From owner-freebsd-current@FreeBSD.ORG  Fri Oct 14 20:04:27 2011
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 0A19010656DA;
	Fri, 14 Oct 2011 20:04:27 +0000 (UTC)
	(envelope-from vince@unsane.co.uk)
Received: from unsane.co.uk (unsane-pt.tunnel.tserv5.lon1.ipv6.he.net
	[IPv6:2001:470:1f08:110::2])
	by mx1.freebsd.org (Postfix) with ESMTP id 9075E8FC17;
	Fri, 14 Oct 2011 20:04:26 +0000 (UTC)
Received: from vhoffman-macbooklocal.local ([10.10.10.20])
	(authenticated bits=0)
	by unsane.co.uk (8.14.4/8.14.4) with ESMTP id p9EK4LJK025364
	(version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO);
	Fri, 14 Oct 2011 21:04:21 +0100 (BST)
	(envelope-from vince@unsane.co.uk)
Message-ID: <4E9895C5.7030402@unsane.co.uk>
Date: Fri, 14 Oct 2011 21:04:21 +0100
From: Vincent Hoffman <vince@unsane.co.uk>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6;
	rv:7.0.1) Gecko/20110929 Thunderbird/7.0.1
MIME-Version: 1.0
To: Gavin Atkinson <gavin@freebsd.org>
References: <E1RBSUJ-0008x8-PC@clue.co.za>
	<alpine.LNX.2.00.1110141948040.17907@ury.york.ac.uk>
In-Reply-To: <alpine.LNX.2.00.1110141948040.17907@ury.york.ac.uk>
X-Enigmail-Version: 1.3.2
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: Ian FREISLICH <ianf@clue.co.za>, current@freebsd.org
Subject: Re: 3 show-stopper issues with 9-BETA3
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Oct 2011 20:04:27 -0000

On 14/10/2011 19:58, Gavin Atkinson wrote:
>> > 3. PF doesn't expire state. The state table on my older host (pre
>> > 	OpenBSD-4.5) has the following stats:
>> > 
>> > 	Status: Enabled for 0 days 00:37:17           Debug: Urgent
>> > 	State Table                          Total             Rate
>> > 	  current entries                   169546               
>> > 	  searches                        94387451        42193.8/s
>> > 	  inserts                          4012389         1793.6/s
>> > 	  removals                         3842843         1717.9/s
>> > 
>> > 	The 9-BETA3 host's current entries exactly match the number
>> > 	of inserts until it hits the hard limit of 1.5M entries and
>> > 	can add no more.  It takes about 10 minutes to fill up and
>> > 	then no new flows are routed.
> I've seen a few reports of this, and it's quite concerning.  Please, can 
> you submit this as a PR?
For tracking, this was a previous report with apparently a temporary
workaround.
http://lists.freebsd.org/pipermail/freebsd-pf/2011-October/006333.html
I have a stable-9 virtual machine i can test on if needed but I have pf
loaded as a module at the moment so dont have the issue.


Vince