Date: Fri, 24 Mar 2017 06:38:51 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-pf@FreeBSD.org Subject: [Bug 217997] [pf] orphaned entries in src-track Message-ID: <bug-217997-17777-48cyfNUDtW@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-217997-17777@https.bugs.freebsd.org/bugzilla/> References: <bug-217997-17777@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D217997 Max <maximos@als.nnov.ru> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |maximos@als.nnov.ru --- Comment #1 from Max <maximos@als.nnov.ru> --- (In reply to Robert Schulze from comment #0) Hello, Robert. >The problem is, that src-track table grows until no more entries can be > inserted. Although there are no states from a sample ip-address in the st= ate=20 >table, there are still references in the src-track table: > ># pfctl -vsS | grep -A1 $example-address >$example-address -> $www-addr ( states 4, connections 0, rate 0.0/0s ) > age 01:47:25, 4808 pkts, 1713437 bytes, rdr rule 0 > ># pfctl -sS | grep $example-address >(nothing shown) "rdr rule 0". I think it is something related to "sticky-address". Do you h= ave any kernel messages? man pf.conf states: "Note that by default these associations are destroyed as soon as there are= no longer states which refer to them; in order to make the mappings last beyond the lifetime of the states, increase the global options with set timeout src.track." And do you have "expires in" counter in "pfctl -vsS" output? --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-217997-17777-48cyfNUDtW>