On 6 Dec 2017, at 21:25, John Jasen wrote:
On 12/04/2017 02:47 PM, Kristof Provost wrote:
On 4 Dec 2017, at 19:57, John Jasen wrote:
Depending on circumstances, we see a lot or a very few of the
following
messages:
"pf connection lookup failed (no rdr?)"
That means the state lookup (using ioctl(DIOCNATLOOK)) failed.
There seem to be a couple of possible reasons why that might happen.
One of which is that there’s no state at all. Can you check how
many
states you’ve got (and what the limits are)?
The state tables should be fine. They're currently in the 30k range,
set
to alert in nagios at 250k.
I've attached truss snippets and log snippets from a failed
connection.
truss was obtained via truss -f -p $pid -o outfile, and grepping down
via the failued pid as logged in syslog.
Okay, so this is interesting:
25013: ioctl(4,0xc04c4417 { IORW 0x44('D'), 23, 76 },0x7fffffffe5b0)
ERR#2 'No such file or directory'
The DIOCNATLOOK ioctl() fails with ENOENT, which happens if the state
can’t be found.
Of course, I have no idea why that would happen. Does this affect some
tftp connections or all of them?
Can you post the outputs of `pfctl -s memory`, `pfctl -s info` and `sudo
pfctl -s limits`?
Regards,
Kristof
_______________________________________________
freebsd-pf@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
