[Bug 222126] pf is not clearing expired states
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Tue Sep 26 12:05:29 UTC 2017
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222126
--- Comment #22 from hlh at restart.be ---
The problem crop up:
[root at norquay ~]# pfctl -si
Status: Enabled for 1 days 08:09:42 Debug: Urgent
Interface Stats for ng0 IPv4 IPv6
Bytes In 3355637698 0
Bytes Out 236586554 0
Packets In
Passed 2587532 0
Blocked 3290 0
Packets Out
Passed 2395320 0
Blocked 109 0
State Table Total Rate
current entries 31
searches 10992548 94.9/s
inserts 77585 0.7/s
removals 77052 0.7/s
Counters
match 86805 0.7/s
bad-offset 0 0.0/s
fragment 0 0.0/s
short 0 0.0/s
normalize 0 0.0/s
memory 0 0.0/s
bad-timestamp 0 0.0/s
congestion 0 0.0/s
ip-option 0 0.0/s
proto-cksum 0 0.0/s
state-mismatch 9 0.0/s
state-insert 2 0.0/s
state-limit 0 0.0/s
src-limit 8 0.0/s
synproxy 105 0.0/s
map-failed 0 0.0/s
[root at norquay ~]# pfctl -ss|wc -l
533
[root at norquay ~]# procstat -kk 7
PID TID COMM TDNAME KSTACK
7 100084 pf purge - mi_switch+0x118
sleepq_timedwait+0x40 _sleep+0x268 pf_purge_thread+0xec fork_exit+0x94
[root at norquay dtrace]# ./pf.dtrace
dtrace: script './pf.dtrace' matched 4 probes
dtrace: buffer size lowered to 2m
after:
[root at norquay ~]# echo "set timeout interval 5" | pfctl -mf -
CPU ID FUNCTION:NAME
1 2257 pf_purge_expired_states:entry
1 2258 pf_purge_expired_states:return
1 2258 pf_purge_expired_states:return
1 2258 pf_purge_expired_states:return
1 2257 pf_purge_expired_states:entry
1 2258 pf_purge_expired_states:return
1 2258 pf_purge_expired_states:return
1 2257 pf_purge_expired_states:entry
1 2258 pf_purge_expired_states:return
1 2258 pf_purge_expired_states:return
1 2257 pf_purge_expired_states:entry
1 2258 pf_purge_expired_states:return
1 2258 pf_purge_expired_states:return
1 2257 pf_purge_expired_states:entry
1 2258 pf_purge_expired_states:return
1 2258 pf_purge_expired_states:return
1 2257 pf_purge_expired_states:entry
1 2258 pf_purge_expired_states:return
1 2258 pf_purge_expired_states:return
1 2257 pf_purge_expired_states:entry
1 2258 pf_purge_expired_states:return
1 2258 pf_purge_expired_states:return
1 2257 pf_purge_expired_states:entry
1 2258 pf_purge_expired_states:return
1 2258 pf_purge_expired_states:return
1 2257 pf_purge_expired_states:entry
1 2258 pf_purge_expired_states:return
1 2258 pf_purge_expired_states:return
1 2257 pf_purge_expired_states:entry
1 2258 pf_purge_expired_states:return
1 2258 pf_purge_expired_states:return
1 2257 pf_purge_expired_states:entry
1 2258 pf_purge_expired_states:return
1 2258 pf_purge_expired_states:return
1 2257 pf_purge_expired_states:entry
1 2258 pf_purge_expired_states:return
1 2258 pf_purge_expired_states:return
1 2257 pf_purge_expired_states:entry
1 2258 pf_purge_expired_states:return
1 2258 pf_purge_expired_states:return
3 2257 pf_purge_expired_states:entry
3 2258 pf_purge_expired_states:return
3 2258 pf_purge_expired_states:return
3 2257 pf_purge_expired_states:entry
3 2258 pf_purge_expired_states:return
3 2258 pf_purge_expired_states:return
3 2257 pf_purge_expired_states:entry
3 2258 pf_purge_expired_states:return
3 2258 pf_purge_expired_states:return
3 2257 pf_purge_expired_states:entry
3 2258 pf_purge_expired_states:return
3 2258 pf_purge_expired_states:return
3 2257 pf_purge_expired_states:entry
3 2258 pf_purge_expired_states:return
3 2258 pf_purge_expired_states:return
3 2258 pf_purge_expired_states:return
3 2257 pf_purge_expired_states:entry
3 2258 pf_purge_expired_states:return
3 2258 pf_purge_expired_states:return
1 2257 pf_purge_expired_states:entry
1 2258 pf_purge_expired_states:return
1 2258 pf_purge_expired_states:return
1 2257 pf_purge_expired_states:entry
....
[root at norquay ~]# echo "set timeout interval 10" | pfctl -mf -
And then no new state are created!
[root at norquay ~]# nohup service pf restart
resume the normal work of pf.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-pf
mailing list