connections weirdness
Bruno Afonso
brunomiguel at dequim.ist.utl.pt
Thu Dec 22 11:12:26 PST 2005
Hey guys (and gals!),
I'm hitting what seems to be a bug on PF @ FreeBSD 6-stable:
6.0-STABLE FreeBSD 6.0-STABLE #0: Sun Nov 20 05:14:34 WET 2005
If I do a pfct -vvsS | grep connetions I get some lines like this:
10.10.11.208 -> 0.0.0.0 ( states 3, connections 4294967295, rate 0.0/0s )
10.10.13.213 -> 0.0.0.0 ( states 2, connections 4294967294, rate 0.0/0s )
10.10.14.236 -> 0.0.0.0 ( states 96, connections 4294967013, rate 0.0/0s )
10.10.12.238 -> 0.0.0.0 ( states 9, connections 4294967281, rate 0.0/0s )
I also get a normal number of connections, like 2, 10, 20, 30, etc. Now,
this number is completely insane, specially if we take into account the
rule that creates it:
ala# pfctl -vvsS |grep 10.10.11.208 -A1
10.10.11.208 -> 0.0.0.0 ( states 1, connections 1, rate 0.0/0s )
age 02:22:00, 657 pkts, 39752 bytes, filter rule 171
--
10.10.11.208 -> 0.0.0.0 ( states 1, connections 4294967295, rate 0.0/0s )
age 02:22:15, 618 pkts, 52535 bytes, filter rule 148
ala# pfctl -vvsr |grep @148 -A1
@148 pass in log on fxp0 from <torre_privados_nat:7> to any keep state
(max 5000, source-track rule, max-src-states 120, max-src-conn 100)
queue p2p
[ Evaluations: 43699 Packets: 353469 Bytes: 122287213
States: 210 ]
I have been seeing this on rules in which I use max-src-conn but not on
others. So, what might be happening here? hasn't no one seen this
before? Also notice how similar the connections are, with the first 7
numbers equal.
BA
More information about the freebsd-pf
mailing list