I've just updated -current, and am a few days beyond henning@'s huge PF
change.
I'm getting state mismatch warnings from the kernel. I do not understand
the entries, so am not sure what to correct, if anything, in my new version
of the rule.
-----
The rule used to be:
rdr pass log on $external_nic proto {tcp udp} from any to any port xxxxx \
-> 192.168.1.42 port xxxxx
The rule now is:
pass in log quick on $external_nic proto {tcp udp} from any to any port xxxxx \
rdr-to 192.168.1.42 port xxxxx
-----
Here are two example warning messages. In each warning message, the
first "a0" IP address is different from the second "a0" IP address, which
matches the second "a1" address. There are multiple valid states in the
state table, so not every state produces these messages:
-----
pf: state key linking mismatch! dir=OUT, if=dc0, stored af=2,
a0: a.b.c.d:39944, a1: 192.168.1.42:xxxxx, proto=17,
found af=2, a0: e.f.g.h:65519, a1: e.f.g.h:48042, proto=17.
pf: state key linking mismatch! dir=OUT, if=dc0, stored af=2,
a0: i.j.k.l:61418, a1: 192.168.1.42:xxxxx, proto=17,
found af=2, a0: m.n.o.p:65519, a1: m.n.o.p:48042, proto=17.
-----
Any suggestions would be greatly appreciated. Thanks!
