On Sun, Jul 22, 2012 at 1:48 PM, C Anthony Risinger <anthony@xtfx.me> wrote:
On Tue, Jul 17, 2012 at 8:10 PM, Michael Rash <michael.rash@gmail.com> wrote:
> On Sun, Jul 15, 2012 at 7:17 PM, C Anthony Risinger <anthony@xtfx.me> wrote:
>>
>> ... this server is almost 100% idle right now (in fact, Linode panel
>> shows less than 1MiB *total* traffic in 5 days ... couple ssh sessions
>> only).  fwknopd uses a consistent 0.3-0.9% CPU at all times,
>> interrupting frequently.  same results on ARMv7 pandaboard. strace
>> shows rapid nanosleep() + poll() loop:
>>
>> [...]
>> nanosleep({0, 10000000}, NULL)          = 0
>> poll([{fd=4, events=POLLIN}], 1, 0)     = 0 (Timeout)
>> nanosleep({0, 10000000}, NULL)          = 0
>> poll([{fd=4, events=POLLIN}], 1, 0)     = 0 (Timeout)
>> nanosleep({0, 10000000}, NULL)          = 0
>> poll([{fd=4, events=POLLIN}], 1, 0)     = 0 (Timeout)
>> [...]
>>
>> ... how can this be remedied?  bleh, i also had a related questions
>> but it's escaping me for now ...
>>
>
> In the fwknop-2.0 release there are two configuration variables in the
> /etc/fwknop/fwknopd.conf file that control how long fwknopd sleeps in the
> packet acquisition loop (PCAP_LOOP_SLEEP) and how many packets are processed
> for each loop iteration (PCAP_DISPATCH_COUNT).  By default, PCAP_LOOP_SLEEP
> is set to 10,000 microseconds, or 1/10th of a second, and the
> PCAP_DISPATCH_COUNT is set to zero meaning all packets seen in the interval
> (some older versions of libpcap don't accept zero here and would expect some
> other positive integer).
>
> I'd say that the PCAP_LOOP_SLEEP variable should be increased on your
> system.  On my system, I can get fwknopd to consume a lot of CPU if I reduce
> PCAP_LOOP_SLEEP.  Perhaps the default should be, say, closer to 1/3rd of a
> second or something though.

i think we might have the decimal in the wrong place here :-)

i microsecond == 1 millionth of a second ... default 10,000
microsecond PCAP_LOOP_SLEEP therefore equates to a 100hz loop, not
10hz.

empirical evidence seem to support this:

# sudo timeout 10s strace -p `pgrep fwknop` |& grep Timeout | wc -l
948


Thanks for catching this.  I've fixed it (to a true 1/10th of a second) in the fwknop-2.0.1 release and added you the credits.

--Mike

 
... so i'm simply strace'ing and counting the number of timeouts. in
10 seconds i'm seeing almost 1000 timeouts, ie. ~100
timeouts-per-second.

i bumped this to a full second at it seems to work just a s well.

thanks Michael!

--

C Anthony



--
Michael Rash | Founder
http://www.cipherdyne.org/
Key fingerprint = 53EA 13EA 472E 3771 894F  AC69 95D8 5D6B A742 839F