Matt Hamilton a icrit :
I'm trying to debug an issue in which sporadically our openbsd 3.9
based firewall suddenly stops responding to pings from the monitoring
server. However traffic is still going through it and I can ssh in and
look around. Not really sure where to start, but looking at the pf
stats I see a large number under 'memory', what exactly does that
count? I've got optimization set to conservative and currently have
around 14,000 states. Anyone give me any pointers as to where to start
looking? I've pasted the output from pfctl and netstat below
Can you also provide a "vmstat -i" and a "sysctl net.inet.ip.ifq" ?
# pfctl -s info
Status: Enabled for 0 days 00:23:18 Debug: None
Interface Stats for em0 IPv4 IPv6
Bytes In 1401596412150 0
Bytes Out 2166062359122 0
Packets In
Passed 3012038199 0
Blocked 12674741 0
Packets Out
Passed 3050791393 0
Blocked 9562473 0
State Table Total Rate
current entries 15698
searches 13326658870 9532660.1/s
inserts 251127020 179633.1/s
removals 251120479 179628.4/s
Counters
match 7605008048 5439919.9/s
bad-offset 0 0.0/s
fragment 26599 19.0/s
short 29869 21.4/s
normalize 0 0.0/s
memory 6294656 4502.6/s
bad-timestamp 0 0.0/s
congestion 542144 387.8/s
ip-option 3 0.0/s
proto-cksum 366932 262.5/s
state-mismatch 1433466 1025.4/s
state-insert 0 0.0/s
state-limit 0 0.0/s
src-limit 328 0.2/s
synproxy 0 0.0/s
# netstat -m
563 mbufs in use:
559 mbufs allocated to data
1 mbuf allocated to packet headers
3 mbufs allocated to socket names and addresses
558/930/6144 mbuf clusters in use (current/peak/max)
2032 Kbytes allocated to network (61% in use)
0 requests for memory denied
0 requests for memory delayed
0 calls to protocol drain routines
--Matt Hamilton [EMAIL PROTECTED]
Netsight Internet Solutions, Ltd. Business Vision on the Internet
http://www.netsight.co.uk +44 (0)117 9090901
Web Design | Zope/Plone Development & Consulting | Co-location | Hosting
--
Ronnie Garcia <r.garcia at ovea dot com>
Directeur
oooo ovea
Til : +33 4 67670000
Gsm : +33 6 29500295
http://www.ovea.com
