Date: Tue, 27 Jan 2015 17:25:39 +1100 From: Aristedes Maniatis <ari@ish.com.au> To: freebsd-pf@freebsd.org Subject: meaning of State-mismatch Message-ID: <54C72F63.8040908@ish.com.au>
next in thread | raw e-mail | index | archive | help
I have been unable to find much documentation about the counter called "state-mismatch". I notice it going up on my firewall (FreeBSD 10.1) but only at a slow rate (maybe at around 1 per minute). What is the significance of this value? Is it indicative of dropped states (and I should be increasing the state timeout)? Thank you Ari In full, I see this: # pfctl -si No ALTQ support in kernel ALTQ related functions disabled Status: Enabled for 14 days 18:57:27 Debug: Urgent State Table Total Rate current entries 3768 searches 927120779 725.5/s inserts 40516048 31.7/s removals 40512275 31.7/s Counters match 37456359 29.3/s bad-offset 0 0.0/s fragment 2 0.0/s short 2 0.0/s normalize 368 0.0/s memory 0 0.0/s bad-timestamp 0 0.0/s congestion 0 0.0/s ip-option 0 0.0/s proto-cksum 0 0.0/s state-mismatch 21848 0.0/s state-insert 0 0.0/s state-limit 0 0.0/s src-limit 0 0.0/s synproxy 0 0.0/s Ari -- --------------------------> Aristedes Maniatis ish http://www.ish.com.au Level 1, 30 Wilson Street Newtown 2042 Australia phone +61 2 9550 5001 fax +61 2 9550 4001 GPG fingerprint CBFB 84B4 738D 4E87 5E5C 5EFA EF6A 7D2E 3E49 102A
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?54C72F63.8040908>