From louie@transsys.com  Sun Jan 20 21:02:03 2008
Return-Path: <louie@transsys.com>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id C206E16A417
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 20 Jan 2008 21:02:03 +0000 (UTC)
	(envelope-from louie@transsys.com)
Received: from ringworld.transsys.com (ringworld.transsys.com [144.202.0.15])
	by mx1.freebsd.org (Postfix) with ESMTP id AF4AE13C46B
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 20 Jan 2008 21:02:03 +0000 (UTC)
	(envelope-from louie@transsys.com)
Received: by ringworld.transsys.com (Postfix, from userid 1001)
	id 209125C5C; Sun, 20 Jan 2008 15:30:30 -0500 (EST)
Message-Id: <20080120203030.209125C5C@ringworld.transsys.com>
Date: Sun, 20 Jan 2008 15:30:30 -0500 (EST)
From: Louis Mamakos <louie@transsys.com>
Reply-To: Louis Mamakos <louie@transsys.com>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: ng_netflow can consume large sums of memory if export hook isn't connected
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         119839
>Category:       kern
>Synopsis:       [ng_netflow] ng_netflow can consume large sums of memory if export hook isn't connected
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-net
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          doc-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Jan 20 21:10:01 UTC 2008
>Closed-Date:    Sun Jan 27 15:09:15 UTC 2008
>Last-Modified:  Sun Jan 27 15:20:01 UTC 2008
>Originator:     Louis Mamakos
>Release:        FreeBSD 6.2-STABLE i386
>Organization:
Serendipity scheduling and management
>Environment:
System: FreeBSD ringworld.transsys.com 6.2-STABLE FreeBSD 6.2-STABLE #9: Sat Feb 24 13:13:48 EST 2007 louie@ringworld.transsys.com:/data/obj.usr/src/sys/SMP i386

Dell 2550, RELENG_6 from some time ago, i386

Also observed on: FreeBSD 6.3-PRERELEASE (NET4801) #1: Wed Dec 12 21:33:26
EST 2007, soekris 5501, i386

>Description:
Using the ng_netflow netgraph module to monitor interesting flows through
a FreeBSD based router using flowctl(8).  Notice after a while, the number
of entries grow without apparent bound.  One on system, I observed more
than 55,000 entries.

The problem is that the code that periodically runs through the entries
to expire them is never started unless the export hook is connected to
something.  In my case, it was easy to simply connect it to the ng_hole
netgraph module to discard the flow export and have the expiration callout
started.

>How-To-Repeat:
Configure netflow, don't connect anything to the export hook.

  ngctl mkpeer ipfw: netflow 10 iface0
  ngctl name   ipfw:10 catchall 

  ngctl msg catchall: setdlt { iface=0 dlt=12 } 
  ngctl msg catchall: settimeouts { inactive=3 active=300 } 


>Fix:
Do this:

  ngctl mkpeer catchall: hole export sink
  ngctl name   catchall:export netflowSink

This is minimally a documentation bug.  Possibly, the ng_netflow module
out to expire flows immediately, without waiting for an export hook to
be connected, but I suppose that might be a matter of taste/opinion.
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-net 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Mon Jan 21 00:01:33 UTC 2008 
Responsible-Changed-Why:  
Over to maintainer(s). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=119839 
State-Changed-From-To: open->closed 
State-Changed-By: mav 
State-Changed-When: Sun Jan 27 15:02:12 UTC 2008 
State-Changed-Why:  
Fixed in HEAD. 
Expire does not depends on export hook any more. 
It allows node to be used with flowctl, but without export. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=119839 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/119839: commit references a PR
Date: Sun, 27 Jan 2008 15:01:24 +0000 (UTC)

 mav         2008-01-27 15:01:16 UTC
 
   FreeBSD src repository
 
   Modified files:
     sys/netgraph/netflow ng_netflow.c 
   Log:
   Run expire even without export hook connected.
   
   PR:     kern/119839
   
   Revision  Changes    Path
   1.15      +4 -8      src/sys/netgraph/netflow/ng_netflow.c
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
>Unformatted:
