Bug #6499
closed
pf fragment states not purged
0%
Description
pf_purge_expired_fragments doesn't purge, leaving users with "PF frag entries limit reached" where fragmentation is common. Fixed in FreeBSD in:
https://github.com/freebsd/freebsd/commit/e52f10d75532dd9da8b35227845a7b9cef344d60
confirmed that works on manually-built kernel, merging to our RELENG_2_3 src momentarily.
Updated by Dmitriy K over 8 years ago
This fix wont be pushed in current stable?
Updated by Chris Buechler over 8 years ago
- Target version changed from 2.3.2 to 2.3.1-p6
Dmitriy K wrote:
This fix wont be pushed in current stable?
Needed to be confirmed in 2.3.2 snapshots first.
Now cherry-picked to 2_3_1 as well.
Updated by Chris Buechler over 8 years ago
- Target version changed from 2.3.1-p6 to 2.3.2
Updated by Hillie Sample about 7 years ago
Chris Buechler wrote:
fixed
Every so often I am seeing "[zone: pf frag entries] PF frag entries limit reached" on my monitor attached to my pfsense box.
I am running:
2.3.4-RELEASE-p1 (amd64)
built on Fri Jul 14 14:52:43 CDT 2017
FreeBSD 10.3-RELEASE-p19
Should I still be seeing this message in this version? Thank you.
Updated by Jim Pingle about 7 years ago
The specific bug on this ticket is fixed on version 2.3.2 and later. Your system may legitimately have a lot of fragments at a time which could trigger the message. There is a GUI knob to increase the frag limit if you need it: System > Advanced, Firewall & NAT tab, "Firewall Maximum Fragment Entries". Discuss on the forum/mailing list/Reddit if you want more info.