Hi,
I've been using my little OpenBSD box as a router since 3.2 and
never had any trouble. I use it to share the net within our 5
appartments building. Recently I found that my internet was having
trouble, long delay opening web pages, lots of lost connectoin,
horrible ping times and such. After investigating, I discovered that
one of "my" user started to use P2P application. Looks like my router
really doesn't like it, it gives me a lot of "sendto: Buffer space not
available", but only when that user has mldonkey running. I've been
trying many things: upgraded from 3.4 to 3.7-current and now to 3.8
(from snapshots), tried multiple NICs combination: 3c905c+3c905b, 2x
3c905b, 3c905b+Intel 82558, 2x Intel 82558. The 3c905b+Intel82558 had
the same trouble, but after 3 days it seemed to "stabilize", after
rebooting, 3 days where it has trouble before it seems to stabilize
again. Anyway, if anyone has any hint, i'll be glad to try.
Here is some info on the system:
--------------- DMESG ---------------
OpenBSD 3.8 (GENERIC) #131: Mon Aug 29 23:36:59 MDT 2005
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium Pro ("GenuineIntel" 686-class, 256KB L2 cache) 199 MHz
cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV
real mem = 133799936 (130664K)
avail mem = 115474432 (112768K)
using 1658 buffers containing 6791168 bytes (6632K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(54) BIOS, date 02/12/97, BIOS32 rev. 0 @ 0xf7aa0
pcibios0 at bios0: rev 2.1 @ 0xf0000/0x67c
pcibios0: PCI BIOS has 5 Interrupt Routing table entries
pcibios0: PCI Interrupt Router at 000:01:0 ("Intel 82371SB ISA" rev 0x00)
pcibios0: PCI bus #0 is the last bus
bios0: ROM list: 0xc0000/0x8000 0xc8000/0x800 0xcc000/0x800
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 "Intel 82441FX" rev 0x02
pcib0 at pci0 dev 1 function 0 "Intel 82371SB ISA" rev 0x01
pciide0 at pci0 dev 1 function 1 "Intel 82371SB IDE" rev 0x00: DMA,
channel 0 wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: <QUANTUM FIREBALL ST2.5A>
wd0: 16-sector PIO, LBA, 2445MB, 5008752 sectors
wd0(pciide0:0:0): using PIO mode 4, DMA mode 2
pciide0: channel 1 ignored (disabled)
fxp0 at pci0 dev 10 function 0 "Intel 82557" rev 0x05, i82558: irq 10,
address 00:04:ac:58:ce:0d
inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 0
vga1 at pci0 dev 12 function 0 "Cirrus Logic CL-GD5434-8" rev 0x26
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
fxp1 at pci0 dev 13 function 0 "Intel 82557" rev 0x05, i82558: irq 12,
address 00:04:ac:d8:d7:7f
inphy1 at fxp1 phy 1: i82555 10/100 PHY, rev. 0
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: <PC speaker>
spkr0 at pcppi0
sysbeep0 at pcppi0
npx0 at isa0 port 0xf0/16: using exception 16
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
biomask ebfd netmask fffd ttymask ffff
pctr: 686-class user-level performance counters enabled
mtrr: Pentium Pro MTRR support
dkcsum: wd0 matches BIOS drive 0x80
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302
--------------- DMESG ---------------
There is almost nothing running on it except ppp, ssh and pf for
packet filtering.
Here is my pf.conf (i've changed the IP addresses and there is no NAT
since i have a /28 subnet):
# pf.conf
# OpenBSD Packet Filter configuration
#
############### MACROS
# Interface
EXTIF="tun0"
INTIF="fxp1"
# IP addresses
ROUTER="1.2.3.145/32"
APP1="1.2.3.146/32"
APP2="1.2.3.147/32"
APP3="1.2.3.148/32"
APP4="1.2.3.149/32"
ME="1.2.3.150/32"
# Network
INTNET="1.2.3.144/28"
# Services
METCP="{ 113, 61536, 1000><1050, 3389 }"
MEUDP="{ 61536 }"
APP3TCP="{ 8662 }"
APP3UDP="{ 8666 }"
############### TABLES
table <noroute> const { 10/8, 172.16/12, 192.168/16, 127/8 }
table <nologblock> const { }
############### OPTIONS
set loginterface $EXTIF
set optimization normal
set block-policy drop
set require-order yes
set fingerprints "/etc/pf.os"
############### TRAFFIC NORMALIZATION
scrub in on $EXTIF all fragment reassemble
scrub out on $EXTIF all random-id
############### QUEUING
altq on $EXTIF priq bandwidth 650Kb queue { q_pri, q_def }
queue q_pri priority 7
queue q_def priority 1 priq(default)
############### PACKET FILTERING
# General
block in log all
pass out all modulate state
pass in on lo0 from 127.0.0.1/32 to 127.0.0.1/32
pass out on lo0 from 127.0.0.1/32 to 127.0.0.1/32
block in log quick on $EXTIF proto tcp all flags FUP/FUP
# EXTIF
pass in quick on $EXTIF proto tcp from any to $ME port $METCP flags
S/SA modulate state
pass in quick on $EXTIF proto udp from any to $ME port $MEUDP keep state
pass in quick on $EXTIF proto tcp from any to $APP3 port $APP3TCP
flags S/SA modulate state
pass in quick on $EXTIF proto udp from any to $APP3 port $APP3UDP keep state
pass in quick on $EXTIF inet proto tcp from any to $ROUTER port 22
flags S/SA modulate state
block out quick on $EXTIF from any to <noroute>
pass out on $EXTIF proto tcp from $EXTIF to any flags S/SA modulate
state queue (q_def, q_pri)
# End of pf.conf
# netstat -m (With mldonkey running)
220 mbufs in use:
215 mbufs allocated to data
2 mbufs allocated to packet headers
3 mbufs allocated to socket names and addresses
204/270/6144 mbuf clusters in use (current/peak/max)
620 Kbytes allocated to network (74% in use)
0 requests for memory denied
0 requests for memory delayed
0 calls to protocol drain routines
Also, systat vmstat show an average 600 (1200 for each fxp(0-1))
interrupts and around 250-300 (25-50 for each fxp(0-1)) when mldonkey
not running. Is 200 interrupts for each card a little bit high? I
really don't know what would be a "good" average...
Thanks!
