why BAD state messages

Alexandre Biancalana biancalana at gmail.com
Sun Aug 17 22:21:14 UTC 2008


On 8/15/08, Jeremy Chadwick <koitsu at freebsd.org> wrote:
> On Fri, Aug 15, 2008 at 01:26:31PM -0300, Alexandre Biancalana wrote:
>  > Looking the logs I made some math on each state
>  >
>  >  9:9      6174 times
>  >  4:4      3283 times
>  >  4:9      2611 times
>  > 10:10   1382 times
>  >  2:0        878 times
>  >  9:4        520 times
>
>
> pfctl -s info will show a total counter for this (and some other
>  oddities, but the majority are probably for what Max has described
>  above), called state-mismatch.

I know that.


>
>
>  > How can I give a larger range for outgoing conections if the clients
>  > connect directly to the servers ? In this case I don't have any rdr
>  > rule.
>
>
> Clients connecting ***to*** the FreeBSD server would be considered an
>  incoming connection, not an outgoing one.

I know that too. What I don't know is how to give a larger range to
the connections originated from the clients.

After do csup and apply Max carpdev patch, I get the following error
running make buildkernel

[...]
cc -c -O2 -frename-registers -pipe -fno-strict-aliasing  -std=c99 -g
-Wall -Wredundant-decls -Wnested-externs -Wstrict-prototypes
-Wmissing-prototypes -Wpointer-arith -Winline -Wcast-qual  -Wundef
-Wno-pointer-sign -fformat-extensions -nostdinc  -I. -I/usr/src/sys
-I/usr/src/sys/contrib/altq -D_KERNEL -DHAVE_KERNEL_OPTION_HEADERS
-include opt_global.h -fno-common -finline-limit=8000 --param
inline-unit-growth=100 --param large-function-growth=1000
-mcmodel=kernel -mno-red-zone  -mfpmath=387 -mno-sse -mno-sse2
-mno-mmx -mno-3dnow  -msoft-float -fno-asynchronous-unwind-tables
-ffreestanding -Werror  /usr/src/sys/netinet/ip_carp.c
cc1: warnings being treated as errors
/usr/src/sys/netinet/ip_carp.c: In function 'carp_setroute':
/usr/src/sys/netinet/ip_carp.c:394: warning: assignment from
incompatible pointer type
*** Error code 1

Stop in /usr/obj/usr/src/sys/FWPRDIV.
*** Error code 1

Stop in /usr/src.
*** Error code 1

Stop in /usr/src.


Any Ideas ?

Regards,
Alexandre


More information about the freebsd-pf mailing list