Hi, i've upgraded my FreeBSD 5.5-Box to 4.1.17; after that, ipfstat -nhio runs in an endless loop and displays only the first rule: ------- 0 @1 block out quick on xl0 from any to 172.16.0.0/12 0 @2 block out quick on xl0 from any to 172.16.0.0/12 0 @3 block out quick on xl0 from any to 172.16.0.0/12 0 @4 block out quick on xl0 from any to 172.16.0.0/12 0 @5 block out quick on xl0 from any to 172.16.0.0/12 0 @6 block out quick on xl0 from any to 172.16.0.0/12 0 @7 block out quick on xl0 from any to 172.16.0.0/12 0 @8 block out quick on xl0 from any to 172.16.0.0/12 0 @9 block out quick on xl0 from any to 172.16.0.0/12 0 @10 block out quick on xl0 from any to 172.16.0.0/12 ------- and so on...
This is a problem, 'cause periodic daily runs ipfstat -nhio, and this fills up /tmp and generates 100% cpu usage... regards Andy On Sat, January 20, 2007 13:48, Darren Reed wrote: Hi, The list of changes for 4.1.17 isn't very long but it does fix an important problem with 14-16: walking through NAT tables behaving badly with locks. The TCP window scaling patch has already been committed into NetBSD and FreeBSD (still requires some MFC work here) so users of -current there will already be benefitting from that. The change in flushing behaviour of pools will hopefully make those more friendly to reloading of data. Cheers, Darren http://coombs.anu.edu.au/~avalon/ip_fil4.1.17.tar.gz MD5 (/home/darrenr/ip_fil4.1.17.tar.gz) = 10071a0fa5c3eba5bd78649058cdcd06 4.1.17 - Released 20 January 2007 make flushing pools that are still in use mark them for deletion and have attempting to recreate them clear the delete flag walking through the NAT tables with ioctls caused lock recursion fix tracking TCP window scaling in the state code 4.1.16 - Released 20 December 2006
