Speaking of ship blockers for 9....
Ian FREISLICH
ianf at clue.co.za
Sat Aug 11 10:02:55 UTC 2012
Gleb Smirnoff wrote:
> Let me give you link to my branch of pf:
>
> http://lists.freebsd.org/pipermail/freebsd-pf/2012-June/006643.html
> http://lists.freebsd.org/pipermail/freebsd-pf/2012-June/006662.html
>
> In that branch the code that puts the "reverse" pointer on state keys,
> as well as the m_addr_changed() function and the pf_compare_state_keys()
> had been cut away.
>
> So, this exact bug definitely can't be reproduced there. However, others
> may hide in :)
Thanks. I'll be able to work on this next week. My system is
pretty similar to yours - 16 cores, full BGP RIB, 20+ VLANs + CARP
on 4*bce(4), PF+Sync, 400k+ states, NAT, tables, anchors etc.
The complication is that the production system is on 8 and the
pfsync is incompatible with 9 and CURRENT. And, 9/CURRENT is
unuseable for me as a backup without this fix because of the state
mismatch rate.
Ian
--
Ian Freislich
More information about the freebsd-current
mailing list