pf & NAT issue
Bakul Shah
bakul at bitblocks.com
Sat Jan 21 04:21:19 UTC 2017
I finally had some time to look at the sources & noticed
/sys/netpfil/pf/pf.c:pf_purge_thread now runs 10 times a
second instead of once a second, which gave me the idea of
increasing "interval" timeout by a factor of 10 and this seems
to have mostly fixed the problem. But I don't know where the
actual problem is. The logic is too complicated to understand
in a few minutes so I didn't try to find the root cause at the
moment. [But I don't understand why pf times out normal
connections. Long lasting idle connections are perfectly fine.
And fragment GC should not be coupled with connection state
expiry]
Many thanks for various suggestions as that forced me think :-)
Bakul
More information about the freebsd-net
mailing list