svn commit: r223637 - in head: . contrib/pf/authpf contrib/pf/ftp-proxy contrib/pf/man contrib/pf/pfctl contrib/pf/pflogd sbin/pflogd sys/conf sys/contrib/altq/altq sys/contrib/pf/net sys/modules s...

Ermal Luçi eri at freebsd.org
Wed Aug 17 12:58:42 UTC 2011


On Wed, Aug 17, 2011 at 2:37 PM, Florian Smeets <flo at freebsd.org> wrote:
> On 17.08.2011 14:30, Bjoern A. Zeeb wrote:
>>
>> On Aug 17, 2011, at 12:27 PM, Florian Smeets wrote:
>>
>>> On 08.07.2011 19:02, David O'Brien wrote:
>>>>
>>>> On Fri, Jul 08, 2011 at 02:26:37PM +0200, Ermal Lui wrote:
>>>>>
>>>>> On Thu, Jul 7, 2011 at 9:35 PM, David O'Brien<obrien at freebsd.org>
>>>>> wrote:
>>>>>>
>>>>>> I have 'pfctl', 'netstat', 'netstat -rn', and 'sysctl -a' output from
>>>>>> one
>>>>>> of these experiences. �Would they be useful to you in looking into
>>>>>> this?
>>>>>
>>>>> please send those.
>>>>> Also useful would be a description of your setup.
>>>>
>>>> Ermal,
>>>> Thanks.  I'll send to you off list.
>>>>
>>>
>>> Hi,
>>>
>>> did you guys find out what was wrong? I may have a similar problem. My
>>> server loses connection after some time. I think it is because the state
>>> table is getting full, but i only have a couple of active states.
>>>
>>> The current entries keep increasing, i had ~3600 this morning.
>>>
>>> flo at tb:~ # sudo pfctl -vsi|grep "current entries"
>>> No ALTQ support in kernel
>>> ALTQ related functions disabled
>>>  current entries                     4891
>>>  current entries                        0
>>> flo at tb:~ # sudo pfctl -ss| wc -l
>>> No ALTQ support in kernel
>>> ALTQ related functions disabled
>>>      12
>>>
>>> Every new connection is added to the current entries but it seems they
>>> are never removed?!
>>>
>>> I've set debug to loud, what else should i do to track this down?
>>
>>

There is a thread in freebsd-net@ explaining some culprits with
state table numbers from pfctl -ss  and number from pfctl -vsi.

>> What version (SVN r#) are you running?
>>
>
> FreeBSD 9.0-BETA1 #2 r224876: Mon Aug 15 09:52:56 CEST 2011
> _______________________________________________
> freebsd-pf at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
>



-- 
Ermal


More information about the freebsd-pf mailing list