From owner-freebsd-pf@FreeBSD.ORG  Tue May  3 10:39:53 2011
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 881D21065673;
	Tue,  3 May 2011 10:39:53 +0000 (UTC)
	(envelope-from dhartmei@insomnia.benzedrine.cx)
Received: from insomnia.benzedrine.cx (106-30.3-213.fix.bluewin.ch
	[213.3.30.106])
	by mx1.freebsd.org (Postfix) with ESMTP id E10438FC14;
	Tue,  3 May 2011 10:39:52 +0000 (UTC)
Received: from insomnia.benzedrine.cx (localhost.benzedrine.cx [127.0.0.1])
	by insomnia.benzedrine.cx (8.14.1/8.13.4) with ESMTP id p43AdqG0018522
	(version=TLSv1/SSLv3 cipher=DHE-DSS-AES256-SHA bits=256 verify=NO);
	Tue, 3 May 2011 12:39:52 +0200 (MEST)
Received: (from dhartmei@localhost)
	by insomnia.benzedrine.cx (8.14.1/8.12.10/Submit) id p43AdohQ030494;
	Tue, 3 May 2011 12:39:50 +0200 (MEST)
Date: Tue, 3 May 2011 12:39:50 +0200
From: Daniel Hartmeier <daniel@benzedrine.cx>
To: Jeremy Chadwick <freebsd@jdc.parodius.com>
Message-ID: <20110503103950.GD9657@insomnia.benzedrine.cx>
References: <20110503015854.GA31444@icarus.home.lan>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20110503015854.GA31444@icarus.home.lan>
User-Agent: Mutt/1.5.12-2006-07-14
Cc: freebsd-stable@freebsd.org, freebsd-pf@freebsd.org
Subject: Re: RELENG_8 pf stack issue (state count spiraling out of control)
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 03 May 2011 10:39:53 -0000

On Mon, May 02, 2011 at 06:58:54PM -0700, Jeremy Chadwick wrote:

> The next thing I tried was "/etc/rc.d/pf stop", which worked.  Then I
> did "/etc/rc.d/pf start", which also worked.  However, what I saw next
> surely indicated a bug in the pf layer somewhere -- "pfctl -s states"
> and "pfctl -s info" disagreed on the state count:

This can be explained. Note that "/etc/rc.d/pf start" does first flush
all states by calling pfctl -F all.

This calls pf_unlink_state() for every state in the kernel, which
marks each state with PFTM_UNLINKED, but doesn't free it yet.

Such states do not show up in pfctl -s state output, but are still
counted in pfctl -s info output. Normally, they are freed the next
time the pfpurge thread runs (once per second).

It looks like the pfpurge thread was either

  a) sleeping indefinitely, not returning once a second from

	tsleep(pf_purge_thread, PWAIT, "pftm", 1 * hz);

     or

  b) constantly failing to acquire a lock with

	if (!sx_try_upgrade(&pf_consistency_lock))
		return (0);

Maybe a) is possible when CLOCK_MONOTONIC is decreasing? And the
"POKED TIMER" messages you get from BIND, too?

Kind regards,
Daniel