problems with tftp-proxy in 11.1?
Kristof Provost
kristof at sigsegv.be
Wed Dec 6 22:01:51 UTC 2017
On 6 Dec 2017, at 21:25, John Jasen wrote:
> On 12/04/2017 02:47 PM, Kristof Provost wrote:
>>
>> On 4 Dec 2017, at 19:57, John Jasen wrote:
>>
>> Depending on circumstances, we see a lot or a very few of the
>> following
>> messages:
>> "pf connection lookup failed (no rdr?)"
>>
>> That means the state lookup (using ioctl(DIOCNATLOOK)) failed.
>> There seem to be a couple of possible reasons why that might happen.
>> One of which is that there’s no state at all. Can you check how
>> many
>> states you’ve got (and what the limits are)?
>>
> The state tables should be fine. They're currently in the 30k range,
> set
> to alert in nagios at 250k.
>
> I've attached truss snippets and log snippets from a failed
> connection.
> truss was obtained via truss -f -p $pid -o outfile, and grepping down
> via the failued pid as logged in syslog.
>
Okay, so this is interesting:
> 25013: ioctl(4,0xc04c4417 { IORW 0x44('D'), 23, 76 },0x7fffffffe5b0)
> ERR#2 'No such file or directory'
The DIOCNATLOOK ioctl() fails with ENOENT, which happens if the state
can’t be found.
Of course, I have no idea why that would happen. Does this affect some
tftp connections or all of them?
Can you post the outputs of `pfctl -s memory`, `pfctl -s info` and `sudo
pfctl -s limits`?
Regards,
Kristof
More information about the freebsd-pf
mailing list