When the system is under memory pressure, free the mbufs cached as part of the TCPPCAP debugging feature. In some circumstances, this may mean we lose the record of a packet pattern that causes an mbuf leak. However, it also gives the system the best chance of recovering when under memory pressure.
Details
Diff Detail
- Repository
- rS FreeBSD src repository - subversion
- Lint
Lint Passed - Unit
No Test Coverage - Build Status
Buildable 4367 Build 4416: arc lint + arc unit
Event Timeline
I would feel better if you did some kind of check against a free list before eliminating debug information like this. If you're stressing a machine to resource contention my feeling is that being able to figure out what's going on takes precedent before you blow stuff away.
If all else fails, you can try doing an mbuf allocation, so if you get a failure then free these?
As you can probably tell from my change description, I'm sensitive to this balance between maintaining useful debugging information and ensuring that the volume of debugging information itself doesn't cause a stability problem.
The feature is intended to be suitable for use in production to help with debugging problems that are otherwise difficult to debug. My fear is that someone will do that and not realize the scale requirements that the feature imposes, thus causing unexpected problems.
In my opinion, there is no way to determine which packets are "important" for debugging purposes, so you probably need to keep all of them, or none of them. As I considered this prior to proposing the change, I wasn't sure which would be more appropriate, but I decided to err on the side of system stability. However, I am quite open to adding a sysctl to control the behavior, which would allow each sysadmin to decide for themselves which behavior they want. That may be the best solution because it would allow you to achieve the objective (maximize stability or maximize debuggability) most appropriate for your environment.
Conditionally free TCPPCAP mbufs when under memory pressure, depending on the value of a sysctl.