Re: connections weirdness

Max Laier Sun, 25 Dec 2005 15:55:03 -0800

On Thursday 22 December 2005 22:17, Max Laier wrote:
> On Thursday 22 December 2005 20:12, Bruno Afonso wrote:
> > Hey guys (and gals!),
> >
> > I'm hitting what seems to be a bug on PF @ FreeBSD 6-stable:
> >
> > 6.0-STABLE FreeBSD 6.0-STABLE #0: Sun Nov 20 05:14:34 WET 2005
> >
> > If I do a pfct -vvsS | grep connetions I get some lines like this:
> >
> > 10.10.11.208 -> 0.0.0.0 ( states 3, connections 4294967295, rate 0.0/0s )
> > 10.10.13.213 -> 0.0.0.0 ( states 2, connections 4294967294, rate 0.0/0s )
> >
> > 10.10.14.236 -> 0.0.0.0 ( states 96, connections 4294967013, rate 0.0/0s
> > ) 10.10.12.238 -> 0.0.0.0 ( states 9, connections 4294967281, rate 0.0/0s
> > )
> >
> > I also get a normal number of connections, like 2, 10, 20, 30, etc. Now,
> > this number is completely insane, specially if we take into account the
> > rule that creates it:
> >
> > ala# pfctl -vvsS |grep 10.10.11.208 -A1
> > 10.10.11.208 -> 0.0.0.0 ( states 1, connections 1, rate 0.0/0s )
> >     age 02:22:00, 657 pkts, 39752 bytes, filter rule 171
> > --
> > 10.10.11.208 -> 0.0.0.0 ( states 1, connections 4294967295, rate 0.0/0s )
> >     age 02:22:15, 618 pkts, 52535 bytes, filter rule 148
> >
> > ala# pfctl -vvsr |grep @148 -A1
> > @148 pass in log on fxp0 from <torre_privados_nat:7> to any keep state
> > (max 5000, source-track rule, max-src-states 120, max-src-conn 100)
> > queue p2p
> >    [ Evaluations: 43699     Packets: 353469    Bytes: 122287213
> > States: 210   ]
> >
> >
> > I have been seeing this on rules in which I use max-src-conn but not on
> > others. So, what might be happening here? hasn't no one seen this
> > before? Also notice how similar the connections are, with the first 7
> > numbers equal.
>
> This is a underflow of the connection counter which is fixed in OpenBSD's
> pf.c rev. 1.499.  Unfortunately, the fix involves breaking ABI and thus is
> not easily imported.  Here is a local fix - please try and report back.


FYI: Committed to HEAD, MFC count down 3 days - please test!

-- 
/"\  Best regards,                      | [EMAIL PROTECTED]
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | [EMAIL PROTECTED]
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News

pgpLf5DdRazt6.pgp
Description: PGP signature

Re: connections weirdness

Reply via email to