From owner-freebsd-pf@FreeBSD.ORG Sun Sep 29 21:43:02 2013 Return-Path: Delivered-To: freebsd-pf@smarthost.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id C9A4F3BF; Sun, 29 Sep 2013 21:43:02 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 9DC2D2A47; Sun, 29 Sep 2013 21:43:02 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id r8TLh2U9049099; Sun, 29 Sep 2013 21:43:02 GMT (envelope-from linimon@freefall.freebsd.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.14.7/8.14.7/Submit) id r8TLh2Cb049098; Sun, 29 Sep 2013 21:43:02 GMT (envelope-from linimon) Date: Sun, 29 Sep 2013 21:43:02 GMT Message-Id: <201309292143.r8TLh2Cb049098@freefall.freebsd.org> To: linimon@FreeBSD.org, freebsd-amd64@FreeBSD.org, freebsd-pf@FreeBSD.org From: linimon@FreeBSD.org Subject: Re: kern/182401: [pf] pf state for some IPs reaches 4294967295 suspicously X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Sep 2013 21:43:02 -0000 Old Synopsis: pf state for some IPs reaches 4294967295 suspicously New Synopsis: [pf] pf state for some IPs reaches 4294967295 suspicously Responsible-Changed-From-To: freebsd-amd64->freebsd-pf Responsible-Changed-By: linimon Responsible-Changed-When: Sun Sep 29 21:42:44 UTC 2013 Responsible-Changed-Why: reclassify. http://www.freebsd.org/cgi/query-pr.cgi?pr=182401 From owner-freebsd-pf@FreeBSD.ORG Sun Sep 29 21:47:06 2013 Return-Path: Delivered-To: freebsd-pf@smarthost.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 930A6939; Sun, 29 Sep 2013 21:47:06 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 6899F2AC0; Sun, 29 Sep 2013 21:47:06 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id r8TLl6hM049494; Sun, 29 Sep 2013 21:47:06 GMT (envelope-from linimon@freefall.freebsd.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.14.7/8.14.7/Submit) id r8TLl6Rt049493; Sun, 29 Sep 2013 21:47:06 GMT (envelope-from linimon) Date: Sun, 29 Sep 2013 21:47:06 GMT Message-Id: <201309292147.r8TLl6Rt049493@freefall.freebsd.org> To: linimon@FreeBSD.org, freebsd-amd64@FreeBSD.org, freebsd-pf@FreeBSD.org From: linimon@FreeBSD.org Subject: Re: kern/182350: [pf] core dump with packet filter -- pf_overlad_task X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Sep 2013 21:47:06 -0000 Old Synopsis: core dump with packet filter -- pf_overlad_task New Synopsis: [pf] core dump with packet filter -- pf_overlad_task Responsible-Changed-From-To: freebsd-amd64->freebsd-pf Responsible-Changed-By: linimon Responsible-Changed-When: Sun Sep 29 21:46:47 UTC 2013 Responsible-Changed-Why: Over to maintainer(s). http://www.freebsd.org/cgi/query-pr.cgi?pr=182350 From owner-freebsd-pf@FreeBSD.ORG Mon Sep 30 11:06:49 2013 Return-Path: Delivered-To: freebsd-pf@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id D37ECE70 for ; Mon, 30 Sep 2013 11:06:49 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id C087E2BF9 for ; Mon, 30 Sep 2013 11:06:49 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id r8UB6nB0053562 for ; Mon, 30 Sep 2013 11:06:49 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.7/8.14.7/Submit) id r8UB6nKV053560 for freebsd-pf@FreeBSD.org; Mon, 30 Sep 2013 11:06:49 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 30 Sep 2013 11:06:49 GMT Message-Id: <201309301106.r8UB6nKV053560@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-pf@FreeBSD.org Subject: Current problem reports assigned to freebsd-pf@FreeBSD.org X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Sep 2013 11:06:49 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/182401 pf [pf] pf state for some IPs reaches 4294967295 suspicou o kern/182350 pf [pf] core dump with packet filter -- pf_overlad_task o kern/179392 pf [pf] [ip6] Incorrect TCP checksums in rdr return packe o kern/177810 pf [pf] traffic dropped by accepting rules is not counted o kern/177808 pf [pf] [patch] route-to rule forwarding traffic inspite o kern/176763 pf [pf] [patch] Removing pf Source entries locks kernel. o kern/176268 pf [pf] [patch] synproxy not working with route-to o kern/173659 pf [pf] PF fatal trap on 9.1 (taskq fatal trap on pf_test o bin/172888 pf [patch] authpf(8) feature enhancement o kern/172648 pf [pf] [ip6]: 'scrub reassemble tcp' breaks IPv6 packet o kern/171733 pf [pf] PF problem with modulate state in [regression] o kern/169630 pf [pf] [patch] pf fragment reassembly of padded (undersi o kern/168952 pf [pf] direction scrub rules don't work o kern/168190 pf [pf] panic when using pf and route-to (maybe: bad frag o kern/166336 pf [pf] kern.securelevel 3 +pf reload o kern/165315 pf [pf] States never cleared in PF with DEVICE_POLLING o kern/164402 pf [pf] pf crashes with a particular set of rules when fi o kern/164271 pf [pf] not working pf nat on FreeBSD 9.0 [regression] o kern/163208 pf [pf] PF state key linking mismatch o kern/160370 pf [pf] Incorrect pfctl check of pf.conf o kern/155736 pf [pf] [altq] borrow from parent queue does not work wit o kern/153307 pf [pf] Bug with PF firewall o kern/148290 pf [pf] "sticky-address" option of Packet Filter (PF) blo o kern/148260 pf [pf] [patch] pf rdr incompatible with dummynet o kern/147789 pf [pf] Firewall PF no longer drops connections by sendin o kern/143543 pf [pf] [panic] PF route-to causes kernel panic o bin/143504 pf [patch] outgoing states are not killed by authpf(8) o conf/142961 pf [pf] No way to adjust pidfile in pflogd o conf/142817 pf [patch] etc/rc.d/pf: silence pfctl o kern/141905 pf [pf] [panic] pf kernel panic on 7.2-RELEASE with empty o kern/140697 pf [pf] pf behaviour changes - must be documented o kern/137982 pf [pf] when pf can hit state limits, random IP failures o kern/136781 pf [pf] Packets appear to drop with pf scrub and if_bridg o kern/135948 pf [pf] [gre] pf not natting gre protocol o kern/134996 pf [pf] Anchor tables not included when pfctl(8) is run w o kern/133732 pf [pf] max-src-conn issue o conf/130381 pf [rc.d] [pf] [ip6] ipv6 not fully configured when pf st o kern/127920 pf [pf] ipv6 and synproxy don't play well together o conf/127814 pf [pf] The flush in pf_reload in /etc/rc.d/pf does not w o kern/127121 pf [pf] [patch] pf incorrect log priority o kern/127042 pf [pf] [patch] pf recursion panic if interface group is o kern/125467 pf [pf] pf keep state bug while handling sessions between s kern/124933 pf [pf] [ip6] pf does not support (drops) IPv6 fragmented o kern/122773 pf [pf] pf doesn't log uid or pid when configured to o kern/122014 pf [pf] [panic] FreeBSD 6.2 panic in pf o kern/120281 pf [pf] [request] lost returning packets to PF for a rdr o kern/120057 pf [pf] [patch] Allow proper settings of ALTQ_HFSC. The c o bin/118355 pf [pf] [patch] pfctl(8) help message options order false o kern/114567 pf [pf] [lor] pf_ioctl.c + if.c o kern/103283 pf pfsync fails to sucessfully transfer some sessions o kern/93825 pf [pf] pf reply-to doesn't work o sparc/93530 pf [pf] Incorrect checksums when using pf's route-to on s o kern/92949 pf [pf] PF + ALTQ problems with latency o kern/87074 pf [pf] pf does not log dropped packets when max-* statef a kern/86752 pf [pf] pf does not use default timeouts when reloading c o bin/86635 pf [patch] pfctl(8): allow new page character (^L) in pf. o kern/82271 pf [pf] cbq scheduler cause bad latency 57 problems total. From owner-freebsd-pf@FreeBSD.ORG Fri Oct 4 13:27:58 2013 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id BD8F8B75 for ; Fri, 4 Oct 2013 13:27:58 +0000 (UTC) (envelope-from Stephane.DAlu@insa-lyon.fr) Received: from smtp.insa-lyon.fr (criges14.insa-lyon.fr [134.214.76.242]) by mx1.freebsd.org (Postfix) with ESMTP id 810682D0D for ; Fri, 4 Oct 2013 13:27:57 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp.insa-lyon.fr (Postfix) with ESMTP id CAC5EF1255 for ; Fri, 4 Oct 2013 15:17:18 +0200 (CEST) X-Virus-Scanned: SMTP at INSA-LYON Received: from smtp.insa-lyon.fr ([127.0.0.1]) by localhost (criges14.insa-lyon.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L5mw3aMVswDe for ; Fri, 4 Oct 2013 15:17:18 +0200 (CEST) Received: from hyperion.home.sdalu.com (hyperion.citi.insa-lyon.fr [134.214.146.249]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: sdalu) by smtp.insa-lyon.fr (Postfix) with ESMTPSA id 7A650F1252 for ; Fri, 4 Oct 2013 15:17:18 +0200 (CEST) Message-ID: <524EBFDD.7090604@insa-lyon.fr> Date: Fri, 04 Oct 2013 15:17:17 +0200 From: Stephane D'Alu Organization: CITI / INSA-Lyon User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:24.0) Gecko/20100101 Thunderbird/24.0 MIME-Version: 1.0 To: freebsd-pf@freebsd.org Subject: pf deadly slow Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Mailman-Approved-At: Fri, 04 Oct 2013 13:41:50 +0000 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Oct 2013 13:27:58 -0000 I'm running FreeBSD 9.2 inside VirtualBox with virtio for the nework card. pf is compiled with ALTQ support. My pf.conf file is as follow, which do nearly nothing: set skip on lo0 set skip on vnet0 If pf is enabled, bandwith drop by a 1000 factor! >From 10Mb/s to 4Kb/s Any idea, what's going on? PS: - I have the same kind of configuration FreeBSD 9.2, pf + ALTQ and real firewall rules on a non virtualized server and everything is fine. - I will try to remove ALTQ and use em driver instead, to see if there is a performance improvement Sincerly -- Stephane D'Alu -- Ingenieur Recherche Laboratoire CITI / INSA-Lyon Tel: +33 47243 6483 From owner-freebsd-pf@FreeBSD.ORG Fri Oct 4 14:48:47 2013 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 0821CA76 for ; Fri, 4 Oct 2013 14:48:47 +0000 (UTC) (envelope-from sven.falempin@gmail.com) Received: from mail-ie0-x232.google.com (mail-ie0-x232.google.com [IPv6:2607:f8b0:4001:c03::232]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id CDBB921FE for ; Fri, 4 Oct 2013 14:48:46 +0000 (UTC) Received: by mail-ie0-f178.google.com with SMTP id to1so9265151ieb.37 for ; Fri, 04 Oct 2013 07:48:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=REiMS7XCPuGO7TgikBrHL333ek+QRcFHdgk92sds+eE=; b=mdL5c+3mCZ3pOQul8oZBg31zrR5eAd/LV5pfUIDS/Hr/V5hV+JV5rOY2aHV+WZ/ytj ljds/v6z2/mD+XbHK5jQhEM9H7wDbgSBG/Az7FehG5IPkghxF5KJLq1C0dcj/bRsKp11 tvUSq8jmWTq6cp9APHPcuBeiVIGLdGJkkA51REtpoSxuXAjGvfCMKlK9MqaqmjNBiR3r MT78hnt3yRa/kYl0Cp/qpQNanS5LnIf85ROOUl0N4p+DRDrNGdwZD028CCnOsEenjH+3 58CUE+4UfGqArwtYgsZyuC/L+yAQEJZoXbDwi4L6zF+pVD89Z4u7i3PUhyOlomVbdFc/ 75LQ== X-Received: by 10.50.67.107 with SMTP id m11mr6834246igt.11.1380898126157; Fri, 04 Oct 2013 07:48:46 -0700 (PDT) MIME-Version: 1.0 Received: by 10.50.231.161 with HTTP; Fri, 4 Oct 2013 07:48:16 -0700 (PDT) In-Reply-To: <524EBFDD.7090604@insa-lyon.fr> References: <524EBFDD.7090604@insa-lyon.fr> From: sven falempin Date: Fri, 4 Oct 2013 10:48:16 -0400 Message-ID: Subject: Re: pf deadly slow To: "Stephane D'Alu" Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.14 Cc: freebsd-pf@freebsd.org X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Oct 2013 14:48:47 -0000 configure ALTQ (maybe the absence of configurating is not nicely working), i think freebsd has virtio support , i am interested in the result :-) OpenBSD is currently completly rewriting the queing system and improving performance. On Fri, Oct 4, 2013 at 9:17 AM, Stephane D'Alu wrote: > I'm running FreeBSD 9.2 inside VirtualBox with virtio for the nework > card. pf is compiled with ALTQ support. > > My pf.conf file is as follow, which do nearly nothing: > set skip on lo0 > set skip on vnet0 > > If pf is enabled, bandwith drop by a 1000 factor! > From 10Mb/s to 4Kb/s > > Any idea, what's going on? > > > PS: > - I have the same kind of configuration FreeBSD 9.2, pf + ALTQ > and real firewall rules on a non virtualized server and everything is fine. > - I will try to remove ALTQ and use em driver instead, to see if there > is a performance improvement > > Sincerly > -- > Stephane D'Alu -- Ingenieur Recherche > Laboratoire CITI / INSA-Lyon > Tel: +33 47243 6483 > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > -- --------------------------------------------------------------------------------------------------------------------- () ascii ribbon campaign - against html e-mail /\ From owner-freebsd-pf@FreeBSD.ORG Fri Oct 4 15:28:32 2013 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 6A4DF5D2 for ; Fri, 4 Oct 2013 15:28:32 +0000 (UTC) (envelope-from Stephane.DAlu@insa-lyon.fr) Received: from smtp.insa-lyon.fr (criges14.insa-lyon.fr [134.214.76.242]) by mx1.freebsd.org (Postfix) with ESMTP id 29F29241B for ; Fri, 4 Oct 2013 15:28:31 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp.insa-lyon.fr (Postfix) with ESMTP id A1FBBF125B; Fri, 4 Oct 2013 17:28:32 +0200 (CEST) X-Virus-Scanned: SMTP at INSA-LYON Received: from smtp.insa-lyon.fr ([127.0.0.1]) by localhost (criges14.insa-lyon.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b7pV8nKLBvDM; Fri, 4 Oct 2013 17:28:32 +0200 (CEST) Received: from hyperion.home.sdalu.com (hyperion.citi.insa-lyon.fr [134.214.146.249]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: sdalu) by smtp.insa-lyon.fr (Postfix) with ESMTPSA id 24FF1F1259; Fri, 4 Oct 2013 17:28:32 +0200 (CEST) Message-ID: <524EDE9E.2010109@insa-lyon.fr> Date: Fri, 04 Oct 2013 17:28:30 +0200 From: Stephane D'Alu Organization: CITI / INSA-Lyon User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:24.0) Gecko/20100101 Thunderbird/24.0 MIME-Version: 1.0 To: sven falempin Subject: Re: pf deadly slow References: <524EBFDD.7090604@insa-lyon.fr> In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Cc: freebsd-pf@freebsd.org X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Oct 2013 15:28:32 -0000 On 10/04/13 16:48, sven falempin wrote: > configure ALTQ (maybe the absence of configurating is not nicely working), > i think freebsd has virtio support , Yes, since 9.2 virtio drivers are included in base distribution > > i am interested in the result :-) I switched from virtio to 82545EM (with em driver), and performance are back to normal. Look like a bug / bad interraction between virtio and pf. (I don't know if VirtualBox as also a part in it) > > > OpenBSD is currently completly rewriting the queing system > and improving performance. > > > > > On Fri, Oct 4, 2013 at 9:17 AM, Stephane D'Alu > > wrote: > > I'm running FreeBSD 9.2 inside VirtualBox with virtio for the nework > card. pf is compiled with ALTQ support. > > My pf.conf file is as follow, which do nearly nothing: > set skip on lo0 > set skip on vnet0 > > If pf is enabled, bandwith drop by a 1000 factor! > From 10Mb/s to 4Kb/s > > Any idea, what's going on? > > > PS: > - I have the same kind of configuration FreeBSD 9.2, pf + ALTQ > and real firewall rules on a non virtualized server and everything > is fine. > - I will try to remove ALTQ and use em driver instead, to see if there > is a performance improvement > > Sincerly > -- > Stephane D'Alu -- Ingenieur Recherche > Laboratoire CITI / INSA-Lyon > Tel: +33 47243 6483 > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org > " > > > > > -- > --------------------------------------------------------------------------------------------------------------------- > () ascii ribbon campaign - against html e-mail > /\ -- Stephane D'Alu -- Ingenieur Recherche Laboratoire CITI / INSA-Lyon Tel: +33 47243 6483 From owner-freebsd-pf@FreeBSD.ORG Fri Oct 4 15:40:30 2013 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 49759C68 for ; Fri, 4 Oct 2013 15:40:30 +0000 (UTC) (envelope-from mcdouga9@egr.msu.edu) Received: from mail.egr.msu.edu (boomhauer.egr.msu.edu [35.9.37.167]) by mx1.freebsd.org (Postfix) with ESMTP id 1B08424E1 for ; Fri, 4 Oct 2013 15:40:29 +0000 (UTC) Received: from boomhauer (localhost [127.0.0.1]) by mail.egr.msu.edu (Postfix) with ESMTP id 959F728CE8 for ; Fri, 4 Oct 2013 11:31:43 -0400 (EDT) X-Virus-Scanned: amavisd-new at egr.msu.edu Received: from mail.egr.msu.edu ([127.0.0.1]) by boomhauer (boomhauer.egr.msu.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hYJo2gBNXDG8 for ; Fri, 4 Oct 2013 11:31:43 -0400 (EDT) Received: from EGR authenticated sender Message-ID: <524EDF5F.20601@egr.msu.edu> Date: Fri, 04 Oct 2013 11:31:43 -0400 From: Adam McDougall User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:24.0) Gecko/20100101 Thunderbird/24.0 MIME-Version: 1.0 To: freebsd-pf@freebsd.org Subject: Re: pf deadly slow References: <524EBFDD.7090604@insa-lyon.fr> <524EDE9E.2010109@insa-lyon.fr> In-Reply-To: <524EDE9E.2010109@insa-lyon.fr> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Oct 2013 15:40:30 -0000 On 10/04/13 11:28, Stephane D'Alu wrote: > On 10/04/13 16:48, sven falempin wrote: >> configure ALTQ (maybe the absence of configurating is not nicely working), >> i think freebsd has virtio support , > > Yes, since 9.2 virtio drivers are included in base distribution > >> >> i am interested in the result :-) > > I switched from virtio to 82545EM (with em driver), and performance are > back to normal. > > Look like a bug / bad interraction between virtio and pf. > (I don't know if VirtualBox as also a part in it) > >> On Fri, Oct 4, 2013 at 9:17 AM, Stephane D'Alu >> > wrote: >> >> I'm running FreeBSD 9.2 inside VirtualBox with virtio for the nework >> card. pf is compiled with ALTQ support. >> >> My pf.conf file is as follow, which do nearly nothing: >> set skip on lo0 >> set skip on vnet0 >> >> If pf is enabled, bandwith drop by a 1000 factor! >> From 10Mb/s to 4Kb/s >> >> Any idea, what's going on? If vnet0 has TSO enabled, can you try disabling it? Possibly with all other optimizations too. Example: ifconfig vnet0 -tso From owner-freebsd-pf@FreeBSD.ORG Fri Oct 4 15:58:59 2013 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 86748398; Fri, 4 Oct 2013 15:58:59 +0000 (UTC) (envelope-from Stephane.DAlu@insa-lyon.fr) Received: from smtp.insa-lyon.fr (criges14.insa-lyon.fr [134.214.76.242]) by mx1.freebsd.org (Postfix) with ESMTP id 11A7025BF; Fri, 4 Oct 2013 15:58:58 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp.insa-lyon.fr (Postfix) with ESMTP id 8965EF125B; Fri, 4 Oct 2013 17:58:59 +0200 (CEST) X-Virus-Scanned: SMTP at INSA-LYON Received: from smtp.insa-lyon.fr ([127.0.0.1]) by localhost (criges14.insa-lyon.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M8UQEhoceubj; Fri, 4 Oct 2013 17:58:59 +0200 (CEST) Received: from hyperion.home.sdalu.com (hyperion.citi.insa-lyon.fr [134.214.146.249]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: sdalu) by smtp.insa-lyon.fr (Postfix) with ESMTPSA id EDDBEF125A; Fri, 4 Oct 2013 17:58:58 +0200 (CEST) Message-ID: <524EE5C1.6070508@insa-lyon.fr> Date: Fri, 04 Oct 2013 17:58:57 +0200 From: Stephane D'Alu Organization: CITI / INSA-Lyon User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:24.0) Gecko/20100101 Thunderbird/24.0 MIME-Version: 1.0 To: sven falempin , freebsd-pf@freebsd.org, freebsd-virtualization@freebsd.org Subject: Re: virtio problems (was: pf deadly slow) References: <524EBFDD.7090604@insa-lyon.fr> <524EDE9E.2010109@insa-lyon.fr> In-Reply-To: <524EDE9E.2010109@insa-lyon.fr> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Oct 2013 15:58:59 -0000 Now that I switched from virtio to 82545EM all my networking problems disappeared. Appart from pf, I had also some other small networking problems that I thought were apache/php related, but were in fact due to virtio. virtio is clearly the culprit, but I can't say if it is FreeBSD or VirtualBox related Guest: FreeBSD 9.2 amd64 Host : FreeBSD 9.2 amd64 VM : VirtualBox 4.2.18 I can provide more information, if you tell me what to look for. On 10/04/13 17:28, Stephane D'Alu wrote: > On 10/04/13 16:48, sven falempin wrote: >> configure ALTQ (maybe the absence of configurating is not nicely working), >> i think freebsd has virtio support , > > Yes, since 9.2 virtio drivers are included in base distribution > >> >> i am interested in the result :-) > > I switched from virtio to 82545EM (with em driver), and performance are > back to normal. > > Look like a bug / bad interraction between virtio and pf. > (I don't know if VirtualBox as also a part in it) > >> >> >> OpenBSD is currently completly rewriting the queing system >> and improving performance. >> >> >> >> >> On Fri, Oct 4, 2013 at 9:17 AM, Stephane D'Alu >> > wrote: >> >> I'm running FreeBSD 9.2 inside VirtualBox with virtio for the nework >> card. pf is compiled with ALTQ support. >> >> My pf.conf file is as follow, which do nearly nothing: >> set skip on lo0 >> set skip on vnet0 >> >> If pf is enabled, bandwith drop by a 1000 factor! >> From 10Mb/s to 4Kb/s >> >> Any idea, what's going on? >> >> >> PS: >> - I have the same kind of configuration FreeBSD 9.2, pf + ALTQ >> and real firewall rules on a non virtualized server and everything >> is fine. >> - I will try to remove ALTQ and use em driver instead, to see if there >> is a performance improvement >> >> Sincerly >> -- >> Stephane D'Alu -- Ingenieur Recherche >> Laboratoire CITI / INSA-Lyon >> Tel: +33 47243 6483 >> _______________________________________________ >> freebsd-pf@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-pf >> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org >> " >> >> >> >> >> -- >> --------------------------------------------------------------------------------------------------------------------- >> () ascii ribbon campaign - against html e-mail >> /\ > > -- Stephane D'Alu -- Ingenieur Recherche Laboratoire CITI / INSA-Lyon Tel: +33 47243 6483 From owner-freebsd-pf@FreeBSD.ORG Fri Oct 4 18:20:34 2013 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 5C05B202; Fri, 4 Oct 2013 18:20:34 +0000 (UTC) (envelope-from bryanv@daemoninthecloset.org) Received: from torment.daemoninthecloset.org (torment.daemoninthecloset.org [94.242.209.234]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id E25652DE8; Fri, 4 Oct 2013 18:20:33 +0000 (UTC) Received: from sage.daemoninthecloset.org (unknown [70.114.209.60]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "sage.daemoninthecloset.org", Issuer "daemoninthecloset.org" (verified OK)) by torment.daemoninthecloset.org (Postfix) with ESMTPS id 8EE5442C0908; Fri, 4 Oct 2013 20:19:15 +0200 (CEST) X-Virus-Scanned: amavisd-new at daemoninthecloset.org X-Virus-Scanned: amavisd-new at daemoninthecloset.org Date: Fri, 4 Oct 2013 13:12:01 -0500 (CDT) From: Bryan Venteicher To: Stephane D'Alu Message-ID: <2036273502.48911.1380910321146.JavaMail.root@daemoninthecloset.org> In-Reply-To: <524EE5C1.6070508@insa-lyon.fr> References: <524EBFDD.7090604@insa-lyon.fr> <524EDE9E.2010109@insa-lyon.fr> <524EE5C1.6070508@insa-lyon.fr> Subject: Re: virtio problems (was: pf deadly slow) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Originating-IP: [10.51.1.6] X-Mailer: Zimbra 8.0.2_GA_5569 (ZimbraWebClient - GC30 (Mac)/8.0.2_GA_5569) Thread-Topic: virtio problems (was: pf deadly slow) Thread-Index: Gn0sT4j2mTppfvAqt6BsYLDdbeh5Hw== Cc: freebsd-virtualization@freebsd.org, freebsd-pf@freebsd.org X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Oct 2013 18:20:34 -0000 ----- Original Message ----- > Now that I switched from virtio to 82545EM all my networking problems > disappeared. > > Appart from pf, I had also some other small networking problems that I > thought were apache/php related, but were in fact due to virtio. > > virtio is clearly the culprit, but I can't say if it is FreeBSD or > VirtualBox related > > Guest: FreeBSD 9.2 amd64 > Host : FreeBSD 9.2 amd64 > VM : VirtualBox 4.2.18 > > I can provide more information, if you tell me what to look for. > > Disable Tx/Rx checksum offload. The current state of the network stack doesn't work well with forwarding offloaded VirtIO frames. > > On 10/04/13 17:28, Stephane D'Alu wrote: > > On 10/04/13 16:48, sven falempin wrote: > >> configure ALTQ (maybe the absence of configurating is not nicely working), > >> i think freebsd has virtio support , > > > > Yes, since 9.2 virtio drivers are included in base distribution > > > >> > >> i am interested in the result :-) > > > > I switched from virtio to 82545EM (with em driver), and performance are > > back to normal. > > > > Look like a bug / bad interraction between virtio and pf. > > (I don't know if VirtualBox as also a part in it) > > > >> > >> > >> OpenBSD is currently completly rewriting the queing system > >> and improving performance. > >> > >> > >> > >> > >> On Fri, Oct 4, 2013 at 9:17 AM, Stephane D'Alu > >> > wrote: > >> > >> I'm running FreeBSD 9.2 inside VirtualBox with virtio for the nework > >> card. pf is compiled with ALTQ support. > >> > >> My pf.conf file is as follow, which do nearly nothing: > >> set skip on lo0 > >> set skip on vnet0 > >> > >> If pf is enabled, bandwith drop by a 1000 factor! > >> From 10Mb/s to 4Kb/s > >> > >> Any idea, what's going on? > >> > >> > >> PS: > >> - I have the same kind of configuration FreeBSD 9.2, pf + ALTQ > >> and real firewall rules on a non virtualized server and everything > >> is fine. > >> - I will try to remove ALTQ and use em driver instead, to see if there > >> is a performance improvement > >> > >> Sincerly > >> -- > >> Stephane D'Alu -- Ingenieur Recherche > >> Laboratoire CITI / INSA-Lyon > >> Tel: +33 47243 6483 > >> _______________________________________________ > >> freebsd-pf@freebsd.org mailing list > >> http://lists.freebsd.org/mailman/listinfo/freebsd-pf > >> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org > >> " > >> > >> > >> > >> > >> -- > >> --------------------------------------------------------------------------------------------------------------------- > >> () ascii ribbon campaign - against html e-mail > >> /\ > > > > > > > -- > Stephane D'Alu -- Ingenieur Recherche > Laboratoire CITI / INSA-Lyon > Tel: +33 47243 6483 > _______________________________________________ > freebsd-virtualization@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization > To unsubscribe, send any mail to > "freebsd-virtualization-unsubscribe@freebsd.org" > From owner-freebsd-pf@FreeBSD.ORG Fri Oct 4 22:20:50 2013 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 324E82A8 for ; Fri, 4 Oct 2013 22:20:50 +0000 (UTC) (envelope-from lpmusix@gmail.com) Received: from mail-wg0-x231.google.com (mail-wg0-x231.google.com [IPv6:2a00:1450:400c:c00::231]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id B4D7A2A6C for ; Fri, 4 Oct 2013 22:20:49 +0000 (UTC) Received: by mail-wg0-f49.google.com with SMTP id l18so4703081wgh.28 for ; Fri, 04 Oct 2013 15:20:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=SE/ke1sWw0IElfKY4ifDrnPHhJ6j7pEJcvGZEOCdqXs=; b=qIpZDcgAYZWVN3b/qC3xkdlGExAmRrJ6bXZtoZNupdnjz9YnqcXZ+kAUhp7v4HeHhG EGGehGm+T3LV4Us0xuYs/q1BH4RCoaHSOHg6zndCTsXWkOvzhcmqG26+xA2LrC5MBCKO S2M/pj/1QkpYh9ixa5V2UqLigzr3cEODTLU9Z9Sczvg0sLG2RlIiidOqoXDZvOmeKP+j KXvwUNSA5MBhu30WNeXJY9ai9r7QFAdrp1BTYZ+rD+bI0qbzCSO9VabfnHvEf/sqNCZS qArpMm6Za8MQiLUCN1xSk/VE4pobcrEoqlFOpWyJ8HoYStxla40J9wRtR67tcQiDoXvB ny1w== X-Received: by 10.194.93.105 with SMTP id ct9mr14481923wjb.6.1380925248003; Fri, 04 Oct 2013 15:20:48 -0700 (PDT) MIME-Version: 1.0 Received: by 10.194.157.71 with HTTP; Fri, 4 Oct 2013 15:20:32 -0700 (PDT) In-Reply-To: <524EDF5F.20601@egr.msu.edu> References: <524EBFDD.7090604@insa-lyon.fr> <524EDE9E.2010109@insa-lyon.fr> <524EDF5F.20601@egr.msu.edu> From: Daniel Ballenger Date: Fri, 4 Oct 2013 15:20:32 -0700 Message-ID: Subject: Re: pf deadly slow To: Adam McDougall Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.14 Cc: freebsd-pf@freebsd.org X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Oct 2013 22:20:50 -0000 For what it's worth I'm running Freebsd 9.2-RELEASE on top of proxmox with the virtio network driver and don't have this issue (easily pushes over 100Mbps, doing over 60Mbps at the moment): vtnet0: flags=8843 metric 0 mtu 1500 options=c07bb pf.conf: set limit states 50000 set limit src-nodes 50000 set skip on vtnet2 pass in quick on vtnet0 modulate state pass out quick on vtnet0 modulate state pass in quick on vtnet1 modulate state pass out quick on vtnet1 modulate state On Fri, Oct 4, 2013 at 8:31 AM, Adam McDougall wrote: > On 10/04/13 11:28, Stephane D'Alu wrote: > > On 10/04/13 16:48, sven falempin wrote: > >> configure ALTQ (maybe the absence of configurating is not nicely > working), > >> i think freebsd has virtio support , > > > > Yes, since 9.2 virtio drivers are included in base distribution > > > >> > >> i am interested in the result :-) > > > > I switched from virtio to 82545EM (with em driver), and performance are > > back to normal. > > > > Look like a bug / bad interraction between virtio and pf. > > (I don't know if VirtualBox as also a part in it) > > > >> On Fri, Oct 4, 2013 at 9:17 AM, Stephane D'Alu > >> > wrote: > >> > >> I'm running FreeBSD 9.2 inside VirtualBox with virtio for the nework > >> card. pf is compiled with ALTQ support. > >> > >> My pf.conf file is as follow, which do nearly nothing: > >> set skip on lo0 > >> set skip on vnet0 > >> > >> If pf is enabled, bandwith drop by a 1000 factor! > >> From 10Mb/s to 4Kb/s > >> > >> Any idea, what's going on? > > If vnet0 has TSO enabled, can you try disabling it? Possibly with all > other optimizations too. Example: ifconfig vnet0 -tso > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > -- Daniel Ballenger http://denetron.com Sr. Systems Engineer - Denetron LLC