Date: Tue, 23 Jan 2007 17:03:30 +0100
From: Max Laier <max@love2party.net>
To: freebsd-pf@freebsd.org
Subject: Re: set limit { states X, frags Y } not working - buggy?
Message-ID: <200701231703.38758.max@love2party.net>
In-Reply-To: <d3ea75b30701230518g4468ef07sedae48740f40f50a@mail.gmail.com>
References: <d3ea75b30701230409v45c621ccubb7e243b8423d3cf@mail.gmail.com> <200701231402.20264.max@love2party.net> <d3ea75b30701230518g4468ef07sedae48740f40f50a@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
On Tuesday 23 January 2007 14:18, Eduardo Meyer wrote:
> On 1/23/07, Max Laier <max@love2party.net> wrote:
> > On Tuesday 23 January 2007 13:09, Eduardo Meyer wrote:
> > > Please, see:
> > >
> > > # pfctl -s memory
> > > states hard limit 5000
> > > src-nodes hard limit 10000
> > > frags hard limit 2500
> > >
> > > # pfctl -s info | grep "current entries"
> > > current entries 13770
> > >
> > > What am I confusing here, or this really should not happen?
> >
> > What does "vmstat -z | grep ^pf" give? A quick check here suggests
> > that this might be a problem in the zone(9) allocator as the limit is
> > correctly propergated to the the uma zone in question, but not
> > enforced it seems.
>
> Max, thanks for asking. Here it's what the command returns
>
> # vmstat -z | grep ^pf
> pfsrctrpl: 100, 10023, 0, 78, 77
> pfrulepl: 604, 0, 140, 88, 17555
> #vmstat -z | head -1
> ITEM SIZE LIMIT USED FREE REQUESTS
> pfstatepl: 260, 5010, 8096, 1879, 38569766
^-----------^
The problem was here. Seems there was indeed something wrong with uma
before release. In case this shows up again, be sure to check vmstat
again. What pfctl reports is merely a wrapper around this.
> pfaltqpl: 128, 0, 0, 0, 0
> pfpooladdrpl: 68, 0, 72, 152, 8534
> pfrktable: 1240, 0, 5, 4, 89
> pfrkentry: 156, 0, 10, 40, 481
> pfrkentry2: 156, 0, 0, 0, 0
> pffrent: 16, 2639, 0, 0, 0
> pffrag: 48, 0, 0, 0, 0
> pffrcache: 48, 10062, 0, 0, 0
> pffrcent: 12, 50141, 0, 0, 0
> pfstatescrub: 28, 0, 0, 0, 0
> pfiaddrpl: 92, 0, 12, 114, 260
> pfospfen: 108, 0, 345, 51, 22770
> pfosfp: 28, 0, 188, 193, 12408
>
> Right now I have some fewer sessions:
>
> # pfctl -s info | grep "current entries"
> current entries 8306
>
> But way higher than the configured limit of 5k.
--
/"\ Best regards, | mlaier@freebsd.org
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | mlaier@EFnet
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (FreeBSD)
iD8DBQBFtjHaXyyEoT62BG0RAtmKAJ9DkKnshMFHrxwavsfcC0xa/Cs8vgCfQD4Q
wBimiELRoXDxLswtQRaFLCM=
=sDzg
-----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200701231703.38758.max>