From owner-freebsd-pf@FreeBSD.ORG Sun Jan 28 00:53:57 2007 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 124CF16A402 for ; Sun, 28 Jan 2007 00:53:57 +0000 (UTC) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.187]) by mx1.freebsd.org (Postfix) with ESMTP id 8C70E13C471 for ; Sun, 28 Jan 2007 00:53:56 +0000 (UTC) (envelope-from max@love2party.net) Received: from [88.66.19.181] (helo=amd64.laiers.local) by mrelayeu.kundenserver.de (node=mrelayeu4) with ESMTP (Nemesis), id 0ML21M-1HAyIn2zBS-0007Ng; Sun, 28 Jan 2007 01:53:52 +0100 From: Max Laier Organization: FreeBSD To: freebsd-pf@freebsd.org Date: Sun, 28 Jan 2007 01:53:43 +0100 User-Agent: KMail/1.9.5 References: <45BB67C0.1070004@vwsoft.com> In-Reply-To: <45BB67C0.1070004@vwsoft.com> X-Face: ,,8R(x[kmU]tKN@>gtH1yQE4aslGdu+2]; R]*pL,U>^H?)gW@49@wdJ`H<=?utf-8?q?=25=7D*=5FBD=0A=09U=5For=3D=5CmOZf764=26nYj=3DJYbR1PW0ud?=>|!~,,CPC.1-D$FG@0h3#'5"k{V]a~.<=?utf-8?q?mZ=7D44=23Se=7Em=0A=09Fe=7E=5C=5DX5B=5D=5Fxj?=(ykz9QKMw_l0C2AQ]}Ym8)fU MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart23877406.UE5ozf8b9x"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200701280153.48577.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de login:61c499deaeeba3ba5be80f48ecc83056 X-Provags-ID2: V01U2FsdGVkX19jkj3a/zljwT3be8ez4XuCnan1lJvXtmXswJV7z4E8p1iInJn7vo6gpk4UhCR3wPaU1fw2Xe+ePIi4McuyzWeHIkdctLjwqJDPy168V3rrZA== Cc: Volker Subject: Re: ALTQ support for usb NICs? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 28 Jan 2007 00:53:57 -0000 --nextPart23877406.UE5ozf8b9x Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Saturday 27 January 2007 15:54, Volker wrote: > I'm wondering about the following: Are there any technical reasons > for not having ALTQ support for most (all?) usb NICs? > > Or did just too less people ask for it? The latter ... I believe there are just very few usb NICs in routers ;) =20 OTOH, converting a driver is a 10 lines diff. Look at=20 http://people.freebsd.org/~mlaier/ALTQ_driver/ and if you can't figure it=20 our yourself, let me know which one you'd like to test and I can come up=20 with the patch. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart23877406.UE5ozf8b9x Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (FreeBSD) iD8DBQBFu/QcXyyEoT62BG0RAnBCAJ9qIgSKetOex1W8oBhlMvRxknipxgCfRfrb N03NwdNzs0FO9ocOpug81nI= =u0CJ -----END PGP SIGNATURE----- --nextPart23877406.UE5ozf8b9x-- From owner-freebsd-pf@FreeBSD.ORG Sun Jan 28 00:59:45 2007 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id B89FA16A40A for ; Sun, 28 Jan 2007 00:59:45 +0000 (UTC) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.187]) by mx1.freebsd.org (Postfix) with ESMTP id 4741613C471 for ; Sun, 28 Jan 2007 00:59:45 +0000 (UTC) (envelope-from max@love2party.net) Received: from [88.66.19.181] (helo=amd64.laiers.local) by mrelayeu.kundenserver.de (node=mrelayeu6) with ESMTP (Nemesis), id 0ML29c-1HAyOW1CyW-0000n2; Sun, 28 Jan 2007 01:59:44 +0100 From: Max Laier Organization: FreeBSD To: freebsd-pf@freebsd.org Date: Sun, 28 Jan 2007 01:59:37 +0100 User-Agent: KMail/1.9.5 References: <45B684BD.8090706@gmail.com> <45BA0815.80708@gmail.com> <000301c74153$30d86ed0$92894c70$@ca> In-Reply-To: <000301c74153$30d86ed0$92894c70$@ca> X-Face: ,,8R(x[kmU]tKN@>gtH1yQE4aslGdu+2]; R]*pL,U>^H?)gW@49@wdJ`H<=?utf-8?q?=25=7D*=5FBD=0A=09U=5For=3D=5CmOZf764=26nYj=3DJYbR1PW0ud?=>|!~,,CPC.1-D$FG@0h3#'5"k{V]a~.<=?utf-8?q?mZ=7D44=23Se=7Em=0A=09Fe=7E=5C=5DX5B=5D=5Fxj?=(ykz9QKMw_l0C2AQ]}Ym8)fU MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1402097.FxNa0dWq8k"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200701280159.42895.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de login:61c499deaeeba3ba5be80f48ecc83056 X-Provags-ID2: V01U2FsdGVkX1/E4uGkx+iAba6Fh/gnFYQY1gemQtEcA/tQG9bONV1N79tPiYIEH4bM8gvgzS2vDXoG4P84sOwrcjtudWdJZC4F2PvyTQwzMa0O7pQqSkJ2HQ== Subject: Re: PF in kernel or as a module X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 28 Jan 2007 00:59:45 -0000 --nextPart1402097.FxNa0dWq8k Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline [ Please don't top-post and fix quotation ] On Friday 26 January 2007 15:06, Kevin K. wrote: > I'm curious if there has been some benchmarking done to compare the two > methods of enabling PF. You will not be able to measure any difference whatsoever. The main call=20 path is exactly the same with either method. You are of course welcome=20 to perform a benchmark to verify. Unless pfsync or ALTQ is required,=20 using the module is the preferred method when tracking a newer security=20 branch as it will enable freebsd-update of the kernel+modules. > The security debate could be argued to be circumstantial, but I'd like > to hear from people who use it in production via loaded module, as my > only experience with PF is building it into the kernel. > > -----Original Message----- > From: owner-freebsd-pf@freebsd.org > [mailto:owner-freebsd-pf@freebsd.org] On Behalf Of Martin Turgeon > Sent: Friday, January 26, 2007 8:54 AM > To: Max Laier > Cc: freebsd-pf@freebsd.org > Subject: Re: PF in kernel or as a module > > > Max Laier a =E9crit : > > On Tuesday 23 January 2007 22:57, Martin Turgeon wrote: > > > I would like to start a debate on this subject. Which method of > enabling PF is the more secure (buffer overflow for example), the > fastest, the most stable, etc. I searched the web for some info but > without result. So I would like to know your opinion on the pros and > cons of each method. > > > Kernel module - loaded via loader.conf - is as secure as built in.=20 > There is a slight chance, that somebody might be able to compromise the > module on disk, but then they are likely to be able to write to the > kernel (in the same location) as well. An additional plus is the > possibility of freebsd-update if you do not have to build a custom > kernel. > > Note that some features are only available when built in: pfsync and > altq - this is not going to change for technical reasons. > > Performance wise there should be no difference. > > > > Thanks a lot, that's exactly the type of answer I wanted. I'm always > surprised to see how much knowledge the FreeBSD mailinglists are > sharing. > Thank you for your effort > Martin Turgeon > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart1402097.FxNa0dWq8k Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (FreeBSD) iD8DBQBFu/V+XyyEoT62BG0RAndTAJ4wp5/jp4vMUVrmY/LbMo1sC7EbkwCfWMc8 xFj8m3zVkbuW5ZXF4peLLpo= =FSx2 -----END PGP SIGNATURE----- --nextPart1402097.FxNa0dWq8k-- From owner-freebsd-pf@FreeBSD.ORG Sun Jan 28 10:27:05 2007 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 3230C16A57A for ; Sun, 28 Jan 2007 10:27:05 +0000 (UTC) (envelope-from volker@vwsoft.com) Received: from frontmail.ipactive.de (frontmail.maindns.de [85.214.95.103]) by mx1.freebsd.org (Postfix) with ESMTP id E98DC13C4A3 for ; Sun, 28 Jan 2007 10:27:02 +0000 (UTC) (envelope-from volker@vwsoft.com) Received: from mail.vtec.ipme.de (unknown [89.53.125.132]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by frontmail.ipactive.de (Postfix) with ESMTP id EFC9112882A; Sun, 28 Jan 2007 11:26:55 +0100 (CET) Received: from [192.168.18.3] (unknown [192.168.18.3]) by mail.vtec.ipme.de (Postfix) with ESMTP id AC8C22E56B; Sun, 28 Jan 2007 11:26:45 +0100 (CET) Message-ID: <45BC7A66.9060807@vwsoft.com> Date: Sun, 28 Jan 2007 11:26:46 +0100 From: Volker User-Agent: Thunderbird 1.5.0.9 (X11/20070119) MIME-Version: 1.0 To: Max Laier References: <45BB67C0.1070004@vwsoft.com> <200701280153.48577.max@love2party.net> In-Reply-To: <200701280153.48577.max@love2party.net> X-Enigmail-Version: 0.94.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-VWSoft-MailScanner: Found to be clean X-MailScanner-From: volker@vwsoft.com X-ipactive-MailScanner-Information: Please contact the ISP for more information X-ipactive-MailScanner: Found to be clean X-ipactive-MailScanner-From: volker@vwsoft.com Cc: freebsd-pf@freebsd.org Subject: Re: ALTQ support for usb NICs? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 28 Jan 2007 10:27:05 -0000 Max, On 01/28/07 01:53, Max Laier wrote: > On Saturday 27 January 2007 15:54, Volker wrote: >> I'm wondering about the following: Are there any technical reasons >> for not having ALTQ support for most (all?) usb NICs? >> >> Or did just too less people ask for it? > > The latter ... I believe there are just very few usb NICs in routers ;) > OTOH, converting a driver is a 10 lines diff. Look at > http://people.freebsd.org/~mlaier/ALTQ_driver/ and if you can't figure it > our yourself, let me know which one you'd like to test and I can come up > with the patch. thanks for your response. Well, I think they're not really common in routers but as PCI slots are becoming more and more a limited resource, more people will use an usb NIC to attach their DSL lines or attach new subnets. On my SoHo Server I'm using one for the DSL line and one for attaching an open WLAN AP on a permanent basis. Also using them a lot for testing purposes. Anyway, I've already checked altq(9) which describes the driver transition and I thought about patching the drivers myself. I've got a bunch of aue, one kue and a few currently unsupported NICs. So are you going to patch these drivers or may I do it and will you commit the changes to cvs if that works out? Greetings, Volker From owner-freebsd-pf@FreeBSD.ORG Sun Jan 28 12:25:11 2007 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A10FE16A401 for ; Sun, 28 Jan 2007 12:25:11 +0000 (UTC) (envelope-from jarthel@gmail.com) Received: from wx-out-0506.google.com (wx-out-0506.google.com [66.249.82.236]) by mx1.freebsd.org (Postfix) with ESMTP id 22E8813C461 for ; Sun, 28 Jan 2007 12:25:11 +0000 (UTC) (envelope-from jarthel@gmail.com) Received: by wx-out-0506.google.com with SMTP id s18so1312740wxc for ; Sun, 28 Jan 2007 04:25:10 -0800 (PST) DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=OYGddcn1DZIn12EfkyC1vgs8xRX7hI6ldXWuJo7yo0N+JsMHGy9kckCOMlIeb3TXU7tGZxHbpGGjDaFnXntnxQWXYFtZaKBLpBHxVguKsBIFn4QIjAS/88b/ultKe4iShfr4pEWrXYer/Q3D0WkP3CpXlt0Ih5b+Vbs8H6XY4fc= Received: by 10.70.87.5 with SMTP id k5mr10528241wxb.1169987110470; Sun, 28 Jan 2007 04:25:10 -0800 (PST) Received: by 10.70.37.20 with HTTP; Sun, 28 Jan 2007 04:25:10 -0800 (PST) Message-ID: Date: Sun, 28 Jan 2007 22:55:10 +1030 From: "Jayel Villamin" To: freebsd-pf@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: packet shaping - borrow option not working? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 28 Jan 2007 12:25:11 -0000 I am currently downloading something via FTP (using socks). The socks queue has been alloted 148Kbps. Without the queue, I can download up to my max download speed (whatever is the max for a 512/128 Kbps DSL connection). With the queue, download speed is averaging 157Kbps. here's the screenshot of pfctl -s queue -vv => http://img260.imageshack.us/my.php?image=untitled1mr6.gif I have looked at the PF FAQ in openbsd.org and I do not see any reason why BORROW shouldn't be working. your help is much appreciated. thank you very much in advance here's the conf file I used to disable the queues ============ -> cat /root/config/pass_all.conf scrub all fragment reassemble ext_if = "tun0" sakaki_nic2 = "fxp1" nat on $ext_if from $sakaki_nic2:network to any -> ($ext_if) pass quick all ==================== here's my /etc/pf.conf ===================== #copy to /etc ######################################################################### #macros ############################################## #interfaces ext_if = "tun0" sakaki_nic2_if = "fxp1" loopback_if = "lo0" ############################################## #ports sakaki_nic2_if_in_tcp_to_others = "{ gmail_pop3 gmail_smtp chikka 5050 }" tomo_only_voip = "{ 5060, 16384:16482 }" ######################################################################### #Tables table persist { 192.168.0.2/32 } table persist { 192.168.0.3/32 } ######################################################################### #PF options set limit { frags 20000, states 20000 } set loginterface $ext_if set optimization normal set block-policy drop ######################################################################### #Scrub packets scrub all reassemble tcp fragment reassemble ######################################################################### #ALTQ altq on $ext_if priq bandwidth 82Kb queue { q_default, q_ssh, q_apache, q_udp, q_tcp_ack } queue q_default priq (default) queue q_ssh priority 3 priq(red) queue q_apache priority 5 queue q_udp priority 12 queue q_tcp_ack priority 14 altq on $sakaki_nic2_if cbq bandwidth 100% queue { q2_out, q2_local } queue q2_out bandwidth 452Kb { q2_out_socks, q2_out_default } queue q2_out_socks bandwidth 148Kb cbq(borrow) queue q2_out_default bandwidth 304Kb cbq(default borrow) queue q2_local bandwidth 97% cbq (red borrow) ######################################################################### #NAT #pass in quick on $ext_if inet proto udp from any port voip_proxy to keep state queue q_udp nat on $ext_if from $sakaki_nic2_if:network to any -> ($ext_if) ######################################################################### #Redirection #rdr on $ext_if proto udp from any port voip_proxy -> rdr on $ext_if proto { tcp udp } from any to ($ext_if) port bittorrent -> ######################################################################### #Packet filtering ############################################## #Default block block log all ############################################## #Outbound rules for ext_if pass out quick on $ext_if inet proto udp all keep state queue q_udp pass out quick on $ext_if inet proto tcp all keep state queue (q_default_out, q_tcp_ack) pass out quick on $ext_if inet proto icmp all keep state #Inbound rules for ext_if pass in quick on $ext_if inet proto tcp from any to ($ext_if) port apache_squid flags S/SA keep state queue q_apache pass in quick on $ext_if inet proto tcp from any to ($ext_if) port ssh flags S/SA keep state queue q_ssh pass in quick on $ext_if inet proto tcp from any to ($ext_if) port ident flags S/SA keep state queue q_default #for the redirect rules above pass in quick on $ext_if inet proto { tcp udp} from any to port bittorrent flags S/SA keep state queue q_default ############################################## #Inbound rules for sakaki_nic2_if pass in quick on $sakaki_nic2_if proto udp from $sakaki_nic2_if:network to ($sakaki_nic2_if) keep state queue q2_local pass in quick on $sakaki_nic2_if proto tcp from $sakaki_nic2_if:network to ($sakaki_nic2_if) port socks flags S/SA keep state queue q2_out_socks pass in quick on $sakaki_nic2_if proto tcp from $sakaki_nic2_if:network to ($sakaki_nic2_if) port squid flags S/SA keep state queue q2_out_default pass in quick on $sakaki_nic2_if proto tcp from $sakaki_nic2_if:network to any port $sakaki_nic2_if_in_tcp_to_others flags S/SA keep state queue q2_out_default pass in quick on $sakaki_nic2_if proto tcp from $sakaki_nic2_if:network to ($sakaki_nic2_if) flags S/SA keep state queue q2_local #Outbound rules for sakaki_nic2_if pass out quick on $sakaki_nic2_if all keep state queue q2_local ############################################## #Allow loopback connections pass quick on $loopback_if all ############################################## #Antispoof all interfaces antispoof log quick for { $ext_if, $sakaki_nic2_if } =========================== From owner-freebsd-pf@FreeBSD.ORG Sun Jan 28 15:14:26 2007 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 00A0C16A401 for ; Sun, 28 Jan 2007 15:14:26 +0000 (UTC) (envelope-from Greg.Hennessy@nviz.net) Received: from smtp.nildram.co.uk (smtp.nildram.co.uk [195.112.4.54]) by mx1.freebsd.org (Postfix) with ESMTP id BEB3813C461 for ; Sun, 28 Jan 2007 15:14:25 +0000 (UTC) (envelope-from Greg.Hennessy@nviz.net) Received: from d620 (84-12-175-72.dyn.gotadsl.co.uk [84.12.175.72]) by smtp.nildram.co.uk (Postfix) with ESMTP id A4D992B91BD; Sun, 28 Jan 2007 15:14:21 +0000 (GMT) From: "Greg Hennessy" To: "'Volker'" , "'Max Laier'" Date: Sun, 28 Jan 2007 15:14:25 -0000 Message-ID: <000301c742ee$ff867500$0201a8c0@d620> MIME-Version: 1.0 Content-Type: text/plain; charset="windows-1250" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 11 thread-index: AcdCx6u0btBxwA0tQWCmXchNqr3cNAAJyHUg X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3028 In-Reply-To: <45BC7A66.9060807@vwsoft.com> Cc: freebsd-pf@freebsd.org Subject: RE: ALTQ support for usb NICs? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 28 Jan 2007 15:14:26 -0000 > Anyway, I've already checked altq(9) which describes the > driver transition and I thought about patching the drivers myself. > > I've got a bunch of aue, one kue and a few currently unsupported NICs. > I could find a use for an altq patched aue ta muchly. Greg -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.432 / Virus Database: 268.17.12/654 - Release Date: 27/01/2007 17:02 From owner-freebsd-pf@FreeBSD.ORG Mon Jan 29 11:08:41 2007 Return-Path: X-Original-To: freebsd-pf@FreeBSD.org Delivered-To: freebsd-pf@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 2704816A485 for ; Mon, 29 Jan 2007 11:08:41 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40]) by mx1.freebsd.org (Postfix) with ESMTP id 143F513C4B5 for ; Mon, 29 Jan 2007 11:08:41 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (linimon@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id l0TB8eHX042138 for ; Mon, 29 Jan 2007 11:08:40 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id l0TB8dLX042132 for freebsd-pf@FreeBSD.org; Mon, 29 Jan 2007 11:08:39 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 29 Jan 2007 11:08:39 GMT Message-Id: <200701291108.l0TB8dLX042132@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: linimon set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-pf@FreeBSD.org Cc: Subject: Current problem reports assigned to you X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Jan 2007 11:08:41 -0000 Current FreeBSD problem reports Critical problems Serious problems S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/82271 pf [pf] cbq scheduler cause bad latency o kern/92949 pf [pf] PF + ALTQ problems with latency o sparc/93530 pf Incorrect checksums when using pf's route-to on sparc6 3 problems total. Non-critical problems S Tracker Resp. Description -------------------------------------------------------------------------------- f conf/81042 pf [pf] [patch] /etc/pf.os doesn't match FreeBSD 5.3->5.4 o kern/93825 pf [pf] pf reply-to doesn't work o kern/103304 pf pf accepts nonexistent queue in rules o kern/106400 pf fatal trap 12 at restart of PF with ALTQ if ng0 device 4 problems total. From owner-freebsd-pf@FreeBSD.ORG Mon Jan 29 20:11:46 2007 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 793EE16A402 for ; Mon, 29 Jan 2007 20:11:46 +0000 (UTC) (envelope-from linux@giboia.org) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.186]) by mx1.freebsd.org (Postfix) with ESMTP id 130E513C4B2 for ; Mon, 29 Jan 2007 20:11:45 +0000 (UTC) (envelope-from linux@giboia.org) Received: by nf-out-0910.google.com with SMTP id m19so2041638nfc for ; Mon, 29 Jan 2007 12:11:45 -0800 (PST) Received: by 10.49.27.11 with SMTP id e11mr7958622nfj.1170101504211; Mon, 29 Jan 2007 12:11:44 -0800 (PST) Received: by 10.49.69.20 with HTTP; Mon, 29 Jan 2007 12:11:43 -0800 (PST) Message-ID: <6e6841490701291211w3629f918l228fdace6a9ef17c@mail.gmail.com> Date: Mon, 29 Jan 2007 18:11:43 -0200 From: "Gilberto Villani Brito" To: "FreeBSD (PF)" In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: Subject: Re: packet shaping - borrow option not working? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Jan 2007 20:11:46 -0000 Try put q2_out like default: altq on $sakaki_nic2_if cbq bandwidth 100% queue { q2_out, q2_local } queue q2_out bandwidth 452Kb cbq(default) { q2_out_socks, q2_out_default } queue q2_out_socks bandwidth 148Kb cbq(borrow) queue q2_out_default bandwidth 304Kb cbq(borrow) queue q2_local bandwidth 97% cbq (red borrow) Gilberto 2007/1/28, Jayel Villamin : > I am currently downloading something via FTP (using socks). The socks > queue has been alloted 148Kbps. Without the queue, I can download up > to my max download speed (whatever is the max for a 512/128 Kbps DSL > connection). With the queue, download speed is averaging 157Kbps. > > here's the screenshot of pfctl -s queue -vv => > http://img260.imageshack.us/my.php?image=untitled1mr6.gif > > I have looked at the PF FAQ in openbsd.org and I do not see any reason > why BORROW shouldn't be working. > > your help is much appreciated. > > thank you very much in advance > > here's the conf file I used to disable the queues > ============ > -> cat /root/config/pass_all.conf > scrub all fragment reassemble > > ext_if = "tun0" > sakaki_nic2 = "fxp1" > > nat on $ext_if from $sakaki_nic2:network to any -> ($ext_if) > > pass quick all > ==================== > > here's my /etc/pf.conf > ===================== > #copy to /etc > ######################################################################### > #macros > ############################################## > #interfaces > ext_if = "tun0" > sakaki_nic2_if = "fxp1" > loopback_if = "lo0" > > ############################################## > #ports > sakaki_nic2_if_in_tcp_to_others = "{ gmail_pop3 gmail_smtp chikka 5050 }" > > tomo_only_voip = "{ 5060, 16384:16482 }" > > ######################################################################### > #Tables > table persist { 192.168.0.2/32 } > table persist { 192.168.0.3/32 } > > ######################################################################### > #PF options > set limit { frags 20000, states 20000 } > set loginterface $ext_if > set optimization normal > set block-policy drop > > ######################################################################### > #Scrub packets > scrub all reassemble tcp fragment reassemble > > ######################################################################### > #ALTQ > altq on $ext_if priq bandwidth 82Kb queue { q_default, q_ssh, > q_apache, q_udp, q_tcp_ack } > queue q_default priq (default) > queue q_ssh priority 3 priq(red) > queue q_apache priority 5 > queue q_udp priority 12 > queue q_tcp_ack priority 14 > > altq on $sakaki_nic2_if cbq bandwidth 100% queue { q2_out, q2_local } > > queue q2_out bandwidth 452Kb { q2_out_socks, q2_out_default } > queue q2_out_socks bandwidth 148Kb cbq(borrow) > queue q2_out_default bandwidth 304Kb cbq(default borrow) > queue q2_local bandwidth 97% cbq (red borrow) > > ######################################################################### > #NAT > #pass in quick on $ext_if inet proto udp from any port voip_proxy to > keep state queue q_udp > nat on $ext_if from $sakaki_nic2_if:network to any -> ($ext_if) > > ######################################################################### > #Redirection > #rdr on $ext_if proto udp from any port voip_proxy -> > > rdr on $ext_if proto { tcp udp } from any to ($ext_if) port bittorrent > -> > > ######################################################################### > #Packet filtering > ############################################## > #Default block > block log all > > ############################################## > #Outbound rules for ext_if > pass out quick on $ext_if inet proto udp all keep state queue q_udp > pass out quick on $ext_if inet proto tcp all keep state queue > (q_default_out, q_tcp_ack) > pass out quick on $ext_if inet proto icmp all keep state > > #Inbound rules for ext_if > pass in quick on $ext_if inet proto tcp from any to ($ext_if) port > apache_squid flags S/SA keep state queue q_apache > pass in quick on $ext_if inet proto tcp from any to ($ext_if) port ssh > flags S/SA keep state queue q_ssh > pass in quick on $ext_if inet proto tcp from any to ($ext_if) port > ident flags S/SA keep state queue q_default > > #for the redirect rules above > pass in quick on $ext_if inet proto { tcp udp} from any to > port bittorrent flags S/SA keep state queue q_default > > ############################################## > #Inbound rules for sakaki_nic2_if > pass in quick on $sakaki_nic2_if proto udp from > $sakaki_nic2_if:network to ($sakaki_nic2_if) keep state queue q2_local > > pass in quick on $sakaki_nic2_if proto tcp from > $sakaki_nic2_if:network to ($sakaki_nic2_if) port socks flags S/SA > keep state queue q2_out_socks > pass in quick on $sakaki_nic2_if proto tcp from > $sakaki_nic2_if:network to ($sakaki_nic2_if) port squid flags S/SA > keep state queue q2_out_default > pass in quick on $sakaki_nic2_if proto tcp from > $sakaki_nic2_if:network to any port $sakaki_nic2_if_in_tcp_to_others > flags S/SA keep state queue q2_out_default > pass in quick on $sakaki_nic2_if proto tcp from > $sakaki_nic2_if:network to ($sakaki_nic2_if) flags S/SA keep state > queue q2_local > > #Outbound rules for sakaki_nic2_if > pass out quick on $sakaki_nic2_if all keep state queue q2_local > > ############################################## > #Allow loopback connections > pass quick on $loopback_if all > > ############################################## > #Antispoof all interfaces > antispoof log quick for { $ext_if, $sakaki_nic2_if } > =========================== > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > From owner-freebsd-pf@FreeBSD.ORG Mon Jan 29 23:21:07 2007 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 139AC16A402 for ; Mon, 29 Jan 2007 23:21:07 +0000 (UTC) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.177]) by mx1.freebsd.org (Postfix) with ESMTP id 9E52413C4B2 for ; Mon, 29 Jan 2007 23:21:06 +0000 (UTC) (envelope-from max@love2party.net) Received: from [88.66.50.249] (helo=amd64.laiers.local) by mrelayeu.kundenserver.de (node=mrelayeu1) with ESMTP (Nemesis), id 0MKwpI-1HBfo12GIt-0006x6; Tue, 30 Jan 2007 00:21:03 +0100 From: Max Laier Organization: FreeBSD To: "Greg Hennessy" Date: Tue, 30 Jan 2007 00:20:46 +0100 User-Agent: KMail/1.9.5 References: <000301c742ee$ff867500$0201a8c0@d620> In-Reply-To: <000301c742ee$ff867500$0201a8c0@d620> X-Face: ,,8R(x[kmU]tKN@>gtH1yQE4aslGdu+2]; R]*pL,U>^H?)gW@49@wdJ`H<=?utf-8?q?=25=7D*=5FBD=0A=09U=5For=3D=5CmOZf764=26nYj=3DJYbR1PW0ud?=>|!~,,CPC.1-D$FG@0h3#'5"k{V]a~.<=?utf-8?q?mZ=7D44=23Se=7Em=0A=09Fe=7E=5C=5DX5B=5D=5Fxj?=(ykz9QKMw_l0C2AQ]}Ym8)fU MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart2043046.JbC9ebAhXL"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200701300020.52770.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de login:61c499deaeeba3ba5be80f48ecc83056 X-Provags-ID2: V01U2FsdGVkX1+sLmLuVRFt63mEkyhQZIOdAiHBlG+lT98Hv8yzXMsauqv5Vgv0Su1oxvgQ7cdgB876ZH/s+imtaluwZZYegHsCjtcmIA9nn2n48/QGG7hXTw== Cc: 'Volker' , freebsd-pf@freebsd.org Subject: Re: ALTQ support for usb NICs? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Jan 2007 23:21:07 -0000 --nextPart2043046.JbC9ebAhXL Content-Type: text/plain; charset="windows-1250" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Sunday 28 January 2007 16:14, Greg Hennessy wrote: > > Anyway, I've already checked altq(9) which describes the > > driver transition and I thought about patching the drivers myself. > > > > I've got a bunch of aue, one kue and a few currently unsupported > > NICs. > > I could find a use for an altq patched aue ta muchly. aue and kue patches added to=20 http://people.freebsd.org/~mlaier/ALTQ_driver/ Please test and report back. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart2043046.JbC9ebAhXL Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (FreeBSD) iD8DBQBFvoFUXyyEoT62BG0RAlcgAJ9oLvIjpBEtEFgujc8Zy/VFnhXyfwCfUu1F UlKE3sHeWHkKA+OGgHTNfFM= =aeV5 -----END PGP SIGNATURE----- --nextPart2043046.JbC9ebAhXL-- From owner-freebsd-pf@FreeBSD.ORG Tue Jan 30 16:33:20 2007 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id B4DD716A400 for ; Tue, 30 Jan 2007 16:33:20 +0000 (UTC) (envelope-from tom@tomjudge.com) Received: from smtp805.mail.ird.yahoo.com (smtp805.mail.ird.yahoo.com [217.146.188.65]) by mx1.freebsd.org (Postfix) with SMTP id 1ACC813C442 for ; Tue, 30 Jan 2007 16:33:19 +0000 (UTC) (envelope-from tom@tomjudge.com) Received: (qmail 7797 invoked from network); 30 Jan 2007 16:06:39 -0000 Received: from unknown (HELO ?192.168.1.2?) (thomasjudge@btinternet.com@86.139.151.223 with plain) by smtp805.mail.ird.yahoo.com with SMTP; 30 Jan 2007 16:06:38 -0000 X-YMail-OSG: HRSdknoVM1lqbVeqy1MLrxXU3MJL0oa.SUrFhQn.NbPjLtMRUP7vQSuHdx3qvKWEKPyYfwKQAYzSHxvSjqjuznujLewv.Sf8euwQjqCPIjNTqkl61nUqIzSiFV5lrgZhKCg2FSCyq4cEIyAcIPW2VtEhbeeTppXn2kTNdrIZrXfeQz0M6oRIUxSmpeU0pSGe4Zuwsb8DMjYf Message-ID: <45BF6DFE.9060307@tomjudge.com> Date: Tue, 30 Jan 2007 16:10:38 +0000 From: Tom Judge User-Agent: Thunderbird 1.5.0.7 (X11/20060922) MIME-Version: 1.0 To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: PF Policy routing failing to route ESP packets correctly X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Jan 2007 16:33:20 -0000 Hi, I am having some problems getting policy routing of outbound ESP packets to work correctly. It seems the routing works fine for everything but esp packets. Is this a known bug? Tom Relevent PF rules: table { 100.198.71.78 , 100.198.71.66 } pass out quick route-to ( fxp0 100.198.71.65 ) inet from to ! 100.198.71.64/28 keep state label "RULE 21 -- " From owner-freebsd-pf@FreeBSD.ORG Tue Jan 30 18:00:53 2007 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 6318216A4B3 for ; Tue, 30 Jan 2007 18:00:53 +0000 (UTC) (envelope-from kobus@cits.com.na) Received: from mx01.africaonline.com.na (smtp.africaonline.com.na [196.44.140.169]) by mx1.freebsd.org (Postfix) with ESMTP id C126713C49D for ; Tue, 30 Jan 2007 18:00:52 +0000 (UTC) (envelope-from kobus@cits.com.na) Received: from [196.44.146.194] (port=52919 helo=custompc1) by mx01.africaonline.com.na with esmtpa (Exim 4.51) id 1HAivH-00050G-3G; Sat, 27 Jan 2007 08:28:31 +0000 Message-ID: <033c01c741ee$4bb0d350$0b64400a@custompc1> From: "Kobus de Wit" To: Date: Sat, 27 Jan 2007 10:36:52 +0200 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.3028 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3028 X-RFC2646: Format=Flowed; Original Sender: kobus@africaonline.com.na Cc: Kobus de Wit Subject: REQUEST FOR ADVICE/INFO X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Kobus de Wit List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Jan 2007 18:00:53 -0000 Hi All, I am running a FreeBSD 6.0 server with one network interface (rl0) pointing to the Internet (public IP) and another pointing to internal networks (rl1) (3 in total). PF is used to allow access to the Internet (nat on $ext_if from $internal_net to any -> ($ext_if). On one of the internal networks an EXIM mail server resides. The solution I am looking for is for interface rl0 to listen for traffic destined for the mail server (on the mail server's public IP and on the same subnet as rl0) and for PF to rdr it to the said server. My pf.conf entry for the above is as follows:- rdr on $ext_if proto tcp on any to $external_addr/32 port 25 -> 192.168.21.10 port 25 When I assign an IP alias address to rl0 my internet response (web pages that do not open properly) becomes unsatisfactorily. Many thanks in advance. Kobus From owner-freebsd-pf@FreeBSD.ORG Tue Jan 30 18:11:05 2007 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 46DEA16A400 for ; Tue, 30 Jan 2007 18:11:05 +0000 (UTC) (envelope-from kobus@cits.com.na) Received: from mx01.africaonline.com.na (smtp.africaonline.com.na [196.44.140.169]) by mx1.freebsd.org (Postfix) with ESMTP id A5B7D13C46B for ; Tue, 30 Jan 2007 18:11:04 +0000 (UTC) (envelope-from kobus@cits.com.na) Received: from [196.44.146.194] (port=63977 helo=custompc1) by mx01.africaonline.com.na with esmtpa (Exim 4.51) id 1HBDSl-0004Bm-9P for freebsd-pf@freebsd.org; Sun, 28 Jan 2007 17:05:07 +0000 Message-ID: <036a01c742ff$a2cebd20$0b64400a@custompc1> From: "Kobus de Wit" To: Date: Sun, 28 Jan 2007 19:13:31 +0200 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.3028 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3028 X-RFC2646: Format=Flowed; Original Sender: kobus@africaonline.com.na Subject: REQUEST FOR ADVICE/INFO X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Kobus de Wit List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Jan 2007 18:11:05 -0000 Hi All, I am running a FreeBSD 6.0 server with one network interface (rl0) pointing to the Internet (public IP) and another pointing to internal networks (rl1) (3 in total). PF is used to allow access to the Internet (nat on $ext_if from $internal_net to any -> ($ext_if). On one of the internal networks an EXIM mail server resides. The solution I am looking for is for interface rl0 to listen for traffic destined for the mail server (on the mail server's public IP and on the same subnet as rl0) and for PF to rdr it to the said server. My pf.conf entry for the above is as follows:- rdr on $ext_if proto tcp on any to $external_addr/32 port 25 -> 192.168.21.10 port 25 When I assign an IP alias address to rl0 my internet response (web pages that do not open properly) becomes unsatisfactorily. Many thanks in advance. Kobus From owner-freebsd-pf@FreeBSD.ORG Tue Jan 30 22:09:55 2007 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 52ED416A8AC for ; Tue, 30 Jan 2007 22:09:55 +0000 (UTC) (envelope-from Greg.Hennessy@nviz.net) Received: from smtp.nildram.co.uk (smtp.nildram.co.uk [195.149.33.74]) by mx1.freebsd.org (Postfix) with ESMTP id 1B73913C4A7 for ; Tue, 30 Jan 2007 22:09:55 +0000 (UTC) (envelope-from Greg.Hennessy@nviz.net) Received: from gw2.local.net (unknown [62.3.210.251]) by smtp.nildram.co.uk (Postfix) with ESMTP id D88B1857AC for ; Tue, 30 Jan 2007 22:09:50 +0000 (GMT) From: "Greg Hennessy" To: "'Max Laier'" References: <000301c742ee$ff867500$0201a8c0@d620> <200701300020.52770.max@love2party.net> In-Reply-To: <200701300020.52770.max@love2party.net> Date: Tue, 30 Jan 2007 22:09:54 -0000 Message-ID: <000601c744bb$5ee186c0$1ca49440$@Hennessy@nviz.net> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 12.0 Thread-Index: AcdD/YRfnqcM/NP8Rq+a7yRgzvmI1wAvVf1Q Content-Language: en-gb x-cr-hashedpuzzle: EZlA Fy4x Ia3W LpcF PO19 P1RK RSf3 YDi3 Zugj bQJf bz69 dKZ6 dX0X e6g0 gSin hUbK; 3; ZgByAGUAZQBiAHMAZAAtAHAAZgBAAGYAcgBlAGUAYgBzAGQALgBvAHIAZwA7AG0AYQB4AEAAbABvAHYAZQAyAHAAYQByAHQAeQAuAG4AZQB0ADsAdgBvAGwAawBlAHIAQAB2AHcAcwBvAGYAdAAuAGMAbwBtAA==; Sosha1_v1; 7; {DDB035C0-D74C-45B7-947D-DB2E6AFF06F0}; ZwByAGUAZwAuAGgAZQBuAG4AZQBzAHMAeQBAAG4AdgBpAHoALgBuAGUAdAA=; Tue, 30 Jan 2007 22:09:46 GMT; UgBFADoAIABBAEwAVABRACAAcwB1AHAAcABvAHIAdAAgAGYAbwByACAAdQBzAGIAIABOAEkAQwBzAD8A x-cr-puzzleid: {DDB035C0-D74C-45B7-947D-DB2E6AFF06F0} Cc: 'Volker' , freebsd-pf@freebsd.org Subject: RE: ALTQ support for usb NICs? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Jan 2007 22:09:55 -0000 > aue and kue patches added to > http://people.freebsd.org/~mlaier/ALTQ_driver/ > > Please test and report back. So far so good. Greg gw2:~ # uname -a FreeBSD gw2.local.net 7.0-CURRENT FreeBSD 7.0-CURRENT #167: Tue Jan 30 15:57:33 GMT 2007 root@gw2.local.net:/usr/obj/usr/src/sys/GH i386 gw2:~ # cat /etc/rc.early /sbin/ifconfig aue0 name outside /sbin/ifconfig em0 name inside /sbin/ifconfig inside polling gw2:~ # pfctl -vsq queue root_outside bandwidth 700Kb priority 0 {q_pri, q_def, q_p2p} [ pkts: 0 bytes: 0 dropped pkts: 0 bytes: 0 ] [ qlength: 0/ 50 ] queue q_pri bandwidth 105Kb qlimit 250 hfsc( realtime 140Kb upperlimit 350Kb ) [ pkts: 118289 bytes: 6735193 dropped pkts: 0 bytes: 0 ] [ qlength: 0/250 ] queue q_def bandwidth 455Kb qlimit 250 hfsc( rio linkshare 350Kb upperlimit 630Kb ) [ pkts: 20710 bytes: 5146240 dropped pkts: 0 bytes: 0 ] [ qlength: 0/250 ] queue q_p2p bandwidth 140Kb qlimit 250 hfsc( rio default upperlimit 630Kb ) [ pkts: 3141 bytes: 140498 dropped pkts: 0 bytes: 0 ] [ qlength: 0/250 ] gw2:~ # From owner-freebsd-pf@FreeBSD.ORG Tue Jan 30 22:58:16 2007 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 6AA7D16A405 for ; Tue, 30 Jan 2007 22:58:16 +0000 (UTC) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.171]) by mx1.freebsd.org (Postfix) with ESMTP id ED67713C442 for ; Tue, 30 Jan 2007 22:58:15 +0000 (UTC) (envelope-from max@love2party.net) Received: from [88.64.190.88] (helo=amd64.laiers.local) by mrelayeu.kundenserver.de (node=mrelayeu2) with ESMTP (Nemesis), id 0MKwtQ-1HC1vQ2RvW-0005uW; Tue, 30 Jan 2007 23:58:08 +0100 From: Max Laier Organization: FreeBSD To: "Greg Hennessy" Date: Tue, 30 Jan 2007 23:57:56 +0100 User-Agent: KMail/1.9.5 References: <000301c742ee$ff867500$0201a8c0@d620> <200701300020.52770.max@love2party.net> <000601c744bb$5ee186c0$1ca49440$@Hennessy@nviz.net> In-Reply-To: <000601c744bb$5ee186c0$1ca49440$@Hennessy@nviz.net> X-Face: ,,8R(x[kmU]tKN@>gtH1yQE4aslGdu+2]; R]*pL,U>^H?)gW@49@wdJ`H<=?utf-8?q?=25=7D*=5FBD=0A=09U=5For=3D=5CmOZf764=26nYj=3DJYbR1PW0ud?=>|!~,,CPC.1-D$FG@0h3#'5"k{V]a~.<=?utf-8?q?mZ=7D44=23Se=7Em=0A=09Fe=7E=5C=5DX5B=5D=5Fxj?=(ykz9QKMw_l0C2AQ]}Ym8)fU MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart2136362.tZHf1mZiCy"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200701302358.03532.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de login:61c499deaeeba3ba5be80f48ecc83056 X-Provags-ID2: V01U2FsdGVkX18oQYH5W4Ep/s0Xla9OjyDlFX78OdSjXJdBv2tT9UsS/VXEKBco7J2eyFGh3AboddEFO6f8VbLO+XrWVByAiYbkIFW7goZE6V0YXqRc8HQwAg== Cc: "Volker, " , freebsd-pf@freebsd.org Subject: Re: ALTQ support for usb NICs? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Jan 2007 22:58:16 -0000 --nextPart2136362.tZHf1mZiCy Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Tuesday 30 January 2007 23:09, you wrote: > > aue and kue patches added to > > http://people.freebsd.org/~mlaier/ALTQ_driver/ > > > > Please test and report back. > > So far so good. > > Greg > > > gw2:~ # uname -a > FreeBSD gw2.local.net 7.0-CURRENT FreeBSD 7.0-CURRENT #167: Tue Jan 30 > 15:57:33 GMT 2007 root@gw2.local.net:/usr/obj/usr/src/sys/GH i386 > gw2:~ # cat /etc/rc.early > /sbin/ifconfig aue0 name outside > /sbin/ifconfig em0 name inside > /sbin/ifconfig inside polling Wow ... so naming really works? That's news :-) > gw2:~ # pfctl -vsq > queue root_outside bandwidth 700Kb priority 0 {q_pri, q_def, q_p2p} > [ pkts: 0 bytes: 0 dropped pkts: 0 bytes: =20 > 0 ] > [ qlength: 0/ 50 ] > queue q_pri bandwidth 105Kb qlimit 250 hfsc( realtime 140Kb upperlimit > 350Kb ) > [ pkts: 118289 bytes: 6735193 dropped pkts: 0 bytes: =20 > 0 ] > [ qlength: 0/250 ] > queue q_def bandwidth 455Kb qlimit 250 hfsc( rio linkshare 350Kb > upperlimit 630Kb ) > [ pkts: 20710 bytes: 5146240 dropped pkts: 0 bytes: =20 > 0 ] > [ qlength: 0/250 ] > queue q_p2p bandwidth 140Kb qlimit 250 hfsc( rio default upperlimit > 630Kb ) [ pkts: 3141 bytes: 140498 dropped pkts: 0 > bytes: 0 ] > [ qlength: 0/250 ] > gw2:~ # Can you by any chance run the simple benchmark described at=20 http://people.freebsd.org/~mlaier/ALTQ_driver/ ? It's good if hfsc=20 works, but the main goal is to make sure that we do not break anything=20 for non-ALTQ users. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart2136362.tZHf1mZiCy Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (FreeBSD) iD8DBQBFv817XyyEoT62BG0RApwNAJ0UtGaKacZtlrGyXBv4+vSdv3ZVzwCfdW1k spqSgZpd/bgLXLvu4w6f2Fk= =1gzB -----END PGP SIGNATURE----- --nextPart2136362.tZHf1mZiCy-- From owner-freebsd-pf@FreeBSD.ORG Tue Jan 30 23:09:34 2007 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A274D16A401 for ; Tue, 30 Jan 2007 23:09:34 +0000 (UTC) (envelope-from volker@vwsoft.com) Received: from frontmail.ipactive.de (frontmail.maindns.de [85.214.95.103]) by mx1.freebsd.org (Postfix) with ESMTP id 3B4A513C48E for ; Tue, 30 Jan 2007 23:09:33 +0000 (UTC) (envelope-from volker@vwsoft.com) Received: from mail.vtec.ipme.de (unknown [89.53.125.49]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by frontmail.ipactive.de (Postfix) with ESMTP id C0C54128831; Wed, 31 Jan 2007 00:09:26 +0100 (CET) Received: from [192.168.16.3] (cesar.sz.vwsoft.com [192.168.16.3]) by mail.vtec.ipme.de (Postfix) with ESMTP id B3C632E572; Wed, 31 Jan 2007 00:09:17 +0100 (CET) Message-ID: <45BFD021.7030101@vwsoft.com> Date: Wed, 31 Jan 2007 00:09:21 +0100 From: Volker User-Agent: Thunderbird 1.5.0.9 (X11/20070119) MIME-Version: 1.0 To: Max Laier References: <000301c742ee$ff867500$0201a8c0@d620> <200701300020.52770.max@love2party.net> <000601c744bb$5ee186c0$1ca49440$@Hennessy@nviz.net> <200701302358.03532.max@love2party.net> In-Reply-To: <200701302358.03532.max@love2party.net> X-Enigmail-Version: 0.94.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-VWSoft-MailScanner: Found to be clean X-MailScanner-From: volker@vwsoft.com X-ipactive-MailScanner-Information: Please contact the ISP for more information X-ipactive-MailScanner: Found to be clean X-ipactive-MailScanner-From: volker@vwsoft.com Cc: Greg Hennessy , freebsd-pf@freebsd.org Subject: Re: ALTQ support for usb NICs? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Jan 2007 23:09:34 -0000 On 01/30/07 23:57, Max Laier wrote: > On Tuesday 30 January 2007 23:09, you wrote: >>> aue and kue patches added to >>> http://people.freebsd.org/~mlaier/ALTQ_driver/ >>> >>> Please test and report back. >> So far so good. >> >> Greg >> >> >> gw2:~ # uname -a >> FreeBSD gw2.local.net 7.0-CURRENT FreeBSD 7.0-CURRENT #167: Tue Jan 30 >> 15:57:33 GMT 2007 root@gw2.local.net:/usr/obj/usr/src/sys/GH i386 >> gw2:~ # cat /etc/rc.early >> /sbin/ifconfig aue0 name outside >> /sbin/ifconfig em0 name inside >> /sbin/ifconfig inside polling > > Wow ... so naming really works? That's news :-) > >> gw2:~ # pfctl -vsq >> queue root_outside bandwidth 700Kb priority 0 {q_pri, q_def, q_p2p} >> [ pkts: 0 bytes: 0 dropped pkts: 0 bytes: >> 0 ] >> [ qlength: 0/ 50 ] >> queue q_pri bandwidth 105Kb qlimit 250 hfsc( realtime 140Kb upperlimit >> 350Kb ) >> [ pkts: 118289 bytes: 6735193 dropped pkts: 0 bytes: >> 0 ] >> [ qlength: 0/250 ] >> queue q_def bandwidth 455Kb qlimit 250 hfsc( rio linkshare 350Kb >> upperlimit 630Kb ) >> [ pkts: 20710 bytes: 5146240 dropped pkts: 0 bytes: >> 0 ] >> [ qlength: 0/250 ] >> queue q_p2p bandwidth 140Kb qlimit 250 hfsc( rio default upperlimit >> 630Kb ) [ pkts: 3141 bytes: 140498 dropped pkts: 0 >> bytes: 0 ] >> [ qlength: 0/250 ] >> gw2:~ # > > Can you by any chance run the simple benchmark described at > http://people.freebsd.org/~mlaier/ALTQ_driver/ ? It's good if hfsc > works, but the main goal is to make sure that we do not break anything > for non-ALTQ users. > Max, I'm using a RELENG_6 system so your patches did not succeed on my system. What I did was to manually make the needed modifications with if_aue.c 1.90.2.6 (cvs RELENG_6). Following you'll find my patch against RELENG_6. The interface is working, comes up and traffic goes through. Running netperf (tcp_range_script) is giving some errors (trimmed at bit): /usr/local/bin/netperf -l 60 -H 192.168.20.141 -t TCP_STREAM -i 10,2 -I 99,3 -- -m 1 -s 32768 -S 32768 TCP STREAM TEST from 0.0.0.0 (0.0.0.0) port 0 AF_INET to 192.168.20.141 (192.168.20.141) port 0 AF_INET : +/-1.5% @ 99% conf. netperf: cannot shutdown tcp stream socket: Operation not permitted netperf claims about operation not permitted at least four times (still running in the background) whereas before the patch has been installed, netperf showed this message only one single time. Throughput w/o ALTQ decreases a bit from 5,78 MBit/s (w/o patch) and 5,74 MBit/s (w/ patch, w/o ALTQ enabled for that interface). As traffic is passing the interface, I would consider this working but find the "operation not permitted" messages a bit strange. Next, I'll test w/ ALTQ enabled for that interface but it will take half an hour (will drop another note to the ML). FreeBSD bellona.sz.vwsoft.com 6.2-STABLE FreeBSD 6.2-STABLE #6: Tue Jan 30 23:28:14 CET 2007 root@bellona.sz.vwsoft.com:/usr/obj/usr/src/sys/BELLONA i386 Greetings, Volker Patch for if_aue.c against RELENG_6: --- if_aue.c.orig Thu Nov 16 12:50:54 2006 +++ if_aue.c.new Tue Jan 30 23:20:57 2007 @@ -732,7 +732,10 @@ ifp->if_start = aue_start; ifp->if_watchdog = aue_watchdog; ifp->if_init = aue_init; - ifp->if_snd.ifq_maxlen = IFQ_MAXLEN; + IFQ_SET_MAXLEN(&ifp->if_snd, IFQ_MAXLEN); + ifp->if_snd.ifq_drv_maxlen = IFQ_MAXLEN; + IFQ_SET_READY(&ifp->if_snd); + /* * Do MII setup. @@ -1034,7 +1037,7 @@ if (!sc->aue_link && mii->mii_media_status & IFM_ACTIVE && IFM_SUBTYPE(mii->mii_media_active) != IFM_NONE) { sc->aue_link++; - if (ifp->if_snd.ifq_head != NULL) + if (!IFQ_DRV_IS_EMPTY(&ifp->if_snd)) aue_start(ifp); } @@ -1106,14 +1109,14 @@ return; } - IF_DEQUEUE(&ifp->if_snd, m_head); + IFQ_DRV_DEQUEUE(&ifp->if_snd, m_head); if (m_head == NULL) { AUE_UNLOCK(sc); return; } if (aue_encap(sc, m_head, 0)) { - IF_PREPEND(&ifp->if_snd, m_head); + IFQ_DRV_PREPEND(&ifp->if_snd, m_head); ifp->if_drv_flags |= IFF_DRV_OACTIVE; AUE_UNLOCK(sc); return; @@ -1350,7 +1353,7 @@ usbd_get_xfer_status(c->ue_xfer, NULL, NULL, NULL, &stat); aue_txeof(c->ue_xfer, c, stat); - if (ifp->if_snd.ifq_head != NULL) + if (!IFQ_IS_EMPTY(&ifp->if_snd)) aue_start(ifp); AUE_UNLOCK(sc); return; From owner-freebsd-pf@FreeBSD.ORG Tue Jan 30 23:13:49 2007 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id C215D16A405 for ; Tue, 30 Jan 2007 23:13:49 +0000 (UTC) (envelope-from Greg.Hennessy@nviz.net) Received: from smtp.nildram.co.uk (smtp.nildram.co.uk [195.112.4.54]) by mx1.freebsd.org (Postfix) with ESMTP id 8D3B813C494 for ; Tue, 30 Jan 2007 23:13:49 +0000 (UTC) (envelope-from Greg.Hennessy@nviz.net) Received: from gw2.local.net (unknown [62.3.210.251]) by smtp.nildram.co.uk (Postfix) with ESMTP id 990732B6CD5 for ; Tue, 30 Jan 2007 23:13:44 +0000 (GMT) From: "Greg Hennessy" To: "'Max Laier'" References: <000301c742ee$ff867500$0201a8c0@d620> <200701300020.52770.max@love2party.net> <000601c744bb$5ee186c0$1ca49440$@Hennessy@nviz.net> <200701302358.03532.max@love2party.net> In-Reply-To: <200701302358.03532.max@love2party.net> Date: Tue, 30 Jan 2007 23:13:48 -0000 Message-ID: <001901c744c4$4c5f6ef0$e51e4cd0$@Hennessy@nviz.net> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 12.0 Thread-Index: AcdEwiZIbppiWt/5SZG48gZd2HZPRgAAB4TQ Content-Language: en-gb Cc: "'Volker, '" , freebsd-pf@freebsd.org Subject: RE: ALTQ support for usb NICs? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Jan 2007 23:13:49 -0000 > > gw2:~ # cat /etc/rc.early > > /sbin/ifconfig aue0 name outside > > /sbin/ifconfig em0 name inside > > /sbin/ifconfig inside polling > > Wow ... so naming really works? That's news :-) Works a treat, I've been using naming for over 6 months now, saves a lot of PITA conf changes when swapping things in/out for test. > > > Can you by any chance run the simple benchmark described at > http://people.freebsd.org/~mlaier/ALTQ_driver/ ? Shouldn't be a problem, I should have something for you over the next few days. Greg From owner-freebsd-pf@FreeBSD.ORG Wed Jan 31 00:39:25 2007 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 3132C16A401 for ; Wed, 31 Jan 2007 00:39:25 +0000 (UTC) (envelope-from volker@vwsoft.com) Received: from frontmail.ipactive.de (frontmail.maindns.de [85.214.95.103]) by mx1.freebsd.org (Postfix) with ESMTP id EB82913C481 for ; Wed, 31 Jan 2007 00:39:24 +0000 (UTC) (envelope-from volker@vwsoft.com) Received: from mail.vtec.ipme.de (unknown [89.53.125.49]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by frontmail.ipactive.de (Postfix) with ESMTP id 109BA128831; Wed, 31 Jan 2007 01:39:18 +0100 (CET) Received: from [192.168.16.3] (cesar.sz.vwsoft.com [192.168.16.3]) by mail.vtec.ipme.de (Postfix) with ESMTP id 613942E572; Wed, 31 Jan 2007 01:39:09 +0100 (CET) Message-ID: <45BFE530.6060406@vwsoft.com> Date: Wed, 31 Jan 2007 01:39:12 +0100 From: Volker User-Agent: Thunderbird 1.5.0.9 (X11/20070119) MIME-Version: 1.0 To: Max Laier References: <000301c742ee$ff867500$0201a8c0@d620> <200701300020.52770.max@love2party.net> In-Reply-To: <200701300020.52770.max@love2party.net> X-Enigmail-Version: 0.94.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-VWSoft-MailScanner: Found to be clean X-MailScanner-From: volker@vwsoft.com X-ipactive-MailScanner-Information: Please contact the ISP for more information X-ipactive-MailScanner: Found to be clean X-ipactive-MailScanner-From: volker@vwsoft.com Cc: Greg Hennessy , freebsd-pf@freebsd.org Subject: Re: ALTQ support for usb NICs? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 31 Jan 2007 00:39:25 -0000 On 01/30/07 00:20, Max Laier wrote: > On Sunday 28 January 2007 16:14, Greg Hennessy wrote: >>> Anyway, I've already checked altq(9) which describes the >>> driver transition and I thought about patching the drivers myself. >>> >>> I've got a bunch of aue, one kue and a few currently unsupported >>> NICs. >> I could find a use for an altq patched aue ta muchly. > > aue and kue patches added to > http://people.freebsd.org/~mlaier/ALTQ_driver/ > > Please test and report back. > Max, WFM. Patched against RELENG_6, tested with ALTQ disabled and enabled on that interface. Using netperf I do see a (significant) drop in performace (using really just one simple pf rule, two cbq queues - so not really ideally) but as I need ALTQ for limiting some traffic on that interface, it's ok. While it's ok for me to see a drop in throughput, I'm really wondering about. Using netperf, patched driver, ALTQ disabled I get values like: Recv Send Send Socket Socket Message Elapsed Size Size Size Time Throughput bytes bytes bytes secs. 10^6bits/sec 32768 32768 65536 60.07 4.78 Using the unpatched (1.90.2.6) driver I get: 32768 32768 65536 60.04 5.78 The only difference between those two tests, has been a patched if_aue.c and a new buildkernel. No (or not that I'm aware of) other code changes should have been fetched from cvs between both kernel builds. Beside the throughput question, the patch seems to be ok - please commit! ;) Greetings, Volker From owner-freebsd-pf@FreeBSD.ORG Wed Jan 31 17:12:07 2007 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 3376316A405 for ; Wed, 31 Jan 2007 17:12:07 +0000 (UTC) (envelope-from Greg.Hennessy@nviz.net) Received: from smtp.nildram.co.uk (smtp.nildram.co.uk [195.149.33.74]) by mx1.freebsd.org (Postfix) with ESMTP id CA2E713C494 for ; Wed, 31 Jan 2007 17:12:06 +0000 (UTC) (envelope-from Greg.Hennessy@nviz.net) Received: from gw2.local.net (unknown [62.3.210.251]) by smtp.nildram.co.uk (Postfix) with ESMTP id 5305266DF4 for ; Wed, 31 Jan 2007 17:12:03 +0000 (GMT) From: "Greg Hennessy" To: "'Max Laier'" References: <000301c742ee$ff867500$0201a8c0@d620> <200701300020.52770.max@love2party.net> <000601c744bb$5ee186c0$1ca49440$@Hennessy@nviz.net> <200701302358.03532.max@love2party.net> In-Reply-To: <200701302358.03532.max@love2party.net> Date: Wed, 31 Jan 2007 17:12:02 -0000 Message-ID: <000c01c7455a$ed1c3350$c75499f0$@Hennessy@nviz.net> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 12.0 Thread-Index: AcdEwsoyTKWppHa9R/69aWPssld4bgAjzHmQ Content-Language: en-gb x-cr-hashedpuzzle: B0g7 Fk2U HVzg H2mh Kin6 KklR KwBA Mb+u MfxK Mj6V NGJh OAgP PMYe P/Z/ S/JN Tbfo; 2; ZgByAGUAZQBiAHMAZAAtAHAAZgBAAGYAcgBlAGUAYgBzAGQALgBvAHIAZwA7AG0AYQB4AEAAbABvAHYAZQAyAHAAYQByAHQAeQAuAG4AZQB0AA==; Sosha1_v1; 7; {0A71EE94-62D3-47E0-AF69-DDBADA9E1D89}; ZwByAGUAZwAuAGgAZQBuAG4AZQBzAHMAeQBAAG4AdgBpAHoALgBuAGUAdAA=; Wed, 31 Jan 2007 17:11:56 GMT; UgBFADoAIABBAEwAVABRACAAcwB1AHAAcABvAHIAdAAgAGYAbwByACAAdQBzAGIAIABOAEkAQwBzAD8A x-cr-puzzleid: {0A71EE94-62D3-47E0-AF69-DDBADA9E1D89} Cc: freebsd-pf@freebsd.org Subject: RE: ALTQ support for usb NICs? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 31 Jan 2007 17:12:07 -0000 > Can you by any chance run the simple benchmark described at > http://people.freebsd.org/~mlaier/ALTQ_driver/ ? It's good if hfsc > works, but the main goal is to make sure that we do not break anything > for non-ALTQ users. > Here's the meaty goodness. Test system. P4 2.8 downclocked to 2.1 ghz 512 meg. Intel i865 chipset gw2:~ # ifconfig aue0 aue0: flags=8843 mtu 1500 inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255 ether 00:04:e2:4f:04:85 media: Ethernet autoselect (10baseT/UTP ) status: active gw2:~ # dmesg | grep -i aue aue0: on uhub3 aue0: SMC, Inc USB Ethernet Adapter, rev 1.10/1.01, addr 2 miibus1: on aue0 aue0: Ethernet address: 00:04:e2:4f:04:85 gw2:~ # dmesg | grep -i uhub3 uhub3: on usb3 uhub3: 2 ports with 2 removable, self powered. Clean current build without Max's meaty ALTQ goodness for if_aue.c gw2:~ # uname -a FreeBSD gw2.local.net 7.0-CURRENT FreeBSD 7.0-CURRENT #168: Wed Jan 31 12:50:12 GMT 2007 root@gw2.local.net:/usr/obj/usr/src/sys/GH i386 Pf disabled. gw2:~ # /usr/local/bin/netperf -l 60 -H 192.168.1.101 -t TCP_STREAM -i 10,2 -I 99,3 -- -m 1 -s 32768 -S 32768 TCP STREAM TEST from 0.0.0.0 (0.0.0.0) port 0 AF_INET to 192.168.1.101 (192.168.1.101) port 0 AF_INET : +/-1.5% @ 99% conf. Recv Send Send Socket Socket Message Elapsed Size Size Size Time Throughput bytes bytes bytes secs. 10^6bits/sec 32768 32768 1 60.03 4.27 gw2:~ Pf enabled gw2:~ # grep -i aue0 /etc/pf.conf set skip on aue0 gw2:~ # /usr/local/bin/netperf -l 60 -H 192.168.1.101 -t TCP_STREAM -i 10,2 -I 99,3 -- -m 1 -s 32768 -S 32768 TCP STREAM TEST from 0.0.0.0 (0.0.0.0) port 0 AF_INET to 192.168.1.101 (192.168.1.101) port 0 AF_INET : +/-1.5% @ 99% conf. Recv Send Send Socket Socket Message Elapsed Size Size Size Time Throughput bytes bytes bytes secs. 10^6bits/sec 32768 32768 1 60.04 4.24 gw2:~ # Reboot with yesterdays aue altq enabled kernel..... gw2:~ # uname -a FreeBSD gw2.local.net 7.0-CURRENT FreeBSD 7.0-CURRENT #167: Tue Jan 30 15:57:33 GMT 2007 root@gw2.local.net:/usr/obj/usr/src/sys/GH i386 gw2:~ # PF enabled running my normal policy with set skip on aue0. gw2:~ # /usr/local/bin/netperf -l 60 -H 192.168.1.101 -t TCP_STREAM -i 10,2 -I 99,3 -- -m 1 -s 32768 -S 32768 TCP STREAM TEST from 0.0.0.0 (0.0.0.0) port 0 AF_INET to 192.168.1.101 (192.168.1.101) port 0 AF_INET : +/-1.5% @ 99% conf. Recv Send Send Socket Socket Message Elapsed Size Size Size Time Throughput bytes bytes bytes secs. 10^6bits/sec 32768 32768 1 60.36 4.25 PF enabled running altq.pf.test on aue0. Bandwidth limited to 10 megabits. gw2:~ # cat altq.pf.test | grep -v \^# test_if=aue0 fullspeed=192.168.1.101 limited=192.168.1.102 altq on $test_if bandwidth 10Mb cbq queue { dflt } queue dflt bandwidth 100% cbq(default) { small } queue small bandwidth 5% cbq pass out on $test_if from ($test_if) to $fullspeed queue dflt pass out on $test_if from ($test_if) to $limited queue small Fast Q: gw2:~ # /usr/local/bin/netperf -l 60 -H 192.168.1.101 -t TCP_STREAM -i 10,2 -I 99,3 -- -m 1 -s 32768 -S 32768 TCP STREAM TEST from 0.0.0.0 (0.0.0.0) port 0 AF_INET to 192.168.1.101 (192.168.1.101) port 0 AF_INET : +/-1.5% @ 99% conf. Recv Send Send Socket Socket Message Elapsed Size Size Size Time Throughput bytes bytes bytes secs. 10^6bits/sec 32768 32768 1 60.32 4.25 gw2:~ # Slow Q: gw2:~ # /usr/local/bin/netperf -l 60 -H 192.168.1.102 -t TCP_STREAM -i 10,2 -I 99,3 -- -m 1 -s 32768 -S 32768 TCP STREAM TEST from 0.0.0.0 (0.0.0.0) port 0 AF_INET to 192.168.1.101 (192.168.1.101) port 0 AF_INET : +/-1.5% @ 99% conf. Recv Send Send Socket Socket Message Elapsed Size Size Size Time Throughput bytes bytes bytes secs. 10^6bits/sec 32768 32768 1 60.59 0.48 gw2:~ # Greg From owner-freebsd-pf@FreeBSD.ORG Wed Jan 31 22:59:07 2007 Return-Path: X-Original-To: freebsd-pf@FreeBSD.org Delivered-To: freebsd-pf@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id C3D7816A402; Wed, 31 Jan 2007 22:59:07 +0000 (UTC) (envelope-from flz@FreeBSD.org) Received: from postfix1-g20.free.fr (postfix1-g20.free.fr [212.27.60.42]) by mx1.freebsd.org (Postfix) with ESMTP id 4F3A713C491; Wed, 31 Jan 2007 22:59:07 +0000 (UTC) (envelope-from flz@FreeBSD.org) Received: from smtp3-g19.free.fr (smtp3-g19.free.fr [212.27.42.29]) by postfix1-g20.free.fr (Postfix) with ESMTP id 6E7658C86BE; Wed, 31 Jan 2007 23:35:57 +0100 (CET) Received: from smtp.xbsd.org (unknown [82.233.2.192]) by smtp3-g19.free.fr (Postfix) with ESMTP id A5AD34A250; Wed, 31 Jan 2007 23:35:55 +0100 (CET) Received: from localhost (localhost.xbsd.org [127.0.0.1]) by smtp.xbsd.org (Postfix) with ESMTP id E4B9211806; Wed, 31 Jan 2007 23:35:54 +0100 (CET) X-Virus-Scanned: amavisd-new at xbsd.org Received: from smtp.xbsd.org ([127.0.0.1]) by localhost (srv1.xbsd.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R1mLQNpX1JgJ; Wed, 31 Jan 2007 23:35:49 +0100 (CET) Received: from [193.120.13.130] (cream.xbsd.org [193.120.13.130]) by smtp.xbsd.org (Postfix) with ESMTP id 9E9A81164F; Wed, 31 Jan 2007 23:35:48 +0100 (CET) Message-ID: <45C118FB.6070208@FreeBSD.org> Date: Wed, 31 Jan 2007 22:32:27 +0000 From: Florent Thoumie User-Agent: Thunderbird 1.5.0.9 (X11/20070122) MIME-Version: 1.0 To: freebsd-pf@FreeBSD.org X-Enigmail-Version: 0.94.1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="------------enigE96306D3B08E091DD9728ADA" Cc: freebsd-net@FreeBSD.org, Roman Divacky , freebsd-ports@FreeBSD.org Subject: RFC: net/hoststated port - Host status for server load-balancing X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 31 Jan 2007 22:59:07 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigE96306D3B08E091DD9728ADA Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable I took a few minutes to make a port of it after Roman Divacky sent me an initial patchset for it. I made sure that it compiled/installed fine but don't have the chance to test it now. For those who don't know yet about hoststated: hoststated is the host status daemon for server load balancing. Its main purpose is to keep pf(4) tables up to date as well as any related pf rdr rules. To communicate with pf, hoststated uses the anchor facility. To enable hoststated to install rulesets through the anchor, the following line is required in the NAT section of pf.conf(5). It is written by Pierre-Yves Ritschard and it has been recently added (and linked to the build) in the OpenBSD source tree. You can find the port here (both extracted and in shell archive format): http://people.freebsd.org/~flz/local/ports/ PS: Apologies to those who will receive more than once this email due to cross-mailing. --=20 Florent Thoumie flz@FreeBSD.org FreeBSD Committer --------------enigE96306D3B08E091DD9728ADA Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFwRkAMxEkbVFH3PQRCl1yAJ43bbKvjYj4uR0zjB/ZwOt25lopTQCdFbNh pzzaTjwo++1ZJP/Sbhz5jH0= =dexH -----END PGP SIGNATURE----- --------------enigE96306D3B08E091DD9728ADA-- From owner-freebsd-pf@FreeBSD.ORG Thu Feb 1 12:44:22 2007 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id BECD716A400 for ; Thu, 1 Feb 2007 12:44:22 +0000 (UTC) (envelope-from blacktemplares@rambler.ru) Received: from mxb.rambler.ru (mxb.rambler.ru [81.19.66.30]) by mx1.freebsd.org (Postfix) with ESMTP id 7B42013C4A6 for ; Thu, 1 Feb 2007 12:44:22 +0000 (UTC) (envelope-from blacktemplares@rambler.ru) Received: from mailc.rambler.ru (mailc.rambler.ru [81.19.66.27]) by mxb.rambler.ru (Postfix) with ESMTP id 385151EE912 for ; Thu, 1 Feb 2007 15:25:27 +0300 (MSK) Received: from it9.gradient-alpha.local (gw.gradient-alpha.ru [85.91.101.85]) (authenticated bits=0) by mailc.rambler.ru (8.13.6/8.13.6) with ESMTP id l11CPQFs003086 for ; Thu, 1 Feb 2007 15:25:27 +0300 (MSK) Date: Thu, 1 Feb 2007 15:25:27 +0300 From: BlackTemplares X-Mailer: The Bat! (v3.80.06) Professional X-Priority: 3 (Normal) Message-ID: <1112430001.20070201152527@rambler.ru> To: freebsd-pf@freebsd.org Content-Transfer-Encoding: quoted-printable X-Auth-User: blacktemplares, whoson: (null) MIME-Version: 1.0 Content-Type: text/plain; charset="windows-1251" X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: (no subject) X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: BlackTemplares List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Feb 2007 12:44:22 -0000 =C7=E4=F0=E0=E2=F1=F2=E2=F3=E9=F2=E5, freebsd-pf. -- =D1 =F3=E2=E0=E6=E5=ED=E8=E5=EC, BlackTemplares &nb= sp; [1]mailto:blacktemplares@ra= mbler.ru References 1. 3D"mailto:blacktemplares@rambler.ru" From owner-freebsd-pf@FreeBSD.ORG Fri Feb 2 19:35:13 2007 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 8303316A401 for ; Fri, 2 Feb 2007 19:35:13 +0000 (UTC) (envelope-from msgs_for_me@mail.ru) Received: from f30.mail.ru (f30.mail.ru [194.67.57.23]) by mx1.freebsd.org (Postfix) with ESMTP id 439EC13C474 for ; Fri, 2 Feb 2007 19:35:13 +0000 (UTC) (envelope-from msgs_for_me@mail.ru) Received: from mail by f30.mail.ru with local id 1HD4Bj-000D25-00 for freebsd-pf@freebsd.org; Fri, 02 Feb 2007 22:35:11 +0300 Received: from [82.114.107.25] by win.mail.ru with HTTP; Fri, 02 Feb 2007 22:35:11 +0300 From: =?koi8-r?Q?=F7=CC=C1=C4=C9=CD=C9=D2_=EB=C1=D0=D5=D3=D4=C9=CE?= To: freebsd-pf@freebsd.org Mime-Version: 1.0 X-Mailer: mPOP Web-Mail 2.19 X-Originating-IP: [82.114.107.25] Date: Fri, 02 Feb 2007 22:35:11 +0300 Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 8bit Message-Id: Subject: SPAMD stop passing mail from WHITE-list X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: =?koi8-r?Q?=F7=CC=C1=C4=C9=CD=C9=D2_=EB=C1=D0=D5=D3=D4=C9=CE?= List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Feb 2007 19:35:13 -0000 Hi, all! I have spamd configured like in http://home.nuug.no/~peter/pf/en/spamd.html with greylisting enabled and i meet some problems with it: 1. My 2 FreeBSD routers stopped to pass mail from WHITE-list. First one - when spamd grows to 500 Megabytes. Second - 350 Meg. When I do: cat /dev/null > /var/db/spamd all starts to work again I wright small script which clears spamdb, but I don't think that it is the best idea. 2. If i have some malware on my PC and use mail-client program. If I send the same message some times I automatically get into WHITE-list and my malware can spam as much as it must? From owner-freebsd-pf@FreeBSD.ORG Sat Feb 3 19:37:34 2007 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 2699916A400 for ; Sat, 3 Feb 2007 19:37:34 +0000 (UTC) (envelope-from peter@bsdly.net) Received: from skapet.datadok.no (skapet.datadok.no [194.54.107.19]) by mx1.freebsd.org (Postfix) with ESMTP id D1B4313C48E for ; Sat, 3 Feb 2007 19:37:28 +0000 (UTC) (envelope-from peter@bsdly.net) Received: from thingy.bsdly.net ([10.168.103.11] helo=thingy.datadok.no.bsdly.net ident=peter) by skapet.datadok.no with esmtp (Exim 4.62) (envelope-from ) id 1HDQhS-0004ht-W0 for freebsd-pf@freebsd.org; Sat, 03 Feb 2007 20:37:26 +0100 To: freebsd-pf@freebsd.org References: From: peter@bsdly.net (Peter N. M. Hansteen) Date: Sat, 03 Feb 2007 20:37:25 +0100 In-Reply-To: (msgs_for_me@mail.ru's message of "Fri, 02 Feb 2007 22:35:11 +0300") Message-ID: <87veijkp6y.fsf@thingy.datadok.no> User-Agent: Gnus/5.1007 (Gnus v5.10.7) XEmacs/21.4.19 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: Re: SPAMD stop passing mail from WHITE-list X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 03 Feb 2007 19:37:34 -0000 ???????? ???????? writes: > I have spamd configured like in > http://home.nuug.no/~peter/pf/en/spamd.html > with greylisting enabled > > and i meet some problems with it: Well, you have my attention. I am would be very interested in getting to know about any inaccuracies in that document, and certainly any that trip people up. > 1. My 2 FreeBSD routers stopped to pass mail from WHITE-list. First > one - when spamd grows to 500 Megabytes. Second - 350 Meg. At the point where things stop working, what content does the whitelist table have? ie, anything recognizable or (incredibly) zero size? One possibility - a far fetched one, admittedly - is that hosts in your whitelist got themselves greytrapped (if you did set that up). > When I do: > cat /dev/null > /var/db/spamd > all starts to work again This sounds like somehow your initally whitelisted hosts got themselves blacklisted, or the whitelist is somehow bypassed. > 2. If i have some malware on my PC and use mail-client program. If I > send the same message some times I automatically get into WHITE-list > and my malware can spam as much as it must? If your malware manages to behave RFC-correctly, that is, resend after what the greylisting host considers a reasonable interval, it will manage to send whatever it's trying to send. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/ "First, we kill all the spammers" The Usenet Bard, "Twice-forwarded tales" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.