Hello all, after the fix of Bug# 255971 was published, we updated our affected server to test it. When we execute pfctl -ss the command never ends. We have around 150k-200k states in the table pf state table. This is the source version: FreeBSD 13.0-STABLE FreeBSD 13.0-STABLE #6 r3823049: Mon May 31 19:08:28 EEST 2021 Repository Root: https://github.com/freebsd/freebsd Repository UUID: ac3bce37-e00e-a0fb-6506-ce57b7db7bff Revision: 3823049 Node Kind: directory Schedule: normal Last Changed Author: richard.scheffenegger Last Changed Rev: 3823049 Last Changed Date: 2021-05-31 09:56:34 +0300 (Mon, 31 May 2021)
(In reply to Rumen Palov from comment #0) It will eventually end, but there's a performance issue in the nvlist code itself with really terrible scaling as arrays grow. It's especially visible on getstate operations, because those can return a large number of items (this very visibly demonstrating the problem). A fix is expected soon.
Is that issue with nvlist code affect other parts of the OS ?
(In reply to Rumen Palov from comment #2) Yes, if they have nvlist arrays in their nvlists. I don't know what other parts of the kernel do so.
I believe this fix in the main branch addresses the problem? https://cgit.freebsd.org/src/commit/?id=89d5cbb82294c8624e66f920d50353057ccab14b Mariusz, do you plan to MFC to at least 13?
Yes I do.
^Triage: committed and later mfc-ed to 13 in ff339365be130f155f94f9a5d8daf69b695cfc55.