packets "dropped by kernel"
The number of packets that were dropped, due to a lack of buffer space.
http://publib.boulder.ibm.com/infocenter/aix/v6r1/index.jsp?topic=%2Fcom.ibm.aix.cmds%2Fdoc%2Faixcmds5%2Ftcpdump.htm
I saw on a forum to give more value to bpf size :
change those value 2 time x2 :
my actual size :
# sysctl net.bpf.bufsize=8388608
net.bpf.bufsize: 4194304 -> 8388608
# sysctl net.bpf.maxbufsize=16777216
net.bpf.maxbufsize: 8388608 -> 16777216
Still the same. Anything else that could make kernel drop paquets ?
Thanks
Le 2011-10-21 11:46, Michel Blais a icrit :
> really look like a sysctl limit, tcpdump give me lot of packets
> dropped by kernel.
> I commented every block rule to be sure it was not a rules mistake in pf
>
> pfctl -vnf /etc/pf.conf without tables and macro
> set limit states 196608
> set limit src-nodes 16384
> set limit frags 8192
> set limit tables 1024
> set limit table-entries 131072
> match out on em0 inet from <ipnat> to any nat-to X.X.X.X
> pass in quick on lo0 inet6 from any to ::1 flags S/SA
> pass in quick on lo0 inet6 from any to fe80::1 flags S/SA
> pass out quick on lo0 inet6 from any to ::1 flags S/SA
> pass out quick on lo0 inet6 from any to fe80::1 flags S/SA
> pass in quick on lo0 inet from any to 127.0.0.1 flags S/SA
> pass out quick on lo0 inet from any to 127.0.0.1 flags S/SA
> pass in quick from <admin> to any flags S/SA
> pass out quick from <admin> to any flags S/SA
> pass in quick on int_if proto tcp from any port = ABCD to any flags S/SA
> pass in quick on int_if proto tcp from any port = ABCE to any flags S/SA
> pass in quick on int_if proto udp from any port = XYZ to any
> pass in all flags S/SA
> pass out all flags S/SA
>
> tcpdump -i em1
> 71579 packets received by filter
> 70115 packets dropped by kernel
>
> I change those sysctl value :
> sysctl net.inet.tcp.recvspace=65535
> sysctl net.inet.tcp.sendspace=65535
> sysctl net.inet.ip.maxqueue=2048
> sysctl kern.somaxconn=2048
> sysctl net.bpf.bufsize=2097152
> sysctl net.bpf.maxbufsize=4194304
> sysctl net.inet.ip.portfirst=32768
> sysctl net.inet.ip.portlast=49151
> sysctl net.inet.ip.porthifirst=49152
> sysctl net.inet.ip.porthilast=65535
> sysctl kern.seminfo.semmni=1024
> sysctl kern.seminfo.semmns=4096
> sysctl kern.shminfo.shmmax=67018864
> sysctl kern.shminfo.shmall=32768
>
> The're now a lot less paquet lost but speed test is as much slow.
>
> Any idea ?
>
> Thanks
>
> Michel
>
> Le 2011-10-21 10:42, Michel Blais a icrit :
>> I got a problem with snapshot (not shure if it's the last),
>> download is really slow, 0.3 to 1 Mbps per customent.
>> Also a lot of paquet lost beginning from the openbsd.
>> The're around 800 to 1000 users on this server.
>> Bandwith is not a problem but we often saw limitation in number
>> of paquets be the problem on our old servers. When it's happen
>> with linux, it often a ct sysctl value. I saw this too with PF on
>> FreeBSD that I add to give higher value in set limit.
>>
>> I use the same limit value than on my FreeBSD server that have 3 x more
>> traffic and users.
>> set limit { states 196608, src-nodes 16384, frags 8192, tables 1024,
>> table-entries 131072 }
>> so I really don't think those value are too low
>>
>> # pfctl -si
>> Status: Enabled for 0 days 05:18:11 Debug: err
>>
>> State Table Total Rate
>> current entries 24986
>> searches 112481055 5891.8/s
>> inserts 3846438 201.5/s
>> removals 3821452 200.2/s
>> Counters
>> match 5534959 289.9/s
>> bad-offset 0 0.0/s
>> fragment 26 0.0/s
>> short 1284 0.1/s
>> normalize 602 0.0/s
>> memory 4228 0.2/s
>> bad-timestamp 0 0.0/s
>> congestion 0 0.0/s
>> ip-option 1 0.0/s
>> proto-cksum 0 0.0/s
>> state-mismatch 20446 1.1/s
>> state-insert 24 0.0/s
>> state-limit 0 0.0/s
>> src-limit 0 0.0/s
>> synproxy 0 0.0/s
>>
>> no queue and I don't see any error in dmesg or in the log. CPU load
>> is between 4 to 8% load checking with systat, 1920704 active memory
>> free. Interrupts total from 6 to 7k.
>>
>> Is there a sysctl that could block too much connexion ? I looked at
>> the inet list 1 by 1 but didn't find anything for now. Any other idea ?
>>
>> Michel
>>
>> DMESG :
>>
>> arpresolve: 10.8.1.4 <http://10.8.1.4>: route without link local
>> address (This one come often and also see somethime 10.8.1.26)
>> syncing disks... done
>> r
>> OpenBSD 5.0-current (GENERIC.MP <http://GENERIC.MP>) #70: Mon Sep 12
>> 02:07:20 MDT 2011
>> dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
>> <http://GENERIC.MP>
>> real mem = 2135490560 (2036MB)
>> avail mem = 2064576512 (1968MB)
>> mainbus0 at root
>> bios0 at mainbus0: SMBIOS rev. 2.6 @ 0x9f800 (22 entries)
>> bios0: vendor American Megatrends Inc. version "080016" date 03/04/2011
>> acpi0 at bios0: rev 2
>> acpi0: sleep states S0 S1 S4 S5
>> acpi0: tables DSDT FACP APIC MCFG OEMB HPET GSCI SSDT
>> acpi0: wakeup devices P0P1(S4) PS2K(S4) PS2M(S4) USB0(S4) USB1(S4)
>> USB2(S4) USB3(S4) EUSB(S4) P0P4(S4) P0P5(S4) P0P6(S4) P0P7(S4)
>> P0P8(S4) P0P9(S4) SLPB(S4)
>> acpitimer0 at acpi0: 3579545 Hz, 24 bits
>> acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
>> cpu0 at mainbus0: apid 0 (boot processor)
>> cpu0: Intel(R) Atom(TM) CPU N550 @ 1.50GHz, 1500.18 MHz
>> cpu0:
>> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,NXE,LONG
>> cpu0: 512KB 64b/line 8-way L2 cache
>> cpu0: apic clock running at 166MHz
>> cpu1 at mainbus0: apid 2 (application processor)
>> cpu1: Intel(R) Atom(TM) CPU N550 @ 1.50GHz, 1499.99 MHz
>> cpu1:
>> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,NXE,LONG
>> cpu1: 512KB 64b/line 8-way L2 cache
>> cpu2 at mainbus0: apid 1 (application processor)
>> cpu2: Intel(R) Atom(TM) CPU N550 @ 1.50GHz, 1499.99 MHz
>> cpu2:
>> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,NXE,LONG
>> cpu2: 512KB 64b/line 8-way L2 cache
>> cpu3 at mainbus0: apid 3 (application processor)
>> cpu3: Intel(R) Atom(TM) CPU N550 @ 1.50GHz, 1499.99 MHz
>> cpu3:
>> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,NXE,LONG
>> cpu3: 512KB 64b/line 8-way L2 cache
>> ioapic0 at mainbus0: apid 4 pa 0xfec00000, version 20, 24 pins
>> ioapic0: misconfigured as apic 1, remapped to apid 4
>> acpimcfg0 at acpi0 addr 0xe0000000, bus 0-255
>> acpihpet0 at acpi0: 14318179 Hz
>> acpiprt0 at acpi0: bus 0 (PCI0)
>> acpiprt1 at acpi0: bus 5 (P0P1)
>> acpiprt2 at acpi0: bus 1 (P0P4)
>> acpiprt3 at acpi0: bus 2 (P0P5)
>> acpiprt4 at acpi0: bus 3 (P0P6)
>> acpiprt5 at acpi0: bus 4 (P0P7)
>> acpiprt6 at acpi0: bus -1 (P0P8)
>> acpiprt7 at acpi0: bus -1 (P0P9)
>> acpicpu0 at acpi0: PSS
>> acpicpu1 at acpi0: PSS
>> acpicpu2 at acpi0: PSS
>> acpicpu3 at acpi0: PSS
>> acpibtn0 at acpi0: SLPB
>> acpibtn1 at acpi0: PWRB
>> cpu0: Enhanced SpeedStep 1499 MHz: speeds: 1500, 1000 MHz
>> pci0 at mainbus0 bus 0
>> mem address conflict 0xfc00/0x400
>> pchb0 at pci0 dev 0 function 0 "Intel Pineview DMI" rev 0x02
>> vga1 at pci0 dev 2 function 0 "Intel Pineview Video" rev 0x02
>> wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
>> wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
>> intagp0 at vga1
>> agp0 at intagp0: aperture at 0xd0000000, size 0x10000000
>> inteldrm0 at vga1: apic 4 int 16
>> drm0 at inteldrm0
>> "Intel Pineview Video" rev 0x02 at pci0 dev 2 function 1 not configured
>> azalia0 at pci0 dev 27 function 0 "Intel 82801GB HD Audio" rev 0x02: msi
>> azalia0: codecs: VIA/0x4397
>> audio0 at azalia0
>> ppb0 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x02: msi
>> pci1 at ppb0 bus 1
>> ppb1 at pci0 dev 28 function 1 "Intel 82801GB PCIE" rev 0x02: msi
>> pci2 at ppb1 bus 2
>> re0 at pci2 dev 0 function 0 "Realtek 8168" rev 0x06: RTL8168E/8111E
>> (0x2c00), apic 4 int 17, address 00:30:18:a0:fd:eb
>> rgephy0 at re0 phy 7: RTL8169S/8110S PHY, rev. 4
>> ppb2 at pci0 dev 28 function 2 "Intel 82801GB PCIE" rev 0x02: msi
>> pci3 at ppb2 bus 3
>> re1 at pci3 dev 0 function 0 "Realtek 8168" rev 0x06: RTL8168E/8111E
>> (0x2c00), apic 4 int 18, address 00:30:18:a0:fd:ec
>> rgephy1 at re1 phy 7: RTL8169S/8110S PHY, rev. 4
>> ppb3 at pci0 dev 28 function 3 "Intel 82801GB PCIE" rev 0x02: msi
>> pci4 at ppb3 bus 4
>> jmb0 at pci4 dev 0 function 0 "JMicron JMB363 IDE/SATA" rev 0x10
>> ahci0 at jmb0: apic 4 int 19, AHCI 1.1
>> scsibus0 at ahci0: 32 targets
>> pciide0 at jmb0: DMA, channel 0 wired to native-PCI, channel 1 wired
>> to native-PCI
>> pciide0: using apic 4 int 19 for native-PCI interrupt
>> pciide0: channel 0 disabled (no drives)
>> pciide0: channel 1 disabled (no drives)
>> uhci0 at pci0 dev 29 function 0 "Intel 82801GB USB" rev 0x02: apic 4
>> int 23
>> uhci1 at pci0 dev 29 function 1 "Intel 82801GB USB" rev 0x02: apic 4
>> int 19
>> uhci2 at pci0 dev 29 function 2 "Intel 82801GB USB" rev 0x02: apic 4
>> int 18
>> uhci3 at pci0 dev 29 function 3 "Intel 82801GB USB" rev 0x02: apic 4
>> int 16
>> ehci0 at pci0 dev 29 function 7 "Intel 82801GB USB" rev 0x02: apic 4
>> int 23
>> usb0 at ehci0: USB revision 2.0
>> uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
>> ppb4 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0xe2
>> pci5 at ppb4 bus 5
>> em0 at pci5 dev 4 function 0 "Intel PRO/1000MT (82541GI)" rev 0x05:
>> apic 4 int 18, address 00:30:18:a0:f5:a1
>> em1 at pci5 dev 6 function 0 "Intel PRO/1000MT (82541GI)" rev 0x05:
>> apic 4 int 19, address 00:30:18:a0:f5:a2
>> em2 at pci5 dev 7 function 0 "Intel PRO/1000MT (82541GI)" rev 0x05:
>> apic 4 int 16, address 00:30:18:a0:f5:a3
>> pcib0 at pci0 dev 31 function 0 "Intel Tigerpoint LPC" rev 0x02
>> pciide1 at pci0 dev 31 function 2 "Intel 82801GB SATA" rev 0x02: DMA,
>> channel 0 configured to native-PCI, channel 1 configured to native-PCI
>> pciide1: using apic 4 int 19 for native-PCI interrupt
>> wd0 at pciide1 channel 0 drive 0: <INTEL SSDSA2CT040G3>
>> wd0: 16-sector PIO, LBA48, 38166MB, 78165360 sectors
>> wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 6
>> ichiic0 at pci0 dev 31 function 3 "Intel 82801GB SMBus" rev 0x02:
>> apic 4 int 19
>> iic0 at ichiic0
>> spdmem0 at iic0 addr 0x50: 2GB DDR3 SDRAM PC3-10600 SO-DIMM
>> usb1 at uhci0: USB revision 1.0
>> uhub1 at usb1 "Intel UHCI root hub" rev 1.00/1.00 addr 1
>> usb2 at uhci1: USB revision 1.0
>> uhub2 at usb2 "Intel UHCI root hub" rev 1.00/1.00 addr 1
>> usb3 at uhci2: USB revision 1.0
>> uhub3 at usb3 "Intel UHCI root hub" rev 1.00/1.00 addr 1
>> usb4 at uhci3: USB revision 1.0
>> uhub4 at usb4 "Intel UHCI root hub" rev 1.00/1.00 addr 1
>> isa0 at pcib0
>> isadma0 at isa0
>> com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
>> com0: probed fifo depth: 15 bytes
>> com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
>> com1: probed fifo depth: 15 bytes
>> pckbc0 at isa0 port 0x60/5
>> pckbd0 at pckbc0 (kbd slot)
>> pckbc0: using irq 1 for kbd slot
>> wskbd0 at pckbd0: console keyboard, using wsdisplay0
>> pcppi0 at isa0 port 0x61
>> spkr0 at pcppi0
>> lpt0 at isa0 port 0x378/4 irq 7
>> mtrr: Pentium Pro MTRR support
>> vscsi0 at root
>> scsibus1 at vscsi0: 256 targets
>> softraid0 at root
>> scsibus2 at softraid0: 256 targets
>> root on wd0a (c0b9648c56b1a52b.a) swap on wd0b dump on wd0b
--
Michel Blais
Administrateur riseau / Network administrator
Targo Communications
www.targo.ca
514-448-0773
