Sorry for being spammy. It did work normally for kernel -current from
April 26 and seems to have broken after that date.
On 8/17/2011 9:31 AM, Ermal Luçi wrote:
On Wed, Aug 17, 2011 at 3:05 PM, Florian Smeets<[email protected]> wrote:
On 17.08.2011 14:58, Ermal Luçi wrote:
On Wed, Aug 17, 2011 at 2:37 PM, Florian Smeets<[email protected]> wrote:
On 17.08.2011 14:30, Bjoern A. Zeeb wrote:
On Aug 17, 2011, at 12:27 PM, Florian Smeets wrote:
On 08.07.2011 19:02, David O'Brien wrote:
On Fri, Jul 08, 2011 at 02:26:37PM +0200, Ermal Lui wrote:
On Thu, Jul 7, 2011 at 9:35 PM, David O'Brien<[email protected]>
wrote:
I have 'pfctl', 'netstat', 'netstat -rn', and 'sysctl -a' output
from
one
of these experiences. �Would they be useful to you in looking into
this?
please send those.
Also useful would be a description of your setup.
Ermal,
Thanks. I'll send to you off list.
Hi,
did you guys find out what was wrong? I may have a similar problem. My
server loses connection after some time. I think it is because the
state
table is getting full, but i only have a couple of active states.
The current entries keep increasing, i had ~3600 this morning.
flo@tb:~ # sudo pfctl -vsi|grep "current entries"
No ALTQ support in kernel
ALTQ related functions disabled
current entries 4891
current entries 0
flo@tb:~ # sudo pfctl -ss| wc -l
No ALTQ support in kernel
ALTQ related functions disabled
12
Every new connection is added to the current entries but it seems they
are never removed?!
I've set debug to loud, what else should i do to track this down?
There is a thread in freebsd-net@ explaining some culprits with
state table numbers from pfctl -ss and number from pfctl -vsi.
Ok, having another look at pfctl -vsi it looks like it confirms my suspicion
that states do not get removed.
State Table Total Rate
current entries 5082
searches 296083 3.7/s
inserts 5082 0.1/s
removals 0 0.0/s
Well really it depends on the timeframe this statistic was taken!
I do not want to be a nonbeliver but this was confirmed working by
other people that reported the same 'issue'.
Other than that you can do a pfctl -dvvss and pfctl -dvvsi for every
minute and send them to compare.
Further more there should be a kernel thread "pfpurge" that is
running, verify with procstat which does the job of purging your
states.
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[email protected]"
