3 show-stopper issues with 9-BETA3

Vincent Hoffman vince at unsane.co.uk
Fri Oct 14 20:04:27 UTC 2011


On 14/10/2011 19:58, Gavin Atkinson wrote:
>> > 3. PF doesn't expire state. The state table on my older host (pre
>> > 	OpenBSD-4.5) has the following stats:
>> > 
>> > 	Status: Enabled for 0 days 00:37:17           Debug: Urgent
>> > 	State Table                          Total             Rate
>> > 	  current entries                   169546               
>> > 	  searches                        94387451        42193.8/s
>> > 	  inserts                          4012389         1793.6/s
>> > 	  removals                         3842843         1717.9/s
>> > 
>> > 	The 9-BETA3 host's current entries exactly match the number
>> > 	of inserts until it hits the hard limit of 1.5M entries and
>> > 	can add no more.  It takes about 10 minutes to fill up and
>> > 	then no new flows are routed.
> I've seen a few reports of this, and it's quite concerning.  Please, can 
> you submit this as a PR?
For tracking, this was a previous report with apparently a temporary
workaround.
http://lists.freebsd.org/pipermail/freebsd-pf/2011-October/006333.html
I have a stable-9 virtual machine i can test on if needed but I have pf
loaded as a module at the moment so dont have the issue.


Vince



More information about the freebsd-current mailing list