svn commit: r223637 - in head: . contrib/pf/authpf contrib/pf/ftp-proxy contrib/pf/man contrib/pf/pfctl contrib/pf/pflogd sbin/pflogd sys/conf sys/contrib/altq/altq sys/contrib/pf/net sys/modules s...

[Florian Smeets]

On 19.08.2011 01:34, Pierre Lamy wrote:
> I just found how to resolve the problem (1 minute ago) as I was also
> having the same issue. If you compile pf into the kernel, state removals
> are NOT performed at all. pftop will show you garbage null entries.
> Flushing current states works for real states, but the malloc is never
> cleared for the garbage entries. Eventually you will run out of memory
> (max state entries too high), or be unable to add any more states. A
> reboot is the only way to clear it.
>
> I recompiled as a module and not in the kernel, it "just works" without
> any special extra steps.
>

I can confirm (using the same kernel sources as before) that using the 
modules fixed the problem for me too.

State Table                          Total             Rate
   current entries                        5
   searches                             807            4.0/s
   inserts                               45            0.2/s
   removals                              40            0.2/s

Cheers,
Florian