From owner-freebsd-pf@FreeBSD.ORG  Fri Sep  9 16:08:48 2011
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 9B12D106566C;
	Fri,  9 Sep 2011 16:08:48 +0000 (UTC) (envelope-from flo@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 7E4568FC08;
	Fri,  9 Sep 2011 16:08:48 +0000 (UTC)
Received: from [IPv6:::1] (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p89G8lfn021065;
	Fri, 9 Sep 2011 16:08:47 GMT (envelope-from flo@FreeBSD.org)
Message-ID: <4E6A3A0D.7020800@FreeBSD.org>
Date: Fri, 09 Sep 2011 18:08:45 +0200
From: Florian Smeets <flo@FreeBSD.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7;
	rv:6.0.2) Gecko/20110902 Thunderbird/6.0.2
MIME-Version: 1.0
To: =?UTF-8?B?RXJtYWwgTHXDp2k=?= <eri@FreeBSD.org>, bz@FreeBSD.org
References: <201106281157.p5SBvP5g048097@svn.freebsd.org>
	<EA6E6909-A42B-4CF2-891A-B8A80E2B8476@FreeBSD.org>
	<20110629192224.2283efc8@fabiankeil.de>
	<20110707193539.GA60591@dragon.NUXI.org>
	<CAPBZQG1ZOBJh0BMPH+kKAHfWJoYCubdGunncd5Bhd7y39-_fkA@mail.gmail.com>
	<20110708170240.GA59024@dragon.NUXI.org>
	<4E4BB39D.8070903@freebsd.org>
	<22DE2AEF-22A3-4B6E-9E24-DCF0EDF40933@lists.zabbadoz.net>
	<4E4BB602.2060205@freebsd.org>
	<CAPBZQG080N4xyDLG7y1rCprsa5oo7Dtshk1ny7j4-M3bEXhkaA@mail.gmail.com>
	<4E4BBCB0.4090003@freebsd.org>
	<CAPBZQG2kRYvzVsXdtdG54Jbu3oZF7NsW61kuqEboChX9tjEWrA@mail.gmail.com>
	<4E4DA196.7090304@userid.org> <4E4E30A2.7040509@freebsd.org>
In-Reply-To: <4E4E30A2.7040509@freebsd.org>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-pf@FreeBSD.org
Subject: Re: svn commit: r223637 - in head: . contrib/pf/authpf
 contrib/pf/ftp-proxy
 contrib/pf/man contrib/pf/pfctl contrib/pf/pflogd sbin/pflogd sys/conf
 sys/contrib/altq/altq sys/contrib/pf/net sys/modules s...
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Sep 2011 16:08:48 -0000

On 19.08.11 11:45, Florian Smeets wrote:
> On 19.08.2011 01:34, Pierre Lamy wrote:
>> I just found how to resolve the problem (1 minute ago) as I was also
>> having the same issue. If you compile pf into the kernel, state removals
>> are NOT performed at all. pftop will show you garbage null entries.
>> Flushing current states works for real states, but the malloc is never
>> cleared for the garbage entries. Eventually you will run out of memory
>> (max state entries too high), or be unable to add any more states. A
>> reboot is the only way to clear it.
>>
>> I recompiled as a module and not in the kernel, it "just works" without
>> any special extra steps.
>>
>
> I can confirm (using the same kernel sources as before) that using the
> modules fixed the problem for me too.
>

Hi,

does anybody have an idea what could cause this? I think this is 
something that should be fixed before the release, as this can cause 
quite some pain for people who compile pf into the kernel.

I tried to track this down, but i failed.

Should file a PR to track this?

Thanks,
Florian