set limit { states X, frags Y } not working - buggy?
Eduardo Meyer
dudu.meyer at gmail.com
Tue Jan 23 13:18:14 UTC 2007
On 1/23/07, Max Laier <max at love2party.net> wrote:
> On Tuesday 23 January 2007 13:09, Eduardo Meyer wrote:
> > Please, see:
> >
> > # pfctl -s memory
> > states hard limit 5000
> > src-nodes hard limit 10000
> > frags hard limit 2500
> >
> > # pfctl -s info | grep "current entries"
> > current entries 13770
> >
> > What am I confusing here, or this really should not happen?
>
> What does "vmstat -z | grep ^pf" give? A quick check here suggests that
> this might be a problem in the zone(9) allocator as the limit is
> correctly propergated to the the uma zone in question, but not enforced
> it seems.
Max, thanks for asking. Here it's what the command returns
# vmstat -z | grep ^pf
pfsrctrpl: 100, 10023, 0, 78, 77
pfrulepl: 604, 0, 140, 88, 17555
pfstatepl: 260, 5010, 8096, 1879, 38569766
pfaltqpl: 128, 0, 0, 0, 0
pfpooladdrpl: 68, 0, 72, 152, 8534
pfrktable: 1240, 0, 5, 4, 89
pfrkentry: 156, 0, 10, 40, 481
pfrkentry2: 156, 0, 0, 0, 0
pffrent: 16, 2639, 0, 0, 0
pffrag: 48, 0, 0, 0, 0
pffrcache: 48, 10062, 0, 0, 0
pffrcent: 12, 50141, 0, 0, 0
pfstatescrub: 28, 0, 0, 0, 0
pfiaddrpl: 92, 0, 12, 114, 260
pfospfen: 108, 0, 345, 51, 22770
pfosfp: 28, 0, 188, 193, 12408
Right now I have some fewer sessions:
# pfctl -s info | grep "current entries"
current entries 8306
But way higher than the configured limit of 5k.
--
===========
Eduardo Meyer
pessoal: dudu.meyer at gmail.com
profissional: ddm.farmaciap at saude.gov.br
More information about the freebsd-pf
mailing list