Hi, I found a wear behavior of pfctl.
I have this pf.conf (I am going to show only the lines that matters):
---------------------------------
external = "cdce0"
internal = "re0"
set loginterface $external
set loginterface $internal
---------------------------------
According to this both interfaces are collecting statistics...but if I
run the command "pfctl -s info" then shows:
Status: Enabled for 2 days 05:32:27 Debug: Urgent
Interface Stats for re0 IPv4 IPv6
Bytes In 70220217 256
Bytes Out 1143449060 64
Packets In
Passed 729463 0
Blocked 1305 4
Packets Out
Passed 1030555 1
Blocked 0 0
State Table Total Rate
current entries 31
searches 3537290 18.4/s
inserts 55561 0.3/s
removals 55530 0.3/s
Source Tracking Table
current entries 0
searches 52 0.0/s
inserts 45 0.0/s
removals 45 0.0/s
Counters
match 57878 0.3/s
bad-offset 0 0.0/s
fragment 0 0.0/s
short 0 0.0/s
normalize 0 0.0/s
memory 0 0.0/s
bad-timestamp 0 0.0/s
congestion 0 0.0/s
ip-option 0 0.0/s
proto-cksum 0 0.0/s
state-mismatch 3 0.0/s
state-insert 0 0.0/s
state-limit 0 0.0/s
src-limit 6 0.0/s
synproxy 3895 0.0/s
These are the statistics from the re0. Where are the statistics for
cdce0?? At the beginning I thought that I must specify the interface
too, so I run "pfctl -s info -i cdce0" and this is what I get:
Status: Enabled for 2 days 05:36:14 Debug: Urgent
Interface Stats for re0 IPv4 IPv6
Bytes In 70246068 256
Bytes Out 1143604443 64
Packets In
Passed 729802 0
Blocked 1305 4
Packets Out
Passed 1031060 1
Blocked 0 0
State Table Total Rate
current entries 18
searches 3538763 18.3/s
inserts 55570 0.3/s
removals 55552 0.3/s
Counters
match 57887 0.3/s
bad-offset 0 0.0/s
fragment 0 0.0/s
short 0 0.0/s
normalize 0 0.0/s
memory 0 0.0/s
bad-timestamp 0 0.0/s
congestion 0 0.0/s
ip-option 0 0.0/s
proto-cksum 0 0.0/s
state-mismatch 3 0.0/s
state-insert 0 0.0/s
state-limit 0 0.0/s
src-limit 6 0.0/s
synproxy 3903 0.0/s
Uhmmm....re0 again.
After that I commented the line "#set loginterface $internal" and then
the output was this:
pfctl -s info
Status: Enabled for 2 days 05:45:35 Debug: Urgent
Interface Stats for cdce0 IPv4 IPv6
Bytes In 1141692958 0
Bytes Out 69905474 64
Packets In
Passed 1025771 0
Blocked 3613 0
Packets Out
Passed 732470 1
Blocked 1317 0
State Table Total Rate
current entries 17
searches 3545032 18.3/s
inserts 55951 0.3/s
removals 55934 0.3/s
Counters
match 58275 0.3/s
bad-offset 0 0.0/s
fragment 0 0.0/s
short 0 0.0/s
normalize 0 0.0/s
memory 0 0.0/s
bad-timestamp 0 0.0/s
congestion 0 0.0/s
ip-option 0 0.0/s
proto-cksum 0 0.0/s
state-mismatch 3 0.0/s
state-insert 0 0.0/s
state-limit 0 0.0/s
src-limit 6 0.0/s
synproxy 3911 0.0/s
Aha !!! cdce0 !!!
I noticed this problem after install pfstats and set up the
configuration file (just the lines that matters again):
collect 1 = interface "cdce0" pass bytes in ipv4 diff
collect 2 = interface "cdce0" pass bytes out ipv4 diff
collect 3 = global states entries
With both interfaces getting statistics, pfstats shows nothing (there is
no graphics). With just cdce0 getting statistics then pfstats works as
usual.
Both configurations were working ok on OpenBSD 4.4. After I upgraded
(reinstall) to 4.5 then the issue shows up.
Any ideas?
Regards,
Alvaro
