From owner-freebsd-pf@FreeBSD.ORG Wed Aug 17 12:37:24 2011 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CDE8F10656D3 for ; Wed, 17 Aug 2011 12:37:24 +0000 (UTC) (envelope-from flo@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id B57EA8FC12; Wed, 17 Aug 2011 12:37:24 +0000 (UTC) Received: from bender.solomo.local (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p7HCbNN6034817; Wed, 17 Aug 2011 12:37:24 GMT (envelope-from flo@freebsd.org) Message-ID: <4E4BB602.2060205@freebsd.org> Date: Wed, 17 Aug 2011 14:37:22 +0200 From: Florian Smeets User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:6.0) Gecko/20110816 Thunderbird/6.0 MIME-Version: 1.0 To: "Bjoern A. Zeeb" References: <201106281157.p5SBvP5g048097@svn.freebsd.org> <20110629192224.2283efc8@fabiankeil.de> <20110707193539.GA60591@dragon.NUXI.org> <20110708170240.GA59024@dragon.NUXI.org> <4E4BB39D.8070903@freebsd.org> <22DE2AEF-22A3-4B6E-9E24-DCF0EDF40933@lists.zabbadoz.net> In-Reply-To: <22DE2AEF-22A3-4B6E-9E24-DCF0EDF40933@lists.zabbadoz.net> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Cc: freebsd-pf@freebsd.org Subject: Re: svn commit: r223637 - in head: . contrib/pf/authpf contrib/pf/ftp-proxy contrib/pf/man contrib/pf/pfctl contrib/pf/pflogd sbin/pflogd sys/conf sys/contrib/altq/altq sys/contrib/pf/net sys/modules s... X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Aug 2011 12:37:24 -0000 On 17.08.2011 14:30, Bjoern A. Zeeb wrote: > > On Aug 17, 2011, at 12:27 PM, Florian Smeets wrote: > >> On 08.07.2011 19:02, David O'Brien wrote: >>> On Fri, Jul 08, 2011 at 02:26:37PM +0200, Ermal Lui wrote: >>>> On Thu, Jul 7, 2011 at 9:35 PM, David O'Brien wrote: >>>>> I have 'pfctl', 'netstat', 'netstat -rn', and 'sysctl -a' output from one >>>>> of these experiences. �Would they be useful to you in looking into this? >>>> >>>> please send those. >>>> Also useful would be a description of your setup. >>> >>> Ermal, >>> Thanks. I'll send to you off list. >>> >> >> Hi, >> >> did you guys find out what was wrong? I may have a similar problem. My server loses connection after some time. I think it is because the state table is getting full, but i only have a couple of active states. >> >> The current entries keep increasing, i had ~3600 this morning. >> >> flo@tb:~ # sudo pfctl -vsi|grep "current entries" >> No ALTQ support in kernel >> ALTQ related functions disabled >> current entries 4891 >> current entries 0 >> flo@tb:~ # sudo pfctl -ss| wc -l >> No ALTQ support in kernel >> ALTQ related functions disabled >> 12 >> >> Every new connection is added to the current entries but it seems they are never removed?! >> >> I've set debug to loud, what else should i do to track this down? > > > What version (SVN r#) are you running? > FreeBSD 9.0-BETA1 #2 r224876: Mon Aug 15 09:52:56 CEST 2011