From owner-freebsd-net@freebsd.org Thu Jul 26 08:16:38 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0B0631046E7B; Thu, 26 Jul 2018 08:16:38 +0000 (UTC) (envelope-from patfbsd@davenulle.org) Received: from sender-of-o52.zoho.com (sender-of-o52.zoho.com [135.84.80.217]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 733C88447F; Thu, 26 Jul 2018 08:16:37 +0000 (UTC) (envelope-from patfbsd@davenulle.org) Received: from mr185083 (mr185083.univ-rennes1.fr [129.20.185.83]) by mx.zohomail.com with SMTPS id 1532592990963833.750932496663; Thu, 26 Jul 2018 01:16:30 -0700 (PDT) Date: Thu, 26 Jul 2018 10:16:27 +0200 From: Patrick Lamaiziere To: Patrick Lamaiziere Cc: freebsd-net@freebsd.org, freebsd-stable@freebsd.org Subject: Re: PF problems with 11-stable Message-ID: <20180726101627.2db93a49@mr185083> In-Reply-To: <20180726095805.28f86c64@mr185083> References: <20180722155341.065c3d4d@romy.j20.helspy.pw> <20180726095805.28f86c64@mr185083> X-Mailer: Claws Mail 3.15.1 (GTK+ 2.24.31; amd64-portbld-freebsd11.0) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-ZohoMailClient: External X-ZohoMail: Z_59798685 SPT_1 Z_59799992 SPT_1 SLF_D S_168 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Jul 2018 08:16:38 -0000 Le Thu, 26 Jul 2018 09:58:05 +0200, Patrick Lamaiziere a =C3=A9crit : Hello, > > Hey, > > I am on=20 > > 11.2-STABLE FreeBSD 11.2-STABLE #9 r336597 > > Sun Jul 22 14:08:38 CEST 2018=20 > >=20 > > and I see 2 problems with PF that are still there: > > 1.) set skip on lo=20 > > does not work even though ifconfig lo matches. > > SOLVED TEMPORARILY BY: set skip on lo0 =20 >=20 > I've seen this while upgrading from 10.3 to 11.2-RELEASE. I've added > lo0 to set skip too. >=20 > When the problem occurs, lo is marked '(skip)' (pfctl -vs > Interfaces) but not lo0. >=20 > But I can't reproduce this, this happened only one time. I don't know if this is related but there were some kernel logs about 'loopback' : Feb 15 17:11:48 fucop1 kernel: ifa_del_loopback_route: deletion failed: 47 Feb 15 17:11:48 fucop1 kernel: ifa_add_loopback_route: insertion failed: 47 Jul 16 13:50:36 fucop1 kernel: ifa_maintain_loopback_route: deletion failed for interface ix2: 3 Jul 16 14:07:31 fucop1 kernel: ifa_maintain_loopback_route: deletion failed for interface ix2: 3 Jul 16 14:07:31 fucop1 kernel: ifa_maintain_loopback_route: deletion failed for interface igb1: 3 Jul 16 14:10:43 fucop1 kernel: ifa_maintain_loopback_route: insertion failed for interface igb0: 17 I've got two firewalls with carp and bird 2 (BGP).