From owner-freebsd-pf@FreeBSD.ORG Thu Jan 12 22:26:46 2012 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 80EA51065672 for ; Thu, 12 Jan 2012 22:26:46 +0000 (UTC) (envelope-from mlager@sdunix.com) Received: from mx1.rpsol.net (mx1.rpsol.net [74.206.97.74]) by mx1.freebsd.org (Postfix) with ESMTP id 648728FC13 for ; Thu, 12 Jan 2012 22:26:46 +0000 (UTC) Received: from [172.16.2.222] (wsip-98-174-225-249.ph.ph.cox.net [98.174.225.249]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx1.rpsol.net (Postfix) with ESMTPSA id C3000FFEA7D; Thu, 12 Jan 2012 15:26:40 -0700 (MST) Message-ID: <4F0F5E20.1030401@sdunix.com> Date: Thu, 12 Jan 2012 15:26:40 -0700 From: Matt Lager User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0) Gecko/20111222 Thunderbird/9.0.1 MIME-Version: 1.0 To: "Bjoern A. Zeeb" References: <4F0F4B94.10408@sdunix.com> <7534A9A5-D901-43E2-A7D7-3F45699B2C91@lists.zabbadoz.net> In-Reply-To: <7534A9A5-D901-43E2-A7D7-3F45699B2C91@lists.zabbadoz.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-RPS-MailScanner-Information: Please contact the ISP for more information X-RPS-MailScanner-ID: C3000FFEA7D.AEF1F X-RPS-MailScanner: Found to be clean X-RPS-MailScanner-From: mlager@sdunix.com X-Spam-Status: No Cc: freebsd-pf@freebsd.org Subject: Re: PF state key linking mismatch in FreeBSD 9.0-RELEASE X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Jan 2012 22:26:46 -0000 Interesting. I feel like the performance is degraded quite a bit between two VPN points that display these messages vs. two VPN points that don't display these messages, though I could be wrong. Is your basic suggestion to not consider this a concern and continue forward with my VPN rollouts? On 1/12/2012 3:23 PM, Bjoern A. Zeeb wrote: > On 12. Jan 2012, at 21:07 , Matt Lager wrote: > >> I've had a bug report in on this for a while but hasn't received a response yet, also posted to the FreeBSD forums and haven't received a response either, see these links: >> >> http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/163208 >> http://forums.freebsd.org/showthread.php?t=28278 >> >> I don't believe it to be a configuration issue, and this is really preventing me from using FreeBSD 9.0 as VPN endpoints. If anyone has any information on this, I would greatly appreciate it. > yeah it's the re-use of an mbuf that previously passed through pf. The logging is noise basically though can be painful with a slow (serial) console. I have a sysctl locally to disable the logging, OpenBSD has removed the printf by now. I agree that we need to fix these places where it still originates and even if it's for documentation purposes to eventually decide if re-using the mbuf there is really cheaper to allocating a new one as other people lately found transporting other properties along with the mbuf and re-using that can lead to odd results. > > /bz > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.