Re: BPF problems on FreeBSD 7.0
Robin Sommer wrote: Hi all, we're seeing some strange effects with our libpcap-based application (the Bro network intrusion detection system) on a FreeBSD 7-RELEASE system. As the application has always been running fine on 6.x, we're wondering whether this might be triggered by any of the changes that went into 7. ... I'm wondering whether anybody here has seen something similar or might have an idea where to start looking for the cause. Any ideas? One place to start might be: netstat -B output in 7.x (I *think* this got MFCed), this will let us see what the drop count is for the Bro process, and what the flags are for the open BPF descriptors in the system. I'm not hot on current BPF internals, but I hazard a guess this is related to BPF descriptor buffering -- an area where there have been changes, some of which I've eyeballed. cheers BMS ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: BPF problems on FreeBSD 7.0
On Mon, Jul 14, 2008 at 14:44 +0100, Bruce M. Simpson wrote: > One place to start might be: netstat -B output in 7.x (I *think* this got > MFCed), this will let us see what the drop count is for the Bro process, > and what the flags are for the open BPF descriptors in the system. Thanks for the suggestion. Here's the netstat -B output at the time it has stalled (after about 6 hours of working normally): Pid Netif Flags Recv Drop Match Sblen Hblen Command 14557 nxge0 p--s--- 2162189525 32514465 42815457 4194248 4194258 bro Top shows: PID USERNAME THR PRI NICE SIZERES STATE C TIME WCPU COMMAND 14557 bro1 -580272M 267M5 25:53 0.00% bro A few minutes after starting the process, when Bro was still working fine, a netstat -B output was: # netstat -B Pid Netif Flags Recv Drop Match Sblen Hblen Command 14557 nxge0 p--s--- 4779235 0 94967 0 0 bro Thanks, Robin -- Robin Sommer * Phone +1 (510) 666-2886 * [EMAIL PROTECTED] ICSI/LBNL* Fax +1 (510) 666-2956 * www.icir.org ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: BPF problems on FreeBSD 7.0
Robin Sommer wrote: On Mon, Jul 14, 2008 at 14:44 +0100, Bruce M. Simpson wrote: One place to start might be: netstat -B output in 7.x (I *think* this got MFCed), this will let us see what the drop count is for the Bro process, and what the flags are for the open BPF descriptors in the system. Thanks for the suggestion. Here's the netstat -B output at the time it has stalled (after about 6 hours of working normally): Pid Netif Flags Recv Drop Match Sblen Hblen Command 14557 nxge0 p--s--- 2162189525 32514465 42815457 4194248 4194258 br the Recv number is JUST past 2^31. at your rate of receiving packets, it passed that value about 2 minutes before this snapshot was taken.. Top shows: PID USERNAME THR PRI NICE SIZERES STATE C TIME WCPU COMMAND 14557 bro1 -580272M 267M5 25:53 0.00% bro A few minutes after starting the process, when Bro was still working fine, a netstat -B output was: # netstat -B Pid Netif Flags Recv Drop Match Sblen Hblen Command 14557 nxge0 p--s--- 4779235 0 94967 0 0 bro Thanks, Robin ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: BPF problems on FreeBSD 7.0
On Tue, Jul 15, 2008 at 14:25 -0700, you wrote: >> Thanks for the suggestion. Here's the netstat -B output at the time >> it has stalled (after about 6 hours of working normally): [...] > at your rate of receiving packets, it passed that value about > 2 minutes before this snapshot was taken.. Sorry, I wasn't precise: the process stalled after about 6 hours but the netstat output is actually from much later (the next day in fact, because it stalled latet a night) when it was still in that state. Robin -- Robin Sommer * Phone +1 (510) 666-2886 * [EMAIL PROTECTED] ICSI/LBNL* Fax +1 (510) 666-2956 * www.icir.org ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
