UDP broadcast block depleting memory...

[Roy Butler]

I'm experimenting with a UDP broadcast block on a couple of Sun Blade 
150s running Solaris 9 and have come up with the following rule which 
seems to drop the traffic:

block in on eri proto udp from any to 192.168.1.255
However, the available system memory gradually depletes, eventually 
resorting to swap, and finally resulting in a hard freeze after a day or 
so.  The degradation can be monitored with "netstat -m", showing rising 
mblk and dblk counts, along with a growing amount of kbytes allocated 
for streams data.

I've tried adding a /32 mask to the rule, as well as a port range, and 
neither seem to effect the problem.  If anyone can offer some guidance, 
it'd be much appreciated.  Below is some (possibly) relevant information.

Thanks,
Roy
----------
system1# uname -a
SunOS system1 5.9 Generic_117171-02 sun4u sparc SUNW,Sun-Blade-100
system2# uname -a
SunOS system2 5.9 Generic_112233-08 sun4u sparc SUNW,Sun-Blade-100
system1&2# isainfo -vk
64-bit sparcv9 kernel modules
system1&2# modinfo | grep ipf
107 7807e000  37532 xxx   1  ipf (IP Filter: v4.1.3)
system2# ipfstat [about a quarter of the way towards oblivion]
bad packets:            in 0    out 0
 IPv6 packets:          in 0 out 0
 input packets:         blocked 201973 passed 528580 nomatch 24752 
counted 0 short 0
output packets:         blocked 411 passed 312940 nomatch 0 counted 0 
short 0
 input packets logged:  blocked 0 passed 423197
output packets logged:  blocked 409 passed 251471
 packets logged:        input 0 output 0
 log failures:          input 111403 output 149720
fragment state(in):     kept 0  lost 0  not fragmented 0
fragment state(out):    kept 0  lost 0  not fragmented 0
packet state(in):       kept 45 lost 162
packet state(out):      kept 3700       lost 2
ICMP replies:   0       TCP RSTs sent:  0
Invalid source(in):     0
Result cache hits(in):  126943  (out):  324
IN Pullups succeeded:   0       failed: 0
OUT Pullups succeeded:  0       failed: 0
Fastroute successes:    0       failures:       0
TCP cksum fails(in):    0       (out):  0
IPF Ticks:      196468
Packet log flags set: (0)
        none

system2# netstat -m [about a quarter of the way towards oblivion]
streams allocation:
                                         cumulative  allocation
                      current   maximum       total    failures
streams                   195       252        6084           0
queues                    441       552       11768           0
mblk                   206662    207391      284267           0
dblk                   206658    208145     5903250           0
linkblk                     6       169          11           0
strevent                   11       169      110077           0
syncq                      15        48          64           0
qband                       0         0           0           0
144280 Kbytes allocated for streams data