[issue582] PF states bug

Gergo Szakal bastyaelvtars at gmail.com
Thu Apr 19 07:30:55 PDT 2007


On Thu, 19 Apr 2007 14:15:01 -0000
Simon 'corecode' Schubert <bugs at lists.dragonflybsd.org> wrote:


> 
> Ah, don't worry.  Does it persist on 1.8-RELEASE?
> 

Yes.

-------------------------------------------------
szg at fw:/home/szg# pfctl -F all
rules cleared
nat cleared
1 tables deleted.
altq cleared
130 states cleared
source tracking entries cleared
pf: statistics cleared
-------------------------------------------------
After a few minutes (NB: this is a bridge filtering 70 hosts which are doing soooo much P2P:
-------------------------------------------------
szg at fw:/home/szg# pfctl -si
Status: Enabled for 0 days 23:06:11           Debug: Urgent

Hostid: 0xbaafed3e

Interface Stats for sk1               IPv4             IPv6
  Bytes In                        72602328                0
  Bytes Out                      272202489                0
  Packets In
    Passed                          203338                0
    Blocked                             22                0
  Packets Out
    Passed                          292272                0
    Blocked                              0                0

State Table                          Total             Rate
  current entries                        0               
  searches                         1983044           23.8/s
  inserts                                0            0.0/s
  removals                               0            0.0/s
Counters
  match                            1983044           23.8/s
  bad-offset                             0            0.0/s
  fragment                               0            0.0/s
  short                                 36            0.0/s
  normalize                              0            0.0/s
  memory                                 0            0.0/s
szg at fw:/home/szg# uname -a
DragonFly fw.jancso.szote.u-szeged.hu 1.8.1-RELEASE DragonFly 1.8.1-RELEASE #5: Tue Mar 27 23:27:44 CEST 2007     szg at fw.jancso.szote.u-szeged.hu:/usr/obj/usr/src/sys/BRIDGE  i386
-------------------------------------------------

Since the number of matches keep increasing on each information query, I suspect that this is actually an error in query/response to it, maybe there are actual states (any way to check that?)

-- 
Gergo Szakal <bastyaelvtars at gmail.com>
University of Szeged, Hungary
Faculty Of General Medicine





More information about the Bugs mailing list