From owner-freebsd-pf@FreeBSD.ORG Fri Jul 8 12:26:38 2011 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3604D106566C; Fri, 8 Jul 2011 12:26:38 +0000 (UTC) (envelope-from ermal.luci@gmail.com) Received: from mail-iw0-f182.google.com (mail-iw0-f182.google.com [209.85.214.182]) by mx1.freebsd.org (Postfix) with ESMTP id E4D9D8FC0C; Fri, 8 Jul 2011 12:26:37 +0000 (UTC) Received: by iwr19 with SMTP id 19so2248974iwr.13 for ; Fri, 08 Jul 2011 05:26:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=dtGkKwiVbqUU9cHRfJn6V3dsH/BDVNaLQs6bKERUhSE=; b=lxGo4PMCfVgH7sVvoeltw+Y5m0OEVZc1y02j2GzX2Q7ywyKwjQkRZjT5b+82Cc3FN4 B0BheWPrTYeNBQghUxuq+e7AB1e06PF3JD6zZPGINS/FAunEcgK0uWFeTwHUVcee0uPG OaLf+HK6TbneJnxGdbyMXL7Z85S+3ug27p6Ws= MIME-Version: 1.0 Received: by 10.231.91.208 with SMTP id o16mr1724234ibm.49.1310127997250; Fri, 08 Jul 2011 05:26:37 -0700 (PDT) Sender: ermal.luci@gmail.com Received: by 10.231.171.148 with HTTP; Fri, 8 Jul 2011 05:26:37 -0700 (PDT) In-Reply-To: <20110707193539.GA60591@dragon.NUXI.org> References: <201106281157.p5SBvP5g048097@svn.freebsd.org> <20110629192224.2283efc8@fabiankeil.de> <20110707193539.GA60591@dragon.NUXI.org> Date: Fri, 8 Jul 2011 14:26:37 +0200 X-Google-Sender-Auth: DGff36IBLyn2isbwOr549s0gNeE Message-ID: From: =?ISO-8859-1?Q?Ermal_Lu=E7i?= To: obrien@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: "Bjoern A. Zeeb" , freebsd-pf@freebsd.org Subject: Re: svn commit: r223637 - in head: . contrib/pf/authpf contrib/pf/ftp-proxy contrib/pf/man contrib/pf/pfctl contrib/pf/pflogd sbin/pflogd sys/conf sys/contrib/altq/altq sys/contrib/pf/net sys/modules s... X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Jul 2011 12:26:38 -0000 On Thu, Jul 7, 2011 at 9:35 PM, David O'Brien wrote: > On Wed, Jun 29, 2011 at 07:22:24PM +0200, Fabian Keil wrote: >> "Bjoern A. Zeeb" wrote: >> > In short; please test! >> >> I didn't experience any real problems yet, but running > > Hi Bjoern, > Unfortunately I've had MAJOR network problems since the pf upgrade. > > Besides getting the "state key linking mismatch!" issue: > > pf: state key linking mismatch! dir=3DOUT, if=3Dfxp0, stored af=3D2, a0: = 208.83.139.205:2703, a1: 74.95.12.85:20474, proto=3D6, found af=3D2, a0: 20= 8.83.139.205:2703, a1: 74.95.12.85:20474, proto=3D6. > pf: state key linking mismatch! dir=3DOUT, if=3Dfxp0, stored af=3D2, a0: = 87.98.164.164:44387, a1: 74.95.12.85:53, proto=3D6, found af=3D2, a0: 87.98= .164.164:44387, a1: 74.95.12.85:53, proto=3D6. > pf: state key linking mismatch! dir=3DOUT, if=3Dfxp0, stored af=3D2, a0: = 87.98.164.164:44387, a1: 74.95.12.85:53, proto=3D6, found af=3D2, a0: 87.98= .164.164:44387, a1: 74.95.12.85:53, proto=3D6. > > I found that my kernel (@ r223671) would stop sending packets 3-4 hours > after reboot. =A0New connections could not be established, I could not pi= ng > any of the direct connections on any of my interfaces. =A0Existing > connections would remain established for quite some time (hours) but > eventually close also. > > No amount of re-running /etc/rc.d/* scripts ('pf restart', 'netif > restart', 'routing restart', etc...) would bring back working networking. > > Since reverting back to r223636, my kernel has had rock solid networking. > > I have 'pfctl', 'netstat', 'netstat -rn', and 'sysctl -a' output from one > of these experiences. =A0Would they be useful to you in looking into this= ? > please send those. Also useful would be a description of your setup. > -- > -- David =A0 =A0(obrien@FreeBSD.org) > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > --=20 Ermal