From owner-freebsd-stable@freebsd.org  Tue Oct 13 09:17:32 2020
Return-Path: <owner-freebsd-stable@freebsd.org>
Delivered-To: freebsd-stable@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 9E69F43B419
 for <freebsd-stable@mailman.nyi.freebsd.org>;
 Tue, 13 Oct 2020 09:17:32 +0000 (UTC) (envelope-from rs@bytecamp.net)
Received: from mxout01.bytecamp.net (mxout01.bytecamp.net [212.204.60.217])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 4C9VLg5Fhvz4Sbp
 for <freebsd-stable@freebsd.org>; Tue, 13 Oct 2020 09:17:31 +0000 (UTC)
 (envelope-from rs@bytecamp.net)
Received: by mxout01.bytecamp.net (Postfix, from userid 1001)
 id 595DC6D24A; Tue, 13 Oct 2020 11:17:29 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=bytecamp.net;
 h=subject:to:references:from:message-id:date:mime-version:in-reply-to:content-type:content-transfer-encoding;
 s=20140709; bh=gwKWyiKjluXyhIyvTy1xo31tu4c=;
 b=Ie9dezg0sdVAOiIKQPen0W5TjfJZVgDf5eTpo6CekCi8DhFk1H6kcCIyW03mPpAVyLcGXFHNFmQIOWjliimXf0F/MPzhWdURe6z77K/b2CqFY3HtD4n+34llHKA4y0aCYMNtQM6Z+afCBzcYpIMWQbV6H2OwUOvTH6zT3x3OvkE=
Received: from mail.bytecamp.net (mail.bytecamp.net [212.204.60.9])
 by mxout01.bytecamp.net (Postfix) with ESMTP id 20E766D246
 for <freebsd-stable@freebsd.org>; Tue, 13 Oct 2020 11:17:29 +0200 (CEST)
Received: (qmail 98881 invoked from network); 13 Oct 2020 11:17:29 +0200
Received: from unknown (HELO ?192.168.3.59?) (rs%bytecamp.net@80.84.212.123)
 by mail.bytecamp.net with ESMTPS (DHE-RSA-AES128-SHA encrypted);
 13 Oct 2020 11:17:29 +0200
Subject: Re: pf and hnX interfaces
To: freebsd-stable@freebsd.org
References: <7166d87e-7547-6be8-42a7-b0957ca4f543@norma.perm.ru>
From: Robert Schulze <rs@bytecamp.net>
Organization: bytecamp GmbH
Message-ID: <e0a08602-490d-f3da-fae3-19c5b5b03bde@bytecamp.net>
Date: Tue, 13 Oct 2020 11:17:28 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
 Thunderbird/68.10.0
MIME-Version: 1.0
In-Reply-To: <7166d87e-7547-6be8-42a7-b0957ca4f543@norma.perm.ru>
Content-Type: text/plain; charset=koi8-r
Content-Language: de-DE
Content-Transfer-Encoding: 8bit
X-Rspamd-Queue-Id: 4C9VLg5Fhvz4Sbp
X-Spamd-Bar: ---
Authentication-Results: mx1.freebsd.org;
 dkim=pass header.d=bytecamp.net header.s=20140709 header.b=Ie9dezg0;
 dmarc=none;
 spf=pass (mx1.freebsd.org: domain of rs@bytecamp.net designates 212.204.60.217
 as permitted sender) smtp.mailfrom=rs@bytecamp.net
X-Spamd-Result: default: False [-3.70 / 15.00]; ARC_NA(0.00)[];
 NEURAL_HAM_MEDIUM(-0.97)[-0.971];
 R_DKIM_ALLOW(-0.20)[bytecamp.net:s=20140709];
 FROM_HAS_DN(0.00)[]; DWL_DNSWL_NONE(0.00)[bytecamp.net:dkim];
 TO_MATCH_ENVRCPT_ALL(0.00)[];
 R_SPF_ALLOW(-0.20)[+ip4:212.204.60.0/24];
 MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[];
 PREVIOUSLY_DELIVERED(0.00)[freebsd-stable@freebsd.org];
 RCPT_COUNT_ONE(0.00)[1]; HAS_ORG_HEADER(0.00)[];
 RCVD_COUNT_THREE(0.00)[4]; DMARC_NA(0.00)[bytecamp.net];
 DKIM_TRACE(0.00)[bytecamp.net:+];
 NEURAL_HAM_SHORT(-1.13)[-1.133];
 NEURAL_HAM_LONG(-1.00)[-1.000]; FROM_EQ_ENVFROM(0.00)[];
 MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[];
 ASN(0.00)[asn:12693, ipnet:212.204.32.0/19, country:DE];
 MID_RHS_MATCH_FROM(0.00)[]; MAILMAN_DEST(0.00)[freebsd-stable];
 RCVD_IN_DNSWL_LOW(-0.10)[212.204.60.217:from]
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.33
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-stable>, 
 <mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable/>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Oct 2020 09:17:32 -0000

Hi,

Am 13.10.20 um 10:58 schrieb Eugene M. Zheganin:
> 
> And the most mysterious partš - when I switch the pf off, the errors
> stops to appear. This would clearly mean that pf blocks some packets,
> but then again, this way the pflog0 would show them up, right (and yes -
> it's "UP" )?

maybe you run into state limits?

Try pfctl -si and look into the value for "memory". If this is greater
than 0, you have exausted the global state limit some time. "PF states
limit reached" is also logged in the system message buffer, then.

regards,
Robert Schulze