From owner-freebsd-pf@FreeBSD.ORG Wed Aug 17 12:30:06 2011 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 622A2106566B; Wed, 17 Aug 2011 12:30:06 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mx1.sbone.de (mx1.sbone.de [IPv6:2a01:4f8:130:3ffc::401:25]) by mx1.freebsd.org (Postfix) with ESMTP id 150628FC1A; Wed, 17 Aug 2011 12:30:06 +0000 (UTC) Received: from mail.sbone.de (mail.sbone.de [IPv6:fde9:577b:c1a9:31::2013:587]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx1.sbone.de (Postfix) with ESMTPS id 0002F25D37C0; Wed, 17 Aug 2011 12:30:04 +0000 (UTC) Received: from content-filter.sbone.de (content-filter.sbone.de [IPv6:fde9:577b:c1a9:31::2013:2742]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPS id 245E8BD3C30; Wed, 17 Aug 2011 12:30:04 +0000 (UTC) X-Virus-Scanned: amavisd-new at sbone.de Received: from mail.sbone.de ([IPv6:fde9:577b:c1a9:31::2013:587]) by content-filter.sbone.de (content-filter.sbone.de [fde9:577b:c1a9:31::2013:2742]) (amavisd-new, port 10024) with ESMTP id L9jG3gVQqo4A; Wed, 17 Aug 2011 12:30:02 +0000 (UTC) Received: from orange-en1.sbone.de (orange-en1.sbone.de [IPv6:fde9:577b:c1a9:31:cabc:c8ff:fecf:e8e3]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPSA id B5997BD3C03; Wed, 17 Aug 2011 12:30:02 +0000 (UTC) Mime-Version: 1.0 (Apple Message framework v1084) Content-Type: text/plain; charset=utf-8 From: "Bjoern A. Zeeb" In-Reply-To: <4E4BB39D.8070903@freebsd.org> Date: Wed, 17 Aug 2011 12:30:02 +0000 Content-Transfer-Encoding: quoted-printable Message-Id: <22DE2AEF-22A3-4B6E-9E24-DCF0EDF40933@lists.zabbadoz.net> References: <201106281157.p5SBvP5g048097@svn.freebsd.org> <20110629192224.2283efc8@fabiankeil.de> <20110707193539.GA60591@dragon.NUXI.org> <20110708170240.GA59024@dragon.NUXI.org> <4E4BB39D.8070903@freebsd.org> To: Florian Smeets X-Mailer: Apple Mail (2.1084) Cc: freebsd-pf@freebsd.org Subject: Re: svn commit: r223637 - in head: . contrib/pf/authpf contrib/pf/ftp-proxy contrib/pf/man contrib/pf/pfctl contrib/pf/pflogd sbin/pflogd sys/conf sys/contrib/altq/altq sys/contrib/pf/net sys/modules s... X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Aug 2011 12:30:06 -0000 On Aug 17, 2011, at 12:27 PM, Florian Smeets wrote: > On 08.07.2011 19:02, David O'Brien wrote: >> On Fri, Jul 08, 2011 at 02:26:37PM +0200, Ermal Lui wrote: >>> On Thu, Jul 7, 2011 at 9:35 PM, David O'Brien = wrote: >>>> I have 'pfctl', 'netstat', 'netstat -rn', and 'sysctl -a' output = from one >>>> of these experiences. =EF=BF=BDWould they be useful to you in = looking into this? >>>=20 >>> please send those. >>> Also useful would be a description of your setup. >>=20 >> Ermal, >> Thanks. I'll send to you off list. >>=20 >=20 > Hi, >=20 > did you guys find out what was wrong? I may have a similar problem. My = server loses connection after some time. I think it is because the state = table is getting full, but i only have a couple of active states. >=20 > The current entries keep increasing, i had ~3600 this morning. >=20 > flo@tb:~ # sudo pfctl -vsi|grep "current entries" > No ALTQ support in kernel > ALTQ related functions disabled > current entries 4891 > current entries 0 > flo@tb:~ # sudo pfctl -ss| wc -l > No ALTQ support in kernel > ALTQ related functions disabled > 12 >=20 > Every new connection is added to the current entries but it seems they = are never removed?! >=20 > I've set debug to loud, what else should i do to track this down? What version (SVN r#) are you running? --=20 Bjoern A. Zeeb You have to have visions! Stop bit received. Insert coin for new address family.