Date: Thu, 10 Dec 2009 18:38:41 +0100 From: Max Laier <max@love2party.net> To: freebsd-stable@freebsd.org Cc: Derek Kulinski <takeda@takeda.tk> Subject: Re: pf: unlocked lookup Message-ID: <200912101838.42013.max@love2party.net> In-Reply-To: <20091210034512.GA28864@chinatsu.takeda.tk> References: <20091210034512.GA28864@chinatsu.takeda.tk>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello Derek, On Thursday 10 December 2009 04:45:12 Derek Kulinski wrote: > My console gets flooded by "pf: unlocked lookup" message anyone knows > what circumstances cause this message, so I could figure out which pf > rule is causing it? this is a generic informational message that was put into the code to figure out if the hack that is "debug.pfugidhack" is actually required. You can get rid of the message by setting the debug level of pf to something below "misc" (e.g. pfctl -x urgent). > After searching on google I found few people asking about it, though no > real answer. The first result talks about debug.pfugidhack being set to > 1. > > It is set to 1 on my system, though I don't have anything in > /etc/syctl.conf, also when I switched it to 0, the system crashed within > an hour or so. > > Is this somehow related to rules that have rules with attached to a > specific user? The pfugidhack is automatically enabled when you use rules with user or group filters. These rules are a layering violation and the hack is required to make them work. I'd rather get rid of them altogether, but since it is a much demanded functionality we introduced the workaround instead. Just lower the debugging level (s.a.), ignore the messages, or rebuild your kernel/pf module with the respective DPRINTF lines (sys/contrib/pf/net/pf.c) commented out. I might just move them to the loud level in the main tree, though. Regards, -- Max
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200912101838.42013.max>