From: Mr Dash Four <mr.dash.four@googlemail.com>
To: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Cc: "netfilter@vger.kernel.org" <netfilter@vger.kernel.org>
Subject: Re: ipset kernel oops
Date: Mon, 25 Apr 2011 20:19:25 +0100 [thread overview]
Message-ID: <4DB5C93D.9090502@googlemail.com> (raw)
In-Reply-To: <alpine.DEB.2.00.1104251929001.30748@blackhole.kfki.hu>
> That 30k addresses alone need roughly 30MB non-swappable memory, ~10% of
> all of the physical RAM. Depending on what else's running on that machine,
> the required memory can be significant.
>
The system, when it boots, has more than 150MiB of RAM available (that
excludes about 80MiB of "cached" memory), so RAM is clearly not an issue
I don't think. I forgot to mention that I executed the whole sequence
(which triggered the bug) as soon as I booted up, so no other
applications were loaded (yet).
> I have never tested iptree(map) with so many elements, so it's surprising
> for me that it takes so many time.
It is the single most frustrating issue I've always had with ipset - I
am more than pleased with everything else, apart from the initial
loading, which, as I already pointed out even on a fast machine with
lots of RAM (Core2 with 4GiB RAM) takes about 20 or so seconds for these
ipsets to load. That goes to about 5 minutes on less-powerful, but
equally well-equipped P4 (3.3MHz) with 1GiB RAM.
> But if the 30k addresses are quite
> different then the iptreemap has to build up a four-level tree with 30k
> branches from the second level down.
>
So, do you have an idea what is causing this bug and how could it be
avoided/fixed?
I have tried the new version of ipset, but didn't have luck with it
either - see my other post on this list with regards to that particular
set of problems.
prev parent reply other threads:[~2011-04-25 19:19 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-04-22 21:39 ipset kernel oops Mr Dash Four
2011-04-23 18:28 ` Jozsef Kadlecsik
2011-04-24 10:41 ` Mr Dash Four
2011-04-25 17:46 ` Jozsef Kadlecsik
2011-04-25 19:19 ` Mr Dash Four [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4DB5C93D.9090502@googlemail.com \
--to=mr.dash.four@googlemail.com \
--cc=kadlec@blackhole.kfki.hu \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).