Re: pfctl -P -ss -vv -- sometimes eats cpu and becomes unkillable

In reply to: Özkan KIRIK : "pfctl -P -ss -vv -- sometimes eats cpu and becomes unkillable"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Marek Zarychta <zarychtam_at_plan-b.pwste.edu.pl>
Date: Mon, 28 Jun 2021 11:22:47 UTC

W dniu 26.06.2021 o 21:38, Özkan KIRIK pisze:
> Hi,
> 
> pfctl -P -ss -vv command cannot finish and eats %100 of single core cpu
> when number of states is over 50.000.
> Even killall -9 pfctl doesn't help. process cannot be killed.
> 
> I'm using FreeBSD stable/12 that pulled at 2021-06-05.
> State policy is configured as floating. I don't know if it matters
> switching to if-bound.
> 
> Do you have any suggestions to overcome this problem?
> 
> Regards,
> 

PF on stable/1{2,3} got some enhancements lately and displaying states
might be now slow (really _SLOW_). Please try to run backed up pfctl(8)
binary for displaying states (works in my case), if you have one. If you
can't find older pfctl binary, then please try your luck with the one
extracted from 12.2-RELEASE install.

Best regards,

-- 
Marek Zarychta