Date: Tue, 04 Oct 2011 14:06:05 -0700 From: "Bradley W. Dutton" <brad-fbsd-pf@duttonbros.com> To: freebsd-pf@freebsd.org Subject: 9-BETA3 "current entries" growing indefinitely Message-ID: <20111004140605.Horde.FqODeklJCItOi3U9N79RPQs@duttonbros.com>
next in thread | raw e-mail | index | archive | help
Hi, I just updated an 8-STABLE box to 9-BETA3 and have a problem where PF keeps growing the "current entries" indefinitely. I saw another person with a similar issue: http://groups.google.com/group/mailing.freebsd.current/browse_thread/thread/f350be446d1914d8?pli=1 But I didn't get any reply. I rebuilt world again once more after the initial 8-STABLE upgrade to see if it would fix itself but no luck. My firewall rules haven't changed and from what I've read I shouldn't need to change anything for this update. Anyone have any ideas? Flusing states will clear out the 34 states but won't clear the current entries. I've had to do the following in pf.conf to keep my home router up for more than a day: set limit states 1600000 # this used to be 30k Thanks, Brad pfctl -ss | wc -l 34 pfctl -si Status: Enabled for 3 days 13:53:17 Debug: Urgent Interface Stats for em0 IPv4 IPv6 Bytes In 3305522392 0 Bytes Out 425326123 0 Packets In Passed 3651954 0 Blocked 25784 0 Packets Out Passed 2919432 0 Blocked 737 0 State Table Total Rate current entries 229706 searches 45831728 148.2/s inserts 229706 0.7/s removals 0 0.0/s Counters match 287626 0.9/s bad-offset 0 0.0/s fragment 0 0.0/s short 0 0.0/s normalize 0 0.0/s memory 0 0.0/s bad-timestamp 0 0.0/s congestion 0 0.0/s ip-option 0 0.0/s proto-cksum 0 0.0/s state-mismatch 264 0.0/s state-insert 1 0.0/s state-limit 0 0.0/s src-limit 62 0.0/s synproxy 2194 0.0/s
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20111004140605.Horde.FqODeklJCItOi3U9N79RPQs>