From owner-freebsd-pf@FreeBSD.ORG Tue Jan 22 19:40:31 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CE87D16A418 for ; Tue, 22 Jan 2008 19:40:31 +0000 (UTC) (envelope-from lm.net.security@gmail.com) Received: from wx-out-0506.google.com (wx-out-0506.google.com [66.249.82.239]) by mx1.freebsd.org (Postfix) with ESMTP id 920C213C46B for ; Tue, 22 Jan 2008 19:40:31 +0000 (UTC) (envelope-from lm.net.security@gmail.com) Received: by wx-out-0506.google.com with SMTP id i29so1468092wxd.7 for ; Tue, 22 Jan 2008 11:40:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type; bh=vTzzH6wi8ylgiKg9c6YK9kg6Sn+aTBufGc7M3J6W4dU=; b=XqMr7It4M0ttDDqN2R4onrKpbZz0Sog9Q1VlmRUu8MuBRaDotMtLeL1ihCKfzh1SNS63pElorORljhh6fxWrV+fCaWEiFBhlCAzSA85S6aSP1vJMWM38gWDuea3H4XULWQO7UW2Sxqe4VRN6z7iROIB1za15hWU5UbvNMAwn1VI= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type; b=skKmFwAPwhe+krx1+EwcMbOv28C3i3clY6pAX6PuR9vp4MjbzdYqsLn4+ermDJzNfHkSNipCeIJUuiT+ddcsPT6I85l3r+DsqHcouSxoelMdyZIAzuKuqbmGmS7YhQGkZIvuoYDtqt6FKTOOtk5UQq/Pdz4TEAU9oHwIgRPBC78= Received: by 10.143.161.3 with SMTP id n3mr4350896wfo.32.1201029100505; Tue, 22 Jan 2008 11:11:40 -0800 (PST) Received: by 10.142.98.7 with HTTP; Tue, 22 Jan 2008 11:11:40 -0800 (PST) Message-ID: <8142b02f0801221111v35de1643odc5846c840f0144c@mail.gmail.com> Date: Tue, 22 Jan 2008 17:11:40 -0200 From: "Leandro Malaquias" To: freebsd-pf@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: No buffer space available X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Jan 2008 19:40:31 -0000 Hello everyone, This is my problem, my firewall is losing to many packets, below you will see the result of a simple ping. - RESULT of ping ======= [root@xxxx]# ping 192.168.0.1 PING 192.168.0.1 (192.168.0.1): 56 data bytes ping: sendto: No buffer space available 64 bytes from 192.168.0.1: icmp_seq=1 ttl=30 time=33.868 ms 64 bytes from 192.168.0.1: icmp_seq=2 ttl=30 time=33.573 ms 64 bytes from 192.168.0.1: icmp_seq=3 ttl=30 time=3.880 ms 64 bytes from 192.168.0.1: icmp_seq=4 ttl=30 time=54.057 ms ping: sendto: No buffer space available 64 bytes from 192.168.0.1: icmp_seq=6 ttl=30 time=78.320 ms ping: sendto: No buffer space available 64 bytes from 192.168.0.1: icmp_seq=8 ttl=30 time=47.838 ms 64 bytes from 192.168.0.1: icmp_seq=9 ttl=30 time=47.046 ms 64 bytes from 192.168.0.1: icmp_seq=10 ttl=30 time=2.992 ms 64 bytes from 192.168.0.1: icmp_seq=11 ttl=30 time=65.535 ms 64 bytes from 192.168.0.1: icmp_seq=12 ttl=30 time=90.268 ms ^C --- 192.168.0.1 ping statistics --- 13 packets transmitted, 10 packets received, 23% packet loss ========= EOF - RESULT of netstat -m ========== [root@xxxx /usr/ports/net/mtr]# netstat -m 968/1342/2310 mbufs in use (current/cache/total) 932/1358/2290/25600 mbuf clusters in use (current/cache/total/max) 656/752 mbuf+clusters out of packet secondary zone in use (current/cache) 0/0/0/0 4k (page size) jumbo clusters in use (current/cache/total/max) 0/0/0/0 9k jumbo clusters in use (current/cache/total/max) 0/0/0/0 16k jumbo clusters in use (current/cache/total/max) 2106K/3051K/5157K bytes allocated to network (current/cache/total) 0/0/0 requests for mbufs denied (mbufs/clusters/mbuf+clusters) 0/0/0 requests for jumbo clusters denied (4k/9k/16k) 0/8/6656 sfbufs in use (current/peak/max) 0 requests for sfbufs denied 0 requests for sfbufs delayed 0 requests for I/O initiated by sendfile 0 calls to protocol drain routines =========== EOF I have raised the value of: kern.ipc.nmbclusters and kern.ipc.nmbufs, but I haven't tested it yet cause I have to reboot my firewall, does anyone have any other ideas? -- Leandro Malaquias Linux are for those who hate Windows BSD are for those who love Unix # echo '[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq'|dc