3 show-stopper issues with 9-BETA3
Vincent Hoffman
vince at unsane.co.uk
Fri Oct 14 20:04:27 UTC 2011
On 14/10/2011 19:58, Gavin Atkinson wrote:
>> > 3. PF doesn't expire state. The state table on my older host (pre
>> > OpenBSD-4.5) has the following stats:
>> >
>> > Status: Enabled for 0 days 00:37:17 Debug: Urgent
>> > State Table Total Rate
>> > current entries 169546
>> > searches 94387451 42193.8/s
>> > inserts 4012389 1793.6/s
>> > removals 3842843 1717.9/s
>> >
>> > The 9-BETA3 host's current entries exactly match the number
>> > of inserts until it hits the hard limit of 1.5M entries and
>> > can add no more. It takes about 10 minutes to fill up and
>> > then no new flows are routed.
> I've seen a few reports of this, and it's quite concerning. Please, can
> you submit this as a PR?
For tracking, this was a previous report with apparently a temporary
workaround.
http://lists.freebsd.org/pipermail/freebsd-pf/2011-October/006333.html
I have a stable-9 virtual machine i can test on if needed but I have pf
loaded as a module at the moment so dont have the issue.
Vince
More information about the freebsd-current
mailing list