On 19.08.2011 01:34, Pierre Lamy wrote:
I just found how to resolve the problem (1 minute ago) as I was also
having the same issue. If you compile pf into the kernel, state removals
are NOT performed at all. pftop will show you garbage null entries.
Flushing current states works for real states, but the malloc is never
cleared for the garbage entries. Eventually you will run out of memory
(max state entries too high), or be unable to add any more states. A
reboot is the only way to clear it.
I recompiled as a module and not in the kernel, it "just works" without
any special extra steps.
I can confirm (using the same kernel sources as before) that using the
modules fixed the problem for me too.
State Table Total Rate
current entries 5
searches 807 4.0/s
inserts 45 0.2/s
removals 40 0.2/s
Cheers,
Florian
_______________________________________________
freebsd-pf@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
