Re: [m0n0wall] 1.3.b11 lockups

From:	Manuel Kasper <mk at neon1 dot net>
To:	waa dash m0n0wall at revpol dot com
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] 1.3.b11 lockups
Date:	Fri, 16 May 2008 19:28:59 +0200

On 16.05.2008, at 19:05, mtnbkr wrote:

> I have seen not lockups, but random kernel panics and reboots on  
> both the WRAP and a new ALIX 3 port... Same site, same config same  
> issues.
>
> In my case it appeared that the state table might have been getting  
> overrun - if memory serves me.
>
> I had a serial cable connected to the serial port, and at the same  
> time the m0n0wall stopped logging to my remote syslog server I had  
> seen errors on the serial console - followed by kernel panic and  
> followed shortly by reboot.
>
> Perhaps your issue, like mine is less ALIX-specific and more  
> "FreeBSD plus your site specific traffic" related.
>
> Manuel?   Your thoughts - on my past post regarding these errors and  
> reboots?

Reading your post from Mar 19, I get the impression that your issue  
doesn't have much if anything to do with the lockups that Luke is  
reporting. Instead, for some reason, your system keeps running out of  
memory for the kernel. Perhaps there's a memory leak somewhere (in  
ipfilter?), but I also wonder why your log messages seem to indicate  
that you have over 20000 concurrent connections at times. Could be  
heavy P2P usage or something similar, though.

Some "vmstat -m" output, generated after the firewall has seen some  
heavy use for a while, could give us a pointer in the right  
direction... Also, "ipfstat -s" output would be interesting. Try this:

1. Download vmstat binary and libraries (compiled for m0n0wall 1.3b11)  
here:

    http://m0n0.ch/wall/downloads-local/vmstat-1.3b11/

2. Go to http://m0n0wall/exec.php, upload vmstat and both libraries

3. run "mv /tmp/*.so* /lib"

4. run "chmod +x /tmp/vmstat"

5. run "/tmp/vmstat -m"

6. run "ipfstat -s"

6. Post output of both commands to mailing list

Thanks,

Manuel