[Bug 222126] pf is not clearing expired states
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Mon Sep 11 10:42:39 UTC 2017
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222126
--- Comment #12 from noah.bergbauer at tum.de ---
set limit { states 100000, src-nodes 10000 }
One of my first attempts to fix this was increasing both limits 10x - didn't
help though.
# pfctl -vsi
No ALTQ support in kernel
ALTQ related functions disabled
Status: Enabled for 1 days 14:44:53 Debug: Urgent
Hostid: 0x4b1e78c2
Checksum: 0x67f2a9cbd7b0d65ce52864ecfc156ebb
State Table Total Rate
current entries 3839
searches 360179452 2582.1/s
inserts 594949 4.3/s
removals 591110 4.2/s
Source Tracking Table
current entries 0
searches 0 0.0/s
inserts 0 0.0/s
removals 0 0.0/s
Counters
match 689782 4.9/s
bad-offset 0 0.0/s
fragment 16 0.0/s
short 0 0.0/s
normalize 0 0.0/s
memory 0 0.0/s
bad-timestamp 0 0.0/s
congestion 0 0.0/s
ip-option 0 0.0/s
proto-cksum 450 0.0/s
state-mismatch 942 0.0/s
state-insert 0 0.0/s
state-limit 0 0.0/s
src-limit 0 0.0/s
synproxy 0 0.0/s
map-failed 0 0.0/s
Limit Counters
max states per rule 0 0.0/s
max-src-states 0 0.0/s
max-src-nodes 0 0.0/s
max-src-conn 0 0.0/s
max-src-conn-rate 0 0.0/s
overload table insertion 0 0.0/s
overload flush states 0 0.0/s
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-pf
mailing list