Date: Tue, 23 Jan 2007 17:03:30 +0100
From: Max Laier <max@love2party.net>
To: freebsd-pf@freebsd.org
Subject: Re: set limit { states X, frags Y } not working - buggy?
Message-ID: <200701231703.38758.max@love2party.net>
In-Reply-To: <d3ea75b30701230518g4468ef07sedae48740f40f50a@mail.gmail.com>
References: <d3ea75b30701230409v45c621ccubb7e243b8423d3cf@mail.gmail.com> <200701231402.20264.max@love2party.net> <d3ea75b30701230518g4468ef07sedae48740f40f50a@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart1805854.FCOYtcqJNn
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
On Tuesday 23 January 2007 14:18, Eduardo Meyer wrote:
> On 1/23/07, Max Laier <max@love2party.net> wrote:
> > On Tuesday 23 January 2007 13:09, Eduardo Meyer wrote:
> > > Please, see:
> > >
> > > # pfctl -s memory
> > > states hard limit 5000
> > > src-nodes hard limit 10000
> > > frags hard limit 2500
> > >
> > > # pfctl -s info | grep "current entries"
> > > current entries 13770
> > >
> > > What am I confusing here, or this really should not happen?
> >
> > What does "vmstat -z | grep ^pf" give? A quick check here suggests
> > that this might be a problem in the zone(9) allocator as the limit is
> > correctly propergated to the the uma zone in question, but not
> > enforced it seems.
>
> Max, thanks for asking. Here it's what the command returns
>
> # vmstat -z | grep ^pf
> pfsrctrpl: 100, 10023, 0, 78, 77
> pfrulepl: 604, 0, 140, 88, 17555
> #vmstat -z | head -1
> ITEM SIZE LIMIT USED FREE REQUESTS
> pfstatepl: 260, 5010, 8096, 1879, 38569766
^-----------^
The problem was here. Seems there was indeed something wrong with uma=20
before release. In case this shows up again, be sure to check vmstat=20
again. What pfctl reports is merely a wrapper around this.
> pfaltqpl: 128, 0, 0, 0, 0
> pfpooladdrpl: 68, 0, 72, 152, 8534
> pfrktable: 1240, 0, 5, 4, 89
> pfrkentry: 156, 0, 10, 40, 481
> pfrkentry2: 156, 0, 0, 0, 0
> pffrent: 16, 2639, 0, 0, 0
> pffrag: 48, 0, 0, 0, 0
> pffrcache: 48, 10062, 0, 0, 0
> pffrcent: 12, 50141, 0, 0, 0
> pfstatescrub: 28, 0, 0, 0, 0
> pfiaddrpl: 92, 0, 12, 114, 260
> pfospfen: 108, 0, 345, 51, 22770
> pfosfp: 28, 0, 188, 193, 12408
>
> Right now I have some fewer sessions:
>
> # pfctl -s info | grep "current entries"
> current entries 8306
>
> But way higher than the configured limit of 5k.
=2D-=20
/"\ Best regards, | mlaier@freebsd.org
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | mlaier@EFnet
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
--nextPart1805854.FCOYtcqJNn
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (FreeBSD)
iD8DBQBFtjHaXyyEoT62BG0RAtmKAJ9DkKnshMFHrxwavsfcC0xa/Cs8vgCfQD4Q
wBimiELRoXDxLswtQRaFLCM=
=sDzg
-----END PGP SIGNATURE-----
--nextPart1805854.FCOYtcqJNn--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200701231703.38758.max>