Subject: Re: kern/11670: ipf eventually blocks all traffic (thus ignoring
To: Manuel Bouyer <bouyer@antioche.lip6.fr>
From: Stephen Welker <stephen.welker@nemostar.com.au>
List: netbsd-bugs
Date: 12/19/2000 17:41:32
--On Tuesday, 12 December 2000 1:23 PM I wrote:
> --On Monday, 11 December 2000 7:08 PM Manuel Bouyer wrote:
>> On Mon, Dec 11, 2000 at 12:39:04PM +1100, Stephen Welker wrote:
>>> "ipfstat -s > ipfstat.log" produces a 578120 byte file.
>>>
>>> The beginning of the file has the following...
>>>
>>> --- snip ---
>>> IP states added:
>>> 2436 TCP
>>> 2948 UDP
>>> 0 ICMP
>>> 41895 hits
>>> 16976 misses
>>> 4106 maximum
>>> 0 no memory
>>> buckets in use 26
>>> 2048 active
>>> 2948 expired
>>> 388 closed
>>> --- snip ---
>>
>> 2048 states active - i wonder if this isn't the limit. Did you have that
>> much states keep with 1.4.2 ?
>
> I have upgraded from 1.4.1
>
> I do not have available any machine with 1.4.1
>
> The problem has occured on the last upgraded machine :-(
I have some more information for the problem.
I have now rolled back to 1.4.1 (after a little pain - new version of a
"lib.so" tripped me).
The following is all of the "ipfstat -s > ipfstat.log" output, only 3517
bytes, after many hours of browsing and everything is just fine and fast.
--- snip ---
IP states added:
1017 TCP
4901 UDP
56 ICMP
137021 hits
6992 misses
0 maximum
0 no memory
14 active
4952 expired
1008 closed
203.43.154.193 -> 139.130.250.4 ttl 844473 pass 20486 pr 6 state 4/4
pkts 913 bytes 564890 65276 -> 119 3207542857:1696515309
16791:10136
pass out log quick keep state
pkt_flags & b = 2, pkt_options & ffffffff = 0
pkt_security & ffff = 0, pkt_auth & ffff = 0
127.0.0.1 -> 127.0.0.1 ttl 857468 pass 20486 pr 6 state 0/4
pkts 978 bytes 56972 65392 -> 65391 4268666223:4248163975
16384:16384
pass out log quick keep state
pkt_flags & b = 2, pkt_options & ffffffff = 0
pkt_security & ffff = 0, pkt_auth & ffff = 0
127.0.0.1 -> 127.0.0.1 ttl 828736 pass 20486 pr 6 state 0/4
pkts 4 bytes 242 65390 -> 65389 3902704:4284498576
16384:16384
pass out log quick keep state
pkt_flags & b = 2, pkt_options & ffffffff = 0
pkt_security & ffff = 0, pkt_auth & ffff = 0
127.0.0.1 -> 127.0.0.1 ttl 853961 pass 20486 pr 6 state 0/4
pkts 12 bytes 682 65388 -> 65387 36317060:23079881 16384:16384
pass out log quick keep state
pkt_flags & b = 2, pkt_options & ffffffff = 0
pkt_security & ffff = 0, pkt_auth & ffff = 0
127.0.0.1 -> 127.0.0.1 ttl 828736 pass 20486 pr 6 state 0/4
pkts 4 bytes 242 65386 -> 65385 78582205:50739818 16384:16384
pass out log quick keep state
pkt_flags & b = 2, pkt_options & ffffffff = 0
pkt_security & ffff = 0, pkt_auth & ffff = 0
192.168.1.1 -> 192.168.1.1 ttl 37 pass 20486 pr 17 state 0/0
pkts 2 bytes 210 53 -> 64715
pass out log quick keep state
pkt_flags & b = 2, pkt_options & ffffffff = 0
pkt_security & ffff = 0, pkt_auth & ffff = 0
192.168.1.1 -> 192.168.1.1 ttl 37 pass 20486 pr 17 state 0/0
pkts 2 bytes 146 64715 -> 53
pass out log quick keep state
pkt_flags & b = 2, pkt_options & ffffffff = 0
pkt_security & ffff = 0, pkt_auth & ffff = 0
192.168.1.254 -> 192.168.1.1 ttl 857532 pass 20490 pr 6 state 4/4
pkts 690 bytes 32990 49283 -> 23 950401678:3745321438 32768:17520
pass in log quick keep state
pkt_flags & b = 2, pkt_options & ffffffff = 0
pkt_security & ffff = 0, pkt_auth & ffff = 0
192.168.1.254 -> 192.168.1.3 ttl 863648 pass 20490 pr 6 state 4/4
pkts 334 bytes 38145 49152 -> 143 3976981177:3784329442
32768:17520
pass in log quick keep state
pkt_flags & b = 2, pkt_options & ffffffff = 0
pkt_security & ffff = 0, pkt_auth & ffff = 0
139.130.53.141 -> 128.250.36.2 ttl 116 pass 20486 pr 17 state 0/0
pkts 2 bytes 152 123 -> 123
pass out log quick keep state
pkt_flags & b = 2, pkt_options & ffffffff = 0
pkt_security & ffff = 0, pkt_auth & ffff = 0
192.168.1.1 -> 192.168.1.1 ttl 37 pass 20486 pr 17 state 0/0
pkts 2 bytes 200 53 -> 59258
pass out log quick keep state
pkt_flags & b = 2, pkt_options & ffffffff = 0
pkt_security & ffff = 0, pkt_auth & ffff = 0
192.168.1.1 -> 192.168.1.1 ttl 37 pass 20486 pr 17 state 0/0
pkts 2 bytes 142 59258 -> 53
pass out log quick keep state
pkt_flags & b = 2, pkt_options & ffffffff = 0
pkt_security & ffff = 0, pkt_auth & ffff = 0
192.168.1.254 -> 192.168.1.3 ttl 863693 pass 20490 pr 6 state 4/4
pkts 318 bytes 215076 49647 -> 143 3619876365:1621110484
32768:17520
pass in log quick keep state
pkt_flags & b = 2, pkt_options & ffffffff = 0
pkt_security & ffff = 0, pkt_auth & ffff = 0
192.168.1.254 -> 192.168.1.1 ttl 864000 pass 20490 pr 6 state 4/4
pkts 959 bytes 53602 49252 -> 23 177315573:3061977296 32768:17520
pass in log quick keep state
pkt_flags & b = 2, pkt_options & ffffffff = 0
pkt_security & ffff = 0, pkt_auth & ffff = 0
--- snip ---
Looks like a lot less active states - from time to time the active states
vary from 8 to 14 or so.
Still using the same rules - for that matter the same /etc/* files.
Hope this helps.
--
Stephen.