From owner-freebsd-pf@FreeBSD.ORG Thu Nov 16 17:08:33 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5A65616A412 for ; Thu, 16 Nov 2006 17:08:33 +0000 (UTC) (envelope-from dan@langille.org) Received: from m21.unixathome.org (m21.unixathome.org [205.150.199.217]) by mx1.FreeBSD.org (Postfix) with ESMTP id DABAA43D58 for ; Thu, 16 Nov 2006 17:08:32 +0000 (GMT) (envelope-from dan@langille.org) Received: from localhost (localhost [205.150.199.217]) by m21.unixathome.org (Postfix) with ESMTP id 548CBBF74; Thu, 16 Nov 2006 12:08:32 -0500 (EST) Received: from m21.unixathome.org ([205.150.199.217]) by localhost (m21.unixathome.org [205.150.199.217]) (amavisd-new, port 10024) with ESMTP id 21692-10; Thu, 16 Nov 2006 12:08:29 -0500 (EST) Received: from bast.unixathome.org (bast.unixathome.org [70.26.229.230]) by m21.unixathome.org (Postfix) with ESMTP id 24D86BEDC; Thu, 16 Nov 2006 12:08:28 -0500 (EST) Received: from [10.55.0.99] (wocker.unixathome.org [10.55.0.99]) by bast.unixathome.org (Postfix) with ESMTP id A8EDEB854; Thu, 16 Nov 2006 12:08:28 -0500 (EST) From: "Dan Langille" To: "Greg Hennessy" Date: Thu, 16 Nov 2006 12:08:28 -0500 MIME-Version: 1.0 Message-ID: <455C54BC.19625.6810B25F@dan.langille.org> Priority: normal In-reply-to: <000001c708d9$880876d0$0301a8c0@vaio> References: <455AFDD3.28719.62D53A13@dan.langille.org> X-mailer: Pegasus Mail for Windows (4.31) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at unixathome.org Cc: freebsd-pf@freebsd.org Subject: RE: state table filled up? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Nov 2006 17:08:33 -0000 On 15 Nov 2006 at 17:14, Greg Hennessy wrote: > > I suspect this may have been my state table filling up. > > > > For a high traffic'd internet facing service such as Freshports, running > pfstat, symon or even the pf snmp mibs loaded into something such as Cacti > is not optional. > > They would have kept track of firewall state table utilisation over time. I have symon and catci installed and running. symon is happily updating my .rrd files: [dan@nyi:/var/db/symon] $ ls -l total 53168 -rw-r--r-- 1 root wheel 4379264 Nov 16 12:07 cpu0.rrd -rw-r--r-- 1 root wheel 8757064 Nov 16 12:07 if_fxp0.rrd -rw-r--r-- 1 root wheel 4379264 Nov 16 12:07 io_ad0.rrd -rw-r--r-- 1 root wheel 13134864 Nov 16 12:07 mbuf.rrd -rw-r--r-- 1 root wheel 4379264 Nov 16 12:07 mem.rrd -rw-r--r-- 1 root wheel 19263784 Nov 16 12:07 pf.rrd [dan@nyi:/var/db/symon] $ I have no idea how to get Cacti to graph this data. Clues please? > As a short term measure. > > pfctl -si > > will tell you how many entries are in the state table. Seems pretty good. Opinions? $ sudo pfctl -si Password: No ALTQ support in kernel ALTQ related functions disabled Status: Enabled for 1 days 04:20:53 Debug: Urgent Hostid: 0xd61d30d4 State Table Total Rate current entries 168 searches 7301670 71.5/s inserts 175525 1.7/s removals 175357 1.7/s Counters match 221650 2.2/s bad-offset 0 0.0/s fragment 1 0.0/s short 0 0.0/s normalize 12 0.0/s memory 0 0.0/s bad-timestamp 0 0.0/s congestion 0 0.0/s ip-option 0 0.0/s proto-cksum 0 0.0/s state-mismatch 4792 0.0/s state-insert 0 0.0/s state-limit 0 0.0/s src-limit 0 0.0/s synproxy 477115 4.7/s -- Dan Langille : Software Developer looking for work my resume: http://www.freebsddiary.org/dan_langille.php