PF state key linking mismatch in FreeBSD 9.0-RELEASE
Matt Lager
mlager at sdunix.com
Thu Jan 12 22:26:46 UTC 2012
Interesting. I feel like the performance is degraded quite a bit between
two VPN points that display these messages vs. two VPN points that don't
display these messages, though I could be wrong. Is your basic
suggestion to not consider this a concern and continue forward with my
VPN rollouts?
On 1/12/2012 3:23 PM, Bjoern A. Zeeb wrote:
> On 12. Jan 2012, at 21:07 , Matt Lager wrote:
>
>> I've had a bug report in on this for a while but hasn't received a response yet, also posted to the FreeBSD forums and haven't received a response either, see these links:
>>
>> http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/163208
>> http://forums.freebsd.org/showthread.php?t=28278
>>
>> I don't believe it to be a configuration issue, and this is really preventing me from using FreeBSD 9.0 as VPN endpoints. If anyone has any information on this, I would greatly appreciate it.
> yeah it's the re-use of an mbuf that previously passed through pf. The logging is noise basically though can be painful with a slow (serial) console. I have a sysctl locally to disable the logging, OpenBSD has removed the printf by now. I agree that we need to fix these places where it still originates and even if it's for documentation purposes to eventually decide if re-using the mbuf there is really cheaper to allocating a new one as other people lately found transporting other properties along with the mbuf and re-using that can lead to odd results.
>
> /bz
>
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the freebsd-pf
mailing list