IPF 4.1.29 problems

[Martti Kuparinen <martti.kuparinen%iki.fi@localhost>]

Hi,

I'm having weird problems on NetBSD 4.99.x where my TCP-sessions simply stop 
working without anything in the logs.  After checking the state table, it 
appears that the state entry is removed from the kernel so this explains why 
session dies. The working TCP session seems to have a 120 hrs time-out but my 
sessions die sometimes even after 10 minutes.

Anyone else having problems with IPF?

Martti


ROOT fw:~> uname -srm
NetBSD 4.99.73 amd64

ROOT fw:~> ipf -V
ipf: IP Filter: v4.1.29 (488)
Kernel: IP Filter: v4.1.29
Running: yes
Log Flags: 0 = none set
Default: pass all, Logging: available
Active list: 0
Feature mask: 0x10e

ROOT fw:~> netstat -m
517 mbufs in use:
        513 mbufs allocated to data
        4 mbufs allocated to packet headers
10 calls to protocol drain routines

ROOT fw:~> ipfstat -s
IP states added:
        331432 TCP
        1324520 UDP
        33325 ICMP
        142830503 hits
        7109557 misses
        0 bucket full
        0 maximum rule references
        108092 maximum
        0 no memory
        384 bkts in use
        425 active
        1359422 expired
        331069 closed
State logging enabled

State table bucket statistics:
        384 in use
        90% hash efficiency
        6.69% bucket usage
        0 minimal length
        7 maximal length
        1.107 average length

TCP Entries per state
     0     1     2     3     4     5     6     7     8     9    10    11
     0     0     5     0   293     9     2     0     0     0    24    30