From owner-freebsd-net@FreeBSD.ORG Mon Mar 20 17:44:10 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DDE7116A422; Mon, 20 Mar 2006 17:44:10 +0000 (UTC) (envelope-from kris@obsecurity.org) Received: from elvis.mu.org (elvis.mu.org [192.203.228.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0C4EA43D48; Mon, 20 Mar 2006 17:44:10 +0000 (GMT) (envelope-from kris@obsecurity.org) Received: from obsecurity.dyndns.org (elvis.mu.org [192.203.228.196]) by elvis.mu.org (Postfix) with ESMTP id E713E1A4D83; Mon, 20 Mar 2006 09:44:09 -0800 (PST) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 5E8CB523B5; Mon, 20 Mar 2006 12:44:09 -0500 (EST) Date: Mon, 20 Mar 2006 12:44:09 -0500 From: Kris Kennaway To: Bohuslav Plucinsky Message-ID: <20060320174409.GA72825@xor.obsecurity.org> References: <20060320131020.GI20138@in.nextra.sk> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="VbJkn9YxBvnuCH5J" Content-Disposition: inline In-Reply-To: <20060320131020.GI20138@in.nextra.sk> User-Agent: Mutt/1.4.2.1i Cc: freebsd-net@freebsd.org, freebsd-questions@freebsd.org Subject: Re: Low network performance after upgrade from FreeBSD 4.8 to 6.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Mar 2006 17:44:11 -0000 --VbJkn9YxBvnuCH5J Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Mar 20, 2006 at 02:10:20PM +0100, Bohuslav Plucinsky wrote: > The "top" utility shows 100% CPU load: What about top -S to show the kernel threads (since that's what's using 90% of your CPU)? > last pid: 771; load averages: 0.25, 0.06, 0.02 = up 0+00:24:30 14:08:32 > 27 processes: 2 running, 25 sleeping > CPU states: 8.8% user, 0.0% nice, 59.6% system, 31.6% interrupt, 0.0% = idle > Mem: 16M Active, 4752K Inact, 11M Wired, 8144K Buf, 22M Free > Swap: 500M Total, 500M Free >=20 > PID USERNAME THR PRI NICE SIZE RES STATE TIME WCPU COMMAND > 229 root 1 105 0 1428K 904K RUN 0:35 40.82% natd > options MROUTING # Multicast routing Do you actually use this? > options IPFIREWALL #firewall > options IPFIREWALL_VERBOSE #print information about dropped = packets > options IPFIREWALL_FORWARD #enable transparent proxy support > options IPFIREWALL_FORWARD_EXTENDED #all packet dest changes > options IPSTEALTH #support for stealth forwarding > options IPDIVERT #divert sockets > options TCPDEBUG > options IPSEC_DEBUG #debug for IP security Why do you define the DEBUG settings? They'll only slow you down, but it's probably not the main reason. > options DUMMYNET > options TCP_DROP_SYNFIN #drop TCP packets with SYN+FIN > options INCLUDE_CONFIG_FILE # Include this file in kernel > options IPSEC #IP security > options IPSEC_ESP #IP security (crypto; define w/ IPSEC) Better to use fast ipsec unless you have a need for ipv6. Kris --VbJkn9YxBvnuCH5J Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (FreeBSD) iD8DBQFEHunoWry0BWjoQKURAh/QAJ9gQ75cJtVYKT32JWNGFp3QPZ5avQCeKN93 z7V8NsEPmJ0cYOsOXdkWTCw= =4d52 -----END PGP SIGNATURE----- --VbJkn9YxBvnuCH5J--