On 13 Oct 2020, at 14:02, Eugene M. Zheganin wrote:
Hello,
On 13.10.2020 14:19, Kristof Provost wrote:
Are these symptoms of a bug ?
Perhaps. It can also be a symptom of resource exhaustion.
Are there any signs of memory allocation failures, or incrementing
error counters (in netstat or in pfctl)?
Well, the only signs of resource exhaustion I know so far are:
- "PF state limit reached" in /var/log/messages (none so far)
- mbufs starvation in netstat -m (zero so far)
- various queue failure counters in netstat -s -p tcp, but since this
only applies to TCP this is hardly related (although it seems like
there's also none).
so, what should I take a look at ?
Disabled PF shows in pfctl -s info:
[root@gw1:/var/log]# pfctl -s info
Status: Disabled for 0 days 00:41:42 Debug: Urgent
State Table
Total Rate
current entries 9634
searches
24212900618 9677418.3/s
inserts
222708269 89012.1/s
removals
222698635 89008.2/s
Counters
match
583327668 233144.6/s
bad-offset
0 0.0/s
fragment
1 0.0/s
short
0 0.0/s
normalize
0 0.0/s
memory
0 0.0/s
bad-timestamp
0 0.0/s
congestion
0 0.0/s
ip-option
76057 30.4/s
proto-cksum
9669 3.9/s
state-mismatch
3007108 1201.9/s
state-insert
13236 5.3/s
state-limit
0 0.0/s
src-limit
0 0.0/s
synproxy
0 0.0/s
map-failed
0 0.0/s
What’s your current state limit? You’re getting a lot of
state-mismatches. (Also note that ip-options and proto-cksum also
indicate dropped packets.)
If you set pfctl -x loud you should get reports for those state
mismatches. There’ll be a lot though, so maybe pick a quiet time to do
that.
Kristof
_______________________________________________
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
