From nobody Mon Jun 28 11:07:29 2021
X-Original-To: freebsd-pf@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id CF95911C951E
	for <freebsd-pf@mlmmj.nyi.freebsd.org>; Mon, 28 Jun 2021 11:07:32 +0000 (UTC)
	(envelope-from kp@FreeBSD.org)
Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "smtp.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4GD4ZX5XYgz4mRn;
	Mon, 28 Jun 2021 11:07:32 +0000 (UTC)
	(envelope-from kp@FreeBSD.org)
Received: from venus.codepro.be (venus.codepro.be [5.9.86.228])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client CN "mx1.codepro.be", Issuer "R3" (verified OK))
	(Authenticated sender: kp)
	by smtp.freebsd.org (Postfix) with ESMTPSA id 8C25281E5;
	Mon, 28 Jun 2021 11:07:32 +0000 (UTC)
	(envelope-from kp@FreeBSD.org)
Received: by venus.codepro.be (Postfix, authenticated sender kp)
 id 799B531680;
	Mon, 28 Jun 2021 13:07:30 +0200 (CEST)
From: "Kristof Provost" <kp@FreeBSD.org>
To: "=?utf-8?q?=C3=96zkan?= KIRIK" <ozkan.kirik@gmail.com>
Cc: freebsd-pf@freebsd.org
Subject: Re: pfctl -P -ss -vv -- sometimes eats cpu and becomes unkillable
Date: Mon, 28 Jun 2021 13:07:29 +0200
X-Mailer: MailMate (1.13.2r5673)
Message-ID: <04DAC68B-C6F0-49AD-B64C-A066F942A855@FreeBSD.org>
In-Reply-To: <CAAcX-AE3h9x67_xa5yk4kQqj9RvVqviy8bORLSO4BfxKZTfLmQ@mail.gmail.com>
References: <CAAcX-AE3h9x67_xa5yk4kQqj9RvVqviy8bORLSO4BfxKZTfLmQ@mail.gmail.com>
List-Id: Technical discussion and general questions about packet filter (pf) <freebsd-pf.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-pf
List-Help: <mailto:pf+help@freebsd.org>
List-Post: <mailto:pf@freebsd.org>
List-Subscribe: <mailto:pf+subscribe@freebsd.org>
List-Unsubscribe: <mailto:pf+unsubscribe@freebsd.org>
Sender: owner-freebsd-pf@freebsd.org
X-BeenThere: freebsd-pf@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"; format=flowed; markup=markdown
Content-Transfer-Encoding: 8bit
X-ThisMailContainsUnwantedMimeParts: N

On 26 Jun 2021, at 21:38, Özkan KIRIK wrote:
> Hi,
>
> pfctl -P -ss -vv command cannot finish and eats %100 of single core 
> cpu
> when number of states is over 50.000.
> Even killall -9 pfctl doesn't help. process cannot be killed.
>
> I'm using FreeBSD stable/12 that pulled at 2021-06-05.
> State policy is configured as floating. I don't know if it matters
> switching to if-bound.
>
> Do you have any suggestions to overcome this problem?
>
None for now. I’m aware of the problem, it’s still related to 
nvlists. It’s being worked on right now, but I have no ETA for a fix.

— Kristof