Date: Fri, 20 Jan 2017 20:21:18 -0800 From: Bakul Shah <bakul@bitblocks.com> To: =?UTF-8?Q?Ermal_Lu=C3=A7i?= <eri@freebsd.org> Cc: FreeBSD Net <freebsd-net@freebsd.org>, Alan Somers <asomers@freebsd.org> Subject: Re: pf & NAT issue Message-ID: <20170121042118.722C6124AEA4@mail.bitblocks.com> In-Reply-To: Your message of "Fri, 20 Jan 2017 14:22:41 PST." <CAPBZQG0KOStWT_m8pmg8gmpJm%2BR0qhAt6U=NOi07_xiXO6EAuw@mail.gmail.com> References: <20170120083555.ACCF9124AEA4@mail.bitblocks.com> <7C29D00C-94C0-4550-B1B2-CE307482B544@FreeBSD.org> <CAOtMX2hTcEkw_WzgtcEEipGY391zB=skrk7O=dknRMMG%2BDa%2BBA@mail.gmail.com> <20170120203106.CD2C8124AEA4@mail.bitblocks.com> <FB01B6F5-5269-4FE4-9B22-51A6AA60705E@FreeBSD.org> <20170120205933.8948A124AEA3@mail.bitblocks.com> <CAPBZQG3sFKRTPbRGh7KSh1bsp2FHNX84Baw0dV3-QXKBhZQVvw@mail.gmail.com> <20170120211734.488D8124AEA5@mail.bitblocks.com> <CAPBZQG0KOStWT_m8pmg8gmpJm%2BR0qhAt6U=NOi07_xiXO6EAuw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I finally had some time to look at the sources & noticed /sys/netpfil/pf/pf.c:pf_purge_thread now runs 10 times a second instead of once a second, which gave me the idea of increasing "interval" timeout by a factor of 10 and this seems to have mostly fixed the problem. But I don't know where the actual problem is. The logic is too complicated to understand in a few minutes so I didn't try to find the root cause at the moment. [But I don't understand why pf times out normal connections. Long lasting idle connections are perfectly fine. And fragment GC should not be coupled with connection state expiry] Many thanks for various suggestions as that forced me think :-) Bakul
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170121042118.722C6124AEA4>