Check heaps что за процесс
Перейти к содержимому

Check heaps что за процесс

  • автор:

Check heaps что за процесс

Надежный системный администратор для малого бизнеса

ежедневно, с 9:30 до 20:00 8 (499) 653-83-80

Ветрикс Надежный системный администратор для малого бизнеса

Интенсивное использование CPU в коммутаторе Catalyst 6500/6000 — Часть 5

Проверка загрузки ЦП

При высокой загрузке ЦП выполните сначала команду show processes cpu. Выходные данные показывают загрузку ЦП коммутатора, а также потребление ресурсов ЦП каждым процессом.

Router#show processes cpu CPU utilization for five seconds: 57%/48%; one minute: 56%; five minutes: 48% PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process 1 0 5 0 0.00% 0.00% 0.00% 0 Chunk Manager 2 12 18062 0 0.00% 0.00% 0.00% 0 Load Meter 4 164532 13717 11994 0.00% 0.21% 0.17% 0 Check heaps 5 0 1 0 0.00% 0.00% 0.00% 0 Pool Manager !--- Output is suppressed.  172 0 9 0 0.00% 0.00% 0.00% 0 RPC aapi_rp 173 243912 2171455 112 9.25% 8.11% 7.39% 0 SNMP ENGINE 174 68 463 146 0.00% 0.00% 0.00% 0 RPC pm-mp !--- Output is suppressed.  

В этих выходных данных общая загрузка ЦП составляет 57 процентов, а загрузка ЦП прерываниями — 48 процентов. Эти показатели отображаются полужирным шрифтом. Коммутация трафика прерываний процессором приводит к загрузке ЦП прерываниями. В выходных данных команды перечисляются процессы, которые приводят к разнице между этими двумя загрузками. В данном случае причиной является процесс SNMP.

Чтобы не вникать в механизмы, наймите специалистов по обслуживанию сетей. В механизме управления, который работает под управлением CatOS, выходные данные выглядят так:

Switch> (enable) show processes cpu CPU utilization for five seconds: 99.72% one minute: 100.00% five minutes: 100.00% PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process --- ----------- ---------- -------- ------- ------- ------- --- --------------- 1 0 0 0 0.28% 0.00% 0.00% -2 Kernel and Idle 2 2 261 1000 0.00% 0.00% 0.00% -2 Flash MIB Updat 3 0 1 0 0.00% 0.00% 0.00% -2 L2L3IntHdlr 4 0 1 0 0.00% 0.00% 0.00% -2 L2L3PatchRev !--- Output is suppressed.  61 727295 172025 18000 0.82% 0.00% 0.00% -2 SptTimer 62 18185410 3712736 106000 22.22% 21.84% 21.96% -2 SptBpduRx 63 845683 91691 105000 0.92% 0.00% 0.00% -2 SptBpduTx

В этих выходных данных первый процесс — Kernel and Idle — показывает простой в использовании ЦП. Этот процесс обычно наверху, если какие-либо другие процессы не потребляют циклы ЦП. В этом примере процесс SptBpduRx приводит к повышению загрузки ЦП.

Если причиной высокой загрузки ЦП является один из этих процессов, можно провести диагностику и определить, почему этот процесс приводит к высокой загрузке. Но если ЦП загружен из-за трафика, поступающего на него, необходимо определить, почему приходит этот трафик. При этом можно определить происхождение трафика.

Служебные программы и средства для определения трафика, поступающего на ЦП

В этом разделе определяются некоторые служебные программы и средства, которые могут помочь изучить этот трафик.

Системное программное обеспечение Cisco IOS

В ПО Cisco IOS процессор коммутатора в механизме управления называется SP, а MSFC называется RP.

Команда show interface дает основную информацию о состоянии интерфейса и скорости трафика на интерфейсе. В этой команде также предусмотрены счетчики ошибок.

Router#show interface gigabitethernet 4/1 GigabitEthernet4/1 is up, line protocol is up (connected) Hardware is C6k 1000Mb 802.3, address is 000a.42d1.7580 (bia 000a.42d1.7580) Internet address is 100.100.100.2/24 MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Half-duplex, 100Mb/s input flow-control is off, output flow-control is off Clock mode is auto ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:00, output 00:00:00, output hang never Last clearing of "show interface" counters never Input queue: 5/75/1/24075 (size/max/drops/flushes); Total output drops: 2 Queueing strategy: fifo Output queue: 0/40 (size/max) 30 second input rate 7609000 bits/sec, 14859 packets/sec 30 second output rate 0 bits/sec, 0 packets/sec L2 Switched: ucast: 0 pkt, 184954624 bytes - mcast: 1 pkt, 500 bytes L3 in Switched: ucast: 2889916 pkt, 0 bytes - mcast: 0 pkt, 0 bytes mcast L3 out Switched: ucast: 0 pkt, 0 bytes mcast: 0 pkt, 0 bytes 2982871 packets input, 190904816 bytes, 0 no buffer Received 9 broadcasts, 0 runts, 0 giants, 0 throttles 1 input errors, 1 CRC, 0 frame, 28 overrun, 0 ignored 0 input packets with dribble condition detected 1256 packets output, 124317 bytes, 0 underruns 2 output errors, 1 collisions, 2 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier 0 output buffer failures, 0 output buffers swapped out

В этих выходных данных можно увидеть, что входящий трафик коммутируется на 3 уровне вместо коммутации 2 уровня. Это показывает, что трафик поступает на ЦП.

Команда show processes cpu показывает, являются ли эти пакеты пакетами обычного трафика или пакетами управления.

Router#show processes cpu | exclude 0.00 CPU utilization for five seconds: 91%/50%; one minute: 89%; five minutes: 47% PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process 5 881160 79142 11133 0.49% 0.19% 0.16% 0 Check heaps 98 121064 3020704 40 40.53% 38.67% 20.59% 0 IP Input 245 209336 894828 233 0.08% 0.05% 0.02% 0 IFCOM Msg Hdlr

Если пакеты коммутируются процессом, то будет видно, что процесс IP Input повышается. Чтобы увидеть эти пакеты, выполните такую команду:

show buffers input-interface
Router#show buffers input-interface gigabitethernet 4/1 packet Buffer information for Small buffer at 0x437874D4 data_area 0x8060F04, refcount 1, next 0x5006D400, flags 0x280 linktype 7 (IP), enctype 1 (ARPA), encsize 14, rxtype 1 if_input 0x505BC20C (GigabitEthernet4/1), if_output 0x0 (None) inputtime 00:00:00.000 (elapsed never) outputtime 00:00:00.000 (elapsed never), oqnumber 65535 datagramstart 0x8060F7A, datagramsize 60, maximum size 308 mac_start 0x8060F7A, addr_start 0x8060F7A, info_start 0x0 network_start 0x8060F88, transport_start 0x8060F9C, caller_pc 0x403519B4 source: 100.100.100.1, destination: 100.100.100.2, id: 0x0000, ttl: 63, TOS: 0 prot: 17, source port 63, destination port 63 08060F70: 000A 42D17580 ..BQu. 08060F80: 00000000 11110800 4500002E 00000000 . E. 08060F90: 3F11EAF3 64646401 64646402 003F003F ?.jsddd.ddd. 08060FA0: 001A261F 00010203 04050607 08090A0B ..&. 08060FB0: 0C0D0E0F 101164 . d

Если трафик коммутируется прерываниями, то эти пакеты нельзя увидеть с помощью команды show buffers input-interface. ИТ аутсорсинг это возможность не вникать в скучную информацию. Чтобы увидеть пакеты, поступающие на ЦП для коммутации на уровне прерываний, можно выполнить захват SPAN порта RP.

Заказать звонок

Пожалуйста, оставьте свои контакты

Create and open memory snapshots

Heap dumps are useful for identifying memory-related problems. You can analyze the heap to find memory leaks and locate the code that uses large amounts of memory resources.

IntelliJ IDEA allows you to analyze .hprof snapshots regardless of whether they were taken in IntelliJ IDEA or any other external tool.

Take a memory snapshot

  • If the process is already running through the Run or Services tool window, click Profile the process | Capture Memory Snapshot . Profile the Process menu in the Run tool window
  • For arbitrary processes: in the Profiler tool window ( View | Tool Windows | Profiler ), right-click the process and select Capture Memory Snapshot . A menu appears on right-clicking a process in the Profiler tool windowWhen the snapshot is captured, it opens for analysis right away.

If you want to capture a heap dump when a program runs out of memory, use the -XX:+HeapDumpOnOutOfMemoryError VM option for that. For steps to add a VM option, refer to Run/debug configurations.

The snapshot also appears under Recent snapshots . From there, you can view the recent snapshots or open other snapshots that are stored elsewhere on your hard drive.

By default, the snapshots are stored in the user home directory. If you prefer another location, you can change that.

Change the snapshots location

Change Snapshot Folder item in the More menu

  1. Open the Profiler tool window.
  2. On the Home tab, click More , then select Change Snapshot Folder .

If you are developing an IDE plugin, you may want to take a memory snapshot of IntelliJ IDEA itself.

Take a memory snapshot of the IDE

  • Go to Help | Diagnostic Tools | Capture Memory Snapshot .

Increase the memory heap of the IDE

The Java Virtual Machine (JVM) running IntelliJ IDEA allocates some predefined amount of memory. The default value depends on the platform. If you are experiencing slowdowns, you may want to increase the memory heap.

The heap size allocated for running the IDE is not the same as the heap size for compiling your application. If you want to configure the heap size for the build process that compiles your code, open Settings Control+Alt+S , select Build, Execution, Deployment | Compiler , and specify the necessary amount of memory in the Shared build process heap size field.

  1. Go to Help | Change Memory Settings .
  2. Set the necessary amount of memory that you want to allocate and click Save and Restart .

This action changes the value of the -Xmx option used by the JVM to run IntelliJ IDEA. Restart IntelliJ IDEA for the new setting to take effect.

The Change Memory Settings action is available starting from IntelliJ IDEA version 2019.2. For previous versions or if the IDE crashes, you can change the value of the -Xmx option manually as described in JVM options.

IntelliJ IDEA also warns you if the amount of free heap memory after a garbage collection is less than 5% of the maximum heap size:

The Low Memory warning

Click Configure to increase the amount of memory allocated by the JVM. If you are not sure what would be a good value, use the one suggested by IntelliJ IDEA.

The Memory Settings dialog

Click Save and Restart and wait for IntelliJ IDEA to restart with the new memory heap setting.

Enable the memory indicator

IntelliJ IDEA can show you the amount of used memory in the status bar. Use it to judge how much memory to allocate.

  • Right-click the status bar and select Memory Indicator .

Toolbox App

If you are using the Toolbox App, you can change the maximum allocated heap size for a specific IDE instance without starting it.

Opening IDE instance settings in Toolbox App

  1. Open the Toolbox App, click the settings icon next to the relevant IDE instance, and select Settings .
  2. On the instance settings tab, expand Configuration and specify the heap size in the Maximum heap size field.

If the IDE instance is currently running, the new settings will take effect only after you restart it.

If you are using a standalone instance not managed by the Toolbox App, and you can’t start it, it is possible to manually change the -Xmx option that controls the amount of allocated memory. Create a copy of the default JVM options file and change the value of the -Xmx option in it.

Common Weakness Enumeration

Conceptual For users who are interested in more notional aspects of a weakness. Example: educators, technical writers, and project/program managers. Operational For users who are concerned with the practical application and details about the nature of a weakness and how to prevent it from happening. Example: tool developers, security researchers, pen-testers, incident response analysts. Mapping Friendly For users who are mapping an issue to CWE/CAPEC IDs, i.e., finding the most appropriate CWE for a specific issue (e.g., a CVE record). Example: tool developers, security researchers. Complete For users who wish to see all available information for the CWE/CAPEC entry. Custom For users who want to customize what details are displayed.

Edit Custom Filter

Conceptual Operational Mapping Friendly Select All
Reset Clear Submit Cancel
Description

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

Relationships

This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined as ChildOf, ParentOf, MemberOf and give insight to similar items that may exist at higher and lower levels of abstraction. In addition, relationships such as PeerOf and CanAlsoBe are defined to show similar weaknesses that the user may want to explore.

Relevant to the view «Research Concepts» (CWE-1000)

Nature Type ID Name
ChildOf Base — a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. 787 Out-of-bounds Write
ChildOf Base — a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. 788 Access of Memory Location After End of Buffer

Modes Of Introduction
The different Modes of Introduction provide information about how and when this weakness may be introduced. The Phase identifies a point in the life cycle at which introduction may occur, while the Note provides a typical scenario related to introduction during the given phase.

Phase Note
Implementation

Applicable Platforms

This listing shows possible areas for which the given weakness could appear. These may be for specific named Languages, Operating Systems, Architectures, Paradigms, Technologies, or a class of such platforms. The platform is listed along with how frequently the given weakness appears for that instance.

C (Undetermined Prevalence)

C++ (Undetermined Prevalence)

Common Consequences

Technical Impact: DoS: Crash, Exit, or Restart; DoS: Resource Consumption (CPU); DoS: Resource Consumption (Memory)

Buffer overflows generally lead to crashes. Other attacks leading to lack of availability are possible, including putting the program into an infinite loop.

Technical Impact: Execute Unauthorized Code or Commands; Bypass Protection Mechanism; Modify Memory

Buffer overflows often can be used to execute arbitrary code, which is usually outside the scope of a program’s implicit security policy. Besides important user data, heap-based overflows can be used to overwrite function pointers that may be living in memory, pointing it to the attacker’s code. Even in applications that do not explicitly use function pointers, the run-time will usually leave many in memory. For example, object methods in C++ are generally implemented using function pointers. Even in C programs, there is often a global offset table used by the underlying runtime.

Technical Impact: Execute Unauthorized Code or Commands; Bypass Protection Mechanism; Other

When the consequence is arbitrary code execution, this can often be used to subvert any other security service.

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *