From nobody@FreeBSD.org  Thu Sep 26 08:34:42 2013
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1])
	(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by hub.freebsd.org (Postfix) with ESMTP id 73C30BF7
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 26 Sep 2013 08:34:42 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from oldred.freebsd.org (oldred.freebsd.org [8.8.178.121])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.freebsd.org (Postfix) with ESMTPS id 47071281F
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 26 Sep 2013 08:34:42 +0000 (UTC)
Received: from oldred.freebsd.org ([127.0.1.6])
	by oldred.freebsd.org (8.14.5/8.14.7) with ESMTP id r8Q8YfEr059997
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 26 Sep 2013 08:34:41 GMT
	(envelope-from nobody@oldred.freebsd.org)
Received: (from nobody@localhost)
	by oldred.freebsd.org (8.14.5/8.14.5/Submit) id r8Q8YfHG059993;
	Thu, 26 Sep 2013 08:34:41 GMT
	(envelope-from nobody)
Message-Id: <201309260834.r8Q8YfHG059993@oldred.freebsd.org>
Date: Thu, 26 Sep 2013 08:34:41 GMT
From: Oguz YILMAZ <oguz@labristeknoloji.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: pf state for some IPs reaches 4294967295 suspicously
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         182401
>Category:       kern
>Synopsis:       [pf] pf state for some IPs reaches 4294967295 suspicously
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-pf
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Sep 26 08:40:00 UTC 2013
>Closed-Date:    
>Last-Modified:  Sun Sep 29 21:43:02 UTC 2013
>Originator:     Oguz YILMAZ
>Release:        10.0-ALPHA2
>Organization:
Labris Networks
>Environment:
FreeBSD myhost 10.0-ALPHA2 FreeBSD 10.0-ALPHA2 #2: Sat Sep 21 22:43:44 EEST 2013     root@compile:/usr/obj/usr/src/sys/GENERIC  amd64

>Description:
I have found one of my NMS monitoring point is blocked with my tested FreeBSD 10  Alpha 2 server.

After inspection, I have found it is blocked because of max-src-conn overload pf rule. However, It is not possible that host to open such high number of states.

When I inspected I have found several other clients are blocked with this router.

# pfctl -sS  | grep 4294967295
No ALTQ support in kernel
ALTQ related functions disabled
95.6.50.84 -> 0.0.0.0 ( states 4294967295, connections 0, rate 0.0/3s )
188.38.79.212 -> 0.0.0.0 ( states 4294967295, connections 0, rate 0.0/3s )
141.0.11.129 -> 0.0.0.0 ( states 4294967295, connections 0, rate 0.0/3s )
95.10.221.139 -> 0.0.0.0 ( states 4294967295, connections 0, rate 0.0/3s )
212.252.119.108 -> 0.0.0.0 ( states 4294967295, connections 0, rate 0.0/3s )
198.72.108.244 -> 0.0.0.0 ( states 4294967295, connections 0, rate 0.0/3s )
198.72.108.244 -> 0.0.0.0 ( states 4294967295, connections 0, rate 0.0/3s )
46.1.140.55 -> 0.0.0.0 ( states 4294967294, connections 4294967295, rate 0.0/3s )
81.214.44.73 -> 0.0.0.0 ( states 4294967295, connections 4294967295, rate 0.0/3s )
46.197.233.175 -> 0.0.0.0 ( states 4294967289, connections 4294967295, rate 0.0/3s )
78.177.41.73 -> 0.0.0.0 ( states 4294967295, connections 0, rate 0.0/3s )
95.0.207.25 -> 0.0.0.0 ( states 4294967295, connections 0, rate 0.0/3s )

However, in real the host only has 5 states:

[root@myhost ~]# pfctl -ss  | grep 95.6.50.84
No ALTQ support in kernel
ALTQ related functions disabled
all tcp 95.6.50.84:3881 -> 94.102.10.229:80       ESTABLISHED:ESTABLISHED
all tcp 95.6.50.84:3759 -> 94.102.10.229:80       ESTABLISHED:ESTABLISHED
all tcp 95.6.50.84:3882 -> 94.102.10.229:80       ESTABLISHED:ESTABLISHED
all tcp 95.6.50.84:3849 -> 94.102.10.229:80       ESTABLISHED:ESTABLISHED
all tcp 95.6.50.84:3828 -> 94.102.10.229:80       ESTABLISHED:ESTABLISHED

>How-To-Repeat:
When I flush all states, in a few minutes several other 4294967295-states appears.
>Fix:
None.

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-amd64->freebsd-pf 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Sun Sep 29 21:42:44 UTC 2013 
Responsible-Changed-Why:  
reclassify. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=182401 
>Unformatted:
