Date: Tue, 23 Jan 2007 11:18:12 -0200
From: "Eduardo Meyer" <dudu.meyer@gmail.com>
To: freebsd-pf@freebsd.org
Subject: Re: set limit { states X, frags Y } not working - buggy?
Message-ID: <d3ea75b30701230518g4468ef07sedae48740f40f50a@mail.gmail.com>
In-Reply-To: <200701231402.20264.max@love2party.net>
References: <d3ea75b30701230409v45c621ccubb7e243b8423d3cf@mail.gmail.com> <200701231402.20264.max@love2party.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 1/23/07, Max Laier <max@love2party.net> wrote: > On Tuesday 23 January 2007 13:09, Eduardo Meyer wrote: > > Please, see: > > > > # pfctl -s memory > > states hard limit 5000 > > src-nodes hard limit 10000 > > frags hard limit 2500 > > > > # pfctl -s info | grep "current entries" > > current entries 13770 > > > > What am I confusing here, or this really should not happen? > > What does "vmstat -z | grep ^pf" give? A quick check here suggests that > this might be a problem in the zone(9) allocator as the limit is > correctly propergated to the the uma zone in question, but not enforced > it seems. Max, thanks for asking. Here it's what the command returns # vmstat -z | grep ^pf pfsrctrpl: 100, 10023, 0, 78, 77 pfrulepl: 604, 0, 140, 88, 17555 pfstatepl: 260, 5010, 8096, 1879, 38569766 pfaltqpl: 128, 0, 0, 0, 0 pfpooladdrpl: 68, 0, 72, 152, 8534 pfrktable: 1240, 0, 5, 4, 89 pfrkentry: 156, 0, 10, 40, 481 pfrkentry2: 156, 0, 0, 0, 0 pffrent: 16, 2639, 0, 0, 0 pffrag: 48, 0, 0, 0, 0 pffrcache: 48, 10062, 0, 0, 0 pffrcent: 12, 50141, 0, 0, 0 pfstatescrub: 28, 0, 0, 0, 0 pfiaddrpl: 92, 0, 12, 114, 260 pfospfen: 108, 0, 345, 51, 22770 pfosfp: 28, 0, 188, 193, 12408 Right now I have some fewer sessions: # pfctl -s info | grep "current entries" current entries 8306 But way higher than the configured limit of 5k. -- =========== Eduardo Meyer pessoal: dudu.meyer@gmail.com profissional: ddm.farmaciap@saude.gov.br
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?d3ea75b30701230518g4468ef07sedae48740f40f50a>