pfr_update_stats: assertion failed.

[Marek Zarychta]

On Sun, Oct 16, 2016 at 08:17:13PM +0200, Marek Zarychta wrote:
> The issue occurred first two years ago, after upgrade from 8 to 9
> branch. Now this i386 machine is running 11.0-STABLE and despite it was
> compiled with "WITHOUT_ASSERT_DEBUG=yes", still from time to time
> message buffer is fed with:
>   pfr_update_stats: assertion failed.
>   pfr_update_stats: assertion failed.
>   pfr_update_stats: assertion failed.
>   pfr_update_stats: assertion failed.
>   pfr_update_stats: assertion failed.
>   pfr_update_stats: assertion failed.
>   pfr_update_stats: assertion failed.

These messages are still filling system message buffer. According to
pfctl (8) there is nothing wrong with incrementing "XPass" counters
instead of the "Pass" counters. The message "pfr_update_stats: assertion
failed" is printed for debugging purposes only. One could also compare
the counters with the command "pfctl -sT -vv". 

OpenBSD converted printf()'s to DPFDEBUG() macro in their sources almost
8 years ago. Only this printf() in pf_table.c has been converted to the
level of LOG_DEBUG [1].

Perhaps this line of code could be removed from FreeBSD PF sources?

--- sys/netpfil/pf/pf_table.orig.c	2018-06-23 16:40:14.876882000 +0200
+++ sys/netpfil/pf/pf_table.c	2018-06-23 16:40:23.621384000 +0200
@@ -1986,5 +1986,4 @@
 	if ((ke == NULL || ke->pfrke_not) != notrule) {
 		if (op_pass != PFR_OP_PASS)
-			printf("pfr_update_stats: assertion failed.\n");
 		op_pass = PFR_OP_XPASS;
 	}

[1] http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/net/pf_table.c?rev=1.86&content-type=text/x-cvsweb-markup
-- 
Marek Zarychta
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-pf/attachments/20180623/ba45c29a/attachment.sig>