement in this scenario.
At one point, two machines chatting over gig-E, at another point using lo0.
All of my tests were done with [n]ttcp.
> > Please compile a non-SMP kernel and see if you have better luck.
> >
> > Also, try and push the traffic over lo0 and see if that makes a
> > difference.
>
> This may not have been the problem; when debugging this, I had found out
> the problem with ipfw traffic limiting (hard freezing) too (see the 5 May
> thread on -stable mentioned in previous mail). The freezing continued
> without SMP on. For the death of me I can't remember whether it was
> traffic limiter or huge number of rules that caused the crashes on UP
> system (at that time I didn't know _what_ was causing them anyway).
>
> Unfortunately, this is a production system, and there's pretty little
> amount of testing I can do; especially as soft freezes by >1000 rules seem
> to create a lot of FS inconsistancies as a byproduct when booting,
> always requiring rather painful restoration of some files from the
> backups.
So its not happening anymore? You can afford for the production
machine to go down randomly when it hits enough traffic but not
in a controlled environment (or did you just shorten/simplify your
ruleset)?
In any event, until I get a scenario in which I (or someone else) can
reproduce this (and I've done my tests with SMP w/o trouble, it was just
a hunch), I have nothing more to say regarding this bug.
--
Bill Fumerola - security yahoo / Yahoo! inc.
- fumerola@yahoo-inc.com / billf@FreeBSD.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010527162534.J37979>