The following reply was made to PR kernel/6380; it has been noted by GNATS.
From: Chris Bayly <cba...@gmail.com> To: gn...@openbsd.org Cc: Subject: kernel/6380 Date: Sun, 13 Feb 2011 16:39:02 -0700 This is a follow up to my original issue. I eventually found a way to mitigate this by filtering the MAC's seen through the bridge. This isn't a fix to the real problem, just a bandaid that seems to fit. Basically I only allow packets written with the MAC for MyHost on the bridge with the following in /etc/hostname.bridge0: add vr2 add vr1 rule pass in on vr1 src 88:88:88:88:88:88 tag extbr rule pass out on vr1 dst 88:88:88:88:88:88 tag extbr rule block on vr1 up This keeps my inside machine from having to see the ISP's usual background packets (arp spam, etc). With these filters in place the firewall has been stable and non-leaking for > 100 days. I started to follow the code path for where the leak might be, but real life(TM) has kept me from getting anywhere. My un-supported guess is that something with bridging (and maybe tied to some NIC drivers) and ARP who-has requests.This might explain the linear-ness of the leak over time, as my ISP usually spam's ARP who-has over my segment continuously... -- Chris Bayly cba...@gmail.com