RELENG_8 pf stack issue (state count spiraling out of control)
Janne Snabb
snabb at epipe.com
Tue May 3 06:29:33 UTC 2011
On Tue, 3 May 2011, Vlad Galu wrote:
> Disabling scrubbing altogether seems like a good next step.
I used to get all kinds of strange problems when I tried scrubbing
on FreeBSD 8.1. Especially with IPv6 traffic. After I disabled
scrubbing altogether I have had zero problems. The IP & TCP stacks
behind this particular pf are good ones anyway, so scrubbing was
useless anyway.
My belief is that scrubbing is just broken, but I do not have any
hard facts about it. I did not bother wasting my time trying to
debug it after I noticed that the pf code has not been updated from
the upstream for quite a while. The first thing would be to get on
the same level with the upstream in case the problem is fixed
there. However, I do not want to touch OpenBSD code for personal
reasons.
--
Janne Snabb / EPIPE Communications
snabb at epipe.com - http://epipe.com/
More information about the freebsd-pf
mailing list