kern/119839: ng_netflow can consume large sums of memory if export hook isn't connected

Louis Mamakos louie at transsys.com
Sun Jan 20 21:10:01 UTC 2008 

>Number:         119839
>Category:       kern
>Synopsis:       ng_netflow can consume large sums of memory if export hook isn't connected
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          doc-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Jan 20 21:10:01 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator:     Louis Mamakos
>Release:        FreeBSD 6.2-STABLE i386
>Organization:
Serendipity scheduling and management
>Environment:
System: FreeBSD ringworld.transsys.com 6.2-STABLE FreeBSD 6.2-STABLE #9: Sat Feb 24 13:13:48 EST 2007 louie at ringworld.transsys.com:/data/obj.usr/src/sys/SMP i386

Dell 2550, RELENG_6 from some time ago, i386

Also observed on: FreeBSD 6.3-PRERELEASE (NET4801) #1: Wed Dec 12 21:33:26 EST 2007,
soekris 5501, i386

>Description:
	Using the ng_netflow netgraph module to monitor interesting flows through a FreeBSD based
	router using flowctl(8).  Notice after a while, the number of entries grow without apparent
	bound.  One on system, I observed more than 55,000 entries.

	The problem is that the code that periodically runs through the entries to expire them is
	never started unless the export hook is connected to something.  In my case, it was easy
	to simply connect it to the ng_hole netgraph module to discard the flow export and have
	the expiration callout started.

>How-To-Repeat:
	Configure netflow, don't connect anything to the export hook.

  ngctl mkpeer ipfw: netflow 10 iface0
  ngctl name   ipfw:10 catchall 

  ngctl msg catchall: setdlt { iface=0 dlt=12 } 
  ngctl msg catchall: settimeouts { inactive=3 active=300 } 


>Fix:

Do this:

  ngctl mkpeer catchall: hole export sink
  ngctl name   catchall:export netflowSink

This is minimally a documentation bug.  Possibly, the ng_netflow module out to expire flows
immediately, without waiting for an export hook to be connected, but I suppose that might be
a matter of taste/opinion.




>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list