meaning of State-mismatch
Aristedes Maniatis
ari at ish.com.au
Tue Jan 27 06:40:17 UTC 2015
I have been unable to find much documentation about the counter called "state-mismatch". I notice it going up on my firewall (FreeBSD 10.1) but only at a slow rate (maybe at around 1 per minute).
What is the significance of this value? Is it indicative of dropped states (and I should be increasing the state timeout)?
Thank you
Ari
In full, I see this:
# pfctl -si
No ALTQ support in kernel
ALTQ related functions disabled
Status: Enabled for 14 days 18:57:27 Debug: Urgent
State Table Total Rate
current entries 3768
searches 927120779 725.5/s
inserts 40516048 31.7/s
removals 40512275 31.7/s
Counters
match 37456359 29.3/s
bad-offset 0 0.0/s
fragment 2 0.0/s
short 2 0.0/s
normalize 368 0.0/s
memory 0 0.0/s
bad-timestamp 0 0.0/s
congestion 0 0.0/s
ip-option 0 0.0/s
proto-cksum 0 0.0/s
state-mismatch 21848 0.0/s
state-insert 0 0.0/s
state-limit 0 0.0/s
src-limit 0 0.0/s
synproxy 0 0.0/s
Ari
--
-------------------------->
Aristedes Maniatis
ish
http://www.ish.com.au
Level 1, 30 Wilson Street Newtown 2042 Australia
phone +61 2 9550 5001 fax +61 2 9550 4001
GPG fingerprint CBFB 84B4 738D 4E87 5E5C 5EFA EF6A 7D2E 3E49 102A
More information about the freebsd-pf
mailing list