I have been unable to find much documentation about the counter called "state-mismatch". I notice it going up on my firewall (FreeBSD 10.1) but only at a slow rate (maybe at around 1 per minute).
What is the significance of this value? Is it indicative of dropped states (and I should be increasing the state timeout)? Thank you Ari In full, I see this: # pfctl -si No ALTQ support in kernel ALTQ related functions disabled Status: Enabled for 14 days 18:57:27 Debug: Urgent State Table Total Rate current entries 3768 searches 927120779 725.5/s inserts 40516048 31.7/s removals 40512275 31.7/s Counters match 37456359 29.3/s bad-offset 0 0.0/s fragment 2 0.0/s short 2 0.0/s normalize 368 0.0/s memory 0 0.0/s bad-timestamp 0 0.0/s congestion 0 0.0/s ip-option 0 0.0/s proto-cksum 0 0.0/s state-mismatch 21848 0.0/s state-insert 0 0.0/s state-limit 0 0.0/s src-limit 0 0.0/s synproxy 0 0.0/s Ari -- --------------------------> Aristedes Maniatis ish http://www.ish.com.au Level 1, 30 Wilson Street Newtown 2042 Australia phone +61 2 9550 5001 fax +61 2 9550 4001 GPG fingerprint CBFB 84B4 738D 4E87 5E5C 5EFA EF6A 7D2E 3E49 102A _______________________________________________ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
