From nobody Mon Jun 28 11:49:16 2021 X-Original-To: freebsd-pf@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 9349411CC98F for ; Mon, 28 Jun 2021 11:49:27 +0000 (UTC) (envelope-from thomas@gibfest.dk) Received: from smtp2.servers.tyknet.dk (smtp2.servers.tyknet.dk [89.233.43.78]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4GD5Vv32Crz4rGl; Mon, 28 Jun 2021 11:49:26 +0000 (UTC) (envelope-from thomas@gibfest.dk) Subject: Re: pfctl -P -ss -vv -- sometimes eats cpu and becomes unkillable DKIM-Filter: OpenDKIM Filter v2.10.3 smtp2.servers.tyknet.dk 3CFDB237B6 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=gibfest.dk; s=default; t=1624880958; bh=FlMe7rOJA4W6nlyIvAoNQRlGAVIpQhdg0l0tHGVN1EU=; h=Subject:To:Cc:References:From:Date:In-Reply-To; b=LHzPuupCXdsdW8tnziA+z09qznwx6yc1i+aREZoBEoKv4E0BWbCA6hH81RQvo5KOR b5N+ufriNptU3ow0WtOF5hsjKtbn9DRQf/F4LdorUQpPm99VcbH1Xl54fGM8+3FhIE OdAfTpM6Gg3QVXuDyc30TDhVuivoApiOut9b2GMNgreHPZaDZxFsjqP3VftdGTsu6V IEYpMu9wPzkDmbUftD97iIfs2yk3S3C/sTfRjsn5RTKs17QmlwLeoVe5lAUsLFPq5y u067L+phPU2Lt66wd3SAbaKCzax95LQjlM1ECDZbPNbH1gg/fTSQBNDQ0jLvm9mHEY vxDRxmXvzYqgg== To: Kristof Provost Cc: freebsd-pf@freebsd.org, =?UTF-8?Q?=c3=96zkan_KIRIK?= References: <04DAC68B-C6F0-49AD-B64C-A066F942A855@FreeBSD.org> Message-ID: <4ec42bb0-ab4d-967e-2612-72219cd0a125@gibfest.dk> Date: Mon, 28 Jun 2021 13:49:16 +0200 List-Id: Technical discussion and general questions about packet filter (pf) List-Archive: https://lists.freebsd.org/archives/freebsd-pf List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-pf@freebsd.org X-BeenThere: freebsd-pf@freebsd.org MIME-Version: 1.0 In-Reply-To: <04DAC68B-C6F0-49AD-B64C-A066F942A855@FreeBSD.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 4GD5Vv32Crz4rGl X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-4.00 / 15.00]; TAGGED_RCPT(0.00)[]; REPLY(-4.00)[] Reply-To: thomas@gibfest.dk From: Thomas Steen Rasmussen via freebsd-pf X-Original-From: Thomas Steen Rasmussen X-ThisMailContainsUnwantedMimeParts: N On 6/28/21 1:07 PM, Kristof Provost wrote: > On 26 Jun 2021, at 21:38, Özkan KIRIK wrote: >> Hi, >> >> pfctl -P -ss -vv command cannot finish and eats %100 of single core cpu >> when number of states is over 50.000. >> Even killall -9 pfctl doesn't help. process cannot be killed. >> >> I'm using FreeBSD stable/12 that pulled at 2021-06-05. >> State policy is configured as floating. I don't know if it matters >> switching to if-bound. >> >> Do you have any suggestions to overcome this problem? >> > None for now. I’m aware of the problem, it’s still related to nvlists. > It’s being worked on right now, but I have no ETA for a fix. > > — Kristof > Hello! Is there a PR for this issue? When did the code causing the issue enter 12/STABLE? Thanks! :) Best regards, Thomas