I do believe this has solved the problems I was having.
Cheers :)
sounds like you hit the memory leak we just found & fixed. Index: pf.c =================================================================== RCS file: /cvs/src/sys/net/pf.c,v retrieving revision 1.564 diff -u -p -r1.564 pf.c --- pf.c 18 Nov 2007 21:53:47 -0000 1.564 +++ pf.c 22 Nov 2007 01:15:47 -0000 @@ -816,6 +816,8 @@ pf_insert_state(struct pfi_kif *kif, str TAILQ_FOREACH(sp, &cur->states, next) if (sp->kif == kif) { /* collision! */ pf_stateins_err("tree_lan_ext", s, kif); + pf_detach_state(s, + PF_DT_SKIP_LANEXT|PF_DT_SKIP_EXTGWY); return (-1); } pf_detach_state(s, PF_DT_SKIP_LANEXT|PF_DT_SKIP_EXTGWY); @@ -958,10 +960,8 @@ pf_src_tree_remove_state(struct pf_state u_int32_t timeout;if (s->src_node != NULL) {- if (s->state_key->proto == IPPROTO_TCP) { - if (s->src.tcp_est) - --s->src_node->conn; - } + if (s->src.tcp_est) + --s->src_node->conn; if (--s->src_node->states <= 0) { timeout = s->rule.ptr->timeout[PFTM_SRC_NODE]; if (!timeout)
