pf buggy on 6.1-STABLE?

David Nugent davidn at datalinktech.com.au
Wed Jun 7 23:48:20 PDT 2006


Mark Morley wrote:
> Wondering if this rings any bells for anyone:
>   
Yes it does...

I had been seeing similar issues for some time on a couple HP Proliant 
servers - saw it in 5.4 as well - but have been attributing this to 
driver related issues (the bge driver in particular, which has seen many 
changes, fixes and enhancements in relatively recent history). In trying 
to isolate that particular problem I had been applying kernel updates 
regularly, pf was disabled along with a few other things (also switched 
from using mpd/netgraph to openvpn/udp), and the problem vanished at 
some point in between. I cannot definitely name pf as being the culprit 
as no testing of this was done at the time to confirm it. I had assumed 
the bge driver changes were responsible for things now working as they 
should.

In addition to the occasional connection failure, I've also seen 
established connections broken (ssh, http, mysql/ssl and pptp/gre). This 
was causing havoc with mysql replication over the link, which became 
very brittle, and required manual fixing (it would get stuck, unable to 
read the last event in its relay log whenever a disconnection occurred 
and had to be manually pushed onto the next - mysql 5.0.[3 - .11 or so]).


More information about the freebsd-pf mailing list