>>>>> "Lars" == Lars Kotthoff <li...@larsko.org> writes:
Lars> Just to say that I've been having the same problem with a
Lars> Soekris board since about 4.4. I haven't figured out what's
Lars> going on, but strangely the problem is getting better with
Lars> time (i.e. the rate at which mbufs are allocated decreases).
Lars> I *think* that it was fine in 4.3 (though I never run the
Lars> machine for any length of time with that kernel), so you could
Lars> try that if you want to investigate.
Lars> I haven't been able to establish a correlation between
Lars> allocated mbufs and (network) load either.
Lars> The "solution" for me so far has been to keep a watchful eye
Lars> and reboot the machine once too much memory is used, combined
Lars> with a watchdog and monit to reboot the machine automatically
Lars> if it becomes unresponsive.
I've had a similar issue in the past (see PR kernel/6380). First a
small amount of background, I'm using an Alix 3d3 to act as a
bridging firewall.
ISP <--> vr2 <--> Bridge0 + PF <--> vr1 <--> MyHost
With this setup, if PF was enabled, or disabled, I would leak 2k sized
mbufs at a roughly linear rate, causing the system to become
non-responsive after it could not allocate more mbufs. Raising the
limit on mbufs would prolong the hang, and raised high enough the
machine would hang when it ran off the end of memory.
I eventually found a way to mitigate this by filtering the MAC's seen
through the bridge. This isn't a fix to the real problem, just a
bandaid that seems to fit. Basically I only allow packets written with
the MAC for MyHost on the bridge with the following in
/etc/hostname.bridge0:
add vr2
add vr1
rule pass in on vr1 src 88:88:88:88:88:88 tag extbr
rule pass out on vr1 dst 88:88:88:88:88:88 tag extbr
rule block on vr1
up
This keeps my inside machine from having to see the ISP's usual
background packets (arp spam, etc). With these filters in place the
firewall has been stable and non-leaking for > 100 days.
I don't understand the link between this filtering and the memory leaks
that are seen without it (I started to go through the code, but so far
RealLife(TM) has kept me from completely getting my head around it).
Anyways, I don't know if this will be at all applicable for what you are
seeing, but hopefully it's a nudge in the right direction.
--
Chris
