Date: Tue, 15 Nov 2011 14:43:23 -0800 From: Vijay Singh <vijju.singh@gmail.com> To: freebsd-net@freebsd.org Subject: ipf(8) issue Message-ID: <CALCNsJQeW=DD9SWaxFG_7zx3B9BWxcMV3sx0dn2diHGtLi6-3w@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hi. Apologies if this message is a duplicate. I am having issues
posting to this list.
I am wondering if setting an ipf rule such as the one below will cause
some TCP rate limiting.
pass in quick on <if#> proto tcp from any to 172.17.167.126/32 port =
http keep state
I am trying to explain TCP RSTs being seen with ipfstat:
clabf5% sudo ipfstat
bad packets: in 0 out 0
IPv6 packets: in 0 out 0
before => input packets: blocked 9971298 passed 1285221084
nomatch 0 counted 0 short 0
after => input packets: blocked 9975079 passed 1285286724
nomatch 0 counted 0 short 0
--------------------------------------------------------------------------------------
Diff =====> 3781
output packets: blocked 0 passed 1223457926 nomatch 11506
counted 0 short 0
input packets logged: blocked 0 passed 0
output packets logged: blocked 0 passed 0
packets logged: input 0 output 11506
log failures: input 0 output 10147
fragment state(in): kept 0 lost 0 not fragmented 0
fragment state(out): kept 0 lost 0 not fragmented 0
packet state(in): kept 11432484 lost 7811812
packet state(out): kept 3676883 lost 16089
before => ICMP replies: 0 TCP RSTs sent: 7766345
after => ICMP replies: 0 TCP RSTs sent: 7769835
-----------------------------------------------
Diff ==========> 3490
Invalid source(in): 0
Result cache hits(in): 422528946 (out): 309901634
IN Pullups succeeded: 538 failed: 0
OUT Pullups succeeded: 21889 failed: 0
Fastroute successes: 7766345 failures: 0
TCP cksum fails(in): 0 (out): 0
IPF Ticks: 2097481
Packet log flags set: (0)
none
-vijay
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CALCNsJQeW=DD9SWaxFG_7zx3B9BWxcMV3sx0dn2diHGtLi6-3w>