From owner-freebsd-net@FreeBSD.ORG Tue Nov 15 22:43:25 2011 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1CABF106566B for ; Tue, 15 Nov 2011 22:43:25 +0000 (UTC) (envelope-from vijju.singh@gmail.com) Received: from mail-vw0-f54.google.com (mail-vw0-f54.google.com [209.85.212.54]) by mx1.freebsd.org (Postfix) with ESMTP id CE1048FC19 for ; Tue, 15 Nov 2011 22:43:24 +0000 (UTC) Received: by vws11 with SMTP id 11so9952029vws.13 for ; Tue, 15 Nov 2011 14:43:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; bh=d+qzU4JVczFOvcdF5sJ9UzOoLW0/U13hlFfZAcdLkeA=; b=UpmCPdw2n+iuiUqFIVaHMly+l8fmQp1O4QfpBqMjI/1ocYUA5MKa8BbK4q+HQT9Ucd Rn7gjuguKVgQZspz8GrZ1PYMCgS5q1UCMxF2BucvVqzC5bT90Nev10Q1hY3/LpRAI9Y7 WyjSr6aEHJ9Tw4C4HugOOFgusC0J2i7jtJFZ4= MIME-Version: 1.0 Received: by 10.52.95.164 with SMTP id dl4mr46682531vdb.72.1321397003955; Tue, 15 Nov 2011 14:43:23 -0800 (PST) Received: by 10.220.75.68 with HTTP; Tue, 15 Nov 2011 14:43:23 -0800 (PST) Date: Tue, 15 Nov 2011 14:43:23 -0800 Message-ID: From: Vijay Singh To: freebsd-net@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Subject: ipf(8) issue X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Nov 2011 22:43:25 -0000 Hi. Apologies if this message is a duplicate. I am having issues posting to this list. I am wondering if setting an ipf rule such as the one below will cause some TCP rate limiting. pass in quick on proto tcp from any to 172.17.167.126/32 port = http keep state I am trying to explain TCP RSTs being seen with ipfstat: clabf5% sudo ipfstat bad packets: in 0 out 0 IPv6 packets: in 0 out 0 before => input packets: blocked 9971298 passed 1285221084 nomatch 0 counted 0 short 0 after => input packets: blocked 9975079 passed 1285286724 nomatch 0 counted 0 short 0 -------------------------------------------------------------------------------------- Diff =====> 3781 output packets: blocked 0 passed 1223457926 nomatch 11506 counted 0 short 0 input packets logged: blocked 0 passed 0 output packets logged: blocked 0 passed 0 packets logged: input 0 output 11506 log failures: input 0 output 10147 fragment state(in): kept 0 lost 0 not fragmented 0 fragment state(out): kept 0 lost 0 not fragmented 0 packet state(in): kept 11432484 lost 7811812 packet state(out): kept 3676883 lost 16089 before => ICMP replies: 0 TCP RSTs sent: 7766345 after => ICMP replies: 0 TCP RSTs sent: 7769835 ----------------------------------------------- Diff ==========> 3490 Invalid source(in): 0 Result cache hits(in): 422528946 (out): 309901634 IN Pullups succeeded: 538 failed: 0 OUT Pullups succeeded: 21889 failed: 0 Fastroute successes: 7766345 failures: 0 TCP cksum fails(in): 0 (out): 0 IPF Ticks: 2097481 Packet log flags set: (0) none -vijay