From owner-freebsd-pf@freebsd.org  Fri Dec 11 22:00:10 2015
Return-Path: <owner-freebsd-pf@freebsd.org>
Delivered-To: freebsd-pf@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4C140A0498D
 for <freebsd-pf@mailman.ysv.freebsd.org>; Fri, 11 Dec 2015 22:00:10 +0000 (UTC)
 (envelope-from krzysiek@airnet.opole.pl)
Received: from mail.bestpartner.pl (airmax.pl [176.111.128.139])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 14D181A57
 for <freebsd-pf@freebsd.org>; Fri, 11 Dec 2015 22:00:08 +0000 (UTC)
 (envelope-from krzysiek@airnet.opole.pl)
Received: from [176.111.148.64] (helo=[192.168.111.38])
 by da.airnet.opole.pl with esmtpsa (TLSv1.2:DHE-RSA-AES128-SHA:128)
 (Exim 4.85) (envelope-from <krzysiek@airnet.opole.pl>)
 id 1a7VTH-000NBM-DI
 for freebsd-pf@freebsd.org; Fri, 11 Dec 2015 22:43:23 +0100
Subject: Re: Machine freezes when loading pf ruleset
To: freebsd-pf@freebsd.org
References: <b248a69a-0768-4e55-b2a2-4571e28b858f@CASHTS1.zuv.uni-muenchen.de>
 <CAE63ME69-J-bh9+0cPA6w+XAPAm1D08S7uvfi1O9bQyNE_ju1A@mail.gmail.com>
 <894145A3DDBDEF4880E00D334DCD87263EC814A8@MXS2.zuv.uni-muenchen.de>
 <CAPBZQG3L75iTF1u6k4WpkpzqaH-y75cW+YaEXrMAVx7=QgaEzg@mail.gmail.com>
 <894145A3DDBDEF4880E00D334DCD87263EC83B6C@MXS2.zuv.uni-muenchen.de>
From: Krzysiek <krzysiek@airnet.opole.pl>
Message-ID: <566B4370.6090309@airnet.opole.pl>
Date: Fri, 11 Dec 2015 22:43:12 +0100
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101
 Thunderbird/38.4.0
MIME-Version: 1.0
In-Reply-To: <894145A3DDBDEF4880E00D334DCD87263EC83B6C@MXS2.zuv.uni-muenchen.de>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Antivirus-Scanner: Clean mail though you should still use an Antivirus
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
 \(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf/>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Dec 2015 22:00:10 -0000

W dniu 2015-08-27 o 15:32, Kolontai Andrej pisze:
>> The patch provided at https://reviews.freebsd.org/D3503 should help your case.
>> During a full ruleset reload, taking into account so many rules, you will impact normal packet processing.
>> Hence you have the feeling of the box being frozen or not forwarding traffic.
>> That patch reduces the overhead of reloading a ruleset.
>> Though even more lock breakdown is necessary on pf(4) but that is another topic.
> Sounds great. I'll try that.
>
> Andrej
>   
> _______________________________________________
> freebsd-pf@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org"

Hello,

Dear Andrej
Please let us know, did the provided patch work for you?
I'm experiencing similar problems with 10.2 (r287460M), but my ruleset 
is just 45 lines (`pfctl -sr | wc -l`).
Btw. I'm not using CARP/pfsync, just pf and pflog.

Thanks!
Best regards
Krzysiek Barcikowski