From owner-freebsd-stable@FreeBSD.ORG Thu Dec 10 17:38:45 2009 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6D8D6106566C for ; Thu, 10 Dec 2009 17:38:45 +0000 (UTC) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.171]) by mx1.freebsd.org (Postfix) with ESMTP id 027718FC16 for ; Thu, 10 Dec 2009 17:38:44 +0000 (UTC) Received: from vampire.homelinux.org (dslb-088-066-030-057.pools.arcor-ip.net [88.66.30.57]) by mrelayeu.kundenserver.de (node=mreu1) with ESMTP (Nemesis) id 0MAASz-1NBtDG0xPl-00BVnS; Thu, 10 Dec 2009 18:38:43 +0100 Received: (qmail 17896 invoked from network); 10 Dec 2009 17:38:42 -0000 Received: from f8x64.laiers.local (192.168.4.188) by router.laiers.local with SMTP; 10 Dec 2009 17:38:42 -0000 From: Max Laier Organization: FreeBSD To: freebsd-stable@freebsd.org Date: Thu, 10 Dec 2009 18:38:41 +0100 User-Agent: KMail/1.12.4 (FreeBSD/8.0-RELEASE; KDE/4.3.4; amd64; ; ) References: <20091210034512.GA28864@chinatsu.takeda.tk> In-Reply-To: <20091210034512.GA28864@chinatsu.takeda.tk> MIME-Version: 1.0 Content-Type: Text/Plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200912101838.42013.max@love2party.net> X-Provags-ID: V01U2FsdGVkX18D69i4N+4ts7GlDrAJqd+tlTBGjxQKU+MDqA8 0XKSdODP9ZKoognMQB5HARJQvZ6I5dClJM3Sv7wVbQhzI5a/Zy HG/JyMd9LO7nh3/KKaZoQ== Cc: Derek Kulinski Subject: Re: pf: unlocked lookup X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Dec 2009 17:38:45 -0000 Hello Derek, On Thursday 10 December 2009 04:45:12 Derek Kulinski wrote: > My console gets flooded by "pf: unlocked lookup" message anyone knows > what circumstances cause this message, so I could figure out which pf > rule is causing it? this is a generic informational message that was put into the code to figure out if the hack that is "debug.pfugidhack" is actually required. You can get rid of the message by setting the debug level of pf to something below "misc" (e.g. pfctl -x urgent). > After searching on google I found few people asking about it, though no > real answer. The first result talks about debug.pfugidhack being set to > 1. > > It is set to 1 on my system, though I don't have anything in > /etc/syctl.conf, also when I switched it to 0, the system crashed within > an hour or so. > > Is this somehow related to rules that have rules with attached to a > specific user? The pfugidhack is automatically enabled when you use rules with user or group filters. These rules are a layering violation and the hack is required to make them work. I'd rather get rid of them altogether, but since it is a much demanded functionality we introduced the workaround instead. Just lower the debugging level (s.a.), ignore the messages, or rebuild your kernel/pf module with the respective DPRINTF lines (sys/contrib/pf/net/pf.c) commented out. I might just move them to the loud level in the main tree, though. Regards, -- Max