netbsd-bugs: Re: kern/11670: ipf eventually blocks all traffic (thus ignoring any rules set)

Subject: Re: kern/11670: ipf eventually blocks all traffic (thus ignoring any rules set)
To: Stephen Welker <stephen.welker@nemostar.com.au>
From: Manuel Bouyer <bouyer@antioche.lip6.fr>
List: netbsd-bugs
Date: 12/11/2000 19:08:39

On Mon, Dec 11, 2000 at 12:39:04PM +1100, Stephen Welker wrote:
> "ipfstat -s > ipfstat.log" produces a 578120 byte file.
> 
> The beginning of the file has the following...
> 
> --- snip ---
> IP states added:
>         2436 TCP
>         2948 UDP
>         0 ICMP
>         41895 hits
>         16976 misses
>         4106 maximum
>         0 no memory
>         buckets in use  26
>         2048 active
>         2948 expired
>         388 closed
> --- snip ---

2048 states active - i wonder if this isn't the limit. Did you have that
much states keep with 1.4.2 ? Maybe the state entry don't expire properly,
or miss the TCP RST ?
Could someone who knows the internals of ipf comments ? Darren ? :)

--
Manuel Bouyer, LIP6, Universite Paris VI.           Manuel.Bouyer@lip6.fr
--