On 05/06/18 06:46, Stuart Henderson wrote: > On 2018-06-04, Stuart Longland <[email protected]> wrote: >> My thinking, since the problem has disappeared, is that the sheer number >> of clients was overwhelming the router, and as a result, it didn't have >> enough buffer space to handle the number of separate hosts requesting >> the time from it. > > Oh! It might have been PF state table exhaustion. By default a maximum > of 10000 states are allowed (can be overridden with a different value in > pf.conf). > > Has it been rebooted since the last time you saw the problem? If not, > pfctl -si might still have some clues in the counters.
Unfortunately yes, a few times. Is there a maximum limit on the number of states? I later found that option and bumped it to 40000, but I'm not certain on what the maximum is. I'm guessing it'll be a function how big a "state" is, and how much memory I'm willing to dedicate to `pf`. This machine isn't doing much else but routing, so I can afford to throw quite a bit of memory (and CPU) at it. -- Stuart Longland (aka Redhatter, VK4MSL) I haven't lost my mind... ...it's backed up on a tape somewhere.
