From owner-freebsd-pf@freebsd.org Tue Sep 26 12:05:29 2017 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 804CEE08AC7 for ; Tue, 26 Sep 2017 12:05:29 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 6935D3E96 for ; Tue, 26 Sep 2017 12:05:29 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id v8QC5Q78063027 for ; Tue, 26 Sep 2017 12:05:29 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-pf@FreeBSD.org Subject: [Bug 222126] pf is not clearing expired states Date: Tue, 26 Sep 2017 12:05:26 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: hlh@restart.be X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Sep 2017 12:05:29 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D222126 --- Comment #22 from hlh@restart.be --- The problem crop up: [root@norquay ~]# pfctl -si Status: Enabled for 1 days 08:09:42 Debug: Urgent Interface Stats for ng0 IPv4 IPv6 Bytes In 3355637698 0 Bytes Out 236586554 0 Packets In Passed 2587532 0 Blocked 3290 0 Packets Out Passed 2395320 0 Blocked 109 0 State Table Total Rate current entries 31=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20 searches 10992548 94.9/s inserts 77585 0.7/s removals 77052 0.7/s Counters match 86805 0.7/s bad-offset 0 0.0/s fragment 0 0.0/s short 0 0.0/s normalize 0 0.0/s memory 0 0.0/s bad-timestamp 0 0.0/s congestion 0 0.0/s ip-option 0 0.0/s proto-cksum 0 0.0/s state-mismatch 9 0.0/s state-insert 2 0.0/s state-limit 0 0.0/s src-limit 8 0.0/s synproxy 105 0.0/s map-failed 0 0.0/s [root@norquay ~]# pfctl -ss|wc -l 533 [root@norquay ~]# procstat -kk 7 PID TID COMM TDNAME KSTACK=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20 7 100084 pf purge - mi_switch+0x118 sleepq_timedwait+0x40 _sleep+0x268 pf_purge_thread+0xec fork_exit+0x94=20 [root@norquay dtrace]# ./pf.dtrace=20 dtrace: script './pf.dtrace' matched 4 probes dtrace: buffer size lowered to 2m after: [root@norquay ~]# echo "set timeout interval 5" | pfctl -mf - CPU ID FUNCTION:NAME 1 2257 pf_purge_expired_states:entry=20 1 2258 pf_purge_expired_states:return=20 1 2258 pf_purge_expired_states:return=20 1 2258 pf_purge_expired_states:return=20 1 2257 pf_purge_expired_states:entry=20 1 2258 pf_purge_expired_states:return=20 1 2258 pf_purge_expired_states:return=20 1 2257 pf_purge_expired_states:entry=20 1 2258 pf_purge_expired_states:return=20 1 2258 pf_purge_expired_states:return=20 1 2257 pf_purge_expired_states:entry=20 1 2258 pf_purge_expired_states:return=20 1 2258 pf_purge_expired_states:return=20 1 2257 pf_purge_expired_states:entry=20 1 2258 pf_purge_expired_states:return=20 1 2258 pf_purge_expired_states:return=20 1 2257 pf_purge_expired_states:entry=20 1 2258 pf_purge_expired_states:return=20 1 2258 pf_purge_expired_states:return=20 1 2257 pf_purge_expired_states:entry=20 1 2258 pf_purge_expired_states:return=20 1 2258 pf_purge_expired_states:return=20 1 2257 pf_purge_expired_states:entry=20 1 2258 pf_purge_expired_states:return=20 1 2258 pf_purge_expired_states:return=20 1 2257 pf_purge_expired_states:entry=20 1 2258 pf_purge_expired_states:return=20 1 2258 pf_purge_expired_states:return=20 1 2257 pf_purge_expired_states:entry=20 1 2258 pf_purge_expired_states:return=20 1 2258 pf_purge_expired_states:return=20 1 2257 pf_purge_expired_states:entry=20 1 2258 pf_purge_expired_states:return=20 1 2258 pf_purge_expired_states:return=20 1 2257 pf_purge_expired_states:entry=20 1 2258 pf_purge_expired_states:return=20 1 2258 pf_purge_expired_states:return=20 1 2257 pf_purge_expired_states:entry=20 1 2258 pf_purge_expired_states:return=20 1 2258 pf_purge_expired_states:return=20 3 2257 pf_purge_expired_states:entry=20 3 2258 pf_purge_expired_states:return=20 3 2258 pf_purge_expired_states:return=20 3 2257 pf_purge_expired_states:entry=20 3 2258 pf_purge_expired_states:return=20 3 2258 pf_purge_expired_states:return=20 3 2257 pf_purge_expired_states:entry=20 3 2258 pf_purge_expired_states:return=20 3 2258 pf_purge_expired_states:return=20 3 2257 pf_purge_expired_states:entry=20 3 2258 pf_purge_expired_states:return=20 3 2258 pf_purge_expired_states:return=20 3 2257 pf_purge_expired_states:entry=20 3 2258 pf_purge_expired_states:return=20 3 2258 pf_purge_expired_states:return=20 3 2258 pf_purge_expired_states:return=20 3 2257 pf_purge_expired_states:entry=20 3 2258 pf_purge_expired_states:return=20 3 2258 pf_purge_expired_states:return=20 1 2257 pf_purge_expired_states:entry=20 1 2258 pf_purge_expired_states:return=20 1 2258 pf_purge_expired_states:return=20 1 2257 pf_purge_expired_states:entry=20 .... [root@norquay ~]# echo "set timeout interval 10" | pfctl -mf - And then no new state are created! [root@norquay ~]# nohup service pf restart resume the normal work of pf. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-pf@freebsd.org Wed Sep 27 19:10:35 2017 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id BD9ABE0CA7F for ; Wed, 27 Sep 2017 19:10:35 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id AC5C782C1B for ; Wed, 27 Sep 2017 19:10:35 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id v8RJAZXR055255 for ; Wed, 27 Sep 2017 19:10:35 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-pf@FreeBSD.org Subject: [Bug 222126] pf is not clearing expired states Date: Wed, 27 Sep 2017 19:10:35 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: kp@freebsd.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Sep 2017 19:10:35 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D222126 --- Comment #23 from Kristof Provost --- (In reply to hlh from comment #22) Did you take that '# pfctl -si' before attempting any of the workarounds? It shows you've got 31 states, I don't see how you'd hit the state limit that = way. It might be interesting to keep dtrace running while you run the workaround= .=20 Everything I see so far suggests that we're stuck in the rw_sleep() (which = was changed to an sx_sleep() in CURRENT), but that makes no sense. I don't see = how that could happen, or how the workaround could help there. Can you confirm you're not running low on memory? That might conceivably al= so trigger the 'PF states limit reached' warning (although I'd expect to see m= any other warnings too), but I'm not sure how that would look like a frozen pur= ge thread. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-pf@freebsd.org Thu Sep 28 06:25:01 2017 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id F13A7E2A392 for ; Thu, 28 Sep 2017 06:25:01 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id DFF6971C38 for ; Thu, 28 Sep 2017 06:25:01 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id v8S6P1J1039905 for ; Thu, 28 Sep 2017 06:25:01 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-pf@FreeBSD.org Subject: [Bug 222126] pf is not clearing expired states Date: Thu, 28 Sep 2017 06:25:01 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: hlh@restart.be X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Sep 2017 06:25:02 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D222126 --- Comment #24 from hlh@restart.be --- I run the pfctl -si after I detected the problem (with pftop) and before attempting any workaround. Here is the typical top: last pid: 38563; load averages: 0.15, 0.28, 0.25=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20 up 7+14:37:46 08:20:09 67 processes: 1 running, 64 sleeping, 2 zombie CPU: 0.0% user, 0.0% nice, 0.2% system, 0.1% interrupt, 99.7% idle Mem: 49M Active, 84M Inact, 76M Laundry, 1728M Wired, 27M Free ARC: 571M Total, 63M MFU, 358M MRU, 4934K Anon, 6512K Header, 138M Other 315M Compressed, 520M Uncompressed, 1.65:1 Ratio Swap: 4096M Total, 285M Used, 3811M Free, 6% Inuse I don't see the 'PF states limit reached'. I run the dtrace when I detected the problem. The dtrace show nothing and s= tart showing the trace after I run the first workaround. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-pf@freebsd.org Thu Sep 28 06:40:12 2017 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A4B3FE2A741 for ; Thu, 28 Sep 2017 06:40:12 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 9312272168 for ; Thu, 28 Sep 2017 06:40:12 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id v8S6eCh3076889 for ; Thu, 28 Sep 2017 06:40:12 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-pf@FreeBSD.org Subject: [Bug 222126] pf is not clearing expired states Date: Thu, 28 Sep 2017 06:40:12 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: kp@freebsd.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Sep 2017 06:40:12 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D222126 --- Comment #25 from Kristof Provost --- (In reply to hlh from comment #24) Wait? You don't see 'PF states limit reached'? What are you seeing, exactly, and how do you detect it? --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-pf@freebsd.org Thu Sep 28 07:59:21 2017 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2F92FE2BE48 for ; Thu, 28 Sep 2017 07:59:21 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 1BF0874527 for ; Thu, 28 Sep 2017 07:59:21 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id v8S7xK9x079313 for ; Thu, 28 Sep 2017 07:59:20 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-pf@FreeBSD.org Subject: [Bug 222126] pf is not clearing expired states Date: Thu, 28 Sep 2017 07:59:21 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: hlh@restart.be X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Sep 2017 07:59:21 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D222126 --- Comment #26 from hlh@restart.be --- The first time I detected this problem was when a computer was not allow a connection to the internet. I check the gateway (the pine64 running CURRENT) and find the 'PF states limit reached' in /var/log/messages. Then I run pft= op and see that there was a huge number of states. Reboot the gateway solved the problem. I dig further and find the workaroun= d. I add set limit { states 30000, src-nodes 20000, frags 20000 } to /etc/pf.conf. Then I regularly check with pftop. For more than one week, no problem. But I continue to check and it occurs again. I have to check only from time to time because even when the problem arise,= the limit of 30000 is large enough to allow for new connections to be establish= ed for some time... --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-pf@freebsd.org Thu Sep 28 08:36:01 2017 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E3D09E2CAC5 for ; Thu, 28 Sep 2017 08:36:01 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D2E2F7560E for ; Thu, 28 Sep 2017 08:36:01 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id v8S8a0HL073009 for ; Thu, 28 Sep 2017 08:36:01 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-pf@FreeBSD.org Subject: [Bug 222126] pf is not clearing expired states Date: Thu, 28 Sep 2017 08:36:01 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: kp@freebsd.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Sep 2017 08:36:02 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D222126 --- Comment #27 from Kristof Provost --- (In reply to hlh from comment #26) I don't understand why your 'pfctl -si' would then only show 31 states. Either way, it would be interesting to run the dtrace script constantly (sa= ving the output), and see what's in that log when the problem occurs. I'd expect it to stop showing updates when you end up in this state, and restart when you trigger the workaround. The interesting bit would be the l= ast line(s) before it blocks, and the first line(s) when it resumes. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-pf@freebsd.org Thu Sep 28 08:46:48 2017 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7A4C7E2CEAB for ; Thu, 28 Sep 2017 08:46:48 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 6931175E88 for ; Thu, 28 Sep 2017 08:46:48 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id v8S8kmox098900 for ; Thu, 28 Sep 2017 08:46:48 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-pf@FreeBSD.org Subject: [Bug 222126] pf is not clearing expired states Date: Thu, 28 Sep 2017 08:46:48 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: hlh@restart.be X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Sep 2017 08:46:48 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D222126 --- Comment #28 from hlh@restart.be --- I think that the `pfctl -si` shows the counters just when the problem start. I'm running dtrace from now on. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-pf@freebsd.org Thu Sep 28 14:27:45 2017 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3E525E3317D for ; Thu, 28 Sep 2017 14:27:45 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 2D517134E for ; Thu, 28 Sep 2017 14:27:45 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id v8SERgH2008320 for ; Thu, 28 Sep 2017 14:27:45 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-pf@FreeBSD.org Subject: [Bug 222126] pf is not clearing expired states Date: Thu, 28 Sep 2017 14:27:42 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: noah.bergbauer@tum.de X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Sep 2017 14:27:45 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D222126 --- Comment #29 from noah.bergbauer@tum.de --- >>I don't understand why your 'pfctl -si' would then only show 31 states. >I think that the `pfctl -si` shows the counters just when the problem star= t. It's the same for me. As far as I remember, this behavior is easily explain= ed by the fact that these counters are updated regularly by the purge thread, = so ... yeah. Frozen purge thread means frozen counters. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-pf@freebsd.org Thu Sep 28 14:45:00 2017 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3A820E337A4 for ; Thu, 28 Sep 2017 14:45:00 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 23E361E4D for ; Thu, 28 Sep 2017 14:45:00 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id v8SEixwZ052673 for ; Thu, 28 Sep 2017 14:44:59 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-pf@FreeBSD.org Subject: [Bug 222126] pf is not clearing expired states Date: Thu, 28 Sep 2017 14:45:00 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: kp@freebsd.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Sep 2017 14:45:00 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D222126 --- Comment #30 from Kristof Provost --- (In reply to noah.bergbauer from comment #29) Having checked the code, yes, I believe you're correct about that. --=20 You are receiving this mail because: You are the assignee for the bug.=