On Friday, February 24, 2017 at 1:16:55 PM UTC, Foppe de Haan wrote:
> On Tuesday, February 7, 2017 at 6:22:53 PM UTC+1, Thomas Leonard wrote:
> > On Tuesday, February 7, 2017 at 4:51:06 PM UTC, Foppe de Haan wrote:
> > > On Tuesday, February 7, 2017 at 5:24:58 PM UTC+1, Thomas Leonard wrote:
> > > > On Tuesday, February 7, 2017 at 3:55:30 PM UTC, Foppe de Haan wrote:
> > > > > Anyone else tried to use MirageOS i.c.w. a torrent client? I've 
> > > > > allocated 60mb ram, but it crashes within 2-8 hours here, which is 
> > > > > kind of disappointing.
> > > > 
> > > > Do the logs show an out-of-memory error when that happens? I haven't 
> > > > seen one for a long time now, but maybe torrents stress it more than 
> > > > usual.
> > > > 
> > > > If so, it could be https://github.com/yomimono/mirage-nat/issues/17 - 
> > > > there's a Mirage hackathon next month and I'm hoping to get some time 
> > > > to work on this there.
> > > 
> > > Yes. "Fatal error: out or memory. Mirage exiting with status 2"
> > 
> > By the way, what version of the firewall are you using?
> > If it's not qubes-mirage-firewall v0.2 then try upgrading first - there 
> > were lots of OOM problems in v0.1.
> > 
> > > That said, 2 minutes earlier the log notes that memory use was still only 
> > > at 16.7/38.2 MB.
> > 
> > The annoying thing about hashtables is the way they suddenly double in 
> > size. Since you're allocating 60 MB to the firewall (I only use 20 MB for 
> > mine), you could try adjusting the thresholds at these two lines:
> > 
> > https://github.com/talex5/qubes-mirage-firewall/blob/master/memory_pressure.ml#L41
> > https://github.com/talex5/qubes-mirage-firewall/blob/master/memory_pressure.ml#L47
> > 
> > Change the 0.9 (allow 90% of memory to be used) to 0.4 in both places. If 
> > the NAT table is the cause, that should make the problem go away.
> > 
> > > (Most of the log -- 90-95% -- consists of 'Failed to parse frame' 
> > > messages, btw.)
> > 
> > "Failed to parse frame" probably means it saw an ICMP (not TCP or UDP) 
> > packet and therefore didn't handle it. Another thing I'm hoping to fix 
> > soon... https://github.com/yomimono/mirage-nat/issues/15
> 
> It looks stable now (uptime 3-4 days since last reboot, whereas before it 
> only lasted ~8h max).

Thanks for the report! I've now made some updates to the firewall:

- It now uses an LRU-cache to drop old entries, rather than growing until it 
runs out of memory.

- ICMP queries (e.g. ping) and errors (e.g. Host unreachable) now work (they 
were dropped before).

- I've ported it to the new Mirage 3 release.

There are quite a lot of changes, so I'd be happy to get reports about whether 
it works or not (I've just started running the new version on my laptop).

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/61f88c78-9442-435a-bed6-5f63e033bb6d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to