On Fri, Aug 28, 2020 at 11:40:17AM -0400, Daniel Jakots wrote:
> On Fri, 28 Aug 2020 16:06:48 +0200, Sebastien Marie <semarie@online.fr>
> wrote:
>
> > - generate lot of postgresql access. from postgresql thread, the
> > statement seems to be a SELECT, so it would be fine to ran in loop
> > (hopping no cache and real traffic generated).
> >
> > - run pfctl -Treplace in a loop (with a set of different files as the
> > kernel code takes care if host are added, changed, deleted)
>
> I ran the select on one machine and the pfctl -Treplace on db1 both in
> a `while :` for about two hours and it didn't happen.
>
> I'll try again if the problem happens genuinely again.
Have a look at the pf(4) stats. especially check if the congestion counter
increases when you see the error. If pf(4) detects a network congestion
then ruleset evaluation is skipped and only state matching happens. In
that case you can get EACCESS for connections that would normally be
allowed by pf(4).
--
:wq Claudio
No comments:
Post a Comment