From owner-freebsd-pf@FreeBSD.ORG Sun Dec 25 23:53:16 2005 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 60F4E16A41F for ; Sun, 25 Dec 2005 23:53:16 +0000 (GMT) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.186]) by mx1.FreeBSD.org (Postfix) with ESMTP id B898F43D46 for ; Sun, 25 Dec 2005 23:53:15 +0000 (GMT) (envelope-from max@love2party.net) Received: from [84.163.231.236] (helo=amd64.laiers.local) by mrelayeu.kundenserver.de (node=mrelayeu7) with ESMTP (Nemesis), id 0ML2Dk-1Eqffu0WTB-0005ql; Mon, 26 Dec 2005 00:53:14 +0100 From: Max Laier Organization: FreeBSD To: freebsd-pf@freebsd.org Date: Mon, 26 Dec 2005 00:53:24 +0100 User-Agent: KMail/1.8.3 References: <43AAFA9A.3070808@dequim.ist.utl.pt> <200512222217.32015.max@love2party.net> In-Reply-To: <200512222217.32015.max@love2party.net> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart3282727.DHkUZLq4o7"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200512260053.30288.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de login:61c499deaeeba3ba5be80f48ecc83056 Cc: Subject: Re: connections weirdness X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 25 Dec 2005 23:53:16 -0000 --nextPart3282727.DHkUZLq4o7 Content-Type: text/plain; charset="iso-8859-6" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Thursday 22 December 2005 22:17, Max Laier wrote: > On Thursday 22 December 2005 20:12, Bruno Afonso wrote: > > Hey guys (and gals!), > > > > I'm hitting what seems to be a bug on PF @ FreeBSD 6-stable: > > > > 6.0-STABLE FreeBSD 6.0-STABLE #0: Sun Nov 20 05:14:34 WET 2005 > > > > If I do a pfct -vvsS | grep connetions I get some lines like this: > > > > 10.10.11.208 -> 0.0.0.0 ( states 3, connections 4294967295, rate 0.0/0s= ) > > 10.10.13.213 -> 0.0.0.0 ( states 2, connections 4294967294, rate 0.0/0s= ) > > > > 10.10.14.236 -> 0.0.0.0 ( states 96, connections 4294967013, rate 0.0/0s > > ) 10.10.12.238 -> 0.0.0.0 ( states 9, connections 4294967281, rate 0.0/= 0s > > ) > > > > I also get a normal number of connections, like 2, 10, 20, 30, etc. Now, > > this number is completely insane, specially if we take into account the > > rule that creates it: > > > > ala# pfctl -vvsS |grep 10.10.11.208 -A1 > > 10.10.11.208 -> 0.0.0.0 ( states 1, connections 1, rate 0.0/0s ) > > age 02:22:00, 657 pkts, 39752 bytes, filter rule 171 > > -- > > 10.10.11.208 -> 0.0.0.0 ( states 1, connections 4294967295, rate 0.0/0s= ) > > age 02:22:15, 618 pkts, 52535 bytes, filter rule 148 > > > > ala# pfctl -vvsr |grep @148 -A1 > > @148 pass in log on fxp0 from to any keep state > > (max 5000, source-track rule, max-src-states 120, max-src-conn 100) > > queue p2p > > [ Evaluations: 43699 Packets: 353469 Bytes: 122287213 > > States: 210 ] > > > > > > I have been seeing this on rules in which I use max-src-conn but not on > > others. So, what might be happening here? hasn't no one seen this > > before? Also notice how similar the connections are, with the first 7 > > numbers equal. > > This is a underflow of the connection counter which is fixed in OpenBSD's > pf.c rev. 1.499. Unfortunately, the fix involves breaking ABI and thus is > not easily imported. Here is a local fix - please try and report back. =46YI: Committed to HEAD, MFC count down 3 days - please test! =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart3282727.DHkUZLq4o7 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQBDrzD6XyyEoT62BG0RAsTFAJ9vVd8LZWGzuQkTIKDUFShkQaTL5gCfS/Nx jxY+WRiGnq+B3dsEH6kXpcw= =kbTj -----END PGP SIGNATURE----- --nextPart3282727.DHkUZLq4o7--