* Patrick Lamaiziere <patf...@davenulle.org> [2011-01-17 17:30]: > Hello, > > (PF on openbsd 4.8) > > I've got two small questions about the stats returned by pfctl -s info > > There are several state-mismatch. What does it mean? > state-mismatch 79715 3.3/s
you received that mnay packets that failed to match a state entry even tho they should. That is the case with tcp and sequence number out of window. > Same for the normalize counter, I don't have any scrub rule and I don't > know why some packets are normalized? > normalize 7103 0.3/s IPvShit jumbograms are dropped with the normalize counter increased wether scrubbing is there or not. fragments go to the reassembler (which might drop some, increasing the normalize counter) unless you set reassemble to no (defaults to yes). -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
