From owner-freebsd-pf@FreeBSD.ORG Sun Oct 23 01:26:39 2011 Return-Path: Delivered-To: freebsd-pf@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E2162106564A for ; Sun, 23 Oct 2011 01:26:39 +0000 (UTC) (envelope-from jmg@h2.funkthat.com) Received: from h2.funkthat.com (gate.funkthat.com [70.36.235.232]) by mx1.freebsd.org (Postfix) with ESMTP id C33448FC0C for ; Sun, 23 Oct 2011 01:26:39 +0000 (UTC) Received: from h2.funkthat.com (localhost [127.0.0.1]) by h2.funkthat.com (8.14.3/8.14.3) with ESMTP id p9N1QdIJ076119 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 22 Oct 2011 18:26:39 -0700 (PDT) (envelope-from jmg@h2.funkthat.com) Received: (from jmg@localhost) by h2.funkthat.com (8.14.3/8.14.3/Submit) id p9N1QdlK076118; Sat, 22 Oct 2011 18:26:39 -0700 (PDT) (envelope-from jmg) Date: Sat, 22 Oct 2011 18:26:38 -0700 From: John-Mark Gurney To: Florian Smeets Message-ID: <20111023012638.GE25601@funkthat.com> References: <20111022220654.GD25601@funkthat.com> <4EA349BB.1030303@FreeBSD.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4EA349BB.1030303@FreeBSD.org> User-Agent: Mutt/1.4.2.3i X-Operating-System: FreeBSD 7.2-RELEASE i386 X-Files: The truth is out there X-URL: http://resnet.uoregon.edu/~gurney_j/ X-Resume: http://resnet.uoregon.edu/~gurney_j/resume.html X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.2.2 (h2.funkthat.com [127.0.0.1]); Sat, 22 Oct 2011 18:26:39 -0700 (PDT) Cc: freebsd-pf@FreeBSD.org Subject: Re: panic loading/enabling pf on ARM RELENG_9 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 23 Oct 2011 01:26:40 -0000 Florian Smeets wrote this message on Sun, Oct 23, 2011 at 00:54 +0200: > On 23.10.11 00:06, John-Mark Gurney wrote: > >I'm trying to bring up an old Gateworks GW2348 board and get a > >panic when I have enabled pf and try to load rules at boot... > > > >The only modifications between the AVILA config file and mine is > >adding the pf, pflog and pfsync devices since AVILA doesn't have > >them enabled by default, nor does it build the modules... So I am > >trying to staticly build in pf... > > > >W/o pf, it boots fine. > > > > >Oct 22 15:01:00 pflogd[678]: [priv]: msg PRIV_OPEN_LOG received > >Enabling pfpanic: mutex pf task mtx owned at > >/usr/src/sys/contrib/pf/net/if_pfsync.c:3163 > >KDB: enter: panic > > Please try the patches mentioned in this message > http://docs.freebsd.org/cgi/mid.cgi?96FFF919-F33F-46FA-9249-92F2E6003ECF This url does not seem to work... > there are additional fixes from glebius in head r226609 and r226623. I will try these. Thanks. -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not." From owner-freebsd-pf@FreeBSD.ORG Sun Oct 23 01:29:06 2011 Return-Path: Delivered-To: freebsd-pf@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 63CF51065679 for ; Sun, 23 Oct 2011 01:29:06 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mx1.sbone.de (mx1.sbone.de [IPv6:2a01:4f8:130:3ffc::401:25]) by mx1.freebsd.org (Postfix) with ESMTP id E811E8FC17 for ; Sun, 23 Oct 2011 01:29:05 +0000 (UTC) Received: from mail.sbone.de (mail.sbone.de [IPv6:fde9:577b:c1a9:31::2013:587]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx1.sbone.de (Postfix) with ESMTPS id 62DB325D388E; Sun, 23 Oct 2011 01:29:04 +0000 (UTC) Received: from content-filter.sbone.de (content-filter.sbone.de [IPv6:fde9:577b:c1a9:31::2013:2742]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPS id 7C3FBBD3C48; Sun, 23 Oct 2011 01:29:03 +0000 (UTC) X-Virus-Scanned: amavisd-new at sbone.de Received: from mail.sbone.de ([IPv6:fde9:577b:c1a9:31::2013:587]) by content-filter.sbone.de (content-filter.sbone.de [fde9:577b:c1a9:31::2013:2742]) (amavisd-new, port 10024) with ESMTP id t751IHAYg7g4; Sun, 23 Oct 2011 01:29:02 +0000 (UTC) Received: from nv.sbone.de (nv.sbone.de [IPv6:fde9:577b:c1a9:31::2013:138]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPSA id 4860BBD3C38; Sun, 23 Oct 2011 01:29:01 +0000 (UTC) Date: Sun, 23 Oct 2011 01:29:01 +0000 (UTC) From: "Bjoern A. Zeeb" To: John-Mark Gurney In-Reply-To: <20111023012638.GE25601@funkthat.com> Message-ID: References: <20111022220654.GD25601@funkthat.com> <4EA349BB.1030303@FreeBSD.org> <20111023012638.GE25601@funkthat.com> X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-pf@FreeBSD.org Subject: Re: panic loading/enabling pf on ARM RELENG_9 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 23 Oct 2011 01:29:06 -0000 On Sat, 22 Oct 2011, John-Mark Gurney wrote: > Florian Smeets wrote this message on Sun, Oct 23, 2011 at 00:54 +0200: >> On 23.10.11 00:06, John-Mark Gurney wrote: >>> I'm trying to bring up an old Gateworks GW2348 board and get a >>> panic when I have enabled pf and try to load rules at boot... >>> >>> The only modifications between the AVILA config file and mine is >>> adding the pf, pflog and pfsync devices since AVILA doesn't have >>> them enabled by default, nor does it build the modules... So I am >>> trying to staticly build in pf... >>> >>> W/o pf, it boots fine. >>> >> >>> Oct 22 15:01:00 pflogd[678]: [priv]: msg PRIV_OPEN_LOG received >>> Enabling pfpanic: mutex pf task mtx owned at >>> /usr/src/sys/contrib/pf/net/if_pfsync.c:3163 >>> KDB: enter: panic >> >> Please try the patches mentioned in this message >> http://docs.freebsd.org/cgi/mid.cgi?96FFF919-F33F-46FA-9249-92F2E6003ECF > > This url does not seem to work... you probably want these two: http://lists.freebsd.org/pipermail/freebsd-pf/2011-October/006360.html http://lists.freebsd.org/pipermail/freebsd-pf/2011-October/006364.html >> there are additional fixes from glebius in head r226609 and r226623. > > I will try these. > > Thanks. > > -- Bjoern A. Zeeb You have to have visions! Stop bit received. Insert coin for new address family. From owner-freebsd-pf@FreeBSD.ORG Sun Oct 23 08:11:56 2011 Return-Path: Delivered-To: freebsd-pf@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D366F106566B for ; Sun, 23 Oct 2011 08:11:56 +0000 (UTC) (envelope-from jmg@h2.funkthat.com) Received: from h2.funkthat.com (gate.funkthat.com [70.36.235.232]) by mx1.freebsd.org (Postfix) with ESMTP id 97A678FC08 for ; Sun, 23 Oct 2011 08:11:56 +0000 (UTC) Received: from h2.funkthat.com (localhost [127.0.0.1]) by h2.funkthat.com (8.14.3/8.14.3) with ESMTP id p9N8BtBb082005 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 23 Oct 2011 01:11:55 -0700 (PDT) (envelope-from jmg@h2.funkthat.com) Received: (from jmg@localhost) by h2.funkthat.com (8.14.3/8.14.3/Submit) id p9N8BrAP082004; Sun, 23 Oct 2011 01:11:53 -0700 (PDT) (envelope-from jmg) Date: Sun, 23 Oct 2011 01:11:52 -0700 From: John-Mark Gurney To: "Bjoern A. Zeeb" Message-ID: <20111023081152.GF25601@funkthat.com> References: <20111022220654.GD25601@funkthat.com> <4EA349BB.1030303@FreeBSD.org> <20111023012638.GE25601@funkthat.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2.3i X-Operating-System: FreeBSD 7.2-RELEASE i386 X-Files: The truth is out there X-URL: http://resnet.uoregon.edu/~gurney_j/ X-Resume: http://resnet.uoregon.edu/~gurney_j/resume.html X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.2.2 (h2.funkthat.com [127.0.0.1]); Sun, 23 Oct 2011 01:11:55 -0700 (PDT) Cc: freebsd-pf@FreeBSD.org Subject: Re: panic loading/enabling pf on ARM RELENG_9 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 23 Oct 2011 08:11:56 -0000 Bjoern A. Zeeb wrote this message on Sun, Oct 23, 2011 at 01:29 +0000: > On Sat, 22 Oct 2011, John-Mark Gurney wrote: > > >Florian Smeets wrote this message on Sun, Oct 23, 2011 at 00:54 +0200: > >>On 23.10.11 00:06, John-Mark Gurney wrote: > >>>I'm trying to bring up an old Gateworks GW2348 board and get a > >>>panic when I have enabled pf and try to load rules at boot... > >>> > >>>The only modifications between the AVILA config file and mine is > >>>adding the pf, pflog and pfsync devices since AVILA doesn't have > >>>them enabled by default, nor does it build the modules... So I am > >>>trying to staticly build in pf... > >>> > >>>W/o pf, it boots fine. > >>> > >> > >>>Oct 22 15:01:00 pflogd[678]: [priv]: msg PRIV_OPEN_LOG received > >>>Enabling pfpanic: mutex pf task mtx owned at > >>>/usr/src/sys/contrib/pf/net/if_pfsync.c:3163 > >>>KDB: enter: panic > >> > >>Please try the patches mentioned in this message > >>http://docs.freebsd.org/cgi/mid.cgi?96FFF919-F33F-46FA-9249-92F2E6003ECF > > > >This url does not seem to work... > > you probably want these two: > http://lists.freebsd.org/pipermail/freebsd-pf/2011-October/006360.html > http://lists.freebsd.org/pipermail/freebsd-pf/2011-October/006364.html > > >>there are additional fixes from glebius in head r226609 and r226623. > > > >I will try these. I am able to use pf successfully with all four patches applied. Thanks for your help. I didn't do a huge amount of testing, but was able to pass tens of megabytes of traffic through it w/o issues... I didn't try which of them made the panic go away, but I hope they get committed before 9.0-R. Thanks again. -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not." From owner-freebsd-pf@FreeBSD.ORG Mon Oct 24 10:05:16 2011 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 83584106566C for ; Mon, 24 Oct 2011 10:05:16 +0000 (UTC) (envelope-from mattblists@icritical.com) Received: from mail1.icritical.com (mail1.icritical.com [93.95.13.41]) by mx1.freebsd.org (Postfix) with SMTP id 9AFA28FC0C for ; Mon, 24 Oct 2011 10:05:15 +0000 (UTC) Received: (qmail 31575 invoked from network); 24 Oct 2011 09:38:34 -0000 Received: from localhost (127.0.0.1) by mail1.icritical.com with SMTP; 24 Oct 2011 09:38:34 -0000 Received: (qmail 31566 invoked by uid 599); 24 Oct 2011 09:38:34 -0000 Received: from unknown (HELO icritical.com) (212.57.254.146) by mail1.icritical.com (qpsmtpd/0.28) with ESMTP; Mon, 24 Oct 2011 10:38:34 +0100 Message-ID: <4EA53218.2000807@icritical.com> Date: Mon, 24 Oct 2011 10:38:32 +0100 From: Matt Burke User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US; rv:1.9.2.15) Gecko/20110403 Thunderbird/3.1.9 MIME-Version: 1.0 To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 24 Oct 2011 09:38:33.0013 (UTC) FILETIME=[B20C2E50:01CC9230] X-Virus-Scanned: by iCritical at mail1.icritical.com Subject: rdr with round-robin ports X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Oct 2011 10:05:16 -0000 I have a pile of server daemons running on localhost which I want to load-balance between. I'm using the following rule on 8.2-STABLE (28 June 2011) to try to load-balance between them: rdr inet proto tcp from any to 127.0.0.1 port = 2000 \ -> 127.0.0.1 port 3000:3099 round-robin Unfortunately pf seems to only redirect to port 3000, sending all connections there and none to any other port. I've also tried specifying {localhost, localhost, localhost...} port 3000:3099 with no success. Am I missing something, have I hit a bug, or is the rdr syntax in pf.conf misleading in that multiple ports in a destination is only valid if the source uses multiple ports? The information contained in this message is confidential and is intended for the addressee only. If you have received this message in error or there are any problems please notify the originator immediately. The unauthorised use, disclosure, copying or alteration of this message is strictly forbidden. Critical Software Ltd. reserves the right to monitor and record e-mail messages sent to and from this address for the purposes of investigating or detecting any unauthorised use of its system and ensuring its effective operation. Critical Software Ltd. registered in England, 04909220. Registered Office: IC2, Keele Science Park, Keele, Staffordshire, ST5 5NH. ------------------------------------------------------------ This message has been scanned for security threats by iCritical. For further information, please visit www.icritical.com ------------------------------------------------------------ From owner-freebsd-pf@FreeBSD.ORG Mon Oct 24 11:07:08 2011 Return-Path: Delivered-To: freebsd-pf@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C8668106564A for ; Mon, 24 Oct 2011 11:07:08 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id AD7A08FC1E for ; Mon, 24 Oct 2011 11:07:08 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p9OB78ib025376 for ; Mon, 24 Oct 2011 11:07:08 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p9OB780O025374 for freebsd-pf@FreeBSD.org; Mon, 24 Oct 2011 11:07:08 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 24 Oct 2011 11:07:08 GMT Message-Id: <201110241107.p9OB780O025374@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-pf@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-pf@FreeBSD.org X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Oct 2011 11:07:09 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/160370 pf [pf] Incorrect pfctl check of pf.conf o kern/155736 pf [pf] [altq] borrow from parent queue does not work wit o kern/153307 pf [pf] Bug with PF firewall o kern/148290 pf [pf] "sticky-address" option of Packet Filter (PF) blo o kern/148260 pf [pf] [patch] pf rdr incompatible with dummynet o kern/147789 pf [pf] Firewall PF no longer drops connections by sendin o kern/143543 pf [pf] [panic] PF route-to causes kernel panic o bin/143504 pf [patch] outgoing states are not killed by authpf(8) o conf/142961 pf [pf] No way to adjust pidfile in pflogd o conf/142817 pf [patch] etc/rc.d/pf: silence pfctl o kern/141905 pf [pf] [panic] pf kernel panic on 7.2-RELEASE with empty o kern/140697 pf [pf] pf behaviour changes - must be documented o kern/137982 pf [pf] when pf can hit state limits, random IP failures o kern/136781 pf [pf] Packets appear to drop with pf scrub and if_bridg o kern/135948 pf [pf] [gre] pf not natting gre protocol o kern/135162 pf [pfsync] pfsync(4) not usable with GENERIC kernel o kern/134996 pf [pf] Anchor tables not included when pfctl(8) is run w o kern/133732 pf [pf] max-src-conn issue o kern/132769 pf [pf] [lor] 2 LOR's with pf task mtx / ifnet and rtent f kern/132176 pf [pf] pf stalls connection when using route-to [regress o conf/130381 pf [rc.d] [pf] [ip6] ipv6 not fully configured when pf st o kern/129861 pf [pf] [patch] Argument names reversed in pf_table.c:_co o kern/127920 pf [pf] ipv6 and synproxy don't play well together o conf/127814 pf [pf] The flush in pf_reload in /etc/rc.d/pf does not w o kern/127439 pf [pf] deadlock in pf f kern/127345 pf [pf] Problem with PF on FreeBSD7.0 [regression] o kern/127121 pf [pf] [patch] pf incorrect log priority o kern/127042 pf [pf] [patch] pf recursion panic if interface group is o kern/125467 pf [pf] pf keep state bug while handling sessions between s kern/124933 pf [pf] [ip6] pf does not support (drops) IPv6 fragmented o kern/124364 pf [pf] [panic] Kernel panic with pf + bridge o kern/122773 pf [pf] pf doesn't log uid or pid when configured to o kern/122014 pf [pf] [panic] FreeBSD 6.2 panic in pf o kern/120281 pf [pf] [request] lost returning packets to PF for a rdr o kern/120057 pf [pf] [patch] Allow proper settings of ALTQ_HFSC. The c o bin/118355 pf [pf] [patch] pfctl(8) help message options order false o kern/114567 pf [pf] [lor] pf_ioctl.c + if.c s conf/110838 pf [pf] tagged parameter on nat not working on FreeBSD 5. o kern/103283 pf pfsync fails to sucessfully transfer some sessions o kern/103281 pf pfsync reports bulk update failures o kern/93825 pf [pf] pf reply-to doesn't work o sparc/93530 pf [pf] Incorrect checksums when using pf's route-to on s o kern/92949 pf [pf] PF + ALTQ problems with latency o bin/86635 pf [patch] pfctl(8): allow new page character (^L) in pf. o kern/82271 pf [pf] cbq scheduler cause bad latency 45 problems total. From owner-freebsd-pf@FreeBSD.ORG Wed Oct 26 20:16:37 2011 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BAE561065677 for ; Wed, 26 Oct 2011 20:16:37 +0000 (UTC) (envelope-from artemrts@ukr.net) Received: from ffe5.ukr.net (ffe5.ukr.net [195.214.192.21]) by mx1.freebsd.org (Postfix) with ESMTP id 6FF558FC08 for ; Wed, 26 Oct 2011 20:16:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ukr.net; s=ffe; h=Date:Message-Id:From:To:Subject:Content-Type:Content-Transfer-Encoding:MIME-Version; bh=0GEHiLg8KDcZt53xIZJHXpYYMgSrAld/pH28+lFRV6Y=; b=XQscRcmSmLOTKivTjQTCCt58lwDbcrBsBxQGvSIzx2Wgg1Pl6nizruP2xb9ljnx9VJ/l9PGrtNeHD3MFWfCMLwEh2G8tv3ez7M2bWfBVlEx+otqqEnh/ULskCmuwUMnsqTo9XJ9nWvox2JNi0jusk6cjRlU3bCIdviVnaXnpORs=; Received: from mail by ffe5.ukr.net with local ID 1RJ9tr-0003j4-NL for freebsd-pf@freebsd.org; Wed, 26 Oct 2011 23:16:35 +0300 MIME-Version: 1.0 Content-Disposition: inline Content-Transfer-Encoding: binary Content-Type: text/plain; charset="windows-1251" To: freebsd-pf@freebsd.org From: =?WINDOWS-1251?B?wujy4Ovo6SDC6+Dk6Ozo8O7i6Pc=?= X-Mailer: freemail.ukr.net 4.0 X-Originating-Ip: [195.200.251.83] Message-Id: <12724.1319660195.16881837918041800704@ffe5.ukr.net> X-Browser: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 Date: Wed, 26 Oct 2011 23:16:35 +0300 Subject: ALTQ with HFSC X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Oct 2011 20:16:37 -0000 Recently I worked around traffic prioritization of my router (FreeBSD9-BETA3). I would like to prioritization traffic coming from external interface and coming from internal LAN. ## ALTQ altq on $ext_if hfsc bandwidth 800Kb qlimit 500 queue {std lan lan_ack serv serv_ack} queue std bandwidth 100Kb priority 2 hfsc(default ecn) queue lan bandwidth 100Kb priority 5 hfsc(realtime 100Kb) queue lan_ack bandwidth 300Kb priority 10 hfsc(realtime 200Kb) queue serv bandwidth 200Kb priority 4 hfsc(realtime 200Kb) queue serv_ack bandwidth 100Kb priority 256 hfsc(realtime 50Kb) ./pf.conf:58: priority out of range: max 255 pfctl: Syntax error in config file: pf rules not loaded Does HFSC support up to 255 priorities? From owner-freebsd-pf@FreeBSD.ORG Fri Oct 28 07:21:13 2011 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 46E0E106566B for ; Fri, 28 Oct 2011 07:21:13 +0000 (UTC) (envelope-from valentin.bud@gmail.com) Received: from mail-vx0-f182.google.com (mail-vx0-f182.google.com [209.85.220.182]) by mx1.freebsd.org (Postfix) with ESMTP id 0061F8FC0C for ; Fri, 28 Oct 2011 07:21:12 +0000 (UTC) Received: by vcbfo13 with SMTP id fo13so4861279vcb.13 for ; Fri, 28 Oct 2011 00:21:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=qL52517t6WhLp+thVkjkHCVCsa25lQgrGbacOkU0Vo4=; b=SuGE1QAj4A53KvOUKjfp9kazDE/9nUSrcNplGAGfqzY6uN8FSXTcaH9ZhjNxskYYYh 9Yl+toDrMTIXZQ8BYeLr/NvCGQqylWl7teFuAIFkv/oNuIe+hdszwzueU6hl/OJQlNPD m4ZTtcXM4bSUWqRWS9fczWVaOGzyWtwT9/faU= Received: by 10.220.5.212 with SMTP id 20mr244860vcw.112.1319784915107; Thu, 27 Oct 2011 23:55:15 -0700 (PDT) MIME-Version: 1.0 Received: by 10.220.192.138 with HTTP; Thu, 27 Oct 2011 23:54:54 -0700 (PDT) In-Reply-To: <12724.1319660195.16881837918041800704@ffe5.ukr.net> References: <12724.1319660195.16881837918041800704@ffe5.ukr.net> From: Valentin Bud Date: Fri, 28 Oct 2011 09:54:54 +0300 Message-ID: To: =?KOI8-R?B?98nUwczJyiD3zMHEyc3J0s/Xyd4=?= Content-Type: text/plain; charset=KOI8-R Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-pf@freebsd.org Subject: Re: ALTQ with HFSC X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Oct 2011 07:21:13 -0000 2011/10/26 =F7=C9=D4=C1=CC=C9=CA =F7=CC=C1=C4=C9=CD=C9=D2=CF=D7=C9=DE > > Recently I worked around traffic prioritization of my router > (FreeBSD9-BETA3). I would like to prioritization traffic coming from > external interface and coming from internal LAN. > > ## ALTQ > > altq on $ext_if hfsc bandwidth 800Kb qlimit 500 queue {std lan lan_ack se= rv > serv_ack} > queue std bandwidth 100Kb priority 2 hfsc(default ecn) > > queue lan bandwidth 100Kb priority 5 hfsc(realtime 100Kb) > queue lan_ack bandwidth 300Kb priority 10 hfsc(realtime 200Kb) > > queue serv bandwidth 200Kb priority 4 hfsc(realtime 200Kb) > queue serv_ack bandwidth 100Kb priority 256 hfsc(realtime 50Kb) > > ./pf.conf:58: priority out of range: max 255 > pfctl: Syntax error in config file: pf rules not loaded > > Does HFSC support up to 255 priorities? > If you take into account priority 0 (to 255) you have a total of 256 priorities. --=20 network warrior From owner-freebsd-pf@FreeBSD.ORG Fri Oct 28 13:13:21 2011 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 465C7106564A for ; Fri, 28 Oct 2011 13:13:21 +0000 (UTC) (envelope-from ermal.luci@gmail.com) Received: from mail-iy0-f182.google.com (mail-iy0-f182.google.com [209.85.210.182]) by mx1.freebsd.org (Postfix) with ESMTP id 134028FC0A for ; Fri, 28 Oct 2011 13:13:20 +0000 (UTC) Received: by iaky10 with SMTP id y10so6301489iak.13 for ; Fri, 28 Oct 2011 06:13:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=O9oHp3MqQaL9lWaVRUtw6NQnU4A9Pyyu3v1YSJewMug=; b=HdqUQjwULKDzLZcEO22zmAuBjkhJkdFwVQOpwiMEMpvU6lMFRAkH7srb05VkwcoipL 7q7bl5Bg3ik1rSLskMhnDlQNZ98EgVWCYPNgFSNJYwFeBxd0Mf4ICz0T9cEkslt/fbXG N2RduwPkT/suLteca3Q0ciGJzwF8l4JB9y+zc= MIME-Version: 1.0 Received: by 10.231.5.73 with SMTP id 9mr962307ibu.60.1319807599331; Fri, 28 Oct 2011 06:13:19 -0700 (PDT) Sender: ermal.luci@gmail.com Received: by 10.231.53.213 with HTTP; Fri, 28 Oct 2011 06:13:19 -0700 (PDT) In-Reply-To: <12724.1319660195.16881837918041800704@ffe5.ukr.net> References: <12724.1319660195.16881837918041800704@ffe5.ukr.net> Date: Fri, 28 Oct 2011 15:13:19 +0200 X-Google-Sender-Auth: BPV0T8amsuE6RUidhTrl2Vd15jg Message-ID: From: =?ISO-8859-1?Q?Ermal_Lu=E7i?= To: =?KOI8-R?B?98nUwczJyiD3zMHEyc3J0s/Xyd4=?= Content-Type: text/plain; charset=KOI8-R Content-Transfer-Encoding: quoted-printable Cc: freebsd-pf@freebsd.org Subject: Re: ALTQ with HFSC X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Oct 2011 13:13:21 -0000 2011/10/26 =F7=C9=D4=C1=CC=C9=CA =F7=CC=C1=C4=C9=CD=C9=D2=CF=D7=C9=DE : > > =9ARecently I worked around traffic prioritization of my router (FreeBSD9= -BETA3). I would like to prioritization traffic coming from external interf= ace and coming from internal LAN. > > ## ALTQ > > altq on $ext_if hfsc bandwidth 800Kb qlimit 500 queue {std lan lan_ack se= rv serv_ack} > queue std bandwidth 100Kb priority 2 hfsc(default ecn) > > queue lan bandwidth 100Kb priority 5 hfsc(realtime 100Kb) > queue lan_ack bandwidth 300Kb priority 10 hfsc(realtime 200Kb) > > queue serv bandwidth 200Kb priority 4 hfsc(realtime 200Kb) > queue serv_ack bandwidth 100Kb priority 256 hfsc(realtime 50Kb) > > ./pf.conf:58: priority out of range: max 255 > pfctl: Syntax error in config file: pf rules not loaded > > Does HFSC support up to 255 priorities? > The man page details the maximum for hfsc. Though just a general comment here, on ALTQ HFSC scheduler priority is not respected and only the bandiwidth values really have a meaning. > > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > --=20 Ermal