From owner-freebsd-pf@FreeBSD.ORG Thu Jan 12 22:37:32 2012 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8C44B106564A for ; Thu, 12 Jan 2012 22:37:32 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mx1.sbone.de (mx1.sbone.de [IPv6:2a01:4f8:130:3ffc::401:25]) by mx1.freebsd.org (Postfix) with ESMTP id 429378FC0A for ; Thu, 12 Jan 2012 22:37:32 +0000 (UTC) Received: from mail.sbone.de (mail.sbone.de [IPv6:fde9:577b:c1a9:31::2013:587]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx1.sbone.de (Postfix) with ESMTPS id 7CC7125D37D1; Thu, 12 Jan 2012 22:37:31 +0000 (UTC) Received: from content-filter.sbone.de (content-filter.sbone.de [IPv6:fde9:577b:c1a9:31::2013:2742]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPS id B24F6BD90B9; Thu, 12 Jan 2012 22:37:30 +0000 (UTC) X-Virus-Scanned: amavisd-new at sbone.de Received: from mail.sbone.de ([IPv6:fde9:577b:c1a9:31::2013:587]) by content-filter.sbone.de (content-filter.sbone.de [fde9:577b:c1a9:31::2013:2742]) (amavisd-new, port 10024) with ESMTP id NMQoj61RgxR2; Thu, 12 Jan 2012 22:37:29 +0000 (UTC) Received: from orange-en1.sbone.de (orange-en1.sbone.de [IPv6:fde9:577b:c1a9:31:cabc:c8ff:fecf:e8e3]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPSA id B9E56BD90B8; Thu, 12 Jan 2012 22:37:29 +0000 (UTC) Mime-Version: 1.0 (Apple Message framework v1084) Content-Type: text/plain; charset=us-ascii From: "Bjoern A. Zeeb" In-Reply-To: <4F0F5E20.1030401@sdunix.com> Date: Thu, 12 Jan 2012 22:37:28 +0000 Content-Transfer-Encoding: quoted-printable Message-Id: <712D195D-B8E5-47ED-BADE-B4037621C71B@lists.zabbadoz.net> References: <4F0F4B94.10408@sdunix.com> <7534A9A5-D901-43E2-A7D7-3F45699B2C91@lists.zabbadoz.net> <4F0F5E20.1030401@sdunix.com> To: Matt Lager X-Mailer: Apple Mail (2.1084) Cc: freebsd-pf@freebsd.org Subject: Re: PF state key linking mismatch in FreeBSD 9.0-RELEASE X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Jan 2012 22:37:32 -0000 On 12. Jan 2012, at 22:26 , Matt Lager wrote: > Interesting. I feel like the performance is degraded quite a bit = between two VPN points that display these messages vs. two VPN points = that don't display these messages, though I could be wrong. Is your = basic suggestion to not consider this a concern and continue forward = with my VPN rollouts? Well as said "can be painful with a slow (serial) console". If you are = triggering the printf per packet and have enough pps your console can = slow things down. The solution probably is to compile your own kernel and either have the = PR problem fixed or the printf removed. The latter can be done quickly = the former needs a bit of time... /bz --=20 Bjoern A. Zeeb You have to have visions! It does not matter how good you are. It matters what good you do!