Date: Tue, 27 Jan 2015 07:26:08 -0800 From: Rumen Telbizov <telbizov@gmail.com> To: Alvin Wong <alvin@opendns.com> Cc: freebsd-pf@freebsd.org Subject: Re: State Table Discrepancy: (pfctl -si "current entries") vs (pfctl -ss | wc -l) Message-ID: <CAENR%2B_V2spqG1bdiRZWK4EhJDpd%2B1ni0TO6-JD3QQ0Dsm=%2BJ2g@mail.gmail.com> In-Reply-To: <CAFNeJhy4zjQ6s_CRR_zeSnwNpt-XzU7GbYJBs82jn0N3SvcQog@mail.gmail.com> References: <CAFNeJhy4zjQ6s_CRR_zeSnwNpt-XzU7GbYJBs82jn0N3SvcQog@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
No one else experiencing this same problem? I was wondering if this might be related to the new SMP version of PF? On Mon, Jan 26, 2015 at 2:40 PM, Alvin Wong <alvin@opendns.com> wrote: > Hi All, > > Hoping to see if anyone has observed a similar issue. > > We have 2 x FreeBSD 10.1 hosts with pf(4) and pfsync with each other. > We're finding our primary firewall is showing different pfctl -si "current > entries" value when compared to our secondary firewall it is pfsync'd with. > > For further investigation into the discrepancy we used two different > methods to see what is really in the state table: > > * Method 1: pfctl -s states | wc -l (basically getting a line count for > the full enumeration of the state table) > * Method 2: pfctl -s info and then recording the "current entries" counter > value. > > One would expect that both methods would yield similar or almost identical > values per firewall. Instead, we are finding that our primary firewall is > consistently seeing an extra ~35k "current entries" with method 2 when > compared with method 1 line count of the full state table. Strange that > our second firewall didn't have the same issue (it had matching values). > > To track, we've been running a cron job on fw1 every 5 minutes for last 4 > hours to record Method 1 (line count) vs Method 2 (counter): > > Mon Jan 26 17:40:00 UTC 2015 Line Count: 58995 Counter: 94852 > Mon Jan 26 17:45:00 UTC 2015 Line Count: 87836 Counter: 123729 > Mon Jan 26 17:50:00 UTC 2015 Line Count: 79204 Counter: 114893 > Mon Jan 26 17:55:00 UTC 2015 Line Count: 69101 Counter: 104928 > Mon Jan 26 18:00:00 UTC 2015 Line Count: 67976 Counter: 103878 > Mon Jan 26 18:05:00 UTC 2015 Line Count: 59865 Counter: 95707 > Mon Jan 26 18:10:00 UTC 2015 Line Count: 81221 Counter: 117034 > Mon Jan 26 18:15:00 UTC 2015 Line Count: 61474 Counter: 97352 > Mon Jan 26 18:20:00 UTC 2015 Line Count: 61095 Counter: 97321 > Mon Jan 26 18:25:00 UTC 2015 Line Count: 62899 Counter: 98787 > Mon Jan 26 18:30:00 UTC 2015 Line Count: 64778 Counter: 100677 > Mon Jan 26 18:35:00 UTC 2015 Line Count: 63193 Counter: 99028 > Mon Jan 26 18:40:00 UTC 2015 Line Count: 65119 Counter: 101056 > Mon Jan 26 18:45:00 UTC 2015 Line Count: 67810 Counter: 103605 > Mon Jan 26 18:50:00 UTC 2015 Line Count: 65420 Counter: 101592 > Mon Jan 26 18:55:00 UTC 2015 Line Count: 63278 Counter: 99130 > Mon Jan 26 19:00:00 UTC 2015 Line Count: 70237 Counter: 105966 > Mon Jan 26 19:05:00 UTC 2015 Line Count: 70560 Counter: 106404 > Mon Jan 26 19:10:00 UTC 2015 Line Count: 66994 Counter: 102886 > Mon Jan 26 19:15:00 UTC 2015 Line Count: 73560 Counter: 109429 > Mon Jan 26 19:20:00 UTC 2015 Line Count: 72352 Counter: 108589 > Mon Jan 26 19:25:00 UTC 2015 Line Count: 66957 Counter: 102740 > Mon Jan 26 19:30:00 UTC 2015 Line Count: 82602 Counter: 118415 > Mon Jan 26 19:35:00 UTC 2015 Line Count: 67278 Counter: 103079 > Mon Jan 26 19:40:00 UTC 2015 Line Count: 65059 Counter: 100956 > Mon Jan 26 19:45:00 UTC 2015 Line Count: 63738 Counter: 99809 > Mon Jan 26 19:50:00 UTC 2015 Line Count: 67083 Counter: 102882 > Mon Jan 26 19:55:00 UTC 2015 Line Count: 69313 Counter: 105204 > Mon Jan 26 20:00:00 UTC 2015 Line Count: 70163 Counter: 106053 > Mon Jan 26 20:05:00 UTC 2015 Line Count: 66946 Counter: 102864 > Mon Jan 26 20:10:00 UTC 2015 Line Count: 71366 Counter: 107242 > Mon Jan 26 20:15:00 UTC 2015 Line Count: 63283 Counter: 99221 > Mon Jan 26 20:20:00 UTC 2015 Line Count: 72958 Counter: 109133 > Mon Jan 26 20:25:00 UTC 2015 Line Count: 70693 Counter: 106605 > Mon Jan 26 20:30:00 UTC 2015 Line Count: 68270 Counter: 104229 > Mon Jan 26 20:35:00 UTC 2015 Line Count: 74372 Counter: 110309 > Mon Jan 26 20:40:00 UTC 2015 Line Count: 65283 Counter: 101149 > Mon Jan 26 20:45:00 UTC 2015 Line Count: 65804 Counter: 101729 > Mon Jan 26 20:50:00 UTC 2015 Line Count: 69494 Counter: 105730 > Mon Jan 26 20:55:00 UTC 2015 Line Count: 68158 Counter: 104058 > Mon Jan 26 21:00:00 UTC 2015 Line Count: 96569 Counter: 132325 > Mon Jan 26 21:05:00 UTC 2015 Line Count: 80072 Counter: 115951 > Mon Jan 26 21:10:00 UTC 2015 Line Count: 72740 Counter: 108723 > Mon Jan 26 21:15:00 UTC 2015 Line Count: 75114 Counter: 110990 > Mon Jan 26 21:20:00 UTC 2015 Line Count: 80720 Counter: 116927 > Mon Jan 26 21:25:00 UTC 2015 Line Count: 82644 Counter: 118533 > > Any insight would be appreciated. Perhaps this is a pfctl -si bug? > > Thanks, > > Alvin Wong > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > -- Rumen Telbizov Unix Systems Administrator <http://telbizov.com>;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAENR%2B_V2spqG1bdiRZWK4EhJDpd%2B1ni0TO6-JD3QQ0Dsm=%2BJ2g>