"Bjoern A. Zeeb" <[email protected]> wrote: > Begin forwarded message: > > > From: "Bjoern A. Zeeb" <[email protected]> > > Date: June 28, 2011 11:57:25 AM GMT+00:00 > > To: [email protected], [email protected], > > [email protected] > > Subject: svn commit: r223637 - in head: . contrib/pf/authpf > > contrib/pf/ftp-proxy contrib/pf/man contrib/pf/pfctl contrib/pf/pflogd > > sbin/pflogd sys/conf sys/contrib/altq/altq sys/contrib/pf/net sys/modules > > s... > > > > Author: bz > > Date: Tue Jun 28 11:57:25 2011 > > New Revision: 223637 > > URL: http://svn.freebsd.org/changeset/base/223637 > > > > Log: > > Update packet filter (pf) code to OpenBSD 4.5.
Thanks!
> In short; please test!
I didn't experience any real problems yet, but running
Privoxy-Regression-Test, I reproducible got this log message
for one of the tests:
Jun 29 18:26:19 r500 kernel: pf: state key linking mismatch! dir=OUT, if=lo1,
stored af=2, a0: 10.0.0.1:50722, a1: 10.0.0.1:12345, proto=6, found af=2, a0:
10.0.0.1:50722, a1: 10.0.0.1:12345, proto=6.
This didn't happen with the previous pf version.
I tracked it down to a test that does a connect()
to a local unbound port.
It's also reproducible for every address on the system with:
ifconfig -a | awk '/inet / {system("telnet "$2" 12345")}'
Jun 29 18:30:49 r500 kernel: pf: state key linking mismatch! dir=OUT, if=lo0,
stored af=2, a0: 192.168.5.49:61512, a1: 192.168.5.49:12345, proto=6, found
af=2, a0: 192.168.5.49:61512, a1: 192.168.5.49:12345, proto=6.
Jun 29 18:30:49 r500 kernel: pf: state key linking mismatch! dir=OUT, if=lo0,
stored af=2, a0: 127.0.0.1:44717, a1: 127.0.0.1:12345, proto=6, found af=2, a0:
127.0.0.1:44717, a1: 127.0.0.1:12345, proto=6.
Jun 29 18:30:49 r500 kernel: pf: state key linking mismatch! dir=OUT, if=lo1,
stored af=2, a0: 192.168.6.100:31600, a1: 192.168.6.100:12345, proto=6, found
af=2, a0: 192.168.6.100:31600, a1: 192.168.6.100:12345, proto=6.
Jun 29 18:30:49 r500 kernel: pf: state key linking mismatch! dir=OUT, if=lo1,
stored af=2, a0: 10.0.0.1:20126, a1: 10.0.0.1:12345, proto=6, found af=2, a0:
10.0.0.1:20126, a1: 10.0.0.1:12345, proto=6.
Jun 29 18:30:49 r500 kernel: pf: state key linking mismatch! dir=OUT, if=lo1,
stored af=2, a0: 10.0.0.1:10895, a1: 10.0.0.2:12345, proto=6, found af=2, a0:
10.0.0.1:10895, a1: 10.0.0.2:12345, proto=6.
Jun 29 18:30:49 r500 kernel: pf: state key linking mismatch! dir=OUT, if=lo1,
stored af=2, a0: 10.0.0.1:25081, a1: 10.0.0.3:12345, proto=6, found af=2, a0:
10.0.0.1:25081, a1: 10.0.0.3:12345, proto=6.
Jun 29 18:30:49 r500 kernel: pf: state key linking mismatch! dir=OUT, if=lo0,
stored af=2, a0: 192.168.0.106:32448, a1: 192.168.0.106:12345, proto=6, found
af=2, a0: 192.168.0.106:32448, a1: 192.168.0.106:12345, proto=6.
12345 can be replaced with any unbound port it seems.
I'm additionally occasionally seeing the message for successfully
established connections (both internal and outgoing) but don't
know how to reproduce it.
Fabian
signature.asc
Description: PGP signature
