svn commit: r223637 - in head: . contrib/pf/authpf
contrib/pf/ftp-proxy contrib/pf/man contrib/pf/pfctl contrib/pf/pflogd
sbin/pflogd sys/conf sys/contrib/altq/altq sys/contrib/pf/net sys/modules
s...
Fabian Keil
freebsd-listen at fabiankeil.de
Wed Jun 29 17:34:56 UTC 2011
"Bjoern A. Zeeb" <bz at FreeBSD.org> wrote:
> Begin forwarded message:
>
> > From: "Bjoern A. Zeeb" <bz at FreeBSD.org>
> > Date: June 28, 2011 11:57:25 AM GMT+00:00
> > To: src-committers at freebsd.org, svn-src-all at freebsd.org, svn-src-head at freebsd.org
> > Subject: svn commit: r223637 - in head: . contrib/pf/authpf contrib/pf/ftp-proxy contrib/pf/man contrib/pf/pfctl contrib/pf/pflogd sbin/pflogd sys/conf sys/contrib/altq/altq sys/contrib/pf/net sys/modules s...
> >
> > Author: bz
> > Date: Tue Jun 28 11:57:25 2011
> > New Revision: 223637
> > URL: http://svn.freebsd.org/changeset/base/223637
> >
> > Log:
> > Update packet filter (pf) code to OpenBSD 4.5.
Thanks!
> In short; please test!
I didn't experience any real problems yet, but running
Privoxy-Regression-Test, I reproducible got this log message
for one of the tests:
Jun 29 18:26:19 r500 kernel: pf: state key linking mismatch! dir=OUT, if=lo1, stored af=2, a0: 10.0.0.1:50722, a1: 10.0.0.1:12345, proto=6, found af=2, a0: 10.0.0.1:50722, a1: 10.0.0.1:12345, proto=6.
This didn't happen with the previous pf version.
I tracked it down to a test that does a connect()
to a local unbound port.
It's also reproducible for every address on the system with:
ifconfig -a | awk '/inet / {system("telnet "$2" 12345")}'
Jun 29 18:30:49 r500 kernel: pf: state key linking mismatch! dir=OUT, if=lo0, stored af=2, a0: 192.168.5.49:61512, a1: 192.168.5.49:12345, proto=6, found af=2, a0: 192.168.5.49:61512, a1: 192.168.5.49:12345, proto=6.
Jun 29 18:30:49 r500 kernel: pf: state key linking mismatch! dir=OUT, if=lo0, stored af=2, a0: 127.0.0.1:44717, a1: 127.0.0.1:12345, proto=6, found af=2, a0: 127.0.0.1:44717, a1: 127.0.0.1:12345, proto=6.
Jun 29 18:30:49 r500 kernel: pf: state key linking mismatch! dir=OUT, if=lo1, stored af=2, a0: 192.168.6.100:31600, a1: 192.168.6.100:12345, proto=6, found af=2, a0: 192.168.6.100:31600, a1: 192.168.6.100:12345, proto=6.
Jun 29 18:30:49 r500 kernel: pf: state key linking mismatch! dir=OUT, if=lo1, stored af=2, a0: 10.0.0.1:20126, a1: 10.0.0.1:12345, proto=6, found af=2, a0: 10.0.0.1:20126, a1: 10.0.0.1:12345, proto=6.
Jun 29 18:30:49 r500 kernel: pf: state key linking mismatch! dir=OUT, if=lo1, stored af=2, a0: 10.0.0.1:10895, a1: 10.0.0.2:12345, proto=6, found af=2, a0: 10.0.0.1:10895, a1: 10.0.0.2:12345, proto=6.
Jun 29 18:30:49 r500 kernel: pf: state key linking mismatch! dir=OUT, if=lo1, stored af=2, a0: 10.0.0.1:25081, a1: 10.0.0.3:12345, proto=6, found af=2, a0: 10.0.0.1:25081, a1: 10.0.0.3:12345, proto=6.
Jun 29 18:30:49 r500 kernel: pf: state key linking mismatch! dir=OUT, if=lo0, stored af=2, a0: 192.168.0.106:32448, a1: 192.168.0.106:12345, proto=6, found af=2, a0: 192.168.0.106:32448, a1: 192.168.0.106:12345, proto=6.
12345 can be replaced with any unbound port it seems.
I'm additionally occasionally seeing the message for successfully
established connections (both internal and outgoing) but don't
know how to reproduce it.
Fabian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-pf/attachments/20110629/c3f94ca3/signature.pgp
More information about the freebsd-pf
mailing list