From owner-freebsd-pf@FreeBSD.ORG  Thu Dec 22 19:12:26 2005
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@freebsd.org
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 5E52C16A41F
	for <freebsd-pf@freebsd.org>; Thu, 22 Dec 2005 19:12:26 +0000 (GMT)
	(envelope-from brunomiguel@dequim.ist.utl.pt)
Received: from gecea.ist.utl.pt (gecea.ist.utl.pt [193.136.140.145])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3EACB43D72
	for <freebsd-pf@freebsd.org>; Thu, 22 Dec 2005 19:12:18 +0000 (GMT)
	(envelope-from brunomiguel@dequim.ist.utl.pt)
Received: from [10.10.59.5] (bl4-179-165.dsl.telepac.pt [81.193.179.165])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by gecea.ist.utl.pt (Postfix) with ESMTP id E5D5C40CE
	for <freebsd-pf@freebsd.org>; Thu, 22 Dec 2005 19:12:14 +0000 (WET)
Message-ID: <43AAFA9A.3070808@dequim.ist.utl.pt>
Date: Thu, 22 Dec 2005 19:12:26 +0000
From: Bruno Afonso <brunomiguel@dequim.ist.utl.pt>
User-Agent: Thunderbird 1.5 (Macintosh/20051201)
MIME-Version: 1.0
To: freebsd-pf@freebsd.org
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: connections weirdness
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Dec 2005 19:12:26 -0000

Hey guys (and gals!),

I'm hitting what seems to be a bug on PF @ FreeBSD 6-stable:

6.0-STABLE FreeBSD 6.0-STABLE #0: Sun Nov 20 05:14:34 WET 2005

If I do a pfct -vvsS | grep connetions I get some lines like this:

10.10.11.208 -> 0.0.0.0 ( states 3, connections 4294967295, rate 0.0/0s )
10.10.13.213 -> 0.0.0.0 ( states 2, connections 4294967294, rate 0.0/0s )

10.10.14.236 -> 0.0.0.0 ( states 96, connections 4294967013, rate 0.0/0s )
10.10.12.238 -> 0.0.0.0 ( states 9, connections 4294967281, rate 0.0/0s )

I also get a normal number of connections, like 2, 10, 20, 30, etc. Now, 
this number is completely insane, specially if we take into account the 
rule that creates it:

ala# pfctl -vvsS |grep 10.10.11.208 -A1
10.10.11.208 -> 0.0.0.0 ( states 1, connections 1, rate 0.0/0s )
    age 02:22:00, 657 pkts, 39752 bytes, filter rule 171
--
10.10.11.208 -> 0.0.0.0 ( states 1, connections 4294967295, rate 0.0/0s )
    age 02:22:15, 618 pkts, 52535 bytes, filter rule 148

ala# pfctl -vvsr |grep @148 -A1
@148 pass in log on fxp0 from <torre_privados_nat:7> to any keep state 
(max 5000, source-track rule, max-src-states 120, max-src-conn 100) 
queue p2p
   [ Evaluations: 43699     Packets: 353469    Bytes: 122287213 
States: 210   ]


I have been seeing this on rules in which I use max-src-conn but not on 
others. So, what might be happening here? hasn't no one seen this 
before? Also notice how similar the connections are, with the first 7 
numbers equal.

BA