Date: Thu, 26 Sep 2013 08:34:41 GMT From: Oguz YILMAZ <oguz@labristeknoloji.com> To: freebsd-gnats-submit@FreeBSD.org Subject: amd64/182401: pf state for some IPs reaches 4294967295 suspicously Message-ID: <201309260834.r8Q8YfHG059993@oldred.freebsd.org> Resent-Message-ID: <201309260840.r8Q8e06t036748@freefall.freebsd.org>
index | next in thread | raw e-mail
>Number: 182401 >Category: amd64 >Synopsis: pf state for some IPs reaches 4294967295 suspicously >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-amd64 >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Sep 26 08:40:00 UTC 2013 >Closed-Date: >Last-Modified: >Originator: Oguz YILMAZ >Release: 10.0-ALPHA2 >Organization: Labris Networks >Environment: FreeBSD myhost 10.0-ALPHA2 FreeBSD 10.0-ALPHA2 #2: Sat Sep 21 22:43:44 EEST 2013 root@compile:/usr/obj/usr/src/sys/GENERIC amd64 >Description: I have found one of my NMS monitoring point is blocked with my tested FreeBSD 10 Alpha 2 server. After inspection, I have found it is blocked because of max-src-conn overload pf rule. However, It is not possible that host to open such high number of states. When I inspected I have found several other clients are blocked with this router. # pfctl -sS | grep 4294967295 No ALTQ support in kernel ALTQ related functions disabled 95.6.50.84 -> 0.0.0.0 ( states 4294967295, connections 0, rate 0.0/3s ) 188.38.79.212 -> 0.0.0.0 ( states 4294967295, connections 0, rate 0.0/3s ) 141.0.11.129 -> 0.0.0.0 ( states 4294967295, connections 0, rate 0.0/3s ) 95.10.221.139 -> 0.0.0.0 ( states 4294967295, connections 0, rate 0.0/3s ) 212.252.119.108 -> 0.0.0.0 ( states 4294967295, connections 0, rate 0.0/3s ) 198.72.108.244 -> 0.0.0.0 ( states 4294967295, connections 0, rate 0.0/3s ) 198.72.108.244 -> 0.0.0.0 ( states 4294967295, connections 0, rate 0.0/3s ) 46.1.140.55 -> 0.0.0.0 ( states 4294967294, connections 4294967295, rate 0.0/3s ) 81.214.44.73 -> 0.0.0.0 ( states 4294967295, connections 4294967295, rate 0.0/3s ) 46.197.233.175 -> 0.0.0.0 ( states 4294967289, connections 4294967295, rate 0.0/3s ) 78.177.41.73 -> 0.0.0.0 ( states 4294967295, connections 0, rate 0.0/3s ) 95.0.207.25 -> 0.0.0.0 ( states 4294967295, connections 0, rate 0.0/3s ) However, in real the host only has 5 states: [root@myhost ~]# pfctl -ss | grep 95.6.50.84 No ALTQ support in kernel ALTQ related functions disabled all tcp 95.6.50.84:3881 -> 94.102.10.229:80 ESTABLISHED:ESTABLISHED all tcp 95.6.50.84:3759 -> 94.102.10.229:80 ESTABLISHED:ESTABLISHED all tcp 95.6.50.84:3882 -> 94.102.10.229:80 ESTABLISHED:ESTABLISHED all tcp 95.6.50.84:3849 -> 94.102.10.229:80 ESTABLISHED:ESTABLISHED all tcp 95.6.50.84:3828 -> 94.102.10.229:80 ESTABLISHED:ESTABLISHED >How-To-Repeat: When I flush all states, in a few minutes several other 4294967295-states appears. >Fix: None. >Release-Note: >Audit-Trail: >Unformatted:home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201309260834.r8Q8YfHG059993>
