[ previous ] [ next ] [ threads ]
 
 From:  JP Vossen <jp at jpsdomain dot org>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  All mbuf clusters exhausted (a solution for setting kern.ipc.nmbclusters)
 Date:  Fri, 03 Aug 2007 03:54:07 -0400
I few weeks ago I started noticing "All mbuf clusters exhausted, please 
see tuning(7)" messages from my generic-pc v1.231 M0n0wall.  I found:
	http://m0n0.ch/wall/list/showmsg.php?id=41/20
	http://m0n0.ch/wall/list/showmsg.php?id=41/67
	http://doc.m0n0.ch/handbook/faq-high-performance-tweaks.html
	http://www.google.com/search?q=nmbclusters+site:m0n0.ch

The CD solution in "id=41/67" doesn't quite apply since I'm using the PC 
image, not the CD.  I have not noticed any actual problems with the FW, 
but the message doesn't make me happy.  I don't have any worms on the 
LAN but do have some P2P which I suspect is the culprit.

After quite a lot of poking around this and trying some blind alleys [1] 
I came up with the following solution.

NOTE: this will need to be re-applied at every image upgrade (unless the 
default goes up or the GUI allows you to change this)!  I added a note 
about that to my config file too.


Adapted from http://m0n0.ch/wall/list/showmsg.php?id=174/51 and 
http://m0n0.ch/wall/list/showmsg.php?id=174/45.
Do the following four steps in exec.php.  The third one is for 
verification only.  (Four lines only, watch out if your mail client 
wraps a line.)

line	exec.php command
----	----------------
1	mount -u -o rw /cf
2	echo -e "set kern.ipc.nmbclusters=4800\n`cat /cf/boot/loader.rc`" > 
/cf/boot/loader.rc
3	cat /cf/boot/loader.rc
4	mount -u -o ro /cf


ORIGINAL file:
	$ cat /cf/boot/loader.rc
	set hw.ata.atapi_dma="0"
	set hw.ata.ata_dma="0"
	load /kernel
	load -t mfs_root /mfsroot
	boot

NEW file:
	$ cat /cf/boot/loader.rc
	set kern.ipc.nmbclusters=4800
	set hw.ata.atapi_dma="0"
	set hw.ata.ata_dma="0"
	load /kernel
	load -t mfs_root /mfsroot
	boot

BEFORE:
	$ sysctl kern.ipc.nmbclusters
	kern.ipc.nmbclusters: 1408

	$ netstat -m
	1271/1936/5632 mbufs in use (current/peak/max):
		1266 mbufs allocated to data
		5 mbufs allocated to packet headers
	1259/1408/1408 mbuf clusters in use (current/peak/max)
	3300 Kbytes allocated to network (78% of mb_map in use)
	49879 requests for memory denied
	0 requests for memory delayed
	0 calls to protocol drain routines

AFTER [required a reboot]:
	$ sysctl kern.ipc.nmbclusters
	kern.ipc.nmbclusters: 4800

	$ netstat -m
	1359/1408/19200 mbufs in use (current/peak/max):
		1354 mbufs allocated to data
		5 mbufs allocated to packet headers
	1337/1370/4800 mbuf clusters in use (current/peak/max)
	3092 Kbytes allocated to network (21% of mb_map in use)
	0 requests for memory denied
	0 requests for memory delayed
	0 calls to protocol drain routines


I'm quite pleased with my solution for prepending the necessary line to 
the /cf/boot/loader.rc file, even if I do say so myself.  Good thing it 
didn't need to be in the middle. :-)

Hope this is useful,
JP

[1] If this had worked I'd have added it to a <shellcmd> in the config 
file (http://m0n0.ch/wall/list/showmsg.php?id=135/62); exec.php:
	$ sysctl -w kern.ipc.nmbclusters=4800
	sysctl: oid 'kern.ipc.nmbclusters' is read only
----------------------------|:::======|-------------------------------
JP Vossen, CISSP            |:::======|        jp{at}jpsdomain{dot}org
My Account, My Opinions     |=========|      http://www.jpsdomain.org/
----------------------------|=========|-------------------------------
Microsoft has single-handedly nullified Moore's Law.
Innate design flaws of Windows make a personal firewall, anti-virus
and anti-malware software mandatory. The resulting software arms race
has effectively flattened Moore's Law on hardware running Windows.