meaning of State-mismatch

Aristedes Maniatis ari at ish.com.au
Tue Jan 27 06:40:17 UTC 2015


I have been unable to find much documentation about the counter called "state-mismatch". I notice it going up on my firewall (FreeBSD 10.1) but only at a slow rate (maybe at around 1 per minute).

What is the significance of this value? Is it indicative of dropped states (and I should be increasing the state timeout)?

Thank you
Ari



In full, I see this:

# pfctl -si
No ALTQ support in kernel
ALTQ related functions disabled
Status: Enabled for 14 days 18:57:27          Debug: Urgent

State Table                          Total             Rate
  current entries                     3768
  searches                       927120779          725.5/s
  inserts                         40516048           31.7/s
  removals                        40512275           31.7/s
Counters
  match                           37456359           29.3/s
  bad-offset                             0            0.0/s
  fragment                               2            0.0/s
  short                                  2            0.0/s
  normalize                            368            0.0/s
  memory                                 0            0.0/s
  bad-timestamp                          0            0.0/s
  congestion                             0            0.0/s
  ip-option                              0            0.0/s
  proto-cksum                            0            0.0/s
  state-mismatch                     21848            0.0/s
  state-insert                           0            0.0/s
  state-limit                            0            0.0/s
  src-limit                              0            0.0/s
  synproxy                               0            0.0/s

Ari


-- 
-------------------------->
Aristedes Maniatis
ish
http://www.ish.com.au
Level 1, 30 Wilson Street Newtown 2042 Australia
phone +61 2 9550 5001   fax +61 2 9550 4001
GPG fingerprint CBFB 84B4 738D 4E87 5E5C  5EFA EF6A 7D2E 3E49 102A


More information about the freebsd-pf mailing list