On 2023-02-15, Lars Bonnesen <[email protected]> wrote:
> lbo@PLOSLOL2VPN:/etc$ pfctl -s info
> Status: Enabled for 0 days 00:06:49 Debug: err
>
> State Table Total Rate
> current entries 149331
> half-open tcp 5333
> searches 4462647255 10911118.0/s
> inserts 78143904 191060.9/s
> removals 77994573 190695.8/s
> Counters
> match 250452866 612354.2/s
> bad-offset 0 0.0/s
> fragment 1 0.0/s
> short 0 0.0/s
> normalize 1 0.0/s
> memory 5247954 12831.2/s
> bad-timestamp 0 0.0/s
> congestion 1469 3.6/s
> ip-option 3 0.0/s
> proto-cksum 3012 7.4/s
> state-mismatch 145502864 355752.7/s
> state-insert 305 0.7/s
> state-limit 0 0.0/s
> src-limit 0 0.0/s
> synproxy 0 0.0/s
> translate 0 0.0/s
> no-route 0 0.0/s
oof, how many packets/sec is the machine doing? ("systat ifs", IPKT/OPKT
columns)
mismatches are still really high.
does this machine see packets in both directions of the traffic
that it's passing? no active/active setup where the traffic is getting
split, or asymmetric routing where it only sees traffic in one
direction?
