Date: Tue, 22 Apr 2003 15:21:34 +0200 From: Martin Stiemerling <Martin.Stiemerling@ccrle.nec.de> To: Daniel Lang <dl@leo.org> Cc: freebsd-net@freebsd.org Subject: Re: IPfilter changes? Message-ID: <3EA541DE.1080706@ccrle.nec.de> References: <20030417072027.GA38782@atrbg11.informatik.tu-muenchen.de> <3E9E6D34.5020100@ccrle.nec.de> <20030422083532.GB49848@atrbg11.informatik.tu-muenchen.de> <3EA508EB.5020906@ccrle.nec.de> <20030422093422.GE49848@atrbg11.informatik.tu-muenchen.de> <20030422131133.GI49848@atrbg11.informatik.tu-muenchen.de>
next in thread | previous in thread | raw e-mail | index | archive | help
[...] > Flushing the state stable (small): ipf -Fs > did help, but not always. I've issued this a couple > of times, and suddenly it worked again. Ah, ok, So you are running out of state table entries... > > Flushing all states: ipf -FS helped a lot. It works much longer > than just flushing incomplete states. > However, ipfstat -s always shows: > [..] > 0 no memory > [..] That's OK, i.e. no out of memory problems within IP Filter. Would be nice to see the "State table bucket statistics" output from the end of ipfstat -s. Here are the limits for states compiled into IP FIlter (taken from ip_state.h): #ifndef IPSTATE_SIZE # define IPSTATE_SIZE 5737 #endif #ifndef IPSTATE_MAX # define IPSTATE_MAX 4013 /* Maximum number of states held */ #endif Martin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3EA541DE.1080706>