Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 27 Jan 2015 17:25:39 +1100
From:      Aristedes Maniatis <ari@ish.com.au>
To:        freebsd-pf@freebsd.org
Subject:   meaning of State-mismatch
Message-ID:  <54C72F63.8040908@ish.com.au>

next in thread | raw e-mail | index | archive | help
I have been unable to find much documentation about the counter called "state-mismatch". I notice it going up on my firewall (FreeBSD 10.1) but only at a slow rate (maybe at around 1 per minute).

What is the significance of this value? Is it indicative of dropped states (and I should be increasing the state timeout)?

Thank you
Ari



In full, I see this:

# pfctl -si
No ALTQ support in kernel
ALTQ related functions disabled
Status: Enabled for 14 days 18:57:27          Debug: Urgent

State Table                          Total             Rate
  current entries                     3768
  searches                       927120779          725.5/s
  inserts                         40516048           31.7/s
  removals                        40512275           31.7/s
Counters
  match                           37456359           29.3/s
  bad-offset                             0            0.0/s
  fragment                               2            0.0/s
  short                                  2            0.0/s
  normalize                            368            0.0/s
  memory                                 0            0.0/s
  bad-timestamp                          0            0.0/s
  congestion                             0            0.0/s
  ip-option                              0            0.0/s
  proto-cksum                            0            0.0/s
  state-mismatch                     21848            0.0/s
  state-insert                           0            0.0/s
  state-limit                            0            0.0/s
  src-limit                              0            0.0/s
  synproxy                               0            0.0/s

Ari


-- 
-------------------------->
Aristedes Maniatis
ish
http://www.ish.com.au
Level 1, 30 Wilson Street Newtown 2042 Australia
phone +61 2 9550 5001   fax +61 2 9550 4001
GPG fingerprint CBFB 84B4 738D 4E87 5E5C  5EFA EF6A 7D2E 3E49 102A



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?54C72F63.8040908>