Trevor Talbot wrote:
On Tuesday, Jul 1, 2003, at 23:53 US/Pacific, Daniel Hartmeier wrote:
On Tue, Jul 01, 2003 at 09:22:02PM -0700, Daniel Williams wrote:
/bsd: pf: state insert failed: tree_ext_gwy lan: 192.168.1.250:43445 gwy: #externalIP#:47566 ext: #externalHOST#:8080
There was a bug in the proxy port selection code in 3.3-release which resulted in proxy ports not making use of the entire range and potentially re-using an already used proxy port, which then results in the error message you quoted. Can you update to -stable (or -current) and retry?
-stable doesn't have Ryan McBride's byte order fixes:
http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/ pf.c.diff?r1=1.361&r2=1.362
http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/ pfvar.h.diff?r1=1.154&r2=1.155
http://www.openbsd.org/cgi-bin/cvsweb/src/sbin/pfctl/ parse.y.diff?r1=1.389&r2=1.390
http://www.openbsd.org/cgi-bin/cvsweb/src/sbin/pfctl/ pfctl_parser.c.diff?r1=1.161&r2=1.162
Still seeing the errors after recompiling the kernel(-stable) with nmbclusters 8192. I'm not so sure I want to go -current on this machine...I am leaning towards building a 3.2 -stable machine. Thoughts?
And to answer your question Daniel, there are only 6 concurrent connections to a single host at a time. Its a script that checks 40 webservers by pulling 6 pages from each. The script runs every 15 minutes from cron and we only see a few errors a day for this particular script. We also get 'no route to host' from other scripts on other hosts connecting to different servers, so that rules out the possiblility of one machine being the problem...that and I ran the script from a different machine and get the same errors.
Thanks, Daniel
