Date: Wed, 29 Mar 2017 20:29:47 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-pf@FreeBSD.org Subject: [Bug 217997] [pf] orphaned entries in src-track Message-ID: <bug-217997-17777-VBL7ZKymeh@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-217997-17777@https.bugs.freebsd.org/bugzilla/> References: <bug-217997-17777@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D217997 --- Comment #7 from Max <maximos@als.nnov.ru> --- A bit more info... Before reaching the limit: Status: Enabled for 0 days 04:08:59 Debug: Urgent State Table Total Rate current entries 120 searches 7976 0.5/s inserts 997 0.1/s removals 877 0.1/s Source Tracking Table current entries 0 searches 1623 0.1/s inserts 236 0.0/s removals 216 0.0/s Limit Counters max states per rule 2 0.0/s max-src-states 4 0.0/s ITEM SIZE LIMIT USED FREE REQ FAIL SLEEP pf mtags: 40, 0, 0, 0, 0, 0, 0 pf states: 296, 10010, 120, 62, 997, 0, 0 pf state keys: 88, 0, 184, 221, 1506, 0, 0 pf source nodes: 136, 10005, 20, 125, 236, 0, 0 pf table entries: 160, 200000, 3, 72, 3, 0, 0 pf table counters: 64, 0, 0, 0, 0, 0, 0 pf frags: 120, 0, 0, 0, 0, 0, 0 pf frag entries: 40, 5000, 0, 0, 0, 0, 0 pf state scrubs: 40, 0, 0, 0, 0, 0, 0 192.168.2.10 -> 192.168.0.20 ( states 6, connections 0, rate 0.0/0s ) After (two seconds later): Status: Enabled for 0 days 04:09:01 Debug: Urgent State Table Total Rate current entries 120 searches 7977 0.5/s inserts 997 0.1/s removals 877 0.1/s Source Tracking Table current entries 0 searches 1624 0.1/s inserts 236 0.0/s removals 216 0.0/s Limit Counters max states per rule 3 0.0/s max-src-states 4 0.0/s ITEM SIZE LIMIT USED FREE REQ FAIL SLEEP pf mtags: 40, 0, 0, 0, 0, 0, 0 pf states: 296, 10010, 120, 62, 997, 0, 0 pf state keys: 88, 0, 186, 219, 1508, 0, 0 pf source nodes: 136, 10005, 20, 125, 236, 0, 0 pf table entries: 160, 200000, 3, 72, 3, 0, 0 pf table counters: 64, 0, 0, 0, 0, 0, 0 pf frags: 120, 0, 0, 0, 0, 0, 0 pf frag entries: 40, 5000, 0, 0, 0, 0, 0 pf state scrubs: 40, 0, 0, 0, 0, 0, 0 192.168.2.10 -> 192.168.0.20 ( states 7, connections 0, rate 0.0/0s ) So, we have one serach in state table, one search in source tracking table = and increased states counter in source entry (other not included here). We increase state counter of source node in pf_find_src_node(). But the pro= blem is not so easy as it seems. By the way, what about "pf state keys"? We have no states, but I see 6 state keys: Status: Enabled for 0 days 04:09:15 Debug: Urgent State Table Total Rate current entries 0 searches 7977 0.5/s inserts 997 0.1/s removals 997 0.1/s Source Tracking Table current entries 1 searches 1624 0.1/s inserts 236 0.0/s removals 235 0.0/s Limit Counters max states per rule 3 0.0/s max-src-states 4 0.0/s ITEM SIZE LIMIT USED FREE REQ FAIL SLEEP pf mtags: 40, 0, 0, 0, 0, 0, 0 pf states: 296, 10010, 0, 182, 997, 0, 0 pf state keys: 88, 0, 6, 399, 1508, 0, 0 pf source nodes: 136, 10005, 1, 144, 236, 0, 0 pf table entries: 160, 200000, 3, 72, 3, 0, 0 pf table counters: 64, 0, 0, 0, 0, 0, 0 pf frags: 120, 0, 0, 0, 0, 0, 0 pf frag entries: 40, 5000, 0, 0, 0, 0, 0 pf state scrubs: 40, 0, 0, 0, 0, 0, 0 192.168.2.10 -> 192.168.0.20 ( states 1, connections 0, rate 0.0/0s ) --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-217997-17777-VBL7ZKymeh>