From owner-freebsd-pf@FreeBSD.ORG  Fri Oct  4 13:27:58 2013
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTP id BD8F8B75
 for <freebsd-pf@freebsd.org>; Fri,  4 Oct 2013 13:27:58 +0000 (UTC)
 (envelope-from Stephane.DAlu@insa-lyon.fr)
Received: from smtp.insa-lyon.fr (criges14.insa-lyon.fr [134.214.76.242])
 by mx1.freebsd.org (Postfix) with ESMTP id 810682D0D
 for <freebsd-pf@freebsd.org>; Fri,  4 Oct 2013 13:27:57 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by smtp.insa-lyon.fr (Postfix) with ESMTP id CAC5EF1255
 for <freebsd-pf@freebsd.org>; Fri,  4 Oct 2013 15:17:18 +0200 (CEST)
X-Virus-Scanned: SMTP at INSA-LYON
Received: from smtp.insa-lyon.fr ([127.0.0.1])
 by localhost (criges14.insa-lyon.fr [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id L5mw3aMVswDe for <freebsd-pf@freebsd.org>;
 Fri,  4 Oct 2013 15:17:18 +0200 (CEST)
Received: from hyperion.home.sdalu.com (hyperion.citi.insa-lyon.fr
 [134.214.146.249])
 (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits))
 (No client certificate requested) (Authenticated sender: sdalu)
 by smtp.insa-lyon.fr (Postfix) with ESMTPSA id 7A650F1252
 for <freebsd-pf@freebsd.org>; Fri,  4 Oct 2013 15:17:18 +0200 (CEST)
Message-ID: <524EBFDD.7090604@insa-lyon.fr>
Date: Fri, 04 Oct 2013 15:17:17 +0200
From: Stephane D'Alu <Stephane.DAlu@insa-lyon.fr>
Organization: CITI / INSA-Lyon
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64;
 rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-Version: 1.0
To: freebsd-pf@freebsd.org
Subject: pf deadly slow
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Mailman-Approved-At: Fri, 04 Oct 2013 13:41:50 +0000
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
 \(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Oct 2013 13:27:58 -0000

I'm running FreeBSD 9.2 inside VirtualBox with virtio for the nework
card. pf is compiled with ALTQ support.

My pf.conf file is as follow, which do nearly nothing:
 set skip on lo0
 set skip on vnet0

If pf is enabled, bandwith drop by a 1000 factor!
>From 10Mb/s to 4Kb/s

Any idea, what's going on?


PS:
- I have the same kind of configuration FreeBSD 9.2, pf + ALTQ
and real firewall rules on a non virtualized server and everything is fine.
- I will try to remove ALTQ and use em driver instead, to see if there
is a performance improvement

Sincerly
-- 
Stephane D'Alu -- Ingenieur Recherche
Laboratoire CITI / INSA-Lyon
Tel: +33 47243 6483