From owner-freebsd-stable@FreeBSD.ORG Thu Jun 8 06:48:20 2006 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9B3A016F903; Thu, 8 Jun 2006 04:13:19 +0000 (UTC) (envelope-from davidn@datalinktech.com.au) Received: from mail-ihug.icp-qv1-irony5.iinet.net.au (ihug-mail.icp-qv1-irony5.iinet.net.au [203.59.1.199]) by mx1.FreeBSD.org (Postfix) with ESMTP id A837F43D45; Thu, 8 Jun 2006 04:13:17 +0000 (GMT) (envelope-from davidn@datalinktech.com.au) Received: from 203-206-162-119.perm.iinet.net.au (HELO mail.datalinktech.com.au) ([203.206.162.119]) by mail-ihug.icp-qv1-irony5.iinet.net.au with ESMTP; 08 Jun 2006 12:13:14 +0800 X-BrightmailFiltered: true X-Brightmail-Tracker: AAAAAA== X-IronPort-AV: i="4.05,218,1146412800"; d="scan'208"; a="791918994:sNHT88379244" Received: from [192.168.4.232] ([192.168.4.232]) by mail.datalinktech.com.au with esmtp; Thu, 08 Jun 2006 14:13:12 +1000 id 0018D8D9.4487A3D8.0000953F Message-ID: <4487A3C9.9010704@datalinktech.com.au> Date: Thu, 08 Jun 2006 14:12:57 +1000 From: David Nugent User-Agent: Thunderbird 1.5.0.2 (X11/20060516) MIME-Version: 1.0 To: Mark Morley References: <44876071-491e@helpdesk.islandnet.com> In-Reply-To: <44876071-491e@helpdesk.islandnet.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-stable@freebsd.org, freebsd-pf@freebsd.org Subject: Re: pf buggy on 6.1-STABLE? X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Jun 2006 06:48:20 -0000 Mark Morley wrote: > Wondering if this rings any bells for anyone: > Yes it does... I had been seeing similar issues for some time on a couple HP Proliant servers - saw it in 5.4 as well - but have been attributing this to driver related issues (the bge driver in particular, which has seen many changes, fixes and enhancements in relatively recent history). In trying to isolate that particular problem I had been applying kernel updates regularly, pf was disabled along with a few other things (also switched from using mpd/netgraph to openvpn/udp), and the problem vanished at some point in between. I cannot definitely name pf as being the culprit as no testing of this was done at the time to confirm it. I had assumed the bge driver changes were responsible for things now working as they should. In addition to the occasional connection failure, I've also seen established connections broken (ssh, http, mysql/ssl and pptp/gre). This was causing havoc with mysql replication over the link, which became very brittle, and required manual fixing (it would get stuck, unable to read the last event in its relay log whenever a disconnection occurred and had to be manually pushed onto the next - mysql 5.0.[3 - .11 or so]).