Date: Thu, 18 Aug 2011 19:42:00 -0400 From: Pierre Lamy <pierre@userid.org> To: =?UTF-8?B?RXJtYWwgTHXDp2k=?= <eri@freebsd.org> Cc: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>, Florian Smeets <flo@freebsd.org>, freebsd-pf@freebsd.org Subject: Re: svn commit: r223637 - in head: . contrib/pf/authpf contrib/pf/ftp-proxy contrib/pf/man contrib/pf/pfctl contrib/pf/pflogd sbin/pflogd sys/conf sys/contrib/altq/altq sys/contrib/pf/net sys/modules s... Message-ID: <4E4DA348.6070903@userid.org> In-Reply-To: <CAPBZQG2kRYvzVsXdtdG54Jbu3oZF7NsW61kuqEboChX9tjEWrA@mail.gmail.com> References: <201106281157.p5SBvP5g048097@svn.freebsd.org> <EA6E6909-A42B-4CF2-891A-B8A80E2B8476@FreeBSD.org> <20110629192224.2283efc8@fabiankeil.de> <20110707193539.GA60591@dragon.NUXI.org> <CAPBZQG1ZOBJh0BMPH%2BkKAHfWJoYCubdGunncd5Bhd7y39-_fkA@mail.gmail.com> <20110708170240.GA59024@dragon.NUXI.org> <4E4BB39D.8070903@freebsd.org> <22DE2AEF-22A3-4B6E-9E24-DCF0EDF40933@lists.zabbadoz.net> <4E4BB602.2060205@freebsd.org> <CAPBZQG080N4xyDLG7y1rCprsa5oo7Dtshk1ny7j4-M3bEXhkaA@mail.gmail.com> <4E4BBCB0.4090003@freebsd.org> <CAPBZQG2kRYvzVsXdtdG54Jbu3oZF7NsW61kuqEboChX9tjEWrA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
PS: The kernels I used were from Aug 16 (broken compiled into kernel), and Aug 18 (fixed built as module). So it's possible that something got updated during that window to fix it. PPS: The reason I went to build it as a module was simply so that I could unload and reload it to clear the memory, although this turned out to be unnecessary. -Pierre On 8/17/2011 9:31 AM, Ermal Luçi wrote: > On Wed, Aug 17, 2011 at 3:05 PM, Florian Smeets<flo@freebsd.org> wrote: >> On 17.08.2011 14:58, Ermal Luçi wrote: >>> On Wed, Aug 17, 2011 at 2:37 PM, Florian Smeets<flo@freebsd.org> wrote: >>>> On 17.08.2011 14:30, Bjoern A. Zeeb wrote: >>>>> On Aug 17, 2011, at 12:27 PM, Florian Smeets wrote: >>>>> >>>>>> On 08.07.2011 19:02, David O'Brien wrote: >>>>>>> On Fri, Jul 08, 2011 at 02:26:37PM +0200, Ermal Lui wrote: >>>>>>>> On Thu, Jul 7, 2011 at 9:35 PM, David O'Brien<obrien@freebsd.org> >>>>>>>> wrote: >>>>>>>>> I have 'pfctl', 'netstat', 'netstat -rn', and 'sysctl -a' output >>>>>>>>> from >>>>>>>>> one >>>>>>>>> of these experiences. �Would they be useful to you in looking into >>>>>>>>> this? >>>>>>>> please send those. >>>>>>>> Also useful would be a description of your setup. >>>>>>> Ermal, >>>>>>> Thanks. I'll send to you off list. >>>>>>> >>>>>> Hi, >>>>>> >>>>>> did you guys find out what was wrong? I may have a similar problem. My >>>>>> server loses connection after some time. I think it is because the >>>>>> state >>>>>> table is getting full, but i only have a couple of active states. >>>>>> >>>>>> The current entries keep increasing, i had ~3600 this morning. >>>>>> >>>>>> flo@tb:~ # sudo pfctl -vsi|grep "current entries" >>>>>> No ALTQ support in kernel >>>>>> ALTQ related functions disabled >>>>>> current entries 4891 >>>>>> current entries 0 >>>>>> flo@tb:~ # sudo pfctl -ss| wc -l >>>>>> No ALTQ support in kernel >>>>>> ALTQ related functions disabled >>>>>> 12 >>>>>> >>>>>> Every new connection is added to the current entries but it seems they >>>>>> are never removed?! >>>>>> >>>>>> I've set debug to loud, what else should i do to track this down? >>>>> >>> There is a thread in freebsd-net@ explaining some culprits with >>> state table numbers from pfctl -ss and number from pfctl -vsi. >>> >> Ok, having another look at pfctl -vsi it looks like it confirms my suspicion >> that states do not get removed. >> >> State Table Total Rate >> current entries 5082 >> searches 296083 3.7/s >> inserts 5082 0.1/s >> removals 0 0.0/s >> > Well really it depends on the timeframe this statistic was taken! > > I do not want to be a nonbeliver but this was confirmed working by > other people that reported the same 'issue'. > > Other than that you can do a pfctl -dvvss and pfctl -dvvsi for every > minute and send them to compare. > Further more there should be a kernel thread "pfpurge" that is > running, verify with procstat which does the job of purging your > states. >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4E4DA348.6070903>