On Fri, May 05, 2017 at 01:43, Aaron LI <[email protected]> wrote:
> On Fri, May 05, 2017 at 01:16, Sepherosa Ziehau <[email protected]> wrote: > >> On Thu, May 4, 2017 at 7:44 PM, Aaron LI <[email protected]> wrote: >>> Dear Bill, >>> >>> I'm running into problems with the IPFW3, which seems to cause memory >>> leakages and lead to the "objcache(xxx): Exhausted!" warning, and >>> finally the system became unresponsive and need reset. >>> >>> On the same VPS with IPFW3 disabled, it runs rather smoothly (already a >>> week now since last reset); as for my other machine at home, it had very >>> good uptime (>100 days). >>> >>> Therefore, could you please have a look at my bug report #3032 (detailed >>> as below) when it is convenient for you? Thanks! >>> >>> ---------------------------------------- >>> >>> On the other hand, any other Dflyers ever came across such problems? >> >> Since you are not using NAT etc, could you try ipfw? > > Hi sephe, > > Thanks for the suggestion. I don't use NAT, and I will try out the > IPFW, and will report back. Hi, So, it is quiet sure that the problem is in IPFW3. Just tried IPFW (with the same rules) and after runing ~6 hours, so far so good. The network buffers usage almost keeps the same, e.g. (netstat -m): ---------------------------------------------------------------------- 20114/293376 mbufs in use (current/max): 521/17248 mbuf clusters in use (current/max) 26/8368 mbuf jumbo clusters in use (current/max) 20651 mbufs and mbuf clusters allocated to data 10 mbufs and mbuf clusters allocated to packet headers 11099 Kbytes allocated to network (6% of mb_map in use) 0 requests for memory denied 0 requests for memory delayed 0 calls to protocol drain routines ---------------------------------------------------------------------- (N.B., the first number "mbufs in use" is quiet large, which is due to the previous IPFW3 running) Also attached the IPFW statistics (ipfw show): ---------------------------------------------------------------------- 00010 0 0 allow ip from any to any via lo0 00100 0 0 check-state 00200 2957376 2517562216 allow tcp from me to any out via em0 keep-state 00201 3879493 4265072261 allow udp from me to any out via em0 keep-state 00202 0 0 allow icmp from me to any out via em0 keep-state 00301 2 112 deny ip from 172.16.0.0/12 to any in via em0 00303 0 0 deny ip from 127.0.0.0/8 to any in via em0 00304 18 5984 deny ip from 0.0.0.0/8 to any in via em0 00305 3 984 deny ip from 169.254.0.0/16 to any in via em0 00306 0 0 deny ip from 192.0.2.0/24 to any in via em0 00307 0 0 deny ip from 204.152.64.0/23 to any in via em0 00308 0 0 deny ip from 224.0.0.0/3 to any in via em0 00310 0 0 allow icmp from me to any in via em0 00315 0 0 deny tcp from any to any dst-port 113 in via em0 00320 0 0 deny tcp from any to any dst-port 137 in via em0 00321 0 0 deny tcp from any to any dst-port 138 in via em0 00322 0 0 deny tcp from any to any dst-port 139 in via em0 00323 0 0 deny tcp from any to any dst-port 81 in via em0 00332 2043 196776 deny tcp from any to any established in via em0 00500 2402 401503 allow tcp from any to me dst-port 8860 in via em0 setup keep-st ate 00510 0 0 allow tcp from any to me dst-port 80 in via em0 setup keep-state 00512 11 1115 allow tcp from any to me dst-port 8800 in via em0 setup keep-st ate 00513 15752 11562114 allow tcp from any to me dst-port 8801 in via em0 setup keep-st ate 00700 8232 7105626 allow tcp from any to me dst-port 22000 in via em0 setup keep-s tate 00701 0 0 allow udp from any to me dst-port 21027 in via em0 keep-state 00800 45171020 42787449552 allow ip from any to me dst-port 51413 in via em0 keep-state 00801 64 20351 allow tcp from 192.168.1.0/24 to me dst-port 9091 in via em0 se tup keep-state 60000 5280 673782 deny ip from any to any in via em0 65535 302 57794 deny ip from any to any ---------------------------------------------------------------------- (N.B., this machine runs transmission BT with lots of seedings, so the traffics are quite large.) Cheers, -- Aly
