On 3/25/06, Travis H. <[EMAIL PROTECTED]> wrote: > I have a further data point; this started happening when I switched to > policy-based filtering (i.e. using tags extensively). I also have a > few rules which only retag traffic (i.e. LAN_TO_WAN gets retagged as > PASS), which may be unusual enough to explain how other people are not > having this problem. I'm going to experiment further.
On further experimentation, I am convinced there is a memory leak when using tagging. I would experience net death after 1-3 days of activity. Nothing I could do would free up any space, except for rebooting. When I removed the tagging and converted back from policy-based routing, I no longer have a problem with buffer space. Someone on the FreeBSD pf list is having the same problems. Is anyone else using tagging extensively and _not_ having problems with running out of kernel buffer space? Do you do any retagging? Do you tag on one interface and use the tag on another? -- Security Guru for Hire http://www.lightconsulting.com/~travis/ -><- GPG fingerprint: 9D3F 395A DAC5 5CCC 9066 151D 0A6B 4098 0C55 1484
