Date: Fri, 14 Oct 2011 21:04:21 +0100 From: Vincent Hoffman <vince@unsane.co.uk> To: Gavin Atkinson <gavin@freebsd.org> Cc: Ian FREISLICH <ianf@clue.co.za>, current@freebsd.org Subject: Re: 3 show-stopper issues with 9-BETA3 Message-ID: <4E9895C5.7030402@unsane.co.uk> In-Reply-To: <alpine.LNX.2.00.1110141948040.17907@ury.york.ac.uk> References: <E1RBSUJ-0008x8-PC@clue.co.za> <alpine.LNX.2.00.1110141948040.17907@ury.york.ac.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On 14/10/2011 19:58, Gavin Atkinson wrote: >> > 3. PF doesn't expire state. The state table on my older host (pre >> > OpenBSD-4.5) has the following stats: >> > >> > Status: Enabled for 0 days 00:37:17 Debug: Urgent >> > State Table Total Rate >> > current entries 169546 >> > searches 94387451 42193.8/s >> > inserts 4012389 1793.6/s >> > removals 3842843 1717.9/s >> > >> > The 9-BETA3 host's current entries exactly match the number >> > of inserts until it hits the hard limit of 1.5M entries and >> > can add no more. It takes about 10 minutes to fill up and >> > then no new flows are routed. > I've seen a few reports of this, and it's quite concerning. Please, can > you submit this as a PR? For tracking, this was a previous report with apparently a temporary workaround. http://lists.freebsd.org/pipermail/freebsd-pf/2011-October/006333.html I have a stable-9 virtual machine i can test on if needed but I have pf loaded as a module at the moment so dont have the issue. Vince
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4E9895C5.7030402>