From nobody Mon Jun 28 11:07:29 2021 X-Original-To: freebsd-pf@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id CF95911C951E for ; Mon, 28 Jun 2021 11:07:32 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4GD4ZX5XYgz4mRn; Mon, 28 Jun 2021 11:07:32 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from venus.codepro.be (venus.codepro.be [5.9.86.228]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx1.codepro.be", Issuer "R3" (verified OK)) (Authenticated sender: kp) by smtp.freebsd.org (Postfix) with ESMTPSA id 8C25281E5; Mon, 28 Jun 2021 11:07:32 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: by venus.codepro.be (Postfix, authenticated sender kp) id 799B531680; Mon, 28 Jun 2021 13:07:30 +0200 (CEST) From: "Kristof Provost" To: "=?utf-8?q?=C3=96zkan?= KIRIK" Cc: freebsd-pf@freebsd.org Subject: Re: pfctl -P -ss -vv -- sometimes eats cpu and becomes unkillable Date: Mon, 28 Jun 2021 13:07:29 +0200 X-Mailer: MailMate (1.13.2r5673) Message-ID: <04DAC68B-C6F0-49AD-B64C-A066F942A855@FreeBSD.org> In-Reply-To: References: List-Id: Technical discussion and general questions about packet filter (pf) List-Archive: https://lists.freebsd.org/archives/freebsd-pf List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-pf@freebsd.org X-BeenThere: freebsd-pf@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8"; format=flowed; markup=markdown Content-Transfer-Encoding: 8bit X-ThisMailContainsUnwantedMimeParts: N On 26 Jun 2021, at 21:38, Özkan KIRIK wrote: > Hi, > > pfctl -P -ss -vv command cannot finish and eats %100 of single core > cpu > when number of states is over 50.000. > Even killall -9 pfctl doesn't help. process cannot be killed. > > I'm using FreeBSD stable/12 that pulled at 2021-06-05. > State policy is configured as floating. I don't know if it matters > switching to if-bound. > > Do you have any suggestions to overcome this problem? > None for now. I’m aware of the problem, it’s still related to nvlists. It’s being worked on right now, but I have no ETA for a fix. — Kristof From nobody Mon Jun 28 11:22:47 2021 X-Original-To: freebsd-pf@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 104FB11CAF49 for ; Mon, 28 Jun 2021 11:22:59 +0000 (UTC) (envelope-from zarychtam@plan-b.pwste.edu.pl) Received: from plan-b.pwste.edu.pl (plan-b.pwste.edu.pl [IPv6:2001:678:618::40]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "plan-b.pwste.edu.pl", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4GD4wK73YZz4pHH for ; Mon, 28 Jun 2021 11:22:57 +0000 (UTC) (envelope-from zarychtam@plan-b.pwste.edu.pl) Received: from fomalhaut.potoki.eu ([IPv6:2001:470:71:d47:6cbf:23a7:e143:793a]) (authenticated bits=0) by plan-b.pwste.edu.pl (8.16.1/8.16.1) with ESMTPSA id 15SBMlWr019248 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Mon, 28 Jun 2021 13:22:48 +0200 (CEST) (envelope-from zarychtam@plan-b.pwste.edu.pl) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=plan-b.pwste.edu.pl; s=plan-b-mailer; t=1624879368; bh=un1ZL/YAXeLINvzc7zXAfSgcacRoWq7uJe7mS/7hD0E=; h=Subject:To:References:From:Date:In-Reply-To; b=AYPnBnjHGQ0ryfJUJkGgu5QaTrjqeamu1ST4TacT7EiPFVDaYZC2jqsq6AV3MXugT hVhnhjpFKgVPnj84T10lmJC3BsduTQOTrEGBqsyghu/PN2Z6R3WJFeP1j9ziyfTs9Z sZ/yOi21S3VYW5N4g5m26q5oSY0GDIHSQDXoJY2ZBpS03BAj++YlGaIBSGoqP9EAS2 9Tm1vbze8MMkcHFx5hsfj4m3Lqb6LV0tfRM1QSam8bF38/UBNCy/dwqUO7LHzPHpmg 1comCjkZj/Qgr39XlObxGN8q8Juu5FRCmc0b8eg/Kun2KEUMOPUyywSTaOnyOFkIfF ZjUl6Kd2wcNcw== X-Authentication-Warning: plan-b.pwste.edu.pl: Host [IPv6:2001:470:71:d47:6cbf:23a7:e143:793a] claimed to be fomalhaut.potoki.eu Subject: Re: pfctl -P -ss -vv -- sometimes eats cpu and becomes unkillable To: =?UTF-8?Q?=c3=96zkan_KIRIK?= , freebsd-pf@freebsd.org References: From: Marek Zarychta Message-ID: Date: Mon, 28 Jun 2021 13:22:47 +0200 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0 List-Id: Technical discussion and general questions about packet filter (pf) List-Archive: https://lists.freebsd.org/archives/freebsd-pf List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-pf@freebsd.org X-BeenThere: freebsd-pf@freebsd.org MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="E4GAuRboucT9HTHR5UeYDTPfqUCB3V1pl" X-Rspamd-Queue-Id: 4GD4wK73YZz4pHH X-Spamd-Bar: ------- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=plan-b.pwste.edu.pl header.s=plan-b-mailer header.b=AYPnBnjH; dmarc=pass (policy=none) header.from=plan-b.pwste.edu.pl; spf=none (mx1.freebsd.org: domain of zarychtam@plan-b.pwste.edu.pl has no SPF policy when checking 2001:678:618::40) smtp.mailfrom=zarychtam@plan-b.pwste.edu.pl X-Spamd-Result: default: False [-7.90 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_SOME(0.00)[]; HAS_ATTACHMENT(0.00)[]; HAS_XAW(0.00)[]; DKIM_TRACE(0.00)[plan-b.pwste.edu.pl:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[plan-b.pwste.edu.pl,none]; NEURAL_HAM_SHORT(-1.00)[-0.998]; SIGNED_PGP(-2.00)[]; FREEMAIL_TO(0.00)[gmail.com,freebsd.org]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:+,3:~]; RBL_DBL_DONT_QUERY_IPS(0.00)[2001:678:618::40:from]; ASN(0.00)[asn:206006, ipnet:2001:678:618::/48, country:PL]; MID_RHS_MATCH_FROM(0.00)[]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[plan-b.pwste.edu.pl:s=plan-b-mailer]; FROM_HAS_DN(0.00)[]; DWL_DNSWL_MED(-2.00)[pwste.edu.pl:dkim]; NEURAL_HAM_LONG(-1.00)[-1.000]; TAGGED_RCPT(0.00)[]; MIME_GOOD(-0.20)[multipart/signed,multipart/mixed,text/plain]; SPAMHAUS_ZRD(0.00)[2001:678:618::40:from:127.0.2.255]; TO_MATCH_ENVRCPT_SOME(0.00)[]; R_SPF_NA(0.00)[no SPF record]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-pf] X-ThisMailContainsUnwantedMimeParts: N This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --E4GAuRboucT9HTHR5UeYDTPfqUCB3V1pl Content-Type: multipart/mixed; boundary="HnhsCDC4zqNXTCdecXVv7IRjAfYadAeG2"; protected-headers="v1" From: Marek Zarychta To: =?UTF-8?Q?=c3=96zkan_KIRIK?= , freebsd-pf@freebsd.org Message-ID: Subject: Re: pfctl -P -ss -vv -- sometimes eats cpu and becomes unkillable References: In-Reply-To: --HnhsCDC4zqNXTCdecXVv7IRjAfYadAeG2 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable W dniu 26.06.2021 o=C2=A021:38, =C3=96zkan KIRIK pisze: > Hi, >=20 > pfctl -P -ss -vv command cannot finish and eats %100 of single core cpu= > when number of states is over 50.000. > Even killall -9 pfctl doesn't help. process cannot be killed. >=20 > I'm using FreeBSD stable/12 that pulled at 2021-06-05. > State policy is configured as floating. I don't know if it matters > switching to if-bound. >=20 > Do you have any suggestions to overcome this problem? >=20 > Regards, >=20 PF on stable/1{2,3} got some enhancements lately and displaying states might be now slow (really _SLOW_). Please try to run backed up pfctl(8) binary for displaying states (works in my case), if you have one. If you can't find older pfctl binary, then please try your luck with the one extracted from 12.2-RELEASE install. Best regards, --=20 Marek Zarychta --HnhsCDC4zqNXTCdecXVv7IRjAfYadAeG2-- --E4GAuRboucT9HTHR5UeYDTPfqUCB3V1pl Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature" -----BEGIN PGP SIGNATURE----- wsB5BAABCAAjFiEEMOqvKm6wKvS1/ZeCdZ/s//1SjSwFAmDZsQcFAwAAAAAACgkQdZ/s//1SjSwu Kwf/ZCSIjXN3noKkZjEBx+eve3UsuwmlcN/uTcYY3ClqKP++MfUvr3kzr28VgmlWvCYOo4VdUvsd MZANa3Fnuq4FsN7ivYniPb1lEqPC78lWXvxaBPUXHn1lzHMdMh17oqowcUkBIQ95qJr8q3iuB9aA 1LpvcsTC+bdLwHSbBt/HVsbXCl2JZab0mHAQoLkmE/eUeYzF27glSnH2bpRf5NsCKOYoQyBfz9NX suDHbe6yoVI4JEbXNY3qkUACizYqE+cJYfT26qnTD54hrXTU+nxsWSeUad13yEn7KvmAgbcZbXIP PDljtUx1I6YXEh0Md8duvLqGgcZmKGAyIXxD+opKYQ== =pQRT -----END PGP SIGNATURE----- --E4GAuRboucT9HTHR5UeYDTPfqUCB3V1pl-- From nobody Mon Jun 28 11:49:16 2021 X-Original-To: freebsd-pf@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 9349411CC98F for ; Mon, 28 Jun 2021 11:49:27 +0000 (UTC) (envelope-from thomas@gibfest.dk) Received: from smtp2.servers.tyknet.dk (smtp2.servers.tyknet.dk [89.233.43.78]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4GD5Vv32Crz4rGl; Mon, 28 Jun 2021 11:49:26 +0000 (UTC) (envelope-from thomas@gibfest.dk) Subject: Re: pfctl -P -ss -vv -- sometimes eats cpu and becomes unkillable DKIM-Filter: OpenDKIM Filter v2.10.3 smtp2.servers.tyknet.dk 3CFDB237B6 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=gibfest.dk; s=default; t=1624880958; bh=FlMe7rOJA4W6nlyIvAoNQRlGAVIpQhdg0l0tHGVN1EU=; h=Subject:To:Cc:References:From:Date:In-Reply-To; b=LHzPuupCXdsdW8tnziA+z09qznwx6yc1i+aREZoBEoKv4E0BWbCA6hH81RQvo5KOR b5N+ufriNptU3ow0WtOF5hsjKtbn9DRQf/F4LdorUQpPm99VcbH1Xl54fGM8+3FhIE OdAfTpM6Gg3QVXuDyc30TDhVuivoApiOut9b2GMNgreHPZaDZxFsjqP3VftdGTsu6V IEYpMu9wPzkDmbUftD97iIfs2yk3S3C/sTfRjsn5RTKs17QmlwLeoVe5lAUsLFPq5y u067L+phPU2Lt66wd3SAbaKCzax95LQjlM1ECDZbPNbH1gg/fTSQBNDQ0jLvm9mHEY vxDRxmXvzYqgg== To: Kristof Provost Cc: freebsd-pf@freebsd.org, =?UTF-8?Q?=c3=96zkan_KIRIK?= References: <04DAC68B-C6F0-49AD-B64C-A066F942A855@FreeBSD.org> Message-ID: <4ec42bb0-ab4d-967e-2612-72219cd0a125@gibfest.dk> Date: Mon, 28 Jun 2021 13:49:16 +0200 List-Id: Technical discussion and general questions about packet filter (pf) List-Archive: https://lists.freebsd.org/archives/freebsd-pf List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-pf@freebsd.org X-BeenThere: freebsd-pf@freebsd.org MIME-Version: 1.0 In-Reply-To: <04DAC68B-C6F0-49AD-B64C-A066F942A855@FreeBSD.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 4GD5Vv32Crz4rGl X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-4.00 / 15.00]; TAGGED_RCPT(0.00)[]; REPLY(-4.00)[] Reply-To: thomas@gibfest.dk From: Thomas Steen Rasmussen via freebsd-pf X-Original-From: Thomas Steen Rasmussen X-ThisMailContainsUnwantedMimeParts: N On 6/28/21 1:07 PM, Kristof Provost wrote: > On 26 Jun 2021, at 21:38, Özkan KIRIK wrote: >> Hi, >> >> pfctl -P -ss -vv command cannot finish and eats %100 of single core cpu >> when number of states is over 50.000. >> Even killall -9 pfctl doesn't help. process cannot be killed. >> >> I'm using FreeBSD stable/12 that pulled at 2021-06-05. >> State policy is configured as floating. I don't know if it matters >> switching to if-bound. >> >> Do you have any suggestions to overcome this problem? >> > None for now. I’m aware of the problem, it’s still related to nvlists. > It’s being worked on right now, but I have no ETA for a fix. > > — Kristof > Hello! Is there a PR for this issue? When did the code causing the issue enter 12/STABLE? Thanks! :) Best regards, Thomas From nobody Mon Jun 28 11:50:58 2021 X-Original-To: freebsd-pf@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 6EF6311CCCB5 for ; Mon, 28 Jun 2021 11:51:01 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4GD5Xj1kjRz4rLs; Mon, 28 Jun 2021 11:51:01 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from venus.codepro.be (venus.codepro.be [5.9.86.228]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx1.codepro.be", Issuer "R3" (verified OK)) (Authenticated sender: kp) by smtp.freebsd.org (Postfix) with ESMTPSA id 037298EE2; Mon, 28 Jun 2021 11:51:01 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: by venus.codepro.be (Postfix, authenticated sender kp) id 4CFE8316A0; Mon, 28 Jun 2021 13:50:59 +0200 (CEST) From: "Kristof Provost" To: "Thomas Steen Rasmussen" Cc: freebsd-pf@freebsd.org, "=?utf-8?q?=C3=96zkan?= KIRIK" Subject: Re: pfctl -P -ss -vv -- sometimes eats cpu and becomes unkillable Date: Mon, 28 Jun 2021 13:50:58 +0200 X-Mailer: MailMate (1.13.2r5673) Message-ID: <12F655AB-D72D-4AA7-ACA4-CAD74DED1EB5@FreeBSD.org> In-Reply-To: <4ec42bb0-ab4d-967e-2612-72219cd0a125@gibfest.dk> References: <04DAC68B-C6F0-49AD-B64C-A066F942A855@FreeBSD.org> <4ec42bb0-ab4d-967e-2612-72219cd0a125@gibfest.dk> List-Id: Technical discussion and general questions about packet filter (pf) List-Archive: https://lists.freebsd.org/archives/freebsd-pf List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-pf@freebsd.org X-BeenThere: freebsd-pf@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8"; markup=markdown Content-Transfer-Encoding: 8bit X-ThisMailContainsUnwantedMimeParts: N On 28 Jun 2021, at 13:49, Thomas Steen Rasmussen wrote: > On 6/28/21 1:07 PM, Kristof Provost wrote: > Is there a PR for this issue? There is not. There’s a pfsense-internal bug report about it. > When did the code causing the issue enter 12/STABLE? > When the nvlist version of the getstates ioctl was merged to stable/12. — Kristof From nobody Mon Jun 28 14:12:56 2021 X-Original-To: freebsd-pf@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id AD27411D40BA for ; Mon, 28 Jun 2021 14:13:08 +0000 (UTC) (envelope-from ozkan.kirik@gmail.com) Received: from mail-ua1-x92c.google.com (mail-ua1-x92c.google.com [IPv6:2607:f8b0:4864:20::92c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4GD8hh4M53z3Hvk; Mon, 28 Jun 2021 14:13:08 +0000 (UTC) (envelope-from ozkan.kirik@gmail.com) Received: by mail-ua1-x92c.google.com with SMTP id r9so7029122ual.7; Mon, 28 Jun 2021 07:13:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=wcceiEVRjDIigdZNeIaWSJ3YL6jfZb3bukZLCVyLUGo=; b=tRx7aeCjH0CdT7dW2Fd6oBfAmttEonVuHXp0/kkwR82tJLTCx8x1TwZhgIzTUS/QEk 2DaakFWKvHinDVVmdMr18v8twX/IscllP7BF1vfgYaMlLKpf9m9POXFhzQtjeQAvX9/9 QSTiU4vzFl6OIZweNGhQrmZy+KKqGj9EO7Z2sz2lIq+adx5lgj4+i6Cc3IRgxC6MhP10 7VwCiGFjXu6CfkjLNlP7t5bAUbgyY2vjEF99Y7R7VeaXs+ajjLGh7s1M6IhNeankny+n yF1HX/qoXXZYfVfhBj0qwu7t4fTkdehhixWhFVj+o8qRcu6ganKaSfPtYysn4pD4SlBz qjfw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=wcceiEVRjDIigdZNeIaWSJ3YL6jfZb3bukZLCVyLUGo=; b=i5Q/UvqRKmxyWJFYUUnSuwSeGGL3Dw1BBCD4xM/z1PtzdoZ9hUcoAAqRNg2R4Mt0zq BaY4ZF6u2IBCtelQibhsUKQVTrrLhK2vVoHWLNDGDpq+9giiDlIAHCAGN+Bn5uxwkq4h t8DNG9f0jQK12o25F0FLLKMYjRGMvE98/5CIg6+mXwv669eCfPWkYXaC7Z2gxo9NnYgf vLd7M89Kv/vIRTrNLD2KDfm+5gxCzvjL1pEj3FPa6s/glX1zIFxXa3zgRsHTSjryfwYO FRbsS3p1r5XXJJ5DBWV6SWYXgx4sZhOsGPKm0Cm8FFgyusTNN/QDS/eMADRtNLarHzt5 ciBw== X-Gm-Message-State: AOAM530nh1pzFtPSCK6aAezn5CE/1xRfTvVvOOEmEgglGNg9ObphMIcd waxmvCiGAyE451m1NMDlyy5FMRe0Z/KiPT9SZOvy346B X-Google-Smtp-Source: ABdhPJy7W1B45OrNbO+zbEla10e4eVkoCGTKyaulvAzR+4cbXXPp0ImDEic1afCZIFCONC0VEDQMGuAj4W9Q+Xu12TA= X-Received: by 2002:ab0:25c6:: with SMTP id y6mr21937607uan.62.1624889587538; Mon, 28 Jun 2021 07:13:07 -0700 (PDT) List-Id: Technical discussion and general questions about packet filter (pf) List-Archive: https://lists.freebsd.org/archives/freebsd-pf List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-pf@freebsd.org X-BeenThere: freebsd-pf@freebsd.org MIME-Version: 1.0 References: <04DAC68B-C6F0-49AD-B64C-A066F942A855@FreeBSD.org> <4ec42bb0-ab4d-967e-2612-72219cd0a125@gibfest.dk> <12F655AB-D72D-4AA7-ACA4-CAD74DED1EB5@FreeBSD.org> In-Reply-To: <12F655AB-D72D-4AA7-ACA4-CAD74DED1EB5@FreeBSD.org> From: =?UTF-8?B?w5Z6a2FuIEtJUklL?= Date: Mon, 28 Jun 2021 17:12:56 +0300 Message-ID: Subject: Re: pfctl -P -ss -vv -- sometimes eats cpu and becomes unkillable To: Kristof Provost Cc: Thomas Steen Rasmussen , freebsd-pf@freebsd.org Content-Type: multipart/alternative; boundary="000000000000aa1d6d05c5d416be" X-Rspamd-Queue-Id: 4GD8hh4M53z3Hvk X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; TAGGED_FROM(0.00)[] X-ThisMailContainsUnwantedMimeParts: Y --000000000000aa1d6d05c5d416be Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Thank you. Kristof, I wonder if the older pfctl binary (before nvlist revisions) helps ? regards On Mon, Jun 28, 2021 at 2:51 PM Kristof Provost wrote: > On 28 Jun 2021, at 13:49, Thomas Steen Rasmussen wrote: > > On 6/28/21 1:07 PM, Kristof Provost wrote: > > Is there a PR for this issue? > There is not. There=E2=80=99s a pfsense-internal bug report about it. > > > When did the code causing the issue enter 12/STABLE? > > > When the nvlist version of the getstates ioctl was merged to stable/12. > > =E2=80=94 Kristof > --000000000000aa1d6d05c5d416be-- From nobody Mon Jun 28 14:15:41 2021 X-Original-To: freebsd-pf@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 32CC211D46EC for ; Mon, 28 Jun 2021 14:15:44 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4GD8lh11Tyz3JcT; Mon, 28 Jun 2021 14:15:44 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from venus.codepro.be (venus.codepro.be [5.9.86.228]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx1.codepro.be", Issuer "R3" (verified OK)) (Authenticated sender: kp) by smtp.freebsd.org (Postfix) with ESMTPSA id E3FB6A374; Mon, 28 Jun 2021 14:15:43 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: by venus.codepro.be (Postfix, authenticated sender kp) id 3D954319EC; Mon, 28 Jun 2021 16:15:42 +0200 (CEST) From: "Kristof Provost" To: "=?utf-8?q?=C3=96zkan?= KIRIK" Cc: "Thomas Steen Rasmussen" , freebsd-pf@freebsd.org Subject: Re: pfctl -P -ss -vv -- sometimes eats cpu and becomes unkillable Date: Mon, 28 Jun 2021 16:15:41 +0200 X-Mailer: MailMate (1.13.2r5673) Message-ID: <063005F7-169A-4722-835C-31BB87C813BB@FreeBSD.org> In-Reply-To: References: <04DAC68B-C6F0-49AD-B64C-A066F942A855@FreeBSD.org> <4ec42bb0-ab4d-967e-2612-72219cd0a125@gibfest.dk> <12F655AB-D72D-4AA7-ACA4-CAD74DED1EB5@FreeBSD.org> List-Id: Technical discussion and general questions about packet filter (pf) List-Archive: https://lists.freebsd.org/archives/freebsd-pf List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-pf@freebsd.org X-BeenThere: freebsd-pf@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8"; format=flowed Content-Transfer-Encoding: 8bit X-ThisMailContainsUnwantedMimeParts: N On 28 Jun 2021, at 16:12, Özkan KIRIK wrote: > Thank you. > > Kristof, I wonder if the older pfctl binary (before nvlist revisions) > helps > ? > I’d expect so. I’m working on testing things, and main is already vastly better. It contains an nvlist fix 89d5cbb82294c8624e66f920d50353057ccab14b that hasn’t made it to stable/12 yet that makes things a lot better. — Kristof From nobody Mon Jun 28 14:17:23 2021 X-Original-To: freebsd-pf@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id A0AEF11D4BE6 for ; Mon, 28 Jun 2021 14:17:35 +0000 (UTC) (envelope-from ozkan.kirik@gmail.com) Received: from mail-vs1-xe30.google.com (mail-vs1-xe30.google.com [IPv6:2607:f8b0:4864:20::e30]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4GD8nq3tz8z3Jw0; Mon, 28 Jun 2021 14:17:35 +0000 (UTC) (envelope-from ozkan.kirik@gmail.com) Received: by mail-vs1-xe30.google.com with SMTP id u10so10097235vsu.12; Mon, 28 Jun 2021 07:17:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=fhtwOebxReXsqiQh+6pa8Rt9Jrk9rHUqN3gM6mnx5Yk=; b=N8hvn271B13U1XDPpZGZjov0AdaDvKXIeRY9SGLzdo4RGz1no+oJmYb4sNUYbsc4/5 O6SVw7/GnQP1kF00Q0Dhbj5G42yxYZMxrS8A1JUIB7ymho1vKJGeJ2VRhQ44r1HHXL9u CQTrUSewrY8168vwh0jew17lv/txI6jbArKuZWY3LQP+Jod6+9NFza/pWQNIOm7noYUc CCWeaNLlrSvjl+jq8O7CTd3o/h61+pb4sdJkoEDY8W7N5QXw2sE4OvxrPGD8EPrYOxFJ GsGG2TFyAO8Lno7TLZ2XEhL/5EP2F91o7BA6UIpQAHRv/iaqWSi8geTRllZX0I66AUJU cH9w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=fhtwOebxReXsqiQh+6pa8Rt9Jrk9rHUqN3gM6mnx5Yk=; b=RYk5RkkRz6vvdkmWq6/1g7J98JnWN1x6Z2f0b1+Ioloi+ELPtxD4E2k85yHkHN2a+T hEWjpN217mRtTTZA7LPUhc0E/sEHDcs6U8hdnTmEL7Bb+XgAAEtTfb/siRen6E9Uh/Ay O48dcvbYuhBMEx1r0r3w42bGH8ZKZLaTX+R/k35p4g1J3rhF+X9WYaU6mWxH9EQ7RZCq MUhh0nnW5KuF6gl08nkKkOXE356RX/2ljOWkN9UKDQjfHrgFQ3tPmsqyw18ID7Kwov/R D3+PS96ExPedxAYyJ53IlR+qG0J6Fy5F1prcJ4X2xy/k1ZL7aT14FkFcw2c5ORkNe0gr u8lw== X-Gm-Message-State: AOAM532p2z2dTMLHuXB+PMkI/hPaNWqdg+ehZI5Y0icLtMX2PL2ETIgr xWYhxUFdZqDJwfV7GUIgHbmj/aJ7bHs1tmuk9kd1vCcE X-Google-Smtp-Source: ABdhPJzIa0MhMTwpahk+Ptzh99KhdOOfFf9bwIaXfamuT4xqJ7PztM6HJQrLcZGHWu6SPGMjeEsMZ+v7IUaWmMsi0qY= X-Received: by 2002:a05:6102:31b3:: with SMTP id d19mr55064vsh.55.1624889854427; Mon, 28 Jun 2021 07:17:34 -0700 (PDT) List-Id: Technical discussion and general questions about packet filter (pf) List-Archive: https://lists.freebsd.org/archives/freebsd-pf List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-pf@freebsd.org X-BeenThere: freebsd-pf@freebsd.org MIME-Version: 1.0 References: <04DAC68B-C6F0-49AD-B64C-A066F942A855@FreeBSD.org> <4ec42bb0-ab4d-967e-2612-72219cd0a125@gibfest.dk> <12F655AB-D72D-4AA7-ACA4-CAD74DED1EB5@FreeBSD.org> <063005F7-169A-4722-835C-31BB87C813BB@FreeBSD.org> In-Reply-To: <063005F7-169A-4722-835C-31BB87C813BB@FreeBSD.org> From: =?UTF-8?B?w5Z6a2FuIEtJUklL?= Date: Mon, 28 Jun 2021 17:17:23 +0300 Message-ID: Subject: Re: pfctl -P -ss -vv -- sometimes eats cpu and becomes unkillable To: Kristof Provost Cc: Thomas Steen Rasmussen , freebsd-pf@freebsd.org Content-Type: multipart/alternative; boundary="00000000000092835605c5d4264f" X-Rspamd-Queue-Id: 4GD8nq3tz8z3Jw0 X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; TAGGED_FROM(0.00)[] X-ThisMailContainsUnwantedMimeParts: Y --00000000000092835605c5d4264f Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Great, thanks for the update. On Mon, Jun 28, 2021 at 5:15 PM Kristof Provost wrote: > On 28 Jun 2021, at 16:12, =C3=96zkan KIRIK wrote: > > Thank you. > > > > Kristof, I wonder if the older pfctl binary (before nvlist revisions) > > helps > > ? > > > I=E2=80=99d expect so. > > I=E2=80=99m working on testing things, and main is already vastly better.= It > contains an nvlist fix 89d5cbb82294c8624e66f920d50353057ccab14b that > hasn=E2=80=99t made it to stable/12 yet that makes things a lot better. > > =E2=80=94 Kristof > --00000000000092835605c5d4264f-- From nobody Wed Jun 30 01:46:15 2021 X-Original-To: pf@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 2505A11CFA8B for ; Wed, 30 Jun 2021 01:46:16 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4GF4200MgXz3NZc for ; Wed, 30 Jun 2021 01:46:16 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id E8FC7239FA for ; Wed, 30 Jun 2021 01:46:15 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 15U1kFrb047541 for ; Wed, 30 Jun 2021 01:46:15 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 15U1kFEb047540 for pf@FreeBSD.org; Wed, 30 Jun 2021 01:46:15 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: pf@FreeBSD.org Subject: [Bug 203735] Transparent interception of ipv6 with squid and pf causes panic Date: Wed, 30 Jun 2021 01:46:15 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 10.2-STABLE X-Bugzilla-Keywords: crash, needs-patch, needs-qa X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: linimon@FreeBSD.org X-Bugzilla-Status: Closed X-Bugzilla-Resolution: Overcome By Events X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: pf@FreeBSD.org X-Bugzilla-Flags: mfc-stable11? mfc-stable10? X-Bugzilla-Changed-Fields: resolution bug_status Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Technical discussion and general questions about packet filter (pf) List-Archive: https://lists.freebsd.org/archives/freebsd-pf List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-pf@freebsd.org X-BeenThere: freebsd-pf@freebsd.org MIME-Version: 1.0 X-ThisMailContainsUnwantedMimeParts: N https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D203735 Mark Linimon changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |Overcome By Events Status|Open |Closed --- Comment #9 from Mark Linimon --- ^Triage: overcome by events. --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Sun Jul 4 21:00:35 2021 X-Original-To: pf@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 2BE5211F6ED8 for ; Sun, 4 Jul 2021 21:00:37 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4GJ1S40bXSz4VcQ for ; Sun, 4 Jul 2021 21:00:36 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id E4B3819260 for ; Sun, 4 Jul 2021 21:00:35 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 164L0ZPW007209 for ; Sun, 4 Jul 2021 21:00:35 GMT (envelope-from bugzilla-noreply@FreeBSD.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 164L0Zv7007208 for pf@FreeBSD.org; Sun, 4 Jul 2021 21:00:35 GMT (envelope-from bugzilla-noreply@FreeBSD.org) Message-Id: <202107042100.164L0Zv7007208@kenobi.freebsd.org> X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@FreeBSD.org using -f From: bugzilla-noreply@FreeBSD.org To: pf@FreeBSD.org Subject: Problem reports for pf@FreeBSD.org that need special attention Date: Sun, 4 Jul 2021 21:00:35 +0000 List-Id: Technical discussion and general questions about packet filter (pf) List-Archive: https://lists.freebsd.org/archives/freebsd-pf List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-pf@freebsd.org X-BeenThere: freebsd-pf@freebsd.org MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="16254324354.bfB164.6331" Content-Transfer-Encoding: 7bit X-ThisMailContainsUnwantedMimeParts: Y --16254324354.bfB164.6331 Date: Sun, 4 Jul 2021 21:00:35 +0000 MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status | Bug Id | Description ------------+-----------+--------------------------------------------------- Open | 237973 | pf: implement egress keyword to simplify rules ac 1 problems total for which you should take action. --16254324354.bfB164.6331--