Date: Sat, 21 Jan 2017 20:26:55 +0100 From: "Kristof Provost" <kp@FreeBSD.org> To: "Bakul Shah" <bakul@bitblocks.com> Cc: "Ermal =?utf-8?q?Lu=C3=A7i?=" <eri@freebsd.org>, "FreeBSD Net" <freebsd-net@freebsd.org>, "Alan Somers" <asomers@freebsd.org> Subject: Re: pf & NAT issue Message-ID: <8C57C982-11BB-4BB4-97B7-4A5396336DB9@FreeBSD.org> In-Reply-To: <20170121042118.722C6124AEA4@mail.bitblocks.com> References: <20170120083555.ACCF9124AEA4@mail.bitblocks.com> <7C29D00C-94C0-4550-B1B2-CE307482B544@FreeBSD.org> <CAOtMX2hTcEkw_WzgtcEEipGY391zB=skrk7O=dknRMMG%2BDa%2BBA@mail.gmail.com> <20170120203106.CD2C8124AEA4@mail.bitblocks.com> <FB01B6F5-5269-4FE4-9B22-51A6AA60705E@FreeBSD.org> <20170120205933.8948A124AEA3@mail.bitblocks.com> <CAPBZQG3sFKRTPbRGh7KSh1bsp2FHNX84Baw0dV3-QXKBhZQVvw@mail.gmail.com> <20170120211734.488D8124AEA5@mail.bitblocks.com> <CAPBZQG0KOStWT_m8pmg8gmpJm%2BR0qhAt6U=NOi07_xiXO6EAuw@mail.gmail.com> <20170121042118.722C6124AEA4@mail.bitblocks.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 21 Jan 2017, at 5:21, Bakul Shah wrote: > I finally had some time to look at the sources & noticed > /sys/netpfil/pf/pf.c:pf_purge_thread now runs 10 times a > second instead of once a second, which gave me the idea of > increasing "interval" timeout by a factor of 10 and this seems > to have mostly fixed the problem. But I don't know where the > actual problem is. The logic is too complicated to understand > in a few minutes so I didn't try to find the root cause at the > moment. [But I don't understand why pf times out normal > connections. Long lasting idle connections are perfectly fine. Have you tried increasing the state limit? This sounds like your states are being cleaned up, which might happen because you’re running close to the limit. > And fragment GC should not be coupled with connection state > expiry] > I think that’s simply because they both need a timeout and it’s more efficient to handle both at the same time than to set two timers. Regards, Kristof
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8C57C982-11BB-4BB4-97B7-4A5396336DB9>