From owner-freebsd-pf@FreeBSD.ORG Mon Nov 15 11:07:01 2010 Return-Path: Delivered-To: freebsd-pf@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8EC591065715 for ; Mon, 15 Nov 2010 11:07:01 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 7BA028FC17 for ; Mon, 15 Nov 2010 11:07:01 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id oAFB71sm086361 for ; Mon, 15 Nov 2010 11:07:01 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id oAFB70QG086359 for freebsd-pf@FreeBSD.org; Mon, 15 Nov 2010 11:07:00 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 15 Nov 2010 11:07:00 GMT Message-Id: <201011151107.oAFB70QG086359@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-pf@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-pf@FreeBSD.org X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Nov 2010 11:07:01 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/148290 pf [pf] "sticky-address" option of Packet Filter (PF) blo o kern/148260 pf [pf] [patch] pf rdr incompatible with dummynet o kern/147789 pf [pf] Firewall PF no longer drops connections by sendin o kern/146832 pf [pf] "(self)" not always matching all local IPv6 addre o kern/143543 pf [pf] [panic] PF route-to causes kernel panic o bin/143504 pf [patch] outgoing states are not killed by authpf(8) o conf/142961 pf [pf] No way to adjust pidfile in pflogd o conf/142817 pf [patch] etc/rc.d/pf: silence pfctl o kern/141905 pf [pf] [panic] pf kernel panic on 7.2-RELEASE with empty o kern/140697 pf [pf] pf behaviour changes - must be documented o kern/137982 pf [pf] when pf can hit state limits, random IP failures o kern/136781 pf [pf] Packets appear to drop with pf scrub and if_bridg o kern/135948 pf [pf] [gre] pf not natting gre protocol o kern/135162 pf [pfsync] pfsync(4) not usable with GENERIC kernel o kern/134996 pf [pf] Anchor tables not included when pfctl(8) is run w o kern/133732 pf [pf] max-src-conn issue o kern/132769 pf [pf] [lor] 2 LOR's with pf task mtx / ifnet and rtent f kern/132176 pf [pf] pf stalls connection when using route-to [regress o conf/130381 pf [rc.d] [pf] [ip6] ipv6 not fully configured when pf st o kern/129861 pf [pf] [patch] Argument names reversed in pf_table.c:_co o kern/127920 pf [pf] ipv6 and synproxy don't play well together o conf/127814 pf [pf] The flush in pf_reload in /etc/rc.d/pf does not w o kern/127439 pf [pf] deadlock in pf f kern/127345 pf [pf] Problem with PF on FreeBSD7.0 [regression] o kern/127121 pf [pf] [patch] pf incorrect log priority o kern/127042 pf [pf] [patch] pf recursion panic if interface group is o kern/125467 pf [pf] pf keep state bug while handling sessions between s kern/124933 pf [pf] [ip6] pf does not support (drops) IPv6 fragmented o kern/124364 pf [pf] [panic] Kernel panic with pf + bridge o kern/122773 pf [pf] pf doesn't log uid or pid when configured to o kern/122014 pf [pf] [panic] FreeBSD 6.2 panic in pf o kern/120281 pf [pf] [request] lost returning packets to PF for a rdr o kern/120057 pf [pf] [patch] Allow proper settings of ALTQ_HFSC. The c o bin/118355 pf [pf] [patch] pfctl(8) help message options order false o kern/114567 pf [pf] [lor] pf_ioctl.c + if.c o kern/114095 pf [carp] carp+pf delay with high state limit o kern/111220 pf [pf] repeatable hangs while manipulating pf tables s conf/110838 pf [pf] tagged parameter on nat not working on FreeBSD 5. o kern/103283 pf pfsync fails to sucessfully transfer some sessions o kern/103281 pf pfsync reports bulk update failures o kern/93825 pf [pf] pf reply-to doesn't work o sparc/93530 pf [pf] Incorrect checksums when using pf's route-to on s o kern/92949 pf [pf] PF + ALTQ problems with latency o bin/86635 pf [patch] pfctl(8): allow new page character (^L) in pf. o kern/82271 pf [pf] cbq scheduler cause bad latency 45 problems total. From owner-freebsd-pf@FreeBSD.ORG Mon Nov 15 13:11:41 2010 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 17E0F106566B for ; Mon, 15 Nov 2010 13:11:41 +0000 (UTC) (envelope-from fabrice.bruel@orange-ftgroup.com) Received: from relais-inet.francetelecom.com (relais-ias91.francetelecom.com [193.251.215.91]) by mx1.freebsd.org (Postfix) with ESMTP id A40AA8FC12 for ; Mon, 15 Nov 2010 13:11:40 +0000 (UTC) Received: from omfedm06.si.francetelecom.fr (unknown [xx.xx.xx.2]) by omfedm10.si.francetelecom.fr (ESMTP service) with ESMTP id 881F9264292 for ; Mon, 15 Nov 2010 13:54:42 +0100 (CET) Received: from PUEXCC51.nanterre.francetelecom.fr (unknown [10.168.74.61]) by omfedm06.si.francetelecom.fr (ESMTP service) with ESMTP id 6D24627C083 for ; Mon, 15 Nov 2010 13:54:42 +0100 (CET) Received: from PUEXCBM0.nanterre.francetelecom.fr ([10.168.75.16]) by PUEXCC51.nanterre.francetelecom.fr with Microsoft SMTPSVC(6.0.3790.3959); Mon, 15 Nov 2010 13:54:42 +0100 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Date: Mon, 15 Nov 2010 13:54:27 +0100 Message-ID: <19449_1289825682_4CE12D92_19449_436731_1_9916A266ED407940A71D013B3C327F2804F91AA5@PUEXCBM0.nanterre.francetelecom.fr> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: reassemble tcp and TTL Thread-Index: AcuExDyzbRqTV3qFQ2GkBZy0uQaMgw== From: To: X-OriginalArrivalTime: 15 Nov 2010 12:54:42.0288 (UTC) FILETIME=[4564C700:01CB84C4] X-PMX-Version: 5.5.9.395186, Antispam-Engine: 2.7.2.376379, Antispam-Data: 2010.11.15.122115 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: reassemble tcp and TTL X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Nov 2010 13:11:41 -0000 Hello, =20 Is it possible to use reassemble tcp but no changing TTL ?=20 Actually, we use scrub with reassemble tcp. Unfortunatly, last week, a mistake in network configuration has introduce a loop... For each tcp packet, TTL never expired (rewrite by pf) so this packet would never died... The link grow up to 100Mb/s (spped of this interface) ... =20 =20 Thanks -- Fabrice BRUEL ********************************* This message and any attachments (the "message") are confidential and inten= ded solely for the addressees.=20 Any unauthorised use or dissemination is prohibited. Messages are susceptible to alteration.=20 France Telecom Group shall not be liable for the message if altered, change= d or falsified. If you are not the intended addressee of this message, please cancel it imm= ediately and inform the sender. ******************************** From owner-freebsd-pf@FreeBSD.ORG Fri Nov 19 15:32:45 2010 Return-Path: Delivered-To: freebsd-pf@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 99E08106566C for ; Fri, 19 Nov 2010 15:32:45 +0000 (UTC) (envelope-from Holger.Rauch@empic.de) Received: from zaphod.cra.heitec.net (zaphod.cra.heitec.net [93.93.254.227]) by mx1.freebsd.org (Postfix) with SMTP id 09A908FC24 for ; Fri, 19 Nov 2010 15:32:44 +0000 (UTC) Received: from MX2.heitec.net ([10.65.102.32]) by eSafe SMTP Relay 1290092420; Fri, 19 Nov 2010 16:21:34 +0100 Received: from MX1.heitec.net ([fe80::7cee:e37c:f13b:cff3]) by MX2.heitec.net ([fe80::e514:6b3f:2ac5:2381%18]) with mapi; Fri, 19 Nov 2010 16:21:34 +0100 From: Holger Rauch To: "freebsd-pf@FreeBSD.org" Thread-Topic: PF from OpenBSD 4.5 available as patch for 8.1-STABLE? Thread-Index: AcuH/XK1GdbXuzyMRZOt4+P/vO3hvw== Date: Fri, 19 Nov 2010 15:21:33 +0000 Message-ID: <1989F0C06F24544989EB233736143E7C01F7A6CC@MX1.heitec.net> Accept-Language: en-US, de-DE Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-ESAFE-STATUS: [esafe] Mail clean X-ESAFE-DETAILS: [esafe] Cc: Subject: PF from OpenBSD 4.5 available as patch for 8.1-STABLE? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Nov 2010 15:32:45 -0000 Hi, is there such a patch? The reason why I ask for it is: I'm currently experiencing saturated network interfaces when using gigabi= t networking in conjunction with certain Linux driver<->NIC combos for Br= oadcom chips against the PF version shipped with FreeBSD 8.1 stable runni= ng on a HP ProLiant DL 180 G5 server. The problem only occurs with high throughputs (at least 30 MBytes/sec) ca= used by scp/rsync. Up to now, I've come accross this issue with Broadcom Corporation NetLink BCM5787M Gigabit Ethernet PCI Express (rev = 02) (tg3 driver in Linux) and Broadcom Corporation NetXtreme II BCM5709 Gigabit Ethernet (rev 20) (bnx2 driver in Linux; this is used in various HP ProLiant servers) But it doesn't occur with Intel chips and also not with this chip Broadcom Corporation NetXtreme BCM5764M Gigabit Ethernet PCIe (rev 10) (tg3 driver in Linux). With those NICs I can transfer 50-60 MBytes/sec vi= a scp/rsync without any problem. I've also tried different Linux kernel versions (2.6.26 and 2.6.32). Didn= 't make a difference. On FreeBSD systems, I get around 22 MByte/sec when transferring files via= scp. Furthermore, changing the PF rules from "modulate state" to "keep s= tate" has also had a positive impact. I now workarounded the problem by c= hanging all scp based cron jobs to rsync using ssh in conjunction with rs= ync's --bwlimit option. Thanks in advance & kind regards, Holger THE standard software for Aviation Authorities *************************************************************************= ********************* IMPORTANT NOTICE / WICHTIGER HINWEIS This communication contains information which is confidential and may als= o be privileged. It is for the=20 exclusive use of the intended recipient(s). If you are not the intended r= ecipient(s) please note that any=20 distribution, copying or use of this communication or the information in = it is strictly prohibited. If you have=20 received this communication in error please notify us immediately by emai= l or by telephone and then delete=20 this email and any copies of it. Diese E-Mail koennte vertrauliche und/oder rechtlich geschuetzte Informat= ionen enthalten. Wenn Sie nicht=20 der richtige Adressat sind oder diese E-Mail irrtuemlich erhalten haben, = informieren Sie bitte sofort den=20 Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die= unbefugte Weitergabe dieser=20 Mail sind nicht gestattet. *************************************************************************= ********************* From owner-freebsd-pf@FreeBSD.ORG Fri Nov 19 16:21:06 2010 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7BB1D10656A4 for ; Fri, 19 Nov 2010 16:21:06 +0000 (UTC) (envelope-from cattelan@thebarn.com) Received: from x.digitalelves.com (x.digitalelves.com [209.98.77.55]) by mx1.freebsd.org (Postfix) with ESMTP id 268168FC29 for ; Fri, 19 Nov 2010 16:21:05 +0000 (UTC) Received: from Russsells-Mac-Pro.local (localhost [127.0.0.1]) (authenticated bits=0) by x.digitalelves.com (8.14.4/8.14.4) with ESMTP id oAJG5ck4059187 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Fri, 19 Nov 2010 10:05:39 -0600 (CST) (envelope-from cattelan@thebarn.com) Message-ID: <4CE6A052.3010007@thebarn.com> Date: Fri, 19 Nov 2010 10:05:38 -0600 From: Russell Cattelan User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.1.15) Gecko/20101027 SeaMonkey/2.0.10 MIME-Version: 1.0 To: Holger Rauch References: <1989F0C06F24544989EB233736143E7C01F7A6CC@MX1.heitec.net> In-Reply-To: <1989F0C06F24544989EB233736143E7C01F7A6CC@MX1.heitec.net> Content-Type: multipart/mixed; boundary="------------040000050706030003080408" X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: "freebsd-pf@FreeBSD.org" Subject: Re: PF from OpenBSD 4.5 available as patch for 8.1-STABLE? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Nov 2010 16:21:06 -0000 This is a multi-part message in MIME format. --------------040000050706030003080408 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit I have not looked at this patch but you probably want to look at http://lists.freebsd.org/pipermail/freebsd-pf/2010-October/005842.html It is a bit unclear from your post what problem are you trying to solve here? Limit the bandwidth of your linux boxes when doing scp/rsync? -Russell Holger Rauch wrote: > Hi, > > is there such a patch? The reason why I ask for it is: > > I'm currently experiencing saturated network interfaces when using gigabit networking in conjunction with certain Linux driver<->NIC combos for Broadcom chips against the PF version shipped with FreeBSD 8.1 stable running on a HP ProLiant DL 180 G5 server. > > The problem only occurs with high throughputs (at least 30 MBytes/sec) caused by scp/rsync. Up to now, I've come accross this issue with > > Broadcom Corporation NetLink BCM5787M Gigabit Ethernet PCI Express (rev 02) (tg3 driver in Linux) > > and > > Broadcom Corporation NetXtreme II BCM5709 Gigabit Ethernet (rev 20) > (bnx2 driver in Linux; this is used in various HP ProLiant servers) > > But it doesn't occur with Intel chips and also not with this chip > > Broadcom Corporation NetXtreme BCM5764M Gigabit Ethernet PCIe (rev 10) > (tg3 driver in Linux). With those NICs I can transfer 50-60 MBytes/sec via scp/rsync without any problem. > > I've also tried different Linux kernel versions (2.6.26 and 2.6.32). Didn't make a difference. > > On FreeBSD systems, I get around 22 MByte/sec when transferring files via scp. Furthermore, changing the PF rules from "modulate state" to "keep state" has also had a positive impact. I now workarounded the problem by changing all scp based cron jobs to rsync using ssh in conjunction with rsync's --bwlimit option. > > Thanks in advance& kind regards, > > Holger > > > THE standard software for Aviation Authorities > > ********************************************************************************************** > IMPORTANT NOTICE / WICHTIGER HINWEIS > This communication contains information which is confidential and may also be privileged. It is for the > exclusive use of the intended recipient(s). If you are not the intended recipient(s) please note that any > distribution, copying or use of this communication or the information in it is strictly prohibited. If you have > received this communication in error please notify us immediately by email or by telephone and then delete > this email and any copies of it. > Diese E-Mail koennte vertrauliche und/oder rechtlich geschuetzte Informationen enthalten. Wenn Sie nicht > der richtige Adressat sind oder diese E-Mail irrtuemlich erhalten haben, informieren Sie bitte sofort den > Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser > Mail sind nicht gestattet. > ********************************************************************************************** > > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" --------------040000050706030003080408-- From owner-freebsd-pf@FreeBSD.ORG Fri Nov 19 16:29:20 2010 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5B47C106566C for ; Fri, 19 Nov 2010 16:29:20 +0000 (UTC) (envelope-from Holger.Rauch@empic.de) Received: from zaphod.cra.heitec.net (zaphod.cra.heitec.net [93.93.254.227]) by mx1.freebsd.org (Postfix) with SMTP id B4D6F8FC08 for ; Fri, 19 Nov 2010 16:29:19 +0000 (UTC) Received: from MX2.heitec.net ([10.65.102.32]) by eSafe SMTP Relay 1290092420; Fri, 19 Nov 2010 17:29:08 +0100 Received: from MX1.heitec.net ([fe80::7cee:e37c:f13b:cff3]) by MX2.heitec.net ([fe80::e514:6b3f:2ac5:2381%18]) with mapi; Fri, 19 Nov 2010 17:29:08 +0100 From: Holger Rauch To: Russell Cattelan Thread-Topic: PF from OpenBSD 4.5 available as patch for 8.1-STABLE? Thread-Index: AcuH/XK1GdbXuzyMRZOt4+P/vO3hv///+40AgAAVBYU= Date: Fri, 19 Nov 2010 16:29:07 +0000 Message-ID: <1989F0C06F24544989EB233736143E7C01F7A757@MX1.heitec.net> References: <1989F0C06F24544989EB233736143E7C01F7A6CC@MX1.heitec.net>, <4CE6A052.3010007@thebarn.com> In-Reply-To: <4CE6A052.3010007@thebarn.com> Accept-Language: en-US, de-DE Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-ESAFE-STATUS: [esafe] Mail clean X-ESAFE-DETAILS: [esafe] Cc: "freebsd-pf@FreeBSD.org" Subject: RE: PF from OpenBSD 4.5 available as patch for 8.1-STABLE? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Nov 2010 16:29:20 -0000 Hi Russell, I'm trying to solve the problem that my rsync/scp tasks stall the involve= d NICs on the firewall host are saturated. Up to now, I've noticed this s= aturation only with certain driver/NIC combos and the stalling has only o= ccurred on the target side (i.e. the NIC the data gets transfered to). So= , the rsync --bwlimit stuff is really just a "quick hack" in order to pre= vent that NIC saturation. A still better solution would probably be to us= e PF queues. But I actually hope to get by without having to do something= like this. I'm wondering anyway why PF doesn't prevent such saturation from happenin= g on its own (without having to introduce queues)? Thanks for the pointer to the patch. I will ask the author as to whether = it can be applied without too much effort against 8.1-STABLE. Greetings, Holger ________________________________________ From: Russell Cattelan [cattelan@thebarn.com] Sent: Friday, November 19, 2010 17:05 To: Holger Rauch Cc: freebsd-pf@FreeBSD.org Subject: Re: PF from OpenBSD 4.5 available as patch for 8.1-STABLE? I have not looked at this patch but you probably want to look at http://lists.freebsd.org/pipermail/freebsd-pf/2010-October/005842.html It is a bit unclear from your post what problem are you trying to solve here? Limit the bandwidth of your linux boxes when doing scp/rsync? -Russell Holger Rauch wrote: > Hi, > > is there such a patch? The reason why I ask for it is: > > I'm currently experiencing saturated network interfaces when using giga= bit networking in conjunction with certain Linux driver<->NIC combos for = Broadcom chips against the PF version shipped with FreeBSD 8.1 stable run= ning on a HP ProLiant DL 180 G5 server. > > The problem only occurs with high throughputs (at least 30 MBytes/sec) = caused by scp/rsync. Up to now, I've come accross this issue with > > Broadcom Corporation NetLink BCM5787M Gigabit Ethernet PCI Express (r= ev 02) (tg3 driver in Linux) > > and > > Broadcom Corporation NetXtreme II BCM5709 Gigabit Ethernet (rev 20) > (bnx2 driver in Linux; this is used in various HP ProLiant servers) > > But it doesn't occur with Intel chips and also not with this chip > > Broadcom Corporation NetXtreme BCM5764M Gigabit Ethernet PCIe (rev 10) > (tg3 driver in Linux). With those NICs I can transfer 50-60 MBytes/sec = via scp/rsync without any problem. > > I've also tried different Linux kernel versions (2.6.26 and 2.6.32). Di= dn't make a difference. > > On FreeBSD systems, I get around 22 MByte/sec when transferring files v= ia scp. Furthermore, changing the PF rules from "modulate state" to "keep= state" has also had a positive impact. I now workarounded the problem by= changing all scp based cron jobs to rsync using ssh in conjunction with = rsync's --bwlimit option. > > Thanks in advance& kind regards, > > Holger > > > THE standard software for Aviation Authorities > > ***********************************************************************= *********************** > IMPORTANT NOTICE / WICHTIGER HINWEIS > This communication contains information which is confidential and may a= lso be privileged. It is for the > exclusive use of the intended recipient(s). If you are not the intended= recipient(s) please note that any > distribution, copying or use of this communication or the information i= n it is strictly prohibited. If you have > received this communication in error please notify us immediately by em= ail or by telephone and then delete > this email and any copies of it. > Diese E-Mail koennte vertrauliche und/oder rechtlich geschuetzte Inform= ationen enthalten. Wenn Sie nicht > der richtige Adressat sind oder diese E-Mail irrtuemlich erhalten haben= , informieren Sie bitte sofort den > Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie d= ie unbefugte Weitergabe dieser > Mail sind nicht gestattet. > ***********************************************************************= *********************** > > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" *** eSafe scanned this email for malicious content *** *** IMPORTANT: Do not open attachments from unrecognized senders *** THE standard software for Aviation Authorities *************************************************************************= ********************* IMPORTANT NOTICE / WICHTIGER HINWEIS This communication contains information which is confidential and may als= o be privileged. It is for the=20 exclusive use of the intended recipient(s). If you are not the intended r= ecipient(s) please note that any=20 distribution, copying or use of this communication or the information in = it is strictly prohibited. If you have=20 received this communication in error please notify us immediately by emai= l or by telephone and then delete=20 this email and any copies of it. Diese E-Mail koennte vertrauliche und/oder rechtlich geschuetzte Informat= ionen enthalten. Wenn Sie nicht=20 der richtige Adressat sind oder diese E-Mail irrtuemlich erhalten haben, = informieren Sie bitte sofort den=20 Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die= unbefugte Weitergabe dieser=20 Mail sind nicht gestattet. *************************************************************************= ********************* From owner-freebsd-pf@FreeBSD.ORG Fri Nov 19 17:09:40 2010 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id F200E10656A9 for ; Fri, 19 Nov 2010 17:09:40 +0000 (UTC) (envelope-from Holger.Rauch@empic.de) Received: from zaphod.cra.heitec.net (zaphod.cra.heitec.net [93.93.254.227]) by mx1.freebsd.org (Postfix) with SMTP id 3FCB38FC16 for ; Fri, 19 Nov 2010 17:09:39 +0000 (UTC) Received: from MX2.heitec.net ([10.65.102.32]) by eSafe SMTP Relay 1290092420; Fri, 19 Nov 2010 18:09:30 +0100 Received: from MX1.heitec.net ([fe80::7cee:e37c:f13b:cff3]) by MX2.heitec.net ([fe80::e514:6b3f:2ac5:2381%18]) with mapi; Fri, 19 Nov 2010 18:09:30 +0100 From: Holger Rauch To: Holger Rauch , Russell Cattelan Thread-Topic: PF from OpenBSD 4.5 available as patch for 8.1-STABLE? Thread-Index: AcuH/XK1GdbXuzyMRZOt4+P/vO3hv///+40AgAAVBYWAAAgwbg== Date: Fri, 19 Nov 2010 17:09:29 +0000 Message-ID: <1989F0C06F24544989EB233736143E7C01F7A78B@MX1.heitec.net> References: <1989F0C06F24544989EB233736143E7C01F7A6CC@MX1.heitec.net>, <4CE6A052.3010007@thebarn.com>, <1989F0C06F24544989EB233736143E7C01F7A757@MX1.heitec.net> In-Reply-To: <1989F0C06F24544989EB233736143E7C01F7A757@MX1.heitec.net> Accept-Language: en-US, de-DE Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-ESAFE-STATUS: [esafe] Mail clean X-ESAFE-DETAILS: [esafe] Cc: "freebsd-pf@FreeBSD.org" Subject: RE: PF from OpenBSD 4.5 available as patch for 8.1-STABLE? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Nov 2010 17:09:41 -0000 Rehi, just in case somebody is interested. I just applied the referenced patch = and it applied without any major problems. I only had to remove/add a few= #includes manually (due to .rej files). So, I don't suspect any compilat= ion problems. I'm currently waiting for make buildworld && make buildkernel to complete. Once it's done, I hope it works without any problems (apart = from the known bugs). Kind regards, Holger ________________________________________ From: Holger Rauch Sent: Friday, November 19, 2010 17:29 To: Russell Cattelan Cc: freebsd-pf@FreeBSD.org Subject: RE: PF from OpenBSD 4.5 available as patch for 8.1-STABLE? Hi Russell, I'm trying to solve the problem that my rsync/scp tasks stall the involve= d NICs on the firewall host are saturated. Up to now, I've noticed this s= aturation only with certain driver/NIC combos and the stalling has only o= ccurred on the target side (i.e. the NIC the data gets transfered to). So= , the rsync --bwlimit stuff is really just a "quick hack" in order to pre= vent that NIC saturation. A still better solution would probably be to us= e PF queues. But I actually hope to get by without having to do something= like this. I'm wondering anyway why PF doesn't prevent such saturation from happenin= g on its own (without having to introduce queues)? Thanks for the pointer to the patch. I will ask the author as to whether = it can be applied without too much effort against 8.1-STABLE. Greetings, Holger ________________________________________ From: Russell Cattelan [cattelan@thebarn.com] Sent: Friday, November 19, 2010 17:05 To: Holger Rauch Cc: freebsd-pf@FreeBSD.org Subject: Re: PF from OpenBSD 4.5 available as patch for 8.1-STABLE? I have not looked at this patch but you probably want to look at http://lists.freebsd.org/pipermail/freebsd-pf/2010-October/005842.html It is a bit unclear from your post what problem are you trying to solve here? Limit the bandwidth of your linux boxes when doing scp/rsync? -Russell Holger Rauch wrote: > Hi, > > is there such a patch? The reason why I ask for it is: > > I'm currently experiencing saturated network interfaces when using giga= bit networking in conjunction with certain Linux driver<->NIC combos for = Broadcom chips against the PF version shipped with FreeBSD 8.1 stable run= ning on a HP ProLiant DL 180 G5 server. > > The problem only occurs with high throughputs (at least 30 MBytes/sec) = caused by scp/rsync. Up to now, I've come accross this issue with > > Broadcom Corporation NetLink BCM5787M Gigabit Ethernet PCI Express (r= ev 02) (tg3 driver in Linux) > > and > > Broadcom Corporation NetXtreme II BCM5709 Gigabit Ethernet (rev 20) > (bnx2 driver in Linux; this is used in various HP ProLiant servers) > > But it doesn't occur with Intel chips and also not with this chip > > Broadcom Corporation NetXtreme BCM5764M Gigabit Ethernet PCIe (rev 10) > (tg3 driver in Linux). With those NICs I can transfer 50-60 MBytes/sec = via scp/rsync without any problem. > > I've also tried different Linux kernel versions (2.6.26 and 2.6.32). Di= dn't make a difference. > > On FreeBSD systems, I get around 22 MByte/sec when transferring files v= ia scp. Furthermore, changing the PF rules from "modulate state" to "keep= state" has also had a positive impact. I now workarounded the problem by= changing all scp based cron jobs to rsync using ssh in conjunction with = rsync's --bwlimit option. > > Thanks in advance& kind regards, > > Holger > > > THE standard software for Aviation Authorities > > ***********************************************************************= *********************** > IMPORTANT NOTICE / WICHTIGER HINWEIS > This communication contains information which is confidential and may a= lso be privileged. It is for the > exclusive use of the intended recipient(s). If you are not the intended= recipient(s) please note that any > distribution, copying or use of this communication or the information i= n it is strictly prohibited. If you have > received this communication in error please notify us immediately by em= ail or by telephone and then delete > this email and any copies of it. > Diese E-Mail koennte vertrauliche und/oder rechtlich geschuetzte Inform= ationen enthalten. Wenn Sie nicht > der richtige Adressat sind oder diese E-Mail irrtuemlich erhalten haben= , informieren Sie bitte sofort den > Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie d= ie unbefugte Weitergabe dieser > Mail sind nicht gestattet. > ***********************************************************************= *********************** > > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" *** eSafe scanned this email for malicious content *** *** IMPORTANT: Do not open attachments from unrecognized senders *** THE standard software for Aviation Authorities *************************************************************************= ********************* IMPORTANT NOTICE / WICHTIGER HINWEIS This communication contains information which is confidential and may als= o be privileged. It is for the=20 exclusive use of the intended recipient(s). If you are not the intended r= ecipient(s) please note that any=20 distribution, copying or use of this communication or the information in = it is strictly prohibited. If you have=20 received this communication in error please notify us immediately by emai= l or by telephone and then delete=20 this email and any copies of it. Diese E-Mail koennte vertrauliche und/oder rechtlich geschuetzte Informat= ionen enthalten. Wenn Sie nicht=20 der richtige Adressat sind oder diese E-Mail irrtuemlich erhalten haben, = informieren Sie bitte sofort den=20 Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die= unbefugte Weitergabe dieser=20 Mail sind nicht gestattet. *************************************************************************= ********************* From owner-freebsd-pf@FreeBSD.ORG Fri Nov 19 18:20:48 2010 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EB025106564A for ; Fri, 19 Nov 2010 18:20:47 +0000 (UTC) (envelope-from Holger.Rauch@empic.de) Received: from zaphod.cra.heitec.net (zaphod.cra.heitec.net [93.93.254.227]) by mx1.freebsd.org (Postfix) with SMTP id 50D658FC23 for ; Fri, 19 Nov 2010 18:20:46 +0000 (UTC) Received: from MX2.heitec.net ([10.65.102.32]) by eSafe SMTP Relay 1290092420; Fri, 19 Nov 2010 19:20:32 +0100 Received: from MX1.heitec.net ([fe80::7cee:e37c:f13b:cff3]) by MX2.heitec.net ([fe80::e514:6b3f:2ac5:2381%18]) with mapi; Fri, 19 Nov 2010 19:20:32 +0100 From: Holger Rauch To: Chris Buechler Thread-Topic: PF from OpenBSD 4.5 available as patch for 8.1-STABLE? Thread-Index: AcuH/XK1GdbXuzyMRZOt4+P/vO3hvwADvrmAAAJq8Wc= Date: Fri, 19 Nov 2010 18:18:00 +0000 Message-ID: <1989F0C06F24544989EB233736143E7C01F7A854@MX1.heitec.net> References: <1989F0C06F24544989EB233736143E7C01F7A6CC@MX1.heitec.net>, In-Reply-To: Accept-Language: en-US, de-DE Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-ESAFE-STATUS: [esafe] Mail clean X-ESAFE-DETAILS: [esafe] Cc: "freebsd-pf@FreeBSD.org" Subject: RE: PF from OpenBSD 4.5 available as patch for 8.1-STABLE? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Nov 2010 18:20:48 -0000 Hi Chris, thanks for mentioning this. Unfortunately I forgot to mention that the pr= oblem doesn't occur when both hosts are on the same subnet (i.e. no firew= all in between, only HP ProCurve switches). But I will follow your suggestion and try to disable HW checksum offloadi= ng. Greetings, Holger ________________________________________ From: Chris Buechler [cbuechler@gmail.com] Sent: Friday, November 19, 2010 19:08 To: Holger Rauch Cc: freebsd-pf@FreeBSD.org Subject: Re: PF from OpenBSD 4.5 available as patch for 8.1-STABLE? On Fri, Nov 19, 2010 at 10:21 AM, Holger Rauch wr= ote: > Hi, > > is there such a patch? The reason why I ask for it is: > > I'm currently experiencing saturated network interfaces when using giga= bit networking in conjunction with certain Linux driver<->NIC combos for = Broadcom chips against the PF version shipped with FreeBSD 8.1 stable run= ning on a HP ProLiant DL 180 G5 server. > > The problem only occurs with high throughputs (at least 30 MBytes/sec) = caused by scp/rsync. Up to now, I've come accross this issue with > > Broadcom Corporation NetLink BCM5787M Gigabit Ethernet PCI Express (re= v 02) (tg3 driver in Linux) > > and > > Broadcom Corporation NetXtreme II BCM5709 Gigabit Ethernet (rev 20) > (bnx2 driver in Linux; this is used in various HP ProLiant servers) > > But it doesn't occur with Intel chips and also not with this chip > You're trying to fix a NIC driver-related issue by messing with your firewall, you're most likely looking in the wrong place. May have more luck posting to freebsd-net. One thing to try is disabling hardware checksum offloading (rxcsum, txcsum) to see if that makes any difference, with some NICs it causes issues. THE standard software for Aviation Authorities *************************************************************************= ********************* IMPORTANT NOTICE / WICHTIGER HINWEIS This communication contains information which is confidential and may als= o be privileged. It is for the=20 exclusive use of the intended recipient(s). If you are not the intended r= ecipient(s) please note that any=20 distribution, copying or use of this communication or the information in = it is strictly prohibited. If you have=20 received this communication in error please notify us immediately by emai= l or by telephone and then delete=20 this email and any copies of it. Diese E-Mail koennte vertrauliche und/oder rechtlich geschuetzte Informat= ionen enthalten. Wenn Sie nicht=20 der richtige Adressat sind oder diese E-Mail irrtuemlich erhalten haben, = informieren Sie bitte sofort den=20 Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die= unbefugte Weitergabe dieser=20 Mail sind nicht gestattet. *************************************************************************= ********************* From owner-freebsd-pf@FreeBSD.ORG Fri Nov 19 18:37:10 2010 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9D9AA1065694 for ; Fri, 19 Nov 2010 18:37:10 +0000 (UTC) (envelope-from cbuechler@gmail.com) Received: from mail-fx0-f54.google.com (mail-fx0-f54.google.com [209.85.161.54]) by mx1.freebsd.org (Postfix) with ESMTP id 306808FC13 for ; Fri, 19 Nov 2010 18:37:09 +0000 (UTC) Received: by fxm19 with SMTP id 19so3096900fxm.13 for ; Fri, 19 Nov 2010 10:37:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:mime-version:received:in-reply-to :references:from:date:message-id:subject:to:cc:content-type :content-transfer-encoding; bh=ub9xMfbVRLXKdxL9mmgge29UIGwNM1Pe1meH34ToWR4=; b=EqGXVw2isKih+1E+ihfutHbg5LVuvSqBJ0Q4kV2NbYYbsCRQEI+5bQoj5CxKwanOk2 ONu8fS3s5ht3uKOeUdkktPnbsT5vlhjQRca9Jvjpq9pJetLSq/caGIKJS7a8gekpUfJy 9qSEuEHPNpkghtGP9TlnNeJRpuEL4T3zV01lA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:content-transfer-encoding; b=qtz4MEaoddC//f9SF70i+b0lHvI147g91EaW7/3uv+CzuP6FRntk1upNcf6a6DAFUZ cEyzNEZ0CDas2DHSRDMm0fg4cFxOF1Wf34BiNLgrXSMyEVTOXUSBhaiw0AeXWC1gQY+p YU9mCKaNnl/BWqmbnDFp5nlWd22FK7KrtsSP8= Received: by 10.223.101.131 with SMTP id c3mr1212631fao.95.1290190147981; Fri, 19 Nov 2010 10:09:07 -0800 (PST) MIME-Version: 1.0 Received: by 10.223.102.129 with HTTP; Fri, 19 Nov 2010 10:08:47 -0800 (PST) In-Reply-To: <1989F0C06F24544989EB233736143E7C01F7A6CC@MX1.heitec.net> References: <1989F0C06F24544989EB233736143E7C01F7A6CC@MX1.heitec.net> From: Chris Buechler Date: Fri, 19 Nov 2010 13:08:47 -0500 Message-ID: To: Holger Rauch Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: "freebsd-pf@FreeBSD.org" Subject: Re: PF from OpenBSD 4.5 available as patch for 8.1-STABLE? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Nov 2010 18:37:10 -0000 On Fri, Nov 19, 2010 at 10:21 AM, Holger Rauch wrot= e: > Hi, > > is there such a patch? The reason why I ask for it is: > > I'm currently experiencing saturated network interfaces when using gigabi= t networking in conjunction with certain Linux driver<->NIC combos for Broa= dcom chips against the PF version shipped with FreeBSD 8.1 stable running o= n a HP ProLiant DL 180 G5 server. > > The problem only occurs with high throughputs (at least 30 MBytes/sec) ca= used by scp/rsync. Up to now, I've come accross this issue with > > =A0Broadcom Corporation NetLink BCM5787M Gigabit Ethernet PCI Express (re= v 02) (tg3 driver in Linux) > > and > > Broadcom Corporation NetXtreme II BCM5709 Gigabit Ethernet (rev 20) > (bnx2 driver in Linux; this is used in various HP ProLiant servers) > > But it doesn't occur with Intel chips and also not with this chip > You're trying to fix a NIC driver-related issue by messing with your firewall, you're most likely looking in the wrong place. May have more luck posting to freebsd-net. One thing to try is disabling hardware checksum offloading (rxcsum, txcsum) to see if that makes any difference, with some NICs it causes issues. From owner-freebsd-pf@FreeBSD.ORG Sat Nov 20 18:20:02 2010 Return-Path: Delivered-To: freebsd-pf@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A7036106566C for ; Sat, 20 Nov 2010 18:20:02 +0000 (UTC) (envelope-from Holger.Rauch@empic.de) Received: from zaphod.cra.heitec.net (zaphod.cra.heitec.net [93.93.254.227]) by mx1.freebsd.org (Postfix) with SMTP id C103A8FC13 for ; Sat, 20 Nov 2010 18:20:01 +0000 (UTC) Received: from MX2.heitec.net ([10.65.102.32]) by eSafe SMTP Relay 1290092420; Sat, 20 Nov 2010 19:19:59 +0100 Received: from MX1.heitec.net ([fe80::7cee:e37c:f13b:cff3]) by MX2.heitec.net ([fe80::e514:6b3f:2ac5:2381%18]) with mapi; Sat, 20 Nov 2010 19:19:59 +0100 From: Holger Rauch To: Odhiambo Washington Thread-Topic: PF from OpenBSD 4.5 available as patch for 8.1-STABLE? Thread-Index: AcuH/XK1GdbXuzyMRZOt4+P/vO3hv///+40AgAAVBYWAAAgwbv//+dMAgAAr9Mj///J+AIABkeeV Date: Sat, 20 Nov 2010 18:15:29 +0000 Message-ID: <1989F0C06F24544989EB233736143E7C01F7B082@MX1.heitec.net> References: <1989F0C06F24544989EB233736143E7C01F7A6CC@MX1.heitec.net><4CE6A052.3010007@thebarn.com><1989F0C06F24544989EB233736143E7C01F7A757@MX1.heitec.net><1989F0C06F24544989EB233736143E7C01F7A78B@MX1.heitec.net> <1989F0C06F24544989EB233736143E7C01F7A8C5@MX1.heitec.net>, In-Reply-To: Accept-Language: en-US, de-DE Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: MIME-Version: 1.0 X-ESAFE-STATUS: [esafe] Mail clean X-ESAFE-DETAILS: [esafe] Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: "freebsd-pf@FreeBSD.org" Subject: RE: PF from OpenBSD 4.5 available as patch for 8.1-STABLE? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 20 Nov 2010 18:20:02 -0000 Hi, did exactly that. The file is not in there. So I removed the #include. Ap= art from that, after having applied the patch against HEAD (to check whet= her it applies cleanly there), I'm now faced with this problem: /usr/local/libexec/ccache/world-cc -c -O2 -fno-strict-aliasing -pipe -st= d=3Dc99 -Wall -Wredundant-decls -Wnested-externs -Wstrict-prototypes -W= missing-prototypes -Wpointer-arith -Winline -Wcast-qual -Wundef -Wno-poi= nter-sign -fformat-extensions -nostdinc -I. -I/usr/src/sys -I/usr/src/sy= s/contrib/altq -D_KERNEL -DHAVE_KERNEL_OPTION_HEADERS -include opt_global= =2Eh -fno-common -finline-limit=3D8000 --param inline-unit-growth=3D100 -= -param large-function-growth=3D1000 -fno-omit-frame-pointer -mcmodel=3Dk= ernel -mno-red-zone -mfpmath=3D387 -mno-sse -mno-sse2 -mno-sse3 -mno-mmx= -mno-3dnow -msoft-float -fno-asynchronous-unwind-tables -ffreestanding = -fstack-protector -Werror /usr/src/sys/contrib/altq/altq/altq_red.c -I/u= sr/src/sys/contrib/pf /usr/src/sys/contrib/altq/altq/altq_red.c: In function 'mark_ecn': /usr/src/sys/contrib/altq/altq/altq_red.c:523: error: 'struct pf_mtag' ha= s no member named 'af' So, the patch seems to remove necessary members of structs. What's the cu= rrent version of PF committed to HEAD, anyway? (I mean, it looks to me li= ke HEAD already contains a more recent revision and the patch might no lo= nger be necessary. Apologies in case my guess is wrong.) Any hints? Thanks & kind regards, Holger ________________________________ From: Odhiambo Washington [odhiambo@gmail.com] Sent: Friday, November 19, 2010 20:17 To: Holger Rauch Subject: Re: PF from OpenBSD 4.5 available as patch for 8.1-STABLE? I think you have to grab the src for HEAD and `find` it. On Fri, Nov 19, 2010 at 10:13 PM, Holger Rauch > wrote: Hi, seems like I need /usr/src/sys/contrib/pf/net/if_pflow.h. Where can I get= it from? (It doesn't seem to be included in the patch). I also browsed http://code.bsd64.org/browse/freebsd/HEAD/src/sys/contrib/pf/net/ but couldn't find it there. Thanks in advance & kind regards, Holger ________________________________ From: Odhiambo Washington [odhiambo@gmail.com] Sent: Friday, November 19, 2010 18:28 To: Holger Rauch Subject: Re: PF from OpenBSD 4.5 available as patch for 8.1-STABLE? On Fri, Nov 19, 2010 at 8:09 PM, Holger Rauch > wrote: Rehi, just in case somebody is interested. I just applied the referenced patch = and it applied without any major problems. I only had to remove/add a few= #includes manually (due to .rej files). So, I don't suspect any compilat= ion problems. I'm currently waiting for make buildworld && make buildkernel to complete. Once it's done, I hope it works without any problems (apart = from the known bugs). Given that the patch was meant for HEAD, I believe other people running 8= =2E1 like me are quite interested in your successful build or world and k= ernel. Do you have a patch that can apply cleanly to 8.1, after the manual chang= es you made? -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ Damn!! THE standard software for Aviation Authorities ________________________________ IMPORTANT NOTICE / WICHTIGER HINWEIS This communication contains information which is confidential and may als= o be privileged. It is for the exclusive use of the intended recipient(s)= =2E If you are not the intended recipient(s) please note that any distrib= ution, copying or use of this communication or the information in it is s= trictly prohibited. If you have received this communication in error plea= se notify us immediately by email or by telephone and then delete this em= ail and any copies of it. Diese E-Mail koennte vertrauliche und/oder rechtlich geschuetzte Informat= ionen enthalten. Wenn Sie nicht der richtige Adressat sind oder diese E-M= ail irrtuemlich erhalten haben, informieren Sie bitte sofort den Absender= und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefug= te Weitergabe dieser Mail sind nicht gestattet. ________________________________ -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ Damn!! THE standard software for Aviation Authorities *************************************************************************= ********************* IMPORTANT NOTICE / WICHTIGER HINWEIS This communication contains information which is confidential and may als= o be privileged. It is for the=20 exclusive use of the intended recipient(s). If you are not the intended r= ecipient(s) please note that any=20 distribution, copying or use of this communication or the information in = it is strictly prohibited. If you have=20 received this communication in error please notify us immediately by emai= l or by telephone and then delete=20 this email and any copies of it. Diese E-Mail koennte vertrauliche und/oder rechtlich geschuetzte Informat= ionen enthalten. Wenn Sie nicht=20 der richtige Adressat sind oder diese E-Mail irrtuemlich erhalten haben, = informieren Sie bitte sofort den=20 Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die= unbefugte Weitergabe dieser=20 Mail sind nicht gestattet. *************************************************************************= ********************* From owner-freebsd-pf@FreeBSD.ORG Sat Nov 20 18:39:34 2010 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5F7B5106564A for ; Sat, 20 Nov 2010 18:39:33 +0000 (UTC) (envelope-from cbuechler@gmail.com) Received: from mail-fx0-f54.google.com (mail-fx0-f54.google.com [209.85.161.54]) by mx1.freebsd.org (Postfix) with ESMTP id 83F5A8FC0A for ; Sat, 20 Nov 2010 18:39:33 +0000 (UTC) Received: by fxm19 with SMTP id 19so3861101fxm.13 for ; Sat, 20 Nov 2010 10:39:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:mime-version:received:in-reply-to :references:from:date:message-id:subject:to:cc:content-type; bh=cHObin/j12ZPXmzJk4LLw1IAFAvengCD1txMwjVJpXE=; b=VNAAVhZ3e4UesMnigGVrCZIXDhFTb1BhpqWPLpfY0aA3YXsguE8KeelM/IkzXvcu1u b2sQbjYYf3qEtrrqwDT/GRdGMCoK8U1HNjDo/K9LVh8731j7ecCjrOOSct3Bo1+7HqJw W1B9BHLFs+Rz7ndWiyCUswVU1I+EBZ8dk0M6g= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; b=Ra5mMAeqESKP7xxrx7RL3kvqCFbDDlim3PVFykxYp73CmQugsrTMa2m7x3VuVes8Ku V+F7/FmO2j9/fcDhgy7TcrYbPcjOLSXnrvYvd/MVSBOpe5fGaps6jjoJhzsWUYP8xKFt Ozy6MEHx78BVzTX0xjvgdTEPcVnTv1ZvbFn1c= Received: by 10.223.69.134 with SMTP id z6mr2369442fai.19.1290278372407; Sat, 20 Nov 2010 10:39:32 -0800 (PST) MIME-Version: 1.0 Received: by 10.223.102.129 with HTTP; Sat, 20 Nov 2010 10:39:12 -0800 (PST) In-Reply-To: <1989F0C06F24544989EB233736143E7C01F7A854@MX1.heitec.net> References: <1989F0C06F24544989EB233736143E7C01F7A6CC@MX1.heitec.net> <1989F0C06F24544989EB233736143E7C01F7A854@MX1.heitec.net> From: Chris Buechler Date: Sat, 20 Nov 2010 13:39:12 -0500 Message-ID: To: Holger Rauch Content-Type: text/plain; charset=ISO-8859-1 Cc: "freebsd-pf@FreeBSD.org" Subject: Re: PF from OpenBSD 4.5 available as patch for 8.1-STABLE? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 20 Nov 2010 18:39:34 -0000 On Fri, Nov 19, 2010 at 1:18 PM, Holger Rauch wrote: > Hi Chris, > > thanks for mentioning this. Unfortunately I forgot to mention that the problem doesn't occur when both hosts are on the same subnet (i.e. no firewall in > between, only HP ProCurve switches). > That doesn't invalidate my point - if it works with some NICs but not another, it's highly unlikely to be related to your packet filter. From owner-freebsd-pf@FreeBSD.ORG Sat Nov 20 19:49:50 2010 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 146DE10656A9 for ; Sat, 20 Nov 2010 19:49:50 +0000 (UTC) (envelope-from Holger.Rauch@empic.de) Received: from zaphod.cra.heitec.net (zaphod.cra.heitec.net [93.93.254.227]) by mx1.freebsd.org (Postfix) with SMTP id 6D25D8FC2F for ; Sat, 20 Nov 2010 19:49:48 +0000 (UTC) Received: from MX2.heitec.net ([10.65.102.32]) by eSafe SMTP Relay 1290092420; Sat, 20 Nov 2010 20:49:35 +0100 Received: from MX1.heitec.net ([fe80::7cee:e37c:f13b:cff3]) by MX2.heitec.net ([fe80::e514:6b3f:2ac5:2381%18]) with mapi; Sat, 20 Nov 2010 20:49:34 +0100 From: Holger Rauch To: Chris Buechler Thread-Topic: PF from OpenBSD 4.5 available as patch for 8.1-STABLE? Thread-Index: AcuH/XK1GdbXuzyMRZOt4+P/vO3hvwADvrmAAAJq8WcAMO+bAAAEcqpd Date: Sat, 20 Nov 2010 19:46:33 +0000 Message-ID: <1989F0C06F24544989EB233736143E7C01F7B131@MX1.heitec.net> References: <1989F0C06F24544989EB233736143E7C01F7A6CC@MX1.heitec.net> <1989F0C06F24544989EB233736143E7C01F7A854@MX1.heitec.net>, In-Reply-To: Accept-Language: en-US, de-DE Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-ESAFE-STATUS: [esafe] Mail clean X-ESAFE-DETAILS: [esafe] Cc: "freebsd-pf@FreeBSD.org" Subject: RE: PF from OpenBSD 4.5 available as patch for 8.1-STABLE? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 20 Nov 2010 19:49:50 -0000 Hi Chris, I didn't mean to completely invalidate your point, just to add informatio= n that I initially forgot to mention. I'll probably also test the setup w= ith IPFW too just to see whether the issue remains and/or changes in any = way. But if it's unlikely to be the packet filter why does the problem only sh= ow up *in conjunction* with it and not without (the machine doing the pac= ket filtering)? Kind regards, Holger ________________________________________ From: Chris Buechler [cbuechler@gmail.com] Sent: Saturday, November 20, 2010 19:39 To: Holger Rauch Cc: freebsd-pf@FreeBSD.org Subject: Re: PF from OpenBSD 4.5 available as patch for 8.1-STABLE? On Fri, Nov 19, 2010 at 1:18 PM, Holger Rauch wro= te: > Hi Chris, > > thanks for mentioning this. Unfortunately I forgot to mention that the = problem doesn't occur when both hosts are on the same subnet (i.e. no fir= ewall in > between, only HP ProCurve switches). > That doesn't invalidate my point - if it works with some NICs but not another, it's highly unlikely to be related to your packet filter. THE standard software for Aviation Authorities *************************************************************************= ********************* IMPORTANT NOTICE / WICHTIGER HINWEIS This communication contains information which is confidential and may als= o be privileged. It is for the=20 exclusive use of the intended recipient(s). If you are not the intended r= ecipient(s) please note that any=20 distribution, copying or use of this communication or the information in = it is strictly prohibited. If you have=20 received this communication in error please notify us immediately by emai= l or by telephone and then delete=20 this email and any copies of it. Diese E-Mail koennte vertrauliche und/oder rechtlich geschuetzte Informat= ionen enthalten. Wenn Sie nicht=20 der richtige Adressat sind oder diese E-Mail irrtuemlich erhalten haben, = informieren Sie bitte sofort den=20 Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die= unbefugte Weitergabe dieser=20 Mail sind nicht gestattet. *************************************************************************= *********************