Date: Wed, 29 Jun 2011 19:22:24 +0200 From: Fabian Keil <freebsd-listen@fabiankeil.de> To: freebsd-pf@freebsd.org Subject: Re: svn commit: r223637 - in head: . contrib/pf/authpf contrib/pf/ftp-proxy contrib/pf/man contrib/pf/pfctl contrib/pf/pflogd sbin/pflogd sys/conf sys/contrib/altq/altq sys/contrib/pf/net sys/modules s... Message-ID: <20110629192224.2283efc8@fabiankeil.de> In-Reply-To: <EA6E6909-A42B-4CF2-891A-B8A80E2B8476@FreeBSD.org> References: <201106281157.p5SBvP5g048097@svn.freebsd.org> <EA6E6909-A42B-4CF2-891A-B8A80E2B8476@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--Sig_/GaIYTHNQhYACyIfosI3pYBO Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable "Bjoern A. Zeeb" <bz@FreeBSD.org> wrote: > Begin forwarded message: >=20 > > From: "Bjoern A. Zeeb" <bz@FreeBSD.org> > > Date: June 28, 2011 11:57:25 AM GMT+00:00 > > To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@f= reebsd.org > > Subject: svn commit: r223637 - in head: . contrib/pf/authpf contrib/pf/= ftp-proxy contrib/pf/man contrib/pf/pfctl contrib/pf/pflogd sbin/pflogd sys= /conf sys/contrib/altq/altq sys/contrib/pf/net sys/modules s... > >=20 > > Author: bz > > Date: Tue Jun 28 11:57:25 2011 > > New Revision: 223637 > > URL: http://svn.freebsd.org/changeset/base/223637 > >=20 > > Log: > > Update packet filter (pf) code to OpenBSD 4.5. Thanks! =20 > In short; please test! I didn't experience any real problems yet, but running Privoxy-Regression-Test, I reproducible got this log message for one of the tests: Jun 29 18:26:19 r500 kernel: pf: state key linking mismatch! dir=3DOUT, if= =3Dlo1, stored af=3D2, a0: 10.0.0.1:50722, a1: 10.0.0.1:12345, proto=3D6, f= ound af=3D2, a0: 10.0.0.1:50722, a1: 10.0.0.1:12345, proto=3D6. This didn't happen with the previous pf version. I tracked it down to a test that does a connect() to a local unbound port. It's also reproducible for every address on the system with: ifconfig -a | awk '/inet / {system("telnet "$2" 12345")}' Jun 29 18:30:49 r500 kernel: pf: state key linking mismatch! dir=3DOUT, if= =3Dlo0, stored af=3D2, a0: 192.168.5.49:61512, a1: 192.168.5.49:12345, prot= o=3D6, found af=3D2, a0: 192.168.5.49:61512, a1: 192.168.5.49:12345, proto= =3D6. Jun 29 18:30:49 r500 kernel: pf: state key linking mismatch! dir=3DOUT, if= =3Dlo0, stored af=3D2, a0: 127.0.0.1:44717, a1: 127.0.0.1:12345, proto=3D6,= found af=3D2, a0: 127.0.0.1:44717, a1: 127.0.0.1:12345, proto=3D6. Jun 29 18:30:49 r500 kernel: pf: state key linking mismatch! dir=3DOUT, if= =3Dlo1, stored af=3D2, a0: 192.168.6.100:31600, a1: 192.168.6.100:12345, pr= oto=3D6, found af=3D2, a0: 192.168.6.100:31600, a1: 192.168.6.100:12345, pr= oto=3D6. Jun 29 18:30:49 r500 kernel: pf: state key linking mismatch! dir=3DOUT, if= =3Dlo1, stored af=3D2, a0: 10.0.0.1:20126, a1: 10.0.0.1:12345, proto=3D6, f= ound af=3D2, a0: 10.0.0.1:20126, a1: 10.0.0.1:12345, proto=3D6. Jun 29 18:30:49 r500 kernel: pf: state key linking mismatch! dir=3DOUT, if= =3Dlo1, stored af=3D2, a0: 10.0.0.1:10895, a1: 10.0.0.2:12345, proto=3D6, f= ound af=3D2, a0: 10.0.0.1:10895, a1: 10.0.0.2:12345, proto=3D6. Jun 29 18:30:49 r500 kernel: pf: state key linking mismatch! dir=3DOUT, if= =3Dlo1, stored af=3D2, a0: 10.0.0.1:25081, a1: 10.0.0.3:12345, proto=3D6, f= ound af=3D2, a0: 10.0.0.1:25081, a1: 10.0.0.3:12345, proto=3D6. Jun 29 18:30:49 r500 kernel: pf: state key linking mismatch! dir=3DOUT, if= =3Dlo0, stored af=3D2, a0: 192.168.0.106:32448, a1: 192.168.0.106:12345, pr= oto=3D6, found af=3D2, a0: 192.168.0.106:32448, a1: 192.168.0.106:12345, pr= oto=3D6. 12345 can be replaced with any unbound port it seems. I'm additionally occasionally seeing the message for successfully established connections (both internal and outgoing) but don't know how to reproduce it. Fabian --Sig_/GaIYTHNQhYACyIfosI3pYBO Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (FreeBSD) iEYEARECAAYFAk4LX18ACgkQBYqIVf93VJ1BugCcCasCFMZ0KoCb1jboRhBbnJcJ SBsAoJjfT+fCHqas1gLk3CDq0sKqmwDf =gMaj -----END PGP SIGNATURE----- --Sig_/GaIYTHNQhYACyIfosI3pYBO--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110629192224.2283efc8>