https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=217997
--- Comment #7 from Max <maxi...@als.nnov.ru> --- A bit more info... Before reaching the limit: Status: Enabled for 0 days 04:08:59 Debug: Urgent State Table Total Rate current entries 120 searches 7976 0.5/s inserts 997 0.1/s removals 877 0.1/s Source Tracking Table current entries 0 searches 1623 0.1/s inserts 236 0.0/s removals 216 0.0/s Limit Counters max states per rule 2 0.0/s max-src-states 4 0.0/s ITEM SIZE LIMIT USED FREE REQ FAIL SLEEP pf mtags: 40, 0, 0, 0, 0, 0, 0 pf states: 296, 10010, 120, 62, 997, 0, 0 pf state keys: 88, 0, 184, 221, 1506, 0, 0 pf source nodes: 136, 10005, 20, 125, 236, 0, 0 pf table entries: 160, 200000, 3, 72, 3, 0, 0 pf table counters: 64, 0, 0, 0, 0, 0, 0 pf frags: 120, 0, 0, 0, 0, 0, 0 pf frag entries: 40, 5000, 0, 0, 0, 0, 0 pf state scrubs: 40, 0, 0, 0, 0, 0, 0 192.168.2.10 -> 192.168.0.20 ( states 6, connections 0, rate 0.0/0s ) After (two seconds later): Status: Enabled for 0 days 04:09:01 Debug: Urgent State Table Total Rate current entries 120 searches 7977 0.5/s inserts 997 0.1/s removals 877 0.1/s Source Tracking Table current entries 0 searches 1624 0.1/s inserts 236 0.0/s removals 216 0.0/s Limit Counters max states per rule 3 0.0/s max-src-states 4 0.0/s ITEM SIZE LIMIT USED FREE REQ FAIL SLEEP pf mtags: 40, 0, 0, 0, 0, 0, 0 pf states: 296, 10010, 120, 62, 997, 0, 0 pf state keys: 88, 0, 186, 219, 1508, 0, 0 pf source nodes: 136, 10005, 20, 125, 236, 0, 0 pf table entries: 160, 200000, 3, 72, 3, 0, 0 pf table counters: 64, 0, 0, 0, 0, 0, 0 pf frags: 120, 0, 0, 0, 0, 0, 0 pf frag entries: 40, 5000, 0, 0, 0, 0, 0 pf state scrubs: 40, 0, 0, 0, 0, 0, 0 192.168.2.10 -> 192.168.0.20 ( states 7, connections 0, rate 0.0/0s ) So, we have one serach in state table, one search in source tracking table and increased states counter in source entry (other not included here). We increase state counter of source node in pf_find_src_node(). But the problem is not so easy as it seems. By the way, what about "pf state keys"? We have no states, but I see 6 state keys: Status: Enabled for 0 days 04:09:15 Debug: Urgent State Table Total Rate current entries 0 searches 7977 0.5/s inserts 997 0.1/s removals 997 0.1/s Source Tracking Table current entries 1 searches 1624 0.1/s inserts 236 0.0/s removals 235 0.0/s Limit Counters max states per rule 3 0.0/s max-src-states 4 0.0/s ITEM SIZE LIMIT USED FREE REQ FAIL SLEEP pf mtags: 40, 0, 0, 0, 0, 0, 0 pf states: 296, 10010, 0, 182, 997, 0, 0 pf state keys: 88, 0, 6, 399, 1508, 0, 0 pf source nodes: 136, 10005, 1, 144, 236, 0, 0 pf table entries: 160, 200000, 3, 72, 3, 0, 0 pf table counters: 64, 0, 0, 0, 0, 0, 0 pf frags: 120, 0, 0, 0, 0, 0, 0 pf frag entries: 40, 5000, 0, 0, 0, 0, 0 pf state scrubs: 40, 0, 0, 0, 0, 0, 0 192.168.2.10 -> 192.168.0.20 ( states 1, connections 0, rate 0.0/0s ) -- You are receiving this mail because: You are the assignee for the bug. _______________________________________________ freebsd-pf@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
