From owner-freebsd-current@FreeBSD.ORG Sun Jul 3 18:10:54 2011 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D26F5106566B for ; Sun, 3 Jul 2011 18:10:54 +0000 (UTC) (envelope-from sendtomatt@gmail.com) Received: from mail-pz0-f54.google.com (mail-pz0-f54.google.com [209.85.210.54]) by mx1.freebsd.org (Postfix) with ESMTP id A8F558FC08 for ; Sun, 3 Jul 2011 18:10:40 +0000 (UTC) Received: by pzk27 with SMTP id 27so2308959pzk.13 for ; Sun, 03 Jul 2011 11:10:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=3hR8oUsabmZpcccQQQA8DWtuRy5ROGew64xlLMS2nXo=; b=ggEYQkc1+apsV/l1F5FA6t2l/l9ytSMiSgrL1s58VipGBBnmrnjdD1otQREtEGFikl GDPXS0bqBik0e4DWA0VIMRTpjKRaZsOMLOY9fz7/1HXByfDPf5Mx4q4f71JG2Fu/EBN2 +Jq50wPuT+IN/DOA5Wc2jzS8Ej1ULFDp8Mzr4= Received: by 10.68.6.228 with SMTP id e4mr5937817pba.216.1309716639621; Sun, 03 Jul 2011 11:10:39 -0700 (PDT) Received: from sidhe.local ([75.111.38.94]) by mx.google.com with ESMTPS id q5sm3413126pbk.58.2011.07.03.11.10.37 (version=SSLv3 cipher=OTHER); Sun, 03 Jul 2011 11:10:38 -0700 (PDT) Message-ID: <4E10B09E.40309@gmail.com> Date: Sun, 03 Jul 2011 11:10:38 -0700 From: Matt User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US; rv:1.9.2.18) Gecko/20110624 Thunderbird/3.1.11 MIME-Version: 1.0 To: eculp References: <20110703082740.65947mb8mt1g1dg0@econet.encontacto.net> In-Reply-To: <20110703082740.65947mb8mt1g1dg0@econet.encontacto.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-current Subject: Re: seeing pf: state key linking mismatch! with pf on up to date current but not on FreeBSD 7.4-STABLE X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 Jul 2011 18:10:54 -0000 On 07/03/11 06:27, eculp wrote: > Something is strange with PF. I get the above error using pf on > current but not on FreeBSD stable. The pf configuration hasn't > changed for a couple of years on either and they are the same except > for hardware names. > > The two machines are: > 9.0-CURRENT FreeBSD 9.0-CURRENT #247: Wed Jun 29 04:49:16 CDT 2011 > 7.4-STABLE FreeBSD 7.4-STABLE #1228: Sat Jun 25 04:42:55 CDT 2011 > > Anyone else seeing this? > > Thanks, > > ed > _______________________________________________ > I am also seeing this, especially when a website/browser/tab is closed but the remote site is still sending data I think. I am using the same basic pf.conf I have used for client machines for a while, but there is not much other than pf options and allowing traffic out (modulate state for tcp, keep state for everything else). I do have scrub, and antispoof rules for the interfaces, as well as a block log all at the top. For now, like i said, I've only seen the state key mismatches with web traffic. Also, synproxy state seems to hang all traffic. Matt