In pfctl.c, there is a function named pfctl_set_debug. The variable "level" in that function is declared but not initialized and used in if (ioctl(dev, DIOCSETDEBUG, &level)) This can effectively set the pf debug level to loud (in my case it always does) causing lots of messages on the console and syslog while the ruleset is loaded. In my case, this seems to have a serious impact on performance. I've made a patch: --- /home/kolontai/pfctl.c 2015-09-09 17:11:05.016276000 +0200 +++ pfctl.c 2015-09-09 15:37:05.849986000 +0200 @@ -1845,6 +1845,8 @@ } pf->debug_set = 1; + level = pf->debug; + if ((pf->opts & PF_OPT_NOACTION) == 0) if (ioctl(dev, DIOCSETDEBUG, &level))
A commit references this bug: Author: kp Date: Sun Nov 1 17:20:17 UTC 2015 New revision: 290236 URL: https://svnweb.freebsd.org/changeset/base/290236 Log: pfctl: Fix uninitialised veriable In pfctl_set_debug() we used 'level' without ever initialising it. We correctly parsed the option, but them failed to actually assign the parsed value to 'level' before performing to ioctl() to configure the debug level. PR: 202996 Submitted by: Andrej Kolontai Changes: head/sbin/pfctl/pfctl.c
Thanks!
A commit references this bug: Author: kp Date: Tue Dec 15 21:02:54 UTC 2015 New revision: 292288 URL: https://svnweb.freebsd.org/changeset/base/292288 Log: MFC r290236 pfctl: Fix uninitialised veriable In pfctl_set_debug() we used 'level' without ever initialising it. We correctly parsed the option, but them failed to actually assign the parsed value to 'level' before performing to ioctl() to configure the debug level. PR: 202996 Submitted by: Andrej Kolontai Changes: _U stable/10/ stable/10/sbin/pfctl/pfctl.c