Re: Fwd: Re: pf: BAD state happens often with portsnap fetch update

From: Mike Silbersack <silby_at_silby.com>
Date: Tue, 26 Dec 2006 11:50:19 -0500 (EST)
> The random port allocation, because it is completely random, runs into the
> birthday problem if it tries to allocate too many ports: Within a few
> hundred
> port allocations, there's almost certainly going to be a collision.  To
> get
> around this problem, the port allocator watches how many ports are being
> allocated, and switches to sequential allocations if it thinks that the
> rate
> of port allocation is likely to result in collisions occurring.
>
> Unfortunately, this switch isn't occurring quickly enough to avoid
> problems;
> I'm not sure if this can be easily fixed (except via the workaround of
> turning
> off randomized port allocations), but maybe Mike Silbersack (CCed) will
> have
> some ideas.
>
> Colin Percival

Colin's description is accurate, but I haven't read up to this point in
the thread, and I need more information.

To prove whether or not this is really port randomization's fault for
using ports excessively quickly (say, within 1ms) or whether something is
going wrong due to ports being used relatively quickly (say, within 1
seconds), please do the following:

1.  Disable randomization
2.  Set the ephemeral port range to something small like 49152 to 49352.
3.  Re-run the test in question.

Tell me how it goes.

Mike "Silby" Silbersack
Received on Tue Dec 26 2006 - 16:20:24 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:04 UTC