From owner-freebsd-pf@FreeBSD.ORG  Wed Aug 17 12:27:11 2011
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 478F31065673;
	Wed, 17 Aug 2011 12:27:11 +0000 (UTC) (envelope-from flo@freebsd.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 300048FC25;
	Wed, 17 Aug 2011 12:27:11 +0000 (UTC)
Received: from bender.solomo.local (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p7HCR9oS023831;
	Wed, 17 Aug 2011 12:27:10 GMT (envelope-from flo@freebsd.org)
Message-ID: <4E4BB39D.8070903@freebsd.org>
Date: Wed, 17 Aug 2011 14:27:09 +0200
From: Florian Smeets <flo@freebsd.org>
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64;
	rv:6.0) Gecko/20110816 Thunderbird/6.0
MIME-Version: 1.0
To: obrien@freebsd.org
References: <201106281157.p5SBvP5g048097@svn.freebsd.org>
	<EA6E6909-A42B-4CF2-891A-B8A80E2B8476@FreeBSD.org>
	<20110629192224.2283efc8@fabiankeil.de>
	<20110707193539.GA60591@dragon.NUXI.org>
	<CAPBZQG1ZOBJh0BMPH+kKAHfWJoYCubdGunncd5Bhd7y39-_fkA@mail.gmail.com>
	<20110708170240.GA59024@dragon.NUXI.org>
In-Reply-To: <20110708170240.GA59024@dragon.NUXI.org>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Cc: "Bjoern A. Zeeb" <bz@freebsd.org>, freebsd-pf@freebsd.org
Subject: Re: svn commit: r223637 - in head: . contrib/pf/authpf
 contrib/pf/ftp-proxy
 contrib/pf/man contrib/pf/pfctl contrib/pf/pflogd sbin/pflogd sys/conf
 sys/contrib/altq/altq sys/contrib/pf/net sys/modules s...
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Aug 2011 12:27:11 -0000

On 08.07.2011 19:02, David O'Brien wrote:
> On Fri, Jul 08, 2011 at 02:26:37PM +0200, Ermal Lui wrote:
>> On Thu, Jul 7, 2011 at 9:35 PM, David O'Brien<obrien@freebsd.org>  wrote:
>>> I have 'pfctl', 'netstat', 'netstat -rn', and 'sysctl -a' output from one
>>> of these experiences. �Would they be useful to you in looking into this?
>>
>> please send those.
>> Also useful would be a description of your setup.
>
> Ermal,
> Thanks.  I'll send to you off list.
>

Hi,

did you guys find out what was wrong? I may have a similar problem. My 
server loses connection after some time. I think it is because the state 
table is getting full, but i only have a couple of active states.

The current entries keep increasing, i had ~3600 this morning.

flo@tb:~ # sudo pfctl -vsi|grep "current entries"
No ALTQ support in kernel
ALTQ related functions disabled
   current entries                     4891
   current entries                        0
flo@tb:~ # sudo pfctl -ss| wc -l
No ALTQ support in kernel
ALTQ related functions disabled
       12

Every new connection is added to the current entries but it seems they 
are never removed?!

I've set debug to loud, what else should i do to track this down?

Thanks,
Florian