Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 7 Jul 2011 12:35:39 -0700
From:      "David O'Brien" <obrien@FreeBSD.org>
To:        "Bjoern A. Zeeb" <bz@FreeBSD.org>
Cc:        freebsd-pf@FreeBSD.org
Subject:   Re: svn commit: r223637 - in head: . contrib/pf/authpf contrib/pf/ftp-proxy contrib/pf/man contrib/pf/pfctl contrib/pf/pflogd sbin/pflogd sys/conf sys/contrib/altq/altq sys/contrib/pf/net sys/modules s...
Message-ID:  <20110707193539.GA60591@dragon.NUXI.org>
In-Reply-To: <20110629192224.2283efc8@fabiankeil.de>
References:  <201106281157.p5SBvP5g048097@svn.freebsd.org> <EA6E6909-A42B-4CF2-891A-B8A80E2B8476@FreeBSD.org> <20110629192224.2283efc8@fabiankeil.de>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wed, Jun 29, 2011 at 07:22:24PM +0200, Fabian Keil wrote:
> "Bjoern A. Zeeb" <bz@FreeBSD.org> wrote:
> > In short; please test!
> 
> I didn't experience any real problems yet, but running

Hi Bjoern,
Unfortunately I've had MAJOR network problems since the pf upgrade.

Besides getting the "state key linking mismatch!" issue:

pf: state key linking mismatch! dir=OUT, if=fxp0, stored af=2, a0: 208.83.139.205:2703, a1: 74.95.12.85:20474, proto=6, found af=2, a0: 208.83.139.205:2703, a1: 74.95.12.85:20474, proto=6.
pf: state key linking mismatch! dir=OUT, if=fxp0, stored af=2, a0: 87.98.164.164:44387, a1: 74.95.12.85:53, proto=6, found af=2, a0: 87.98.164.164:44387, a1: 74.95.12.85:53, proto=6.
pf: state key linking mismatch! dir=OUT, if=fxp0, stored af=2, a0: 87.98.164.164:44387, a1: 74.95.12.85:53, proto=6, found af=2, a0: 87.98.164.164:44387, a1: 74.95.12.85:53, proto=6.

I found that my kernel (@ r223671) would stop sending packets 3-4 hours
after reboot.  New connections could not be established, I could not ping
any of the direct connections on any of my interfaces.  Existing
connections would remain established for quite some time (hours) but
eventually close also.

No amount of re-running /etc/rc.d/* scripts ('pf restart', 'netif
restart', 'routing restart', etc...) would bring back working networking.

Since reverting back to r223636, my kernel has had rock solid networking.

I have 'pfctl', 'netstat', 'netstat -rn', and 'sysctl -a' output from one
of these experiences.  Would they be useful to you in looking into this?

-- 
-- David    (obrien@FreeBSD.org)

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110707193539.GA60591>