svn commit: r223637 - in head: . contrib/pf/authpf contrib/pf/ftp-proxy contrib/pf/man contrib/pf/pfctl contrib/pf/pflogd sbin/pflogd sys/conf sys/contrib/altq/altq sys/contrib/pf/net sys/modules s...

Florian Smeets flo at freebsd.org
Wed Aug 17 13:05:54 UTC 2011 

On 17.08.2011 14:58, Ermal Luçi wrote:
> On Wed, Aug 17, 2011 at 2:37 PM, Florian Smeets<flo at freebsd.org>  wrote:
>> On 17.08.2011 14:30, Bjoern A. Zeeb wrote:
>>>
>>> On Aug 17, 2011, at 12:27 PM, Florian Smeets wrote:
>>>
>>>> On 08.07.2011 19:02, David O'Brien wrote:
>>>>>
>>>>> On Fri, Jul 08, 2011 at 02:26:37PM +0200, Ermal Lui wrote:
>>>>>>
>>>>>> On Thu, Jul 7, 2011 at 9:35 PM, David O'Brien<obrien at freebsd.org>
>>>>>> wrote:
>>>>>>>
>>>>>>> I have 'pfctl', 'netstat', 'netstat -rn', and 'sysctl -a' output from
>>>>>>> one
>>>>>>> of these experiences. �Would they be useful to you in looking into
>>>>>>> this?
>>>>>>
>>>>>> please send those.
>>>>>> Also useful would be a description of your setup.
>>>>>
>>>>> Ermal,
>>>>> Thanks.  I'll send to you off list.
>>>>>
>>>>
>>>> Hi,
>>>>
>>>> did you guys find out what was wrong? I may have a similar problem. My
>>>> server loses connection after some time. I think it is because the state
>>>> table is getting full, but i only have a couple of active states.
>>>>
>>>> The current entries keep increasing, i had ~3600 this morning.
>>>>
>>>> flo at tb:~ # sudo pfctl -vsi|grep "current entries"
>>>> No ALTQ support in kernel
>>>> ALTQ related functions disabled
>>>>   current entries                     4891
>>>>   current entries                        0
>>>> flo at tb:~ # sudo pfctl -ss| wc -l
>>>> No ALTQ support in kernel
>>>> ALTQ related functions disabled
>>>>       12
>>>>
>>>> Every new connection is added to the current entries but it seems they
>>>> are never removed?!
>>>>
>>>> I've set debug to loud, what else should i do to track this down?
>>>
>>>
>
> There is a thread in freebsd-net@ explaining some culprits with
> state table numbers from pfctl -ss  and number from pfctl -vsi.
>

Ok, having another look at pfctl -vsi it looks like it confirms my 
suspicion that states do not get removed.

State Table                          Total             Rate
   current entries                     5082
   searches                          296083            3.7/s
   inserts                             5082            0.1/s
   removals                               0            0.0/s

Cheers,
Florian

More information about the freebsd-pf mailing list