From owner-freebsd-pf@FreeBSD.ORG Mon May 27 11:06:51 2013 Return-Path: Delivered-To: freebsd-pf@FreeBSD.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id A642C372 for ; Mon, 27 May 2013 11:06:51 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id 96DD66D1 for ; Mon, 27 May 2013 11:06:51 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id r4RB6pBQ016119 for ; Mon, 27 May 2013 11:06:51 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.7/8.14.7/Submit) id r4RB6pKx016117 for freebsd-pf@FreeBSD.org; Mon, 27 May 2013 11:06:51 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 27 May 2013 11:06:51 GMT Message-Id: <201305271106.r4RB6pKx016117@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-pf@FreeBSD.org Subject: Current problem reports assigned to freebsd-pf@FreeBSD.org X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 May 2013 11:06:51 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/177810 pf [pf] traffic dropped by accepting rules is not counted o kern/177808 pf [pf] [patch] route-to rule forwarding traffic inspite o kern/176763 pf [pf] [patch] Removing pf Source entries locks kernel. o kern/176268 pf [pf] [patch] synproxy not working with route-to o kern/173659 pf [pf] PF fatal trap on 9.1 (taskq fatal trap on pf_test o bin/172888 pf [patch] authpf(8) feature enhancement o kern/172648 pf [pf] [ip6]: 'scrub reassemble tcp' breaks IPv6 packet o kern/171733 pf [pf] PF problem with modulate state in [regression] o kern/169630 pf [pf] [patch] pf fragment reassembly of padded (undersi o kern/168952 pf [pf] direction scrub rules don't work o kern/168190 pf [pf] panic when using pf and route-to (maybe: bad frag o kern/166336 pf [pf] kern.securelevel 3 +pf reload o kern/165315 pf [pf] States never cleared in PF with DEVICE_POLLING o kern/164402 pf [pf] pf crashes with a particular set of rules when fi o kern/164271 pf [pf] not working pf nat on FreeBSD 9.0 [regression] o kern/163208 pf [pf] PF state key linking mismatch o kern/160370 pf [pf] Incorrect pfctl check of pf.conf o kern/155736 pf [pf] [altq] borrow from parent queue does not work wit o kern/153307 pf [pf] Bug with PF firewall o kern/148290 pf [pf] "sticky-address" option of Packet Filter (PF) blo o kern/148260 pf [pf] [patch] pf rdr incompatible with dummynet o kern/147789 pf [pf] Firewall PF no longer drops connections by sendin o kern/143543 pf [pf] [panic] PF route-to causes kernel panic o bin/143504 pf [patch] outgoing states are not killed by authpf(8) o conf/142961 pf [pf] No way to adjust pidfile in pflogd o conf/142817 pf [patch] etc/rc.d/pf: silence pfctl o kern/141905 pf [pf] [panic] pf kernel panic on 7.2-RELEASE with empty o kern/140697 pf [pf] pf behaviour changes - must be documented o kern/137982 pf [pf] when pf can hit state limits, random IP failures o kern/136781 pf [pf] Packets appear to drop with pf scrub and if_bridg o kern/135948 pf [pf] [gre] pf not natting gre protocol o kern/134996 pf [pf] Anchor tables not included when pfctl(8) is run w o kern/133732 pf [pf] max-src-conn issue o conf/130381 pf [rc.d] [pf] [ip6] ipv6 not fully configured when pf st o kern/127920 pf [pf] ipv6 and synproxy don't play well together o conf/127814 pf [pf] The flush in pf_reload in /etc/rc.d/pf does not w o kern/127121 pf [pf] [patch] pf incorrect log priority o kern/127042 pf [pf] [patch] pf recursion panic if interface group is o kern/125467 pf [pf] pf keep state bug while handling sessions between s kern/124933 pf [pf] [ip6] pf does not support (drops) IPv6 fragmented o kern/122773 pf [pf] pf doesn't log uid or pid when configured to o kern/122014 pf [pf] [panic] FreeBSD 6.2 panic in pf o kern/120281 pf [pf] [request] lost returning packets to PF for a rdr o kern/120057 pf [pf] [patch] Allow proper settings of ALTQ_HFSC. The c o bin/118355 pf [pf] [patch] pfctl(8) help message options order false o kern/114567 pf [pf] [lor] pf_ioctl.c + if.c o kern/103283 pf pfsync fails to sucessfully transfer some sessions o kern/93825 pf [pf] pf reply-to doesn't work o sparc/93530 pf [pf] Incorrect checksums when using pf's route-to on s o kern/92949 pf [pf] PF + ALTQ problems with latency o bin/86635 pf [patch] pfctl(8): allow new page character (^L) in pf. o kern/82271 pf [pf] cbq scheduler cause bad latency 52 problems total. From owner-freebsd-pf@FreeBSD.ORG Wed May 29 16:13:21 2013 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id B29B9633 for ; Wed, 29 May 2013 16:13:21 +0000 (UTC) (envelope-from emz@norma.perm.ru) Received: from elf.hq.norma.perm.ru (unknown [IPv6:2001:470:1f09:14c0::2]) by mx1.freebsd.org (Postfix) with ESMTP id 3F2EE6DD for ; Wed, 29 May 2013 16:13:20 +0000 (UTC) Received: from [192.168.248.34] ([192.168.248.34]) by elf.hq.norma.perm.ru (8.14.5/8.14.5) with ESMTP id r4TGDEFE052049 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO) for ; Wed, 29 May 2013 22:13:16 +0600 (YEKT) (envelope-from emz@norma.perm.ru) Message-ID: <51A62915.1060505@norma.perm.ru> Date: Wed, 29 May 2013 22:13:09 +0600 From: "Eugene M. Zheganin" User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130509 Thunderbird/17.0.6 MIME-Version: 1.0 To: freebsd-pf@freebsd.org Subject: pf/altq and default queue Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (elf.hq.norma.perm.ru [192.168.3.10]); Wed, 29 May 2013 22:13:16 +0600 (YEKT) X-Spam-Status: No hits=-101.0 bayes=0.5 testhits ALL_TRUSTED=-1, USER_IN_WHITELIST=-100 autolearn=unavailable version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on elf.hq.norma.perm.ru X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 May 2013 16:13:21 -0000 Hi. I have an 8.1-RELEASE (yup, a bit outdated). Today I saw a situation when I observe a speed about 90 MBit/sec on an interface where altq is enabled, but root queue shows only half of that amount. Here comes the output: config: altq on em0 cbq bandwidth 100Mb queue { domru, internal } queue domru bandwidth 30Mb { domru_voip, domru_term, domru_standard } queue domru_voip bandwidth 2Mb priority 7 cbq(borrow) queue domru_term bandwidth 2Mb priority 7 cbq(borrow) queue domru_standard bandwidth 25Mb priority 4 cbq(red) queue internal bandwidth 70Mb cbq (default) pfctl -vvvs queue: queue root_em0 on em0 bandwidth 100Mb priority 0 cbq( wrr root ) {domru, internal} [ pkts: 5640756 bytes: 4902213386 dropped pkts: 0 bytes: 0 ] [ qlength: 0/ 50 borrows: 0 suspends: 0 ] [ measured: 8895.4 packets/s, 50.82Mb/s ] queue domru on em0 bandwidth 30Mb {domru_voip, domru_term, domru_standard} [ pkts: 0 bytes: 0 dropped pkts: 0 bytes: 0 ] [ qlength: 0/ 50 borrows: 0 suspends: 0 ] [ measured: 0.0 packets/s, 0 b/s ] queue domru_voip on em0 bandwidth 2Mb priority 7 cbq( borrow ) [ pkts: 23 bytes: 12029 dropped pkts: 0 bytes: 0 ] [ qlength: 0/ 50 borrows: 0 suspends: 0 ] [ measured: 0.0 packets/s, 170.36 b/s ] queue domru_term on em0 bandwidth 2Mb priority 7 cbq( borrow ) [ pkts: 18257 bytes: 12440795 dropped pkts: 27 bytes: 8306 ] [ qlength: 23/ 50 borrows: 9196 suspends: 643 ] [ measured: 132.6 packets/s, 977.86Kb/s ] queue domru_standard on em0 bandwidth 25Mb priority 4 cbq( red ) [ pkts: 1853521 bytes: 1561628960 dropped pkts: 46210 bytes: 36121115 ] [ qlength: 0/ 50 borrows: 0 suspends: 91436 ] [ measured: 2828.0 packets/s, 18.86Mb/s ] queue internal on em0 bandwidth 70Mb cbq( default ) [ pkts: 3768965 bytes: 3328140798 dropped pkts: 1887 bytes: 1185226 ] [ qlength: 0/ 50 borrows: 0 suspends: 84630 ] [ measured: 5934.9 packets/s, 30.98Mb/s ] netstat -I em0 1: 4616 0 0 4622558 3899 25 2795894 0 4470 0 0 4381202 4245 43 3324893 0 4589 0 0 4189727 4759 24 3797872 0 4231 0 0 4367365 3766 25 2687472 0 4838 0 0 4860147 4188 26 3022562 0 5025 0 0 5168430 4418 69 3226557 0 6379 0 0 7429234 5361 11 2663720 0 <=== wget started 8264 0 0 10792601 5921 17 1620189 0 8449 0 0 11165433 6006 25 1262430 0 8736 0 0 11428083 6010 37 1007035 0 8513 0 0 10751876 6107 33 1635660 0 8511 0 0 10925151 6083 40 1474535 0 8244 0 0 10845278 5824 11 1562181 0 8273 0 0 10827011 5928 24 1605532 0 8159 0 0 10697129 5718 7 1665896 0 7858 0 0 10173396 5852 9 2098723 0 8145 0 0 10574881 5885 59 1812857 0 8120 0 0 10495941 5784 17 1873823 0 8287 0 0 10955045 5746 41 1437687 0 input (vlan2) output packets errs idrops bytes packets errs bytes colls 8179 0 0 10604523 5992 78 1772952 0 8114 0 0 10595869 5861 7 1794099 0 8230 0 0 10644911 5928 65 1745887 0 8252 0 0 10825497 5898 51 1576670 0 8277 0 0 10739635 5946 20 1660457 0 8375 0 0 10763467 6051 10 1643478 0 8203 0 0 10712495 5921 27 1682199 0 wget: [root@dev /home/emz]# wget http://files2.enaza.ru/isk.7z --2013-05-29 18:03:37-- http://files2.enaza.ru/isk.7z Resolving files2.enaza.ru... 212.33.230.17 Connecting to files2.enaza.ru|212.33.230.17|:80... connection established. Request HTTP sent, waiting for answer... 200 OK Length: 313227902 (299M) [application/x-7z-compressed] Saving to: <> 40% [==============================> ] 125 558 720 6,34M/s ост 30s So... It's obvious that this flow doesn't match any of the configured queues. In this case I expect it to match the default queue. It's clear that the rate in the default queue is far below 60Mbit/sec. Does this output means that this flow isn't shaped by the default queue ? Or may be it means that pfctl -vvvs queue doesn't _show_ the packets that go in the default queue, except on the ones that are explicitely bound to it (I have such packets, I explicitely sent some traffic to the deafult queue) ? Thanks. Eugene.