From owner-freebsd-pf@freebsd.org  Wed Mar 29 20:29:47 2017
Return-Path: <owner-freebsd-pf@freebsd.org>
Delivered-To: freebsd-pf@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 74FFCD2492C
 for <freebsd-pf@mailman.ysv.freebsd.org>; Wed, 29 Mar 2017 20:29:47 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 59F86A2C
 for <freebsd-pf@FreeBSD.org>; Wed, 29 Mar 2017 20:29:47 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id v2TKTlIT085244
 for <freebsd-pf@FreeBSD.org>; Wed, 29 Mar 2017 20:29:47 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-pf@FreeBSD.org
Subject: [Bug 217997] [pf] orphaned entries in src-track
Date: Wed, 29 Mar 2017 20:29:47 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 10.3-RELEASE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: maximos@als.nnov.ru
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-pf@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-217997-17777-VBL7ZKymeh@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-217997-17777@https.bugs.freebsd.org/bugzilla/>
References: <bug-217997-17777@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
 \(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf/>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Mar 2017 20:29:47 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D217997

--- Comment #7 from Max <maximos@als.nnov.ru> ---
A bit more info...

Before reaching the limit:

Status: Enabled for 0 days 04:08:59           Debug: Urgent
State Table                          Total             Rate
  current entries                      120
  searches                            7976            0.5/s
  inserts                              997            0.1/s
  removals                             877            0.1/s
Source Tracking Table
  current entries                        0
  searches                            1623            0.1/s
  inserts                              236            0.0/s
  removals                             216            0.0/s
Limit Counters
  max states per rule                    2            0.0/s
  max-src-states                         4            0.0/s
ITEM                   SIZE  LIMIT     USED     FREE      REQ FAIL SLEEP
pf mtags:                40,      0,       0,       0,       0,   0,   0
pf states:              296,  10010,     120,      62,     997,   0,   0
pf state keys:           88,      0,     184,     221,    1506,   0,   0
pf source nodes:        136,  10005,      20,     125,     236,   0,   0
pf table entries:       160, 200000,       3,      72,       3,   0,   0
pf table counters:       64,      0,       0,       0,       0,   0,   0
pf frags:               120,      0,       0,       0,       0,   0,   0
pf frag entries:         40,   5000,       0,       0,       0,   0,   0
pf state scrubs:         40,      0,       0,       0,       0,   0,   0
192.168.2.10 -> 192.168.0.20 ( states 6, connections 0, rate 0.0/0s )


After (two seconds later):

Status: Enabled for 0 days 04:09:01           Debug: Urgent
State Table                          Total             Rate
  current entries                      120
  searches                            7977            0.5/s
  inserts                              997            0.1/s
  removals                             877            0.1/s
Source Tracking Table
  current entries                        0
  searches                            1624            0.1/s
  inserts                              236            0.0/s
  removals                             216            0.0/s
Limit Counters
  max states per rule                    3            0.0/s
  max-src-states                         4            0.0/s
ITEM                   SIZE  LIMIT     USED     FREE      REQ FAIL SLEEP
pf mtags:                40,      0,       0,       0,       0,   0,   0
pf states:              296,  10010,     120,      62,     997,   0,   0
pf state keys:           88,      0,     186,     219,    1508,   0,   0
pf source nodes:        136,  10005,      20,     125,     236,   0,   0
pf table entries:       160, 200000,       3,      72,       3,   0,   0
pf table counters:       64,      0,       0,       0,       0,   0,   0
pf frags:               120,      0,       0,       0,       0,   0,   0
pf frag entries:         40,   5000,       0,       0,       0,   0,   0
pf state scrubs:         40,      0,       0,       0,       0,   0,   0
192.168.2.10 -> 192.168.0.20 ( states 7, connections 0, rate 0.0/0s )

So, we have one serach in state table, one search in source tracking table =
and
increased states counter in source entry (other not included here).
We increase state counter of source node in pf_find_src_node(). But the pro=
blem
is not so easy as it seems.


By the way, what about "pf state keys"? We have no states, but I see 6 state
keys:

Status: Enabled for 0 days 04:09:15           Debug: Urgent
State Table                          Total             Rate
  current entries                        0
  searches                            7977            0.5/s
  inserts                              997            0.1/s
  removals                             997            0.1/s
Source Tracking Table
  current entries                        1
  searches                            1624            0.1/s
  inserts                              236            0.0/s
  removals                             235            0.0/s
Limit Counters
  max states per rule                    3            0.0/s
  max-src-states                         4            0.0/s
ITEM                   SIZE  LIMIT     USED     FREE      REQ FAIL SLEEP
pf mtags:                40,      0,       0,       0,       0,   0,   0
pf states:              296,  10010,       0,     182,     997,   0,   0
pf state keys:           88,      0,       6,     399,    1508,   0,   0
pf source nodes:        136,  10005,       1,     144,     236,   0,   0
pf table entries:       160, 200000,       3,      72,       3,   0,   0
pf table counters:       64,      0,       0,       0,       0,   0,   0
pf frags:               120,      0,       0,       0,       0,   0,   0
pf frag entries:         40,   5000,       0,       0,       0,   0,   0
pf state scrubs:         40,      0,       0,       0,       0,   0,   0
192.168.2.10 -> 192.168.0.20 ( states 1, connections 0, rate 0.0/0s )

--=20
You are receiving this mail because:
You are the assignee for the bug.=