From owner-freebsd-pf@FreeBSD.ORG  Thu Mar 23 12:01:22 2006
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@freebsd.org
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1A89816A422
	for <freebsd-pf@freebsd.org>; Thu, 23 Mar 2006 12:01:22 +0000 (UTC)
	(envelope-from solinym@gmail.com)
Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.202])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6D10D43D5A
	for <freebsd-pf@freebsd.org>; Thu, 23 Mar 2006 12:01:20 +0000 (GMT)
	(envelope-from solinym@gmail.com)
Received: by zproxy.gmail.com with SMTP id 13so433022nzp
	for <freebsd-pf@freebsd.org>; Thu, 23 Mar 2006 04:01:20 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com;
	h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
	b=Sb6LJZhIcMA+JG7AZWLxuOTIF1sGCmxXCAgCfj2mQhnjHIO06mIVs2RJQlyX/iKQcY51A0EhPYROyWdJQwfpjO5PZJws0xpq2B1TRqUrZvq++ydMK8Spwjp6Oi6gEjalMZrvaX3J4ohsICbiB09NhY/n44mU6JCqEXTYyy03AjE=
Received: by 10.35.12.13 with SMTP id p13mr2041545pyi;
	Thu, 23 Mar 2006 04:01:17 -0800 (PST)
Received: by 10.35.30.16 with HTTP; Thu, 23 Mar 2006 04:01:17 -0800 (PST)
Message-ID: <d4f1333a0603230401g2cf39705j1ff7466954791628@mail.gmail.com>
Date: Thu, 23 Mar 2006 06:01:17 -0600
From: "Travis H." <solinym@gmail.com>
To: "Daniel Hartmeier" <daniel@benzedrine.cx>
In-Reply-To: <20060323094654.GD25046@insomnia.benzedrine.cx>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
References: <44216734.2060101@vwsoft.com>
	<20060323094654.GD25046@insomnia.benzedrine.cx>
Cc: Volker <volker@vwsoft.com>, freebsd-pf@freebsd.org
Subject: Re: {Spam?} no buffer space available
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Mar 2006 12:01:22 -0000

On 3/23/06, Daniel Hartmeier <daniel@benzedrine.cx> wrote:
> If it were an mbuf leak, it wouldn't go away right after you run pfctl
> -d, as disabling pf will not cause any memory to get released at all.
>
> You might simply be hitting the (default) 10,000 state entry limit,
> check pfctl -si output. If so, increase it with 'set limit states'.

I've deliberately set my state table to be small, thinking it would
use less mbufs, and that didn't help.  I'll try setting it high soon.=20
I did recover the box by flushing all pf stuff, but it didn't stay
working for very long.
--
Security Guru for Hire http://www.lightconsulting.com/~travis/ -><-
GPG fingerprint: 9D3F 395A DAC5 5CCC 9066  151D 0A6B 4098 0C55 1484