From owner-freebsd-pf@FreeBSD.ORG Wed Mar 22 15:03:21 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A9E3B16A423 for ; Wed, 22 Mar 2006 15:03:21 +0000 (UTC) (envelope-from volker@vwsoft.com) Received: from gwfra.elbekies.net (tce71.tce85.de [195.145.102.20]) by mx1.FreeBSD.org (Postfix) with ESMTP id 08DE543D69 for ; Wed, 22 Mar 2006 15:03:13 +0000 (GMT) (envelope-from volker@vwsoft.com) Received-SPF: pass (gwfra.elbekies.net: domain of vwsoft.com designates 212.23.126.12 as permitted sender) client-ip=212.23.126.12; envelope-from=volker@vwsoft.com; helo=mail.vtec.ipme.de; Received: from mail.vtec.ipme.de (gprs-pool-1-012.eplus-online.de [212.23.126.12]) by gwfra.elbekies.net (Postfix) with ESMTP id 189FF17038 for ; Wed, 22 Mar 2006 16:03:06 +0100 (CET) Received: from [127.0.0.1] (unknown [192.168.201.3]) by mail.vtec.ipme.de (Postfix) with ESMTP id C9C1E5C0E for ; Wed, 22 Mar 2006 16:03:00 +0100 (CET) Message-ID: <44216734.2060101@vwsoft.com> Date: Wed, 22 Mar 2006 16:03:16 +0100 From: Volker User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.10) Gecko/20050716 Thunderbird/1.0.6 Mnenhy/0.6.0.101 MIME-Version: 1.0 To: freebsd-pf@freebsd.org X-Enigmail-Version: 0.94.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-VWSoft-MailScanner: Found to be clean X-TarmacIntl-MailScanner: Found to be clean X-TarmacIntl-MailScanner-SpamCheck: spam, SBL+XBL X-MailScanner-From: volker@vwsoft.com Subject: {Spam?} no buffer space available X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Mar 2006 15:03:21 -0000 Currently my router machine is running RELENG_6, cvsup'ed, buildkernel and world recently (as of 2006-03-18). My internet connection is realized by a 3G card and ppp (userland) which is always up. After being a few days always on, my router machine is unable to route anything (no packets passed out) as long as pf is enabled. If this situation arrives a ping does: bellona# ping www.heise.de PING www.heise.de (193.99.144.85): 56 data bytes ping: sendto: No buffer space available ping: sendto: No buffer space available ^C --- www.heise.de ping statistics --- 2 packets transmitted, 0 packets received, 100% packet loss When disabling pf it does: bellona# pfctl -d pf disabled bellona# ping www.heise.de PING www.heise.de (193.99.144.85): 56 data bytes 64 bytes from 193.99.144.85: icmp_seq=0 ttl=243 time=1472.569 ms 64 bytes from 193.99.144.85: icmp_seq=1 ttl=243 time=491.980 ms 64 bytes from 193.99.144.85: icmp_seq=3 ttl=243 time=590.113 ms ^C --- www.heise.de ping statistics --- 4 packets transmitted, 3 packets received, 25% packet loss round-trip min/avg/max/stddev = 491.980/851.554/1472.569/440.948 ms .....and re-checking with pf enabled: bellona# pfctl -e pf enabled bellona# ping www.heise.de PING www.heise.de (193.99.144.85): 56 data bytes ping: sendto: No buffer space available ping: sendto: No buffer space available ^C --- www.heise.de ping statistics --- 2 packets transmitted, 0 packets received, 100% packet loss and later re-reading the firewall rules and rereading the firewall rules: bellona# pfctl -d pf disabled bellona# pfctl -gf /etc/firewall/pf-bel.conf bellona# pfctl -e pf enabled bellona# ping www.heise.de PING www.heise.de (193.99.144.85): 56 data bytes 64 bytes from 193.99.144.85: icmp_seq=0 ttl=243 time=146.157 ms ^C --- www.heise.de ping statistics --- 2 packets transmitted, 1 packets received, 50% packet loss round-trip min/avg/max/stddev = 146.157/146.157/146.157/0.000 ms It smells like a memory leak isn't it? Using an earlier 6.1-BETA stage I've seen this problem faster. The last time I've seen this behaviour has been after 4 days system uptime and being always online by ppp. How do I check (debug) if this is a base system (networking) problem of 6.1-BETA or if it's a pf bug? Greetings, Volker