From nobody Fri Jun 4 09:43:55 2021 X-Original-To: stable@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 18DAA13A463D for ; Fri, 4 Jun 2021 09:44:04 +0000 (UTC) (envelope-from petefrench@ingresso.co.uk) Received: from constantine.ingresso.co.uk (constantine.ingresso.co.uk [IPv6:2001:470:6a18:411::3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4FxHsH3BGRz4jZj for ; Fri, 4 Jun 2021 09:44:03 +0000 (UTC) (envelope-from petefrench@ingresso.co.uk) Received: from dilbert.ingresso.co.uk ([2001:470:6a18:411::6]) by constantine.ingresso.co.uk with esmtpsa (TLS1.3) tls TLS_AES_256_GCM_SHA384 (Exim 4.94.2 (FreeBSD)) (envelope-from ) id 1lp6Mu-000FLj-7W for stable@freebsd.org; Fri, 04 Jun 2021 09:43:56 +0000 Received: from petefrench by dilbert.ingresso.co.uk with local (Exim 4.94.2 (FreeBSD)) (envelope-from ) id 1lp6Mt-000Nhj-V7 for stable@freebsd.org; Fri, 04 Jun 2021 10:43:56 +0100 To: stable@freebsd.org Subject: pf starts blocking all traffic after a short while Message-Id: From: Pete French Date: Fri, 04 Jun 2021 10:43:55 +0100 X-Rspamd-Queue-Id: 4FxHsH3BGRz4jZj X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=pass (policy=none) header.from=ingresso.co.uk; spf=pass (mx1.freebsd.org: domain of petefrench@ingresso.co.uk designates 2001:470:6a18:411::3 as permitted sender) smtp.mailfrom=petefrench@ingresso.co.uk X-Spamd-Result: default: False [-3.79 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; RBL_DBL_DONT_QUERY_IPS(0.00)[2001:470:6a18:411::3:from]; ARC_NA(0.00)[]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2001:470:6a18:411::3]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; RCPT_COUNT_ONE(0.00)[1]; SPAMHAUS_ZRD(0.00)[2001:470:6a18:411::3:from:127.0.2.255]; RCVD_COUNT_THREE(0.00)[3]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.99)[-0.988]; DMARC_POLICY_ALLOW(-0.50)[ingresso.co.uk,none]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:6939, ipnet:2001:470::/32, country:US]; RCVD_TLS_LAST(0.00)[]; MAILMAN_DEST(0.00)[stable] X-ThisMailContainsUnwantedMimeParts: N List-Id: Production branch of FreeBSD source code List-Archive: https://lists.freebsd.org/archives/freebsd-stable List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-stable@freebsd.org X-BeenThere: freebsd-stable@freebsd.org I thought I understood pf pretty well, but this one puzzles me. I have a very simple setup here - a machine I omnly want to allow public IPv6 in from one place, allow private Ipv4 from its local neighbours, and be able to connect out to anywhere. Seems to work, I boot it up, I can ssh in. After about five minutes it just starts blocking all traffic. I have serial console access, so I can still examine the machine, and if, when it is stuck, I load a pf config files which allows everything, then traffic resumesd again, which is what makes me think pf is doing this. Heres the rules, all eleven of them... root@joanna-may:~ # pfctl -s rules scrub all max-mss 1200 fragment reassemble block return all pass quick proto icmp all keep state pass quick proto ipv6-icmp all keep state pass in inet from 127.0.0.0/8 to any flags S/SA keep state pass in inet from 192.168.0.0/16 to any flags S/SA keep state pass in inet from 172.16.0.0/12 to any flags S/SA keep state pass in inet from 10.0.0.0/8 to any flags S/SA keep state pass in inet6 from 2001:470:6cc4::/48 to any flags S/SA keep state pass in inet6 from 2001:470:1f08:1771::2 to any flags S/SA keep state pass out all flags S/SA keep state Nothing particularly controversial there I think! I've checked the states table, theres a handful in there, and they look fine. If I ssh in and run top, then that connection eventually drops when the packet flow ceases. The pf table is left with a state of TIME_WAIT in it. Any ideas ? This is a mchine inside AWS, so not real hardware, but that should not make a difference I think... Its also the only time I have used pf without using NAT, so maybe I have issed something, but really, this was supposd to be a very simple ruleset to do a very simple job. -pete. From nobody Fri Jun 4 10:06:15 2021 X-Original-To: stable@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 644C413A6438; Fri, 4 Jun 2021 10:06:26 +0000 (UTC) (envelope-from thomas@gibfest.dk) Received: from smtp2.servers.tyknet.dk (smtp2.servers.tyknet.dk [89.233.43.78]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4FxJM54RHnz4mFv; Fri, 4 Jun 2021 10:06:25 +0000 (UTC) (envelope-from thomas@gibfest.dk) To: pf@freebsd.org, stable@freebsd.org DKIM-Filter: OpenDKIM Filter v2.10.3 smtp2.servers.tyknet.dk 9EB2316611 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=gibfest.dk; s=default; t=1622801176; bh=4Nk1WN6egRJ1dZPgTKaMZkEp4B5x95Wj175xK5UkH+I=; h=To:From:Subject:Date; b=OthRgWAXYfmybJqGUnz1lxxPToMpZ9W3bCa5+ZbRQwQu191FXEXuayApP2msK4hFT jed+eHYhlzNfOF9UBxGfr4BezU5RKyEUfH7E6SBZ9Nnoo4izjV8tdO0JDu9JUmBmmA 7TizwsUX0TG83TEcL3sMmfwK1/I6yw73hqpK8kkJ/wczYuyOyhvuJlJLWNmjqvZ9BK 2xE3UCyyGDI/WnnvVO9e9JJZGpB48Z14Jgut2asoqhSmndJas7oTmCDgtUAsdYz86G 9Mtm56Xeq4Dt9VDpUz9K3BcVOZ51Kgt4c9iBrWpXTFZl5Gkq1yJpESJCqOVAeJqKe7 0npPRIpXRa2YQ== Subject: New pf_default_rules option and patch Message-ID: <4ed0ba0c-74d8-003d-86c4-c6265118d600@gibfest.dk> Date: Fri, 4 Jun 2021 12:06:15 +0200 List-Id: Production branch of FreeBSD source code List-Archive: https://lists.freebsd.org/archives/freebsd-stable List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-stable@freebsd.org X-BeenThere: freebsd-stable@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 4FxJM54RHnz4mFv X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gibfest.dk header.s=default header.b=OthRgWAX; dmarc=pass (policy=reject) header.from=gibfest.dk; spf=pass (mx1.freebsd.org: domain of thomas@gibfest.dk designates 89.233.43.78 as permitted sender) smtp.mailfrom=thomas@gibfest.dk X-Spamd-Result: default: False [-4.00 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[gibfest.dk:s=default]; FREEFALL_USER(0.00)[thomas]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; SPAMHAUS_ZRD(0.00)[89.233.43.78:from:127.0.2.255]; DKIM_TRACE(0.00)[gibfest.dk:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[gibfest.dk,reject]; NEURAL_HAM_SHORT(-1.00)[-0.997]; RCVD_COUNT_ZERO(0.00)[0]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RBL_DBL_DONT_QUERY_IPS(0.00)[89.233.43.78:from]; ASN(0.00)[asn:3308, ipnet:89.233.0.0/18, country:SE]; MID_RHS_MATCH_FROM(0.00)[]; MAILMAN_DEST(0.00)[pf,stable] Reply-To: thomas@gibfest.dk From: Thomas Steen Rasmussen via pf X-Original-From: Thomas Steen Rasmussen X-ThisMailContainsUnwantedMimeParts: N Hello pf@ and stable@, I opened a bug with a patch to support loading $pf_default_rules - which defaults to "block drop log all" - in case loading pf.conf fails during boot. This is to avoid having 0 rules loaded. The default is to have the new feature disabled, keeping the existing behaviout. The bug and patch and more info can be seen at [1]. Questions welcome, here or in the bug. Best regards, Thomas Steen Rasmussen [1] https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=256410 From nobody Fri Jun 4 16:43:02 2021 X-Original-To: stable@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id F2D1ACFCAA3 for ; Fri, 4 Jun 2021 16:42:23 +0000 (UTC) (envelope-from bsd-lists@bsdforge.com) Received: from udns.ultimatedns.net (static-24-113-41-81.wavecable.com [24.113.41.81]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "ultimatedns.net", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4FxT7z5N2lz3vT0 for ; Fri, 4 Jun 2021 16:42:23 +0000 (UTC) (envelope-from bsd-lists@bsdforge.com) Received: from ultimatedns.net (localhost [127.0.0.1]) by udns.ultimatedns.net (8.16.1/8.16.1) with ESMTP id 154Gh26c072332; Fri, 4 Jun 2021 09:43:08 -0700 (PDT) (envelope-from bsd-lists@bsdforge.com) List-Id: Production branch of FreeBSD source code List-Archive: https://lists.freebsd.org/archives/freebsd-stable List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-stable@freebsd.org X-BeenThere: freebsd-stable@freebsd.org MIME-Version: 1.0 Date: Fri, 04 Jun 2021 09:43:02 -0700 From: Chris To: Pete French Cc: stable@freebsd.org Subject: Re: pf starts blocking all traffic after a short while In-Reply-To: References: User-Agent: UDNSMS/17.0 Message-ID: X-Sender: bsd-lists@bsdforge.com Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 4FxT7z5N2lz3vT0 X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[] X-ThisMailContainsUnwantedMimeParts: N On 2021-06-04 02:43, Pete French wrote: > I thought I understood pf pretty well, but this one puzzles me. > I have a very simple setup here - a machine I omnly want to allow > public IPv6 in from one place, allow private Ipv4 from its local > neighbours, and be able to connect out to anywhere. > > Seems to work, I boot it up, I can ssh in. After about five > minutes it just starts blocking all traffic. I have serial > console access, so I can still examine the machine, and if, when > it is stuck, I load a pf config files which allows everything, then > traffic resumesd again, which is what makes me think pf is doing this. > > Heres the rules, all eleven of them... > > root@joanna-may:~ # pfctl -s rules > scrub all max-mss 1200 fragment reassemble > block return all > pass quick proto icmp all keep state > pass quick proto ipv6-icmp all keep state > pass in inet from 127.0.0.0/8 to any flags S/SA keep state > pass in inet from 192.168.0.0/16 to any flags S/SA keep state > pass in inet from 172.16.0.0/12 to any flags S/SA keep state > pass in inet from 10.0.0.0/8 to any flags S/SA keep state > pass in inet6 from 2001:470:6cc4::/48 to any flags S/SA keep state > pass in inet6 from 2001:470:1f08:1771::2 to any flags S/SA keep state > pass out all flags S/SA keep state > > Nothing particularly controversial there I think! > > I've checked the states table, theres a handful in there, and they look > fine. > If I ssh in and run top, then that connection eventually drops when the > packet > flow ceases. The pf table is left with a state of TIME_WAIT in it. > > Any ideas ? This is a mchine inside AWS, so not real hardware, but that > should not make a difference I think... Its also the only time I have used > pf > without using NAT, so maybe I have issed something, but really, this was > supposd to be a very simple ruleset to do a very simple job. OK I may be completely off the mark here. But I seem to remember something about potential problems with fragment reassembly on IPv6. Just for kicks, does the problem still manifest if you comment scrub all max-mss 1200 fragment reassemble Again, I may be off the mark here, as I don't exactly remember where/when I read about it. But just thought I'd throw it out there in case it helped. --Chris > > -pete. From nobody Fri Jun 4 17:03:00 2021 X-Original-To: stable@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id C6E90CFE8A7 for ; Fri, 4 Jun 2021 17:03:08 +0000 (UTC) (envelope-from bc979@lafn.org) Received: from mail.sermon-archive.info (sermon-archive.info [47.181.130.121]) by mx1.freebsd.org (Postfix) with ESMTP id 4FxTbv6fDsz4Rl9 for ; Fri, 4 Jun 2021 17:03:07 +0000 (UTC) (envelope-from bc979@lafn.org) Received: from smtpclient.apple (mini [10.0.1.251]) by mail.sermon-archive.info (Postfix) with ESMTPSA id 4FxTbn0M2Cz2fjVC; Fri, 4 Jun 2021 10:03:01 -0700 (PDT) Content-Type: text/plain; charset=us-ascii List-Id: Production branch of FreeBSD source code List-Archive: https://lists.freebsd.org/archives/freebsd-stable List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-stable@freebsd.org X-BeenThere: freebsd-stable@freebsd.org Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.100.0.2.22\)) Subject: Re: pf starts blocking all traffic after a short while From: Doug Hardie In-Reply-To: Date: Fri, 4 Jun 2021 10:03:00 -0700 Cc: stable@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: References: To: Pete French X-Mailer: Apple Mail (2.3654.100.0.2.22) X-Virus-Scanned: clamav-milter 0.103.1 at mail X-Virus-Status: Clean X-Rspamd-Queue-Id: 4FxTbv6fDsz4Rl9 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of bc979@lafn.org designates 47.181.130.121 as permitted sender) smtp.mailfrom=bc979@lafn.org X-Spamd-Result: default: False [-2.68 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; MV_CASE(0.50)[]; R_SPF_ALLOW(-0.20)[+mx]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[lafn.org: no valid DMARC record]; RBL_DBL_DONT_QUERY_IPS(0.00)[47.181.130.121:from]; SPAMHAUS_ZRD(0.00)[47.181.130.121:from:127.0.2.255]; TO_MATCH_ENVRCPT_SOME(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; RCPT_COUNT_TWO(0.00)[2]; NEURAL_HAM_SHORT(-0.98)[-0.979]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:5650, ipnet:47.181.128.0/18, country:US]; RCVD_COUNT_TWO(0.00)[2]; MAILMAN_DEST(0.00)[stable] X-ThisMailContainsUnwantedMimeParts: N > On 4 June 2021, at 09:43, Chris wrote: >=20 > On 2021-06-04 02:43, Pete French wrote: >> I thought I understood pf pretty well, but this one puzzles me. >> I have a very simple setup here - a machine I omnly want to allow >> public IPv6 in from one place, allow private Ipv4 from its local >> neighbours, and be able to connect out to anywhere. >> Seems to work, I boot it up, I can ssh in. After about five >> minutes it just starts blocking all traffic. I have serial >> console access, so I can still examine the machine, and if, when >> it is stuck, I load a pf config files which allows everything, then >> traffic resumesd again, which is what makes me think pf is doing = this. >> Heres the rules, all eleven of them... >> root@joanna-may:~ # pfctl -s rules >> scrub all max-mss 1200 fragment reassemble >> block return all >> pass quick proto icmp all keep state >> pass quick proto ipv6-icmp all keep state >> pass in inet from 127.0.0.0/8 to any flags S/SA keep state >> pass in inet from 192.168.0.0/16 to any flags S/SA keep state >> pass in inet from 172.16.0.0/12 to any flags S/SA keep state >> pass in inet from 10.0.0.0/8 to any flags S/SA keep state >> pass in inet6 from 2001:470:6cc4::/48 to any flags S/SA keep state >> pass in inet6 from 2001:470:1f08:1771::2 to any flags S/SA keep state >> pass out all flags S/SA keep state >> Nothing particularly controversial there I think! >> I've checked the states table, theres a handful in there, and they = look fine. >> If I ssh in and run top, then that connection eventually drops when = the packet >> flow ceases. The pf table is left with a state of TIME_WAIT in it. >> Any ideas ? This is a mchine inside AWS, so not real hardware, but = that >> should not make a difference I think... Its also the only time I have = used pf >> without using NAT, so maybe I have issed something, but really, this = was >> supposd to be a very simple ruleset to do a very simple job. > OK I may be completely off the mark here. But I seem to remember = something > about potential problems with fragment reassembly on IPv6. Just for = kicks, > does the problem still manifest if you comment > scrub all max-mss 1200 fragment reassemble > Again, I may be off the mark here, as I don't exactly remember = where/when > I read about it. But just thought I'd throw it out there in case it = helped. >=20 What IP address is the client you SSH from using? I get the impression = that it is not one of the private IP addresses listed in the rules. If = that is the case, there is no rule for incoming SSH from public IPs. = Hence, the default block all will apply. I suspect you need another = rule like "pass in quick port 22 all keep state". I understand "keep = state" is the default and doesn't need to be included on each rule. -- Doug From nobody Fri Jun 4 18:47:31 2021 X-Original-To: stable@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 47F35DF499E for ; Fri, 4 Jun 2021 18:47:35 +0000 (UTC) (envelope-from petefrench@ingresso.co.uk) Received: from constantine.ingresso.co.uk (constantine.ingresso.co.uk [IPv6:2001:470:6a18:411::3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4FxWwR1dLnz4bZ6 for ; Fri, 4 Jun 2021 18:47:34 +0000 (UTC) (envelope-from petefrench@ingresso.co.uk) Received: from [2001:470:6cc4:1:cd6:5836:ddba:7b54] (helo=balta.drayhouse.twisted.org.uk) by constantine.ingresso.co.uk with esmtpsa (TLS1.3) tls TLS_AES_128_GCM_SHA256 (Exim 4.94.2 (FreeBSD)) (envelope-from ) id 1lpEqx-000G0I-TK; Fri, 04 Jun 2021 18:47:31 +0000 Subject: Re: pf starts blocking all traffic after a short while To: Chris Cc: stable@freebsd.org References: From: Pete French Message-ID: Date: Fri, 4 Jun 2021 19:47:31 +0100 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.11.0 List-Id: Production branch of FreeBSD source code List-Archive: https://lists.freebsd.org/archives/freebsd-stable List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-stable@freebsd.org X-BeenThere: freebsd-stable@freebsd.org MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=windows-1252; format=flowed Content-Language: en-GB Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 4FxWwR1dLnz4bZ6 X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[] X-ThisMailContainsUnwantedMimeParts: N > OK I may be completely off the mark here. But I seem to remember something > about potential problems with fragment reassembly on IPv6. Just for kicks, > does the problem still manifest if you comment > scrub all max-mss 1200 fragment reassemble > Again, I may be off the mark here, as I don't exactly remember where/when > I read about it. But just thought I'd throw it out there in case it helped. Actually, yes, this is true, and in most other places I use pf I have the rule: pass quick inet6 proto ipv6-frag all keep state in pf.conf. But this time I forgot. However I just tried adding that though, and it hasnt helped. All IPv4 traffic as well as IPv6 gets dropped when it starts dropping stuff, so I dont think this is Ipv6 related. Good memory though, I had forgotten that ;-) -pete. From nobody Fri Jun 4 18:51:27 2021 X-Original-To: stable@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 35C84DF5BE3 for ; Fri, 4 Jun 2021 18:51:29 +0000 (UTC) (envelope-from petefrench@ingresso.co.uk) Received: from constantine.ingresso.co.uk (constantine.ingresso.co.uk [IPv6:2001:470:6a18:411::3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4FxX0x1563z4d33 for ; Fri, 4 Jun 2021 18:51:28 +0000 (UTC) (envelope-from petefrench@ingresso.co.uk) Received: from [2001:470:6cc4:1:cd6:5836:ddba:7b54] (helo=balta.drayhouse.twisted.org.uk) by constantine.ingresso.co.uk with esmtpsa (TLS1.3) tls TLS_AES_128_GCM_SHA256 (Exim 4.94.2 (FreeBSD)) (envelope-from ) id 1lpEul-000G0X-E2; Fri, 04 Jun 2021 18:51:27 +0000 Subject: Re: pf starts blocking all traffic after a short while To: Doug Hardie Cc: stable@freebsd.org References: From: Pete French Message-ID: <5d544cc9-26b1-51fd-13a9-02d181cfba80@ingresso.co.uk> Date: Fri, 4 Jun 2021 19:51:27 +0100 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.11.0 List-Id: Production branch of FreeBSD source code List-Archive: https://lists.freebsd.org/archives/freebsd-stable List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-stable@freebsd.org X-BeenThere: freebsd-stable@freebsd.org MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=windows-1252; format=flowed Content-Language: en-GB Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 4FxX0x1563z4d33 X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[] X-ThisMailContainsUnwantedMimeParts: N On 04/06/2021 18:03, Doug Hardie wrote: > What IP address is the client you SSH from using? I get the impression that it is not one of the private IP addresses listed in the rules. If that is the case, there is no rule for incoming SSH from public IPs. Hence, the default block all will apply. I suspect you need another rule like "pass in quick port 22 all keep state". I understand "keep state" is the default and doesn't need to be included on each rule. Client IP address is 2001:470:6cc4:1:cd6:5836:ddba:7b54 so it should be caught by this rule: pass in inet6 from 2001:470:6cc4::/48 to any flags S/SA keep state Indeed ssh works fine for the first five minutes or so after the machine boots, but then it just stops passing packest (of both IPv4 and IPv6). Am wondering if this is something to do with the AWS firewall maybe ? I cant tell *where* the packets are being stopped. Anyone else using AWS ? -pete. From nobody Fri Jun 4 19:57:36 2021 X-Original-To: stable@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id A032813AA1BA for ; Fri, 4 Jun 2021 19:57:39 +0000 (UTC) (envelope-from petefrench@ingresso.co.uk) Received: from constantine.ingresso.co.uk (constantine.ingresso.co.uk [IPv6:2001:470:6a18:411::3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4FxYTG5fv7z4jnj for ; Fri, 4 Jun 2021 19:57:38 +0000 (UTC) (envelope-from petefrench@ingresso.co.uk) Received: from [2001:470:6cc4:1:cd6:5836:ddba:7b54] (helo=balta.drayhouse.twisted.org.uk) by constantine.ingresso.co.uk with esmtpsa (TLS1.3) tls TLS_AES_128_GCM_SHA256 (Exim 4.94.2 (FreeBSD)) (envelope-from ) id 1lpFwn-000G4b-6R for stable@freebsd.org; Fri, 04 Jun 2021 19:57:37 +0000 Subject: Re: pf starts blocking all traffic after a short while To: stable@freebsd.org References: <5d544cc9-26b1-51fd-13a9-02d181cfba80@ingresso.co.uk> From: Pete French Message-ID: <32c4b16d-fed6-8132-2513-8d4a91fdd8b7@ingresso.co.uk> Date: Fri, 4 Jun 2021 20:57:36 +0100 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.11.0 List-Id: Production branch of FreeBSD source code List-Archive: https://lists.freebsd.org/archives/freebsd-stable List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-stable@freebsd.org X-BeenThere: freebsd-stable@freebsd.org MIME-Version: 1.0 In-Reply-To: <5d544cc9-26b1-51fd-13a9-02d181cfba80@ingresso.co.uk> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Language: en-GB Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 4FxYTG5fv7z4jnj X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=pass (policy=none) header.from=ingresso.co.uk; spf=pass (mx1.freebsd.org: domain of petefrench@ingresso.co.uk designates 2001:470:6a18:411::3 as permitted sender) smtp.mailfrom=petefrench@ingresso.co.uk X-Spamd-Result: default: False [-3.80 / 15.00]; RCVD_TLS_ALL(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; RBL_DBL_DONT_QUERY_IPS(0.00)[2001:470:6a18:411::3:from]; TO_MATCH_ENVRCPT_ALL(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2001:470:6a18:411::3]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; ARC_NA(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; SPAMHAUS_ZRD(0.00)[2001:470:6a18:411::3:from:127.0.2.255]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; DMARC_POLICY_ALLOW(-0.50)[ingresso.co.uk,none]; NEURAL_HAM_SHORT(-1.00)[-1.000]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:6939, ipnet:2001:470::/32, country:US]; RCVD_COUNT_TWO(0.00)[2]; MAILMAN_DEST(0.00)[stable] X-ThisMailContainsUnwantedMimeParts: N On 04/06/2021 19:51, Pete French wrote: > Am wondering if this is something to do with the AWS firewall maybe ? I > cant tell *where* the packets are being stopped. Anyone else using AWS ? Answering my own email, but I solved this - I need to allow in the private IPv6 ranges as well. I dont know exactly why, but my suspicion would be that something in AWS is trying to contact the VM using that range, and if it cant it then assumes its down and stops passing traffic. -pete. From nobody Sun Jun 6 11:56:18 2021 X-Original-To: freebsd-stable@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 95063948993 for ; Sun, 6 Jun 2021 11:56:25 +0000 (UTC) (envelope-from ronald-lists@klop.ws) Received: from smarthost1.greenhost.nl (smarthost1.greenhost.nl [195.190.28.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4FyZj43PZmz4fSC for ; Sun, 6 Jun 2021 11:56:24 +0000 (UTC) (envelope-from ronald-lists@klop.ws) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=klop.ws; s=mail; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Date:Message-ID :Subject:From:To:Sender:Reply-To:Cc:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=MpUhObI90bllVmirHYs7ha0yjhDEhd0nniNn8MJaIYg=; b=rg/TBq/p70lfR+joS/PPydrr1d 4RJt9WHj5DitShOdK1CCIkEsLtglhoQ9mZCNLpys7CGaR+2Ss76rYS1wYJUfZzcHhpZb2wBxx6DGD jnAMjdLrAOAbmQG2G2peYfpTfIQ95BnJAru09wPSq9+gpG2XvLs3nP0BZvLbi4GdXJLE=; To: freebsd-stable@freebsd.org From: Ronald Klop Subject: cron line continuation? Message-ID: <0d9ed5fb-7b98-8fa5-2429-a00c615afc69@klop.ws> Date: Sun, 6 Jun 2021 13:56:18 +0200 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0 List-Id: Production branch of FreeBSD source code List-Archive: https://lists.freebsd.org/archives/freebsd-stable List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-stable@freebsd.org X-BeenThere: freebsd-stable@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Authenticated-As-Hash: 398f5522cb258ce43cb679602f8cfe8b62a256d1 X-Virus-Scanned: by clamav at smarthost1.greenhost.nl X-Spam-Level: / X-Spam-Score: -0.4 X-Spam-Status: No, score=-0.4 required=5.0 tests=ALL_TRUSTED,BAYES_50,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF autolearn=disabled version=3.4.2 X-Scan-Signature: 1a7405c26abe6bf9ec28429b6fddc697 X-Rspamd-Queue-Id: 4FyZj43PZmz4fSC X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=klop.ws header.s=mail header.b=rg/TBq/p; dmarc=pass (policy=none) header.from=klop.ws; spf=pass (mx1.freebsd.org: domain of ronald-lists@klop.ws designates 195.190.28.88 as permitted sender) smtp.mailfrom=ronald-lists@klop.ws X-Spamd-Result: default: False [-3.00 / 15.00]; ARC_NA(0.00)[]; RWL_MAILSPIKE_VERYGOOD(0.00)[195.190.28.88:from]; R_DKIM_ALLOW(-0.20)[klop.ws:s=mail]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:195.190.28.64/27]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; RCPT_COUNT_ONE(0.00)[1]; DKIM_TRACE(0.00)[klop.ws:+]; DMARC_POLICY_ALLOW(-0.50)[klop.ws,none]; RCVD_IN_DNSWL_NONE(0.00)[195.190.28.88:from]; NEURAL_HAM_SHORT(-1.00)[-1.000]; RCVD_COUNT_ZERO(0.00)[0]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; SUBJECT_ENDS_QUESTION(1.00)[]; ASN(0.00)[asn:47172, ipnet:195.190.28.0/24, country:NL]; MID_RHS_MATCH_FROM(0.00)[]; MAILMAN_DEST(0.00)[freebsd-stable] X-ThisMailContainsUnwantedMimeParts: N Hi, I'm trying to create a cron entry with line continuation. This document mentions the \ character: https://docs.freebsd.org/doc/13.0-RELEASE/usr/local/share/doc/freebsd/en_US.ISO8859-1/books/handbook/configtuning-cron.html The manual pages do not mention this and I can't get it to work. Is this possible? Regards, Ronald. From nobody Sun Jun 6 14:57:38 2021 X-Original-To: freebsd-stable@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id E79A5952241 for ; Sun, 6 Jun 2021 14:57:48 +0000 (UTC) (envelope-from torfinn.ingolfsen@getmail.no) Received: from SMTPOUT05.DKA.mailcore.net (smtpout05.dka.mailcore.net [81.7.169.178]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtpout05.dka.mailcore.net", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4FyfkM2RCSz4vbj for ; Sun, 6 Jun 2021 14:57:46 +0000 (UTC) (envelope-from torfinn.ingolfsen@getmail.no) Received: from SMTP.DKA.mailcore.net (DKA-SMTP01.mailcore.local [10.1.0.51]) by SMTPGW.DKA.mailcore.net (Postfix) with ESMTP id 3389C428A9 for ; Sun, 6 Jun 2021 16:57:39 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wemail.no; s=mailcore; t=1622991459; bh=d1bQwBRuHutjPCVnxdTLargM93RILDKRXsd9DIY2cjY=; h=Date:From:To:Subject:In-Reply-To:References:From; b=J/UMckFdFB3CAFFf5iWl/t95o619VtDfg3F1S+tiLRzaBmmt9EX3CDmrKvIwGAY4R SplNamBBa6EA+3PnNC+iCcBr6pzbSCCDZqt2Ii0ePp6xgjq7VKXRGn6GglQBW6+/yG Jfj2L5dtAFjo8unYZscvfYioWZD84nI7WLx7DtBAcOAgSDUcHaiJTIngn5bTFKzx+K RB0EPN9JZf1pxzy1/IukFghn4mltu421PO1i5XYMiIlgYtq5n8Ca1TuRG40gFd1Y70 P9HRQkUDKFM4KGNJLbTPjBYEoyeTrUi5JKS6OrORSl9NC/PT/8MgCYxW7L9cJxFn+7 tkKuCeNgxGR+A== Received: from kg-core2.kg4.no (unknown [178.74.2.42]) by SMTP.DKA.mailcore.net (Postfix) with ESMTPSA id 1D7BC400E7 for ; Sun, 6 Jun 2021 16:57:39 +0200 (CEST) Date: Sun, 6 Jun 2021 16:57:38 +0200 From: Torfinn Ingolfsen To: freebsd-stable@freebsd.org Subject: Re: cron line continuation? Message-Id: <20210606165738.f944a3649687a4ae09bb3cf6@getmail.no> In-Reply-To: <0d9ed5fb-7b98-8fa5-2429-a00c615afc69@klop.ws> References: <0d9ed5fb-7b98-8fa5-2429-a00c615afc69@klop.ws> X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.33; amd64-portbld-freebsd11.4) List-Id: Production branch of FreeBSD source code List-Archive: https://lists.freebsd.org/archives/freebsd-stable List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-stable@freebsd.org X-BeenThere: freebsd-stable@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 4FyfkM2RCSz4vbj X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=wemail.no header.s=mailcore header.b=J/UMckFd; dmarc=none; spf=pass (mx1.freebsd.org: domain of torfinn.ingolfsen@getmail.no designates 81.7.169.178 as permitted sender) smtp.mailfrom=torfinn.ingolfsen@getmail.no X-Spamd-Result: default: False [-2.00 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; MV_CASE(0.50)[]; R_SPF_ALLOW(-0.20)[+ip4:81.7.169.128/25]; TO_DN_NONE(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[wemail.no:+]; NEURAL_HAM_SHORT(-1.00)[-1.000]; FROM_EQ_ENVFROM(0.00)[]; SUBJECT_ENDS_QUESTION(1.00)[]; RBL_DBL_DONT_QUERY_IPS(0.00)[81.7.169.178:from]; ASN(0.00)[asn:16095, ipnet:81.7.128.0/18, country:DK]; MIME_TRACE(0.00)[0:+]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_LAST(0.00)[]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[wemail.no:s=mailcore]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-stable@freebsd.org]; DMARC_NA(0.00)[getmail.no]; RCPT_COUNT_ONE(0.00)[1]; SPAMHAUS_ZRD(0.00)[81.7.169.178:from:127.0.2.255]; MAILMAN_DEST(0.00)[freebsd-stable] X-ThisMailContainsUnwantedMimeParts: N On Sun, 6 Jun 2021 13:56:18 +0200 Ronald Klop wrote: > Hi, > > I'm trying to create a cron entry with line continuation. This document mentions the \ character: > https://docs.freebsd.org/doc/13.0-RELEASE/usr/local/share/doc/freebsd/en_US.ISO8859-1/books/handbook/configtuning-cron.html > > The manual pages do not mention this and I can't get it to work. > > Is this possible? 'man 5 crontab' has this section The ``sixth'' field (the rest of the line) specifies the command to be run. One or more command options may precede the command to modify processing behavior. The entire command portion of the line, up to a newline or % character, will be executed by /bin/sh or by the shell specified in the SHELL variable of the cronfile. Percent-signs (%) in the command, unless escaped with backslash (\), will be changed into newline characters, and all data after the first % will be sent to the command as standard input. HTH -- Torfinn Ingolfsen From nobody Sun Jun 6 23:09:13 2021 X-Original-To: freebsd-stable@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 7E76C94B203 for ; Sun, 6 Jun 2021 23:09:25 +0000 (UTC) (envelope-from dave@jetcafe.org) Received: from fedex2.jetcafe.org (fedex2.jetcafe.org [205.147.26.23]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA512 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "fedex2.jetcafe.org", Issuer "R3" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Fysdc3qrWz4hT0 for ; Sun, 6 Jun 2021 23:09:24 +0000 (UTC) (envelope-from dave@jetcafe.org) X-Envelope-To: Received: from bigus.dream-tech.com (bigus.jetcafe.org [205.147.26.7]) by fedex2.jetcafe.org (8.16.1/8.15.2) with ESMTPS id 156N9ESu021343 (version=TLSv1.3 cipher=AEAD-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sun, 6 Jun 2021 16:09:17 -0700 (PDT) (envelope-from dave@jetcafe.org) Date: Sun, 6 Jun 2021 16:09:13 -0700 From: Dave Hayes To: freebsd-stable@freebsd.org Subject: Where might memory be reported? Message-ID: <20210606160913.167e6c0a@bigus.dream-tech.com> List-Id: Production branch of FreeBSD source code List-Archive: https://lists.freebsd.org/archives/freebsd-stable List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-stable@freebsd.org X-BeenThere: freebsd-stable@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spam-Score: -1 ( out of 5.1) ALL_TRUSTED,SHORTCIRCUIT X-Spam-Checker-Version: SpamAssassin version 3.4.4-jetcafeglobal X-Scanned-By: MIMEDefang 2.83 X-Rspamd-Queue-Id: 4Fysdc3qrWz4hT0 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of dave@jetcafe.org designates 205.147.26.23 as permitted sender) smtp.mailfrom=dave@jetcafe.org X-Spamd-Result: default: False [-2.29 / 15.00]; RCVD_TLS_ALL(0.00)[]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; FROM_HAS_DN(0.00)[]; RBL_DBL_DONT_QUERY_IPS(0.00)[205.147.26.23:from]; TO_MATCH_ENVRCPT_ALL(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-stable@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; SPAMHAUS_ZRD(0.00)[205.147.26.23:from:127.0.2.255]; DMARC_NA(0.00)[jetcafe.org]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.99)[-0.992]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:7397, ipnet:205.147.0.0/18, country:US]; SUBJECT_ENDS_QUESTION(1.00)[]; MAILMAN_DEST(0.00)[freebsd-stable]; RCVD_COUNT_TWO(0.00)[2] X-ThisMailContainsUnwantedMimeParts: N Consider this output from a 12.2-STABLE box (r368820) on amd64: # sysctl vm.stats.vm | grep count vm.stats.vm.v_cache_count: 0 vm.stats.vm.v_user_wire_count: 0 vm.stats.vm.v_laundry_count: 0 vm.stats.vm.v_inactive_count: 121191 vm.stats.vm.v_active_count: 20836 vm.stats.vm.v_wire_count: 754310 vm.stats.vm.v_free_count: 254711 vm.stats.vm.v_page_count: 3993253 It should be pretty clear that there are missing pages. Where might they be and how might I find out? Thanks in advance. -- Dave Hayes - Consultant - LA CA, USA - dave@dream-tech.com >>>> *The opinions expressed above are entirely my own* <<<< The best way to make your dreams come true is to wake up.