On Sun, Jul 22, 2012 at 1:48 PM, C Anthony Risinger <[email protected]> wrote:
> On Tue, Jul 17, 2012 at 8:10 PM, Michael Rash <[email protected]>
> wrote:
> > On Sun, Jul 15, 2012 at 7:17 PM, C Anthony Risinger <[email protected]>
> wrote:
> >>
> >> ... this server is almost 100% idle right now (in fact, Linode panel
> >> shows less than 1MiB *total* traffic in 5 days ... couple ssh sessions
> >> only). fwknopd uses a consistent 0.3-0.9% CPU at all times,
> >> interrupting frequently. same results on ARMv7 pandaboard. strace
> >> shows rapid nanosleep() + poll() loop:
> >>
> >> [...]
> >> nanosleep({0, 10000000}, NULL) = 0
> >> poll([{fd=4, events=POLLIN}], 1, 0) = 0 (Timeout)
> >> nanosleep({0, 10000000}, NULL) = 0
> >> poll([{fd=4, events=POLLIN}], 1, 0) = 0 (Timeout)
> >> nanosleep({0, 10000000}, NULL) = 0
> >> poll([{fd=4, events=POLLIN}], 1, 0) = 0 (Timeout)
> >> [...]
> >>
> >> ... how can this be remedied? bleh, i also had a related questions
> >> but it's escaping me for now ...
> >>
> >
> > In the fwknop-2.0 release there are two configuration variables in the
> > /etc/fwknop/fwknopd.conf file that control how long fwknopd sleeps in the
> > packet acquisition loop (PCAP_LOOP_SLEEP) and how many packets are
> processed
> > for each loop iteration (PCAP_DISPATCH_COUNT). By default,
> PCAP_LOOP_SLEEP
> > is set to 10,000 microseconds, or 1/10th of a second, and the
> > PCAP_DISPATCH_COUNT is set to zero meaning all packets seen in the
> interval
> > (some older versions of libpcap don't accept zero here and would expect
> some
> > other positive integer).
> >
> > I'd say that the PCAP_LOOP_SLEEP variable should be increased on your
> > system. On my system, I can get fwknopd to consume a lot of CPU if I
> reduce
> > PCAP_LOOP_SLEEP. Perhaps the default should be, say, closer to 1/3rd of
> a
> > second or something though.
>
> i think we might have the decimal in the wrong place here :-)
>
> i microsecond == 1 millionth of a second ... default 10,000
> microsecond PCAP_LOOP_SLEEP therefore equates to a 100hz loop, not
> 10hz.
>
> empirical evidence seem to support this:
>
> # sudo timeout 10s strace -p `pgrep fwknop` |& grep Timeout | wc -l
> 948
>
>
Thanks for catching this. I've fixed it (to a true 1/10th of a second) in
the fwknop-2.0.1 release and added you the credits.
--Mike
> ... so i'm simply strace'ing and counting the number of timeouts. in
> 10 seconds i'm seeing almost 1000 timeouts, ie. ~100
> timeouts-per-second.
>
> i bumped this to a full second at it seems to work just a s well.
>
> thanks Michael!
>
> --
>
> C Anthony
>
--
Michael Rash | Founder
http://www.cipherdyne.org/
Key fingerprint = 53EA 13EA 472E 3771 894F AC69 95D8 5D6B A742 839F
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Fwknop-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
