Re: PF problems with 11-stable
On 26 Jul 2018, at 10:16, Patrick Lamaiziere wrote: > Le Thu, 26 Jul 2018 09:58:05 +0200, > Patrick Lamaiziere a écrit : > > Hello, > >>> Hey, >>> I am on >>> 11.2-STABLE FreeBSD 11.2-STABLE #9 r336597 >>> Sun Jul 22 14:08:38 CEST 2018 >>> >>> and I see 2 problems with PF that are still there: >>> 1.) set skip on lo >>> does not work even though ifconfig lo matches. >>> SOLVED TEMPORARILY BY: set skip on lo0 >> >> I've seen this while upgrading from 10.3 to 11.2-RELEASE. I've added >> lo0 to set skip too. >> >> When the problem occurs, lo is marked '(skip)' (pfctl -vs >> Interfaces) but not lo0. >> >> But I can't reproduce this, this happened only one time. > > I don't know if this is related but there were some kernel logs about > 'loopback' : > > Feb 15 17:11:48 fucop1 kernel: ifa_del_loopback_route: deletion failed: > 47 Feb 15 17:11:48 fucop1 kernel: ifa_add_loopback_route: insertion > failed: 47 Jul 16 13:50:36 fucop1 kernel: ifa_maintain_loopback_route: > deletion failed for interface ix2: 3 Jul 16 14:07:31 fucop1 kernel: > ifa_maintain_loopback_route: deletion failed for interface ix2: 3 Jul > 16 14:07:31 fucop1 kernel: ifa_maintain_loopback_route: deletion failed > for interface igb1: 3 Jul 16 14:10:43 fucop1 kernel: > ifa_maintain_loopback_route: insertion failed for interface igb0: 17 > No, those error messages are not related. The issue with interface groups is known, and is being worked on. The pfctl -n issue should be fixed as of r336164 Regards, Kristof ___ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: PF problems with 11-stable
Le Thu, 26 Jul 2018 09:58:05 +0200, Patrick Lamaiziere a écrit : Hello, > > Hey, > > I am on > > 11.2-STABLE FreeBSD 11.2-STABLE #9 r336597 > > Sun Jul 22 14:08:38 CEST 2018 > > > > and I see 2 problems with PF that are still there: > > 1.) set skip on lo > > does not work even though ifconfig lo matches. > > SOLVED TEMPORARILY BY: set skip on lo0 > > I've seen this while upgrading from 10.3 to 11.2-RELEASE. I've added > lo0 to set skip too. > > When the problem occurs, lo is marked '(skip)' (pfctl -vs > Interfaces) but not lo0. > > But I can't reproduce this, this happened only one time. I don't know if this is related but there were some kernel logs about 'loopback' : Feb 15 17:11:48 fucop1 kernel: ifa_del_loopback_route: deletion failed: 47 Feb 15 17:11:48 fucop1 kernel: ifa_add_loopback_route: insertion failed: 47 Jul 16 13:50:36 fucop1 kernel: ifa_maintain_loopback_route: deletion failed for interface ix2: 3 Jul 16 14:07:31 fucop1 kernel: ifa_maintain_loopback_route: deletion failed for interface ix2: 3 Jul 16 14:07:31 fucop1 kernel: ifa_maintain_loopback_route: deletion failed for interface igb1: 3 Jul 16 14:10:43 fucop1 kernel: ifa_maintain_loopback_route: insertion failed for interface igb0: 17 I've got two firewalls with carp and bird 2 (BGP). ___ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: PF problems with 11-stable
Le Thu, 26 Jul 2018 09:58:05 +0200, Patrick Lamaiziere a écrit : Hello, > > Hey, > > I am on > > 11.2-STABLE FreeBSD 11.2-STABLE #9 r336597 > > Sun Jul 22 14:08:38 CEST 2018 > > > > and I see 2 problems with PF that are still there: > > 1.) set skip on lo > > does not work even though ifconfig lo matches. > > SOLVED TEMPORARILY BY: set skip on lo0 > > I've seen this while upgrading from 10.3 to 11.2-RELEASE. I've added > lo0 to set skip too. > > When the problem occurs, lo is marked '(skip)' (pfctl -vs > Interfaces) but not lo0. > > But I can't reproduce this, this happened only one time. I don't know if this is related but there were some kernel logs about 'loopback' : Feb 15 17:11:48 fucop1 kernel: ifa_del_loopback_route: deletion failed: 47 Feb 15 17:11:48 fucop1 kernel: ifa_add_loopback_route: insertion failed: 47 Jul 16 13:50:36 fucop1 kernel: ifa_maintain_loopback_route: deletion failed for interface ix2: 3 Jul 16 14:07:31 fucop1 kernel: ifa_maintain_loopback_route: deletion failed for interface ix2: 3 Jul 16 14:07:31 fucop1 kernel: ifa_maintain_loopback_route: deletion failed for interface igb1: 3 Jul 16 14:10:43 fucop1 kernel: ifa_maintain_loopback_route: insertion failed for interface igb0: 17 I've got two firewalls with carp and bird 2 (BGP). ___ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: PF problems with 11-stable
Le Sun, 22 Jul 2018 15:53:41 +0200, Lars Schotte a écrit : Hello, > Hey, > I am on > 11.2-STABLE FreeBSD 11.2-STABLE #9 r336597 > Sun Jul 22 14:08:38 CEST 2018 > > and I see 2 problems with PF that are still there: > 1.) set skip on lo > does not work even though ifconfig lo matches. > SOLVED TEMPORARILY BY: set skip on lo0 I've seen this while upgrading from 10.3 to 11.2-RELEASE. I've added lo0 to set skip too. When the problem occurs, lo is marked '(skip)' (pfctl -vs Interfaces) but not lo0. But I can't reproduce this, this happened only one time. While I'm here, another small change is that pfctl -n does not work any more without root credentials, I'm not sure if this is a bug or a feature : % pfctl -n -f /etc/pf.conf pfctl: pfi_get_ifaces: Bad file descriptor % ls -lah /etc/pf.conf -rw-r--r-- 1 root wheel97B Jul 26 09:37 /etc/pf.conf Regards, ___ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
PF problems with 11-stable
Hey, I am on 11.2-STABLE FreeBSD 11.2-STABLE #9 r336597 Sun Jul 22 14:08:38 CEST 2018 and I see 2 problems with PF that are still there: 1.) set skip on lo does not work even though ifconfig lo matches. SOLVED TEMPORARILY BY: set skip on lo0 2.) synproxy state needs no explanation. Problem still persists. SOLVED TEMPORARILY BY: keep state everywhere. -- Lars Schotte Mudroňova 13 92101 Piešťany ___ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
