Date: Tue, 13 Oct 2020 11:38:49 +0200 From: Miroslav Lachman <000.fbsd@quip.cz> To: Kristof Provost <kp@FreeBSD.org>, "Eugene M. Zheganin" <emz@norma.perm.ru> Cc: freebsd-net@freebsd.org, freebsd-stable <freebsd-stable@FreeBSD.org> Subject: Re: pf and hnX interfaces Message-ID: <3a276ae4-59d2-5637-f6d2-2252f9fe4d4d@quip.cz> In-Reply-To: <5FB9EFF9-0D95-4FC6-9469-2FC29D479379@FreeBSD.org> References: <7166d87e-7547-6be8-42a7-b0957ca4f543@norma.perm.ru> <5FB9EFF9-0D95-4FC6-9469-2FC29D479379@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 13/10/2020 11:19, Kristof Provost wrote: > On 13 Oct 2020, at 10:58, Eugene M. Zheganin wrote: >> Is there some issue with pf and hn interfaces that I'm unaware about? >> > There’s no interface specific code in pf, so it wouldn’t be specific to > hn interfaces. > >> Are these symptoms of a bug ? >> > Perhaps. It can also be a symptom of resource exhaustion. > Are there any signs of memory allocation failures, or incrementing error > counters (in netstat or in pfctl)? I have seen this kind of errors in VirtualBox with PF and emulated Intel interface (emX) Oct 1 22:42:19 bobik postfix/smtp[35330]: connect to aspmx.l.google.com[108.177.126.27]:25: Permission denied Oct 1 22:42:19 bobik postfix/smtp[36246]: connect to aspmx.l.google.com[108.177.126.27]:25: Permission denied Oct 1 22:42:19 bobik postfix/smtp[35330]: connect to alt2.aspmx.l.google.com[108.177.97.27]:25: Permission denied Oct 1 22:42:19 bobik postfix/smtp[36246]: connect to alt1.aspmx.l.google.com[172.253.118.27]:25: Permission denied Oct 1 22:42:19 bobik postfix/smtp[35330]: connect to alt1.aspmx.l.google.com[172.253.118.27]:25: Permission denied Oct 1 22:42:19 bobik postfix/smtp[36246]: connect to alt2.aspmx.l.google.com[108.177.97.27]:25: Permission denied I think it is related to states table exhaustion (reported in freebsd-pf@ mailing list about a week ago). My firewall rules are open for all outgoing traffic. So I think your problem is related to some resource exhaustion too. Kind regards Miroslav Lachman
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3a276ae4-59d2-5637-f6d2-2252f9fe4d4d>