[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

no new states and high rate of searches



Hi,

I've got two firewalls in a CARP/pfsync configuration running a 3.5-snapshot from July.

  I had a firewall on another machine with the exact same ruleset and
no problems.

With this configuration, the firewall seems to work for a while and then stops creating new connections. If I have an ssh session open to it, it keeps the session open, but I can't create any new session and the firewalls won't pass any other new sessions either.

When I try to ping 127.0.0.1 I get 'no route to host'. My firewall rules are supposed to allow all lo0 traffic but I clear the rules just in case with pfctl -f /dev/null. I still can't ping 127.0.0.1! Then I do a pfctl -d and all of a sudden, I can ping the loopback again. If
I pfctl -e, the problem re-appears.


If I reboot the firewall, the problem clears up. The other strange thing is the my carp backup machine has the exact same symptoms!

I've done netstat -m and everything looks good. The only weird numbers I can see are in pf itself.

  Here's what is looks like when it is hosed:
State Table                          Total             Rate
  current entries                       11
  searches                         2253992         6956.8/s
  inserts                             1301            4.0/s
  removals                            1290            4.0/s
Source Tracking Table
  current entries                        0
  searches                               0            0.0/s
  inserts                                0            0.0/s
  removals                               0            0.0/s
Counters
  match                             735688         2270.6/s
  bad-offset                             0            0.0/s
  fragment                               0            0.0/s
  short                                  0            0.0/s
  normalize                              0            0.0/s
  memory                                 0            0.0/s
  bad-timestamp                          0            0.0/s

Here's what it looks like when it is working:

State Table                          Total             Rate
  current entries                       12
  searches                           42163            7.1/s
  inserts                               79            0.0/s
  removals                              67            0.0/s
Counters
  match                              11820            2.0/s
  bad-offset                             0            0.0/s
  fragment                               0            0.0/s
  short                                  0            0.0/s
  normalize                              0            0.0/s
  memory                                 0            0.0/s
  bad-timestamp                          0            0.0/s


The rates are the things that look crazy to me. Otherwise, the machine seems perfectly happy. Lots of memory, zero cpu load.


Any ideas of what I can look for/at?

Cheers,

-Dave

--

Dave Mangot		[email protected]
DHAP Digital, Inc.	http://www.dhapdigital.com/
San Francisco, CA	415.278.5013