You're right, that is the cause.
I don't understand why - never had this
issue before. The existing pf configuration worked great with earlier 5.x
versions of OpenBSD with similar internet traffic loads.
I'll go through the
pf.conf file and see what needs to be adjusted.
Thanks!
________________________________
From: mxb <m...@alumni.chalmers.se>
To: Jason
Wong <wong.jaso...@yahoo.com>
Cc: "misc@openbsd.org" <misc@openbsd.org>
Sent: Tuesday, June 11, 2013 5:27 PM
Subject: Re: intermittent network
failures with openbsd 5.3
Now, you see:
current
entries 9980
but
states hard limit 10000
You
machine was unable to insert states at some point.
This indicated by
memory 79166
Solution: Increase hard limit.
On
11 jun 2013, at 22:59, Jason Wong <wong.jaso...@yahoo.com> wrote:
Here's the
output from "netstat -m" , "pfctl -si" and "pfctl -sm".
>
>
>I was just
noticing that the state table current entries is enormous for some reason.
>
>
>
># pfctl
-si
>Status: Enabled for 4 days 02:15:03 Debug: err
>
>State
Table Total Rate
> current
entries 9980
>
searches 16096602 45.5/s
>
inserts 1069156 3.0/s
>
removals 1059176 3.0/s
>Counters
>
match 259655 0.7/s
>
bad-offset 0 0.0/s
>
fragment 0 0.0/s
>
short 0 0.0/s
>
normalize 0 0.0/s
>
memory 79166 0.2/s
>
bad-timestamp 0 0.0/s
>
congestion 0 0.0/s
>
ip-option 376 0.0/s
>
proto-cksum
0 0.0/s
>
state-mismatch 18 0.0/s
>
state-insert 0 0.0/s
>
state-limit 0 0.0/s
>
src-limit 13 0.0/s
>
synproxy 0 0.0/s
>
># pfctl -sm
>states hard limit 10000
>src-nodes hard limit 10000
>frags hard limit 1536
>tables hard limit 1000
>table-entries hard limit 200000
>
># netstat
-m
>67 mbufs in use:
>
55 mbufs allocated to data
> 2 mbufs allocated to packet headers
> 10 mbufs allocated to socket names and addresses
>53/138/6144 mbuf
2048 byte clusters in use (current/peak/max)
>0/8/6144 mbuf 4096 byte clusters
in use (current/peak/max)
>0/8/6144 mbuf 8192 byte clusters in use
(current/peak/max)
>0/8/6144 mbuf 9216 byte clusters in use (current/peak/max)
>0/8/6144 mbuf 12288 byte clusters in use (current/peak/max)
>0/8/6144 mbuf
16384 byte clusters in use (current/peak/max)
>0/8/6144 mbuf 65536 byte
clusters in use (current/peak/max)
>556 Kbytes allocated to network (22% in
use)
>0 requests for memory denied
>0 requests for memory delayed
>0 calls to
protocol drain routines
>
>
>
>
>
>
>
>
>
>
>________________________________
> From: mxb <m...@alumni.chalmers.se>
>To: Jason Wong <wong.jaso...@yahoo.com>
>Cc: "misc@openbsd.org" <misc@openbsd.org>
>Sent: Tuesday, June 11, 2013 4:40
PM
>Subject: Re: intermittent network failures with openbsd 5.3
>
>
>
>Can
you, please, send output from "netstat -m" , "pfctl -si" and "pfctl -sm".
>
>On 10 jun 2013, at 23:20, Jason Wong <wong.jaso...@yahoo.com> wrote:
>
>>
Been having some strange issues with a system recently upgraded to 5.3.
>>
Previously this computer was running OpenBSD 5.1, and was rock solid with
>>
close to a year of uptime.
>>
>> I went through the regular upgrade procedure
>> (booting from a 5.3 CD), and sysmerge, no problems reported during the
>>
upgrade.
>>
>>
>> After the system has been running for a
couple days, it
stops
>> responding to
network traffic in or out. Some kind of weird routing
issue is
>> occurring, even affecting localhost:
>>
>> # ping localhost
>>
PING localhost
>> (127.0.0.1): 56 data bytes
>> ping: sendto: No route to host
>> ping: wrote
>> localhost 64 chars, ret=-1
>> --- localhost ping statistics
---
>> 1 packets
>> transmitted, 0 packets received, 100.0% packet loss
>>
>>
After a few hours,
>> everything returns to normal.
>>
>> The system is
dual-core, so I tried both single
>> & multiprocessor kernels to rule that
out, but no luck. I've tried with the
>> 5.3-stable kernel, and the
5.3-release kernel, but the problem occurs with
>> both. I haven't tried
5.3-current yet.
>>
>> The dmesg is below. The system is
>> lightly loaded,
it is running a squid web proxy, dhcp server and arpwatch on
>> different
interfaces.
>>
>> There isn't
anything in the logs, aside from network
>>
failures like
>>
>> Jun 10 12:45:33 hostname ntpd[21828]: bad peer from pool
>> pool.ntp.org (192.95.61.224)
>> Jun 10 12:45:33 hostname ntpd[21828]: bad
peer
>> from pool pool.ntp.org (192.75.12.11)
>>
>> I'm really stumped with
this one. Any
>> suggestions?
>>
>>
>> Thanks.
>>
>>
>> OpenBSD 5.3
(GENERIC) #50: Tue Mar 12 18:35:23 MDT
>> 2013
>>
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
>> cpu0:
>>
Intel(R) Pentium(R) 4 CPU 3.40GHz ("GenuineIntel" 686-class) 3.40 GHz
>> cpu0:
>>
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
>>
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,NXE,LONG,SSE3,DTES64,MWAIT,DS-CPL,E
>>
ST,CNXT-ID,CX16,xTPR,LAHF,PERF
>> real mem = 2137088000 (2038MB)
>> avail
mem =
>> 2091192320 (1994MB)
>> mainbus0 at root
>> bios0 at mainbus0: AT/286+
BIOS, date
>> 07/12/06, BIOS32 rev. 0 @ 0xffe90, SMBIOS rev. 2.3 @ 0xf0450 (73
entries)
>> bios0: vendor Dell Inc. version "A08" date 07/12/2006
>> bios0:
Dell Inc.
>> OptiPlex GX620
>> acpi0 at bios0: rev 2
>> acpi0: sleep states S0
S1 S3 S4 S5
>> acpi0:
>> tables DSDT FACP SSDT APIC BOOT ASF! MCFG HPET
>>
acpi0: wakeup devices VBTN(S4)
>> PCI0(S5) PCI4(S5) PCI2(S5) PCI3(S5) PCI1(S5)
PCI5(S5) PCI6(S5) MOU_(S3)
>> USB0(S3) USB1(S3) USB2(S3) USB3(S3)
>>
acpitimer0 at acpi0: 3579545 Hz, 24 bits
>> acpimadt0 at acpi0 addr
0xfee00000: PC-AT compat
>> cpu0 at mainbus0: apid 0
>> (boot processor)
>>
cpu0: apic clock running at 199MHz
>> cpu at mainbus0: not
>> configured
>>
ioapic0 at
mainbus0: apid 8 pa 0xfec00000, version 20, 24 pins
>> ioapic0:
misconfigured as apic 0, remapped to apid 8
>> acpimcfg0 at acpi0 addr
>>
0xf0000000, bus 0-63
>> acpihpet0 at acpi0: 14318179 Hz
>> acpiprt0 at acpi0:
bus 4
>> (PCI4)
>> acpiprt1 at acpi0: bus 2 (PCI2)
>> acpiprt2 at acpi0: bus 3
(PCI3)
>> acpiprt3 at acpi0: bus 1 (PCI1)
>> acpiprt4 at acpi0: bus -1 (PCI5)
>> acpiprt5 at
>> acpi0: bus -1 (PCI6)
>> acpiprt6 at acpi0: bus 0 (PCI0)
>>
acpicpu0 at acpi0
>> acpibtn0 at acpi0: VBTN
>> bios0: ROM list:
0xc0000/0xa800! 0xca800/0x1000
>> 0xcb800/0x2000! 0xcd800/0x2800
>> cpu0:
Enhanced SpeedStep disabled by BIOS
>> pci0
>> at mainbus0 bus 0:
configuration mode 1 (bios)
>> pchb0 at pci0 dev 0 function 0
>> "Intel 82945G
Host" rev 0x02
>> ppb0 at pci0 dev 1 function 0 "Intel 82945G PCIE"
>> rev
0x02: apic 8 int 16
>> pci1 at
ppb0 bus 1
>> em0 at pci1 dev 0 function 0
"Intel
>> PRO/1000 PT (82571EB)" rev 0x06: apic 8 int 16, address
00:15:17:6f:bc:5c
>> em1
>> at pci1 dev 0 function 1 "Intel PRO/1000 PT
(82571EB)" rev 0x06: apic 8 int
>> 17, address 00:15:17:6f:bc:5d
>> vga1 at
pci0 dev 2 function 0 "Intel 82945G
>> Video" rev 0x02
>> wsdisplay0 at vga1
mux 1: console (80x25, vt100 emulation)
>> wsdisplay0: screen 1-5 added
(80x25, vt100 emulation)
>> intagp0 at vga1
>> agp0 at
>> intagp0: aperture at
0xe0000000, size 0x10000000
>> inteldrm0 at vga1: apic 8 int
>> 16
>> drm0 at
inteldrm0
>> "Intel 82945G Video" rev 0x02 at pci0 dev 2 function 1
>> not
configured
>> ppb1 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x01:
>>
apic 8 int 16
>> pci2 at ppb1 bus 2
>> bge0 at pci2 dev 0 function 0 "Broadcom
>> BCM5751" rev 0x01, BCM5750 A1 (0x4001): apic 8 int 16,
address
>>
00:13:72:98:43:7d
>> brgphy0 at bge0 phy 1: BCM5750 10/100/1000baseT PHY, rev.
0
>> ppb2 at pci0 dev 28 function 1 "Intel 82801GB PCIE" rev 0x01: apic 8 int
17
>> pci3 at ppb2 bus 3
>> uhci0 at pci0 dev 29 function 0 "Intel 82801GB
USB" rev
>> 0x01: apic 8 int 21
>> uhci1 at pci0 dev 29 function 1 "Intel
82801GB USB" rev
>> 0x01: apic 8 int 22
>> uhci2 at pci0 dev 29 function 2
"Intel 82801GB USB" rev
>> 0x01: apic 8 int 18
>> uhci3 at pci0 dev 29
function 3 "Intel 82801GB USB" rev
>> 0x01: apic 8 int 23
>> ehci0 at pci0 dev
29 function 7 "Intel 82801GB USB" rev
>> 0x01: apic 8 int 21
>> usb0 at ehci0:
USB revision 2.0
>> uhub0 at usb0 "Intel EHCI
>> root hub" rev 2.00/1.00 addr
1
>> ppb3 at pci0 dev 30 function 0 "Intel 82801BA
>> Hub-to-PCI" rev 0xe1
>>
pci4 at ppb3 bus 4
>> em2 at pci4 dev 0 function 0 "Intel
>> PRO/1000GT
(82541GI)" rev 0x05: apic 8 int 16, address 00:1b:21:2f:a9:35
>> xl0
>> at
pci4 dev 2 function 0 "3Com 3c905B 100Base-TX" rev 0x30: apic 8 int 18,
>>
address 00:01:02:c8:45:47
>> exphy0 at xl0 phy 24: 3Com internal media
interface
>> auich0 at pci0 dev 30 function 2 "Intel 82801GB AC97" rev 0x01:
apic 8 int 23,
>> ICH7 AC97
>> ac97: codec id 0x41445374 (Analog Devices
AD1981B)
>> ac97: codec
>> features headphone, 20 bit DAC, No 3D Stereo
>>
audio0 at auich0
>> ichpcib0 at pci0
>> dev 31 function 0 "Intel 82801GB LPC"
rev 0x01: PM disabled
>> pciide0 at pci0
>> dev 31 function 1 "Intel 82801GB
IDE" rev 0x01: DMA, channel 0 configured to
>> compatibility, channel 1
configured to compatibility
>> atapiscsi0 at pciide0
>> channel 0 drive 0
>>
scsibus0 at atapiscsi0: 2 targets
>> cd0 at scsibus0 targ 0 lun
>> 0:
<Optiarc, DVD+-RW ND-3570A, 104B> ATAPI
5/cdrom removable
>> atapiscsi1 at
>>
pciide0 channel 0 drive 1
>> scsibus1 at atapiscsi1: 2 targets
>> cd1 at
scsibus1
>> targ 0 lun 0: <ASUS, CD-S400/A, 2.3S> ATAPI 5/cdrom removable
>>
cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
>> cd1(pciide0:0:1):
using
>> PIO mode 4, Ultra-DMA mode 2
>> pciide0: channel 1 ignored (disabled)
>> pciide1 at
>> pci0 dev 31 function 2 "Intel 82801GB SATA" rev 0x01: DMA,
channel 0
>> configured to native-PCI, channel 1 configured to native-PCI
>>
pciide1: using
>> apic 8 int 20 for native-PCI interrupt
>> wd0 at pciide1
channel 0 drive 0:
>> <ST3160812AS>
>> wd0: 16-sector PIO, LBA48, 152587MB,
312500000 sectors
>> wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 6
>>
ichiic0 at pci0 dev 31
>> function 3 "Intel 82801GB SMBus" rev 0x01: SMI
>>
iic0 at ichiic0
>> spdmem0 at iic0
>> addr
0x50: 512MB DDR2 SDRAM non-parity
PC2-4200CL5
>> spdmem1 at iic0 addr 0x51:
>> 512MB DDR2 SDRAM non-parity
PC2-4200CL5
>> spdmem2 at iic0 addr 0x52: 512MB DDR2
>> SDRAM non-parity
PC2-4200CL5
>> spdmem3 at iic0 addr 0x53: 512MB DDR2 SDRAM
>> non-parity
PC2-4200CL5
>> usb1 at uhci0: USB revision 1.0
>> uhub1 at usb1 "Intel
>> UHCI
root hub" rev 1.00/1.00 addr 1
>> usb2 at uhci1: USB revision 1.0
>> uhub2 at
>> usb2 "Intel UHCI root hub" rev 1.00/1.00 addr 1
>> usb3 at uhci2: USB
revision
>> 1.0
>> uhub3 at usb3 "Intel UHCI root hub" rev 1.00/1.00 addr 1
>>
usb4 at uhci3:
>> USB revision 1.0
>> uhub4 at usb4 "Intel UHCI root hub" rev
1.00/1.00 addr 1
>> isa0
>> at ichpcib0
>> isadma0 at isa0
>> com0 at isa0
port 0x3f8/8 irq 4: ns16550a, 16 byte
>> fifo
>> pckbc0 at isa0 port 0x60/5
>>
pckbd0 at pckbc0 (kbd slot)
>> pckbc0:
using irq
>> 1 for kbd slot
>> wskbd0
at pckbd0: console keyboard, using wsdisplay0
>> pcppi0 at
>> isa0 port 0x61
>> spkr0 at pcppi0
>> lpt0 at isa0 port 0x378/4 irq 7
>> npx0 at isa0
>> port
0xf0/16: reported by CPUID; using exception 16
>> fdc0 at isa0 port 0x3f0/6
>>
irq 6 drq 2
>> fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
>> mtrr:
Pentium
>> Pro MTRR support
>> vscsi0 at root
>> scsibus2 at vscsi0: 256
targets
>> softraid0 at
>> root
>> scsibus3 at softraid0: 256 targets
>> root
on wd0a (782b3d7fb3f21963.a) swap
>> on wd0b dump on wd0b
