From owner-freebsd-pf@FreeBSD.ORG Fri Feb 4 12:21:44 2005 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 37BB316A4CE for ; Fri, 4 Feb 2005 12:21:44 +0000 (GMT) Received: from smtp.freemail.gr (smtp.freemail.gr [213.239.180.35]) by mx1.FreeBSD.org (Postfix) with ESMTP id 701C743D2F for ; Fri, 4 Feb 2005 12:21:43 +0000 (GMT) (envelope-from dionch@freemail.gr) Received: by smtp.freemail.gr (Postfix, from userid 101) id BBF5BBC096; Fri, 4 Feb 2005 14:21:37 +0200 (EET) Received: from R3B (unknown [62.38.168.185])by smtp.freemail.gr (Postfix) with ESMTP id C1A81BC023;Fri, 4 Feb 2005 14:21:36 +0200 (EET) Message-ID: <001601c50ab3$fec05b10$3c00000a@R3B> From: "Chris Dionissopoulos" To: Date: Fri, 4 Feb 2005 14:21:02 +0200 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0012_01C50AC4.C153A780" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: Realtel Gigabit [re(4)] , altq enable patch X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Chris Dionissopoulos List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Feb 2005 12:21:44 -0000 This is a multi-part message in MIME format. ------=_NextPart_000_0012_01C50AC4.C153A780 Content-Type: text/plain;charset="iso-8859-7" Content-Transfer-Encoding: quoted-printable I made a patch for enabling altq on re(4) driver. Is against RELENG5 (feb2005), but may works with older 5.x versions. Please store this patch in http://people.freebsd.org/~mlaier/ALTQ_driver/ for further testing. Chris. ____________________________________________________________________ http://www.freemail.gr - δωρεάν υπηρεσία ηλεκτρονικού ταχυδρομείου. http://www.freemail.gr - free email service for the Greek-speaking. ------=_NextPart_000_0012_01C50AC4.C153A780 Content-Type: application/octet-stream; name="if_re.c.patch" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="if_re.c.patch" --- if_re.c.orig Fri Feb 4 12:59:42 2005=0A= +++ if_re.c Fri Feb 4 13:15:32 2005=0A= @@ -1203,7 +1203,9 @@=0A= ifp->if_baudrate =3D 1000000000;=0A= else=0A= ifp->if_baudrate =3D 100000000;=0A= - ifp->if_snd.ifq_maxlen =3D RL_IFQ_MAXLEN;=0A= + IFQ_SET_MAXLEN(&ifp->if_snd, RL_IFQ_MAXLEN);=0A= + ifp->if_snd.ifq_drv_maxlen =3D RL_IFQ_MAXLEN;=0A= + IFQ_SET_READY(&ifp->if_snd);=0A= ifp->if_capenable =3D ifp->if_capabilities;=0A= =0A= callout_handle_init(&sc->rl_stat_ch);=0A= @@ -1785,7 +1787,7 @@=0A= re_rxeof(sc);=0A= re_txeof(sc);=0A= =0A= - if (ifp->if_snd.ifq_head !=3D NULL)=0A= + if (!IFQ_DRV_IS_EMPTY(&ifp->if_snd))=0A= re_start_locked(ifp);=0A= =0A= if (cmd =3D=3D POLL_AND_CHECK_STATUS) { /* also check status register = */=0A= @@ -1869,7 +1871,7 @@=0A= }=0A= }=0A= =0A= - if (ifp->if_snd.ifq_head !=3D NULL)=0A= + if (!IFQ_DRV_IS_EMPTY(&ifp->if_snd))=0A= re_start_locked(ifp);=0A= =0A= done_locked:=0A= @@ -2015,12 +2017,12 @@=0A= idx =3D sc->rl_ldata.rl_tx_prodidx;=0A= =0A= while (sc->rl_ldata.rl_tx_mbuf[idx] =3D=3D NULL) {=0A= - IF_DEQUEUE(&ifp->if_snd, m_head);=0A= + IFQ_DRV_DEQUEUE(&ifp->if_snd, m_head);=0A= if (m_head =3D=3D NULL)=0A= break;=0A= =0A= if (re_encap(sc, &m_head, &idx)) {=0A= - IF_PREPEND(&ifp->if_snd, m_head);=0A= + IFQ_DRV_PREPEND(&ifp->if_snd, m_head);=0A= ifp->if_flags |=3D IFF_OACTIVE;=0A= break;=0A= }=0A= ------=_NextPart_000_0012_01C50AC4.C153A780-- From owner-freebsd-pf@FreeBSD.ORG Fri Feb 4 14:19:41 2005 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 095BF16A4CE for ; Fri, 4 Feb 2005 14:19:41 +0000 (GMT) Received: from smtp.freemail.gr (smtp.freemail.gr [213.239.180.35]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4A9DE43D41 for ; Fri, 4 Feb 2005 14:19:40 +0000 (GMT) (envelope-from dionch@freemail.gr) Received: by smtp.freemail.gr (Postfix, from userid 101) id 32A13BC1EB; Fri, 4 Feb 2005 16:19:39 +0200 (EET) Received: from R3B (unknown [62.38.168.185])by smtp.freemail.gr (Postfix) with ESMTP id 29DD6BC193for ; Fri, 4 Feb 2005 16:19:37 +0200 (EET) Message-ID: <002a01c50ac4$7438e280$3c00000a@R3B> From: "Chris Dionissopoulos" To: References: <001601c50ab3$fec05b10$3c00000a@R3B> Date: Fri, 4 Feb 2005 16:18:49 +0200 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0027_01C50AD5.35AE14C0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Subject: Re: Realtel Gigabit [re(4)] , altq enable patch X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Chris Dionissopoulos List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Feb 2005 14:19:41 -0000 This is a multi-part message in MIME format. ------=_NextPart_000_0027_01C50AD5.35AE14C0 Content-Type: text/plain;format=flowed;charset="iso-8859-7"; reply-type=original Content-Transfer-Encoding: 7bit This is an untested patch which (IMHO) enables altq processing for netgraph virtual ethernet interfaces (ng_eiface(4)). HOWTO use/test ng_eiface with pf+altq ~~~~~~~~~~~~~~~~~~~~~~~~~~~ 1. Patch and compile ng_eiface module. 2. Create a ngeth0 virtual ethernet interface, attached to a ng_bridge with a physical interface. i.e. (re0 = physical): ---init--- #/sbin/kldload ng_eiface.ko #/sbin/kldload ng_ether.ko #/sbin/kldload ng_bridge.ko #/sbin/ifconfig re0 delete ---create bridge--- #/usr/sbin/ngctl mkpeer re0: bridge lower link0 #/usr/sbin/ngctl name re0:lower bridge0 #/usr/sbin/ngctl name re0: setpromisc 1 #/usr/sbin/ngctl name re0: setautosrc 0 #/usr/sbin/ngctl connect re0: bridge0 upper link1 ---create virtual+connect to bridge---- #/usr/sbin/ngctl mkpeer . eiface hook ether #/usr/sbin/ngctl connect ngeth0: bridge0: lower link2 #/usr/sbin/ngctl connect ngeth0: bridge0: upper link3 #/usr/sbin/ngctl name ngeth0: setautosrc 1 #/usr/sbin/ngctl name ngeth0: setpromisc0 ---config virtual----- #/sbin/ifconfig ngeth0 link xx:xx:xx:xx:xx:xx #/sbin/ifconfig ngeth0 yy.yy.yy.yy/zz up 3. Create and load a queue definition which involves ngeth0 interface. For example; pf.conf: altq on ngeth0 cbq bandwidth 10Mb queue {vlan} queue vlan bandwidth 80% cbq(default) {vlan_in vlan_out} queue vlan_in bandwidth 10% cbq(borrow) queue vlan_out bandwidth 10% cbq(borrow) loads these rules: (pfctl -sq) queue root_ngeth0 bandwidth 10Mb priority 0 cbq( wrr root ) {vlan} queue vlan bandwidth 8Mb cbq( default ) {vlan_in, vlan_out} queue vlan_in bandwidth 800Kb cbq( borrow ) queue vlan_out bandwidth 800Kb cbq( borrow ) 4. Create some pf-rules to queue your traffic and test. (i.e. pass out on ngeth0 ip from any to any queue vlan_out) Please send me your comments/tests. Chris. ____________________________________________________________________ http://www.freemail.gr - δωρεάν υπηρεσία ηλεκτρονικού ταχυδρομείου. http://www.freemail.gr - free email service for the Greek-speaking. ------=_NextPart_000_0027_01C50AD5.35AE14C0 Content-Type: application/octet-stream;name="ng_eiface_altq.patch" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment;filename="ng_eiface_altq.patch" --- ng_eiface.c.orig Fri Feb 4 15:32:40 2005=0A= +++ ng_eiface.c Fri Feb 4 15:38:00 2005=0A= @@ -311,7 +311,7 @@=0A= /*=0A= * Grab a packet to transmit.=0A= */=0A= - IF_DEQUEUE(&ifp->if_snd, m);=0A= + IFQ_DRV_DEQUEUE(&ifp->if_snd, m);=0A= =0A= /* If there's nothing to send, return. */=0A= if (m =3D=3D NULL) {=0A= @@ -446,7 +446,9 @@=0A= ifp->if_start =3D ng_eiface_start;=0A= ifp->if_ioctl =3D ng_eiface_ioctl;=0A= ifp->if_watchdog =3D NULL;=0A= - ifp->if_snd.ifq_maxlen =3D IFQ_MAXLEN;=0A= + IFQ_SET_MAXLEN(&ifp->if_snd, IFQ_MAXLEN);=0A= + ifp->if_snd.ifq_drv_maxlen =3D IFQ_MAXLEN;=0A= + IFQ_SET_READY(&ifp->if_snd);=0A= ifp->if_flags =3D (IFF_SIMPLEX | IFF_BROADCAST | IFF_MULTICAST);=0A= =0A= #if 0=0A= ------=_NextPart_000_0027_01C50AD5.35AE14C0-- From owner-freebsd-pf@FreeBSD.ORG Fri Feb 4 16:43:13 2005 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 030E016A4CE for ; Fri, 4 Feb 2005 16:43:13 +0000 (GMT) Received: from hotmail.com (bay24-f11.bay24.hotmail.com [64.4.18.61]) by mx1.FreeBSD.org (Postfix) with ESMTP id A76E543D5A for ; Fri, 4 Feb 2005 16:43:12 +0000 (GMT) (envelope-from segr@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Fri, 4 Feb 2005 08:40:01 -0800 Message-ID: Received: from 198.53.131.3 by by24fd.bay24.hotmail.msn.com with HTTP; Fri, 04 Feb 2005 16:39:17 GMT X-Originating-IP: [198.53.131.3] X-Originating-Email: [segr@hotmail.com] X-Sender: segr@hotmail.com In-Reply-To: From: "Stephane Raimbault" To: freebsd-pf@freebsd.org Date: Fri, 04 Feb 2005 09:39:17 -0700 Mime-Version: 1.0 Content-Type: text/plain; format=flowed X-OriginalArrivalTime: 04 Feb 2005 16:40:01.0768 (UTC) FILETIME=[2C053680:01C50AD8] Subject: Re: route-to rule. X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Feb 2005 16:43:13 -0000 Any other suggestions for this problem? Or am I hitting the limitations of pf? A bug perhaps? >From: "Stephane Raimbault" >To: dionch@freemail.gr, freebsd-pf@freebsd.org >Subject: Re: route-to rule. >Date: Thu, 27 Jan 2005 11:25:32 -0700 > >Okay, with the syntax cleaned up this is what I have: > >set state-policy if-bound > >int_if="rl0" >int_net="10.1.0.0/24" >ext_if1="rl1" >ext_gw1="" >ext_if2="rl2" >ext_gw2="" >vpn_if="tun0" >vpn_gw="172.16.0.1" > >isp1 = "(" $ext_if1 $ext_gw1 ")" >isp2 = "(" $ext_if2 $ext_gw2 ")" >vpn = "(" $vpn_if $vpn_gw ")" > >server1_int="10.1.0.20" >server1_out="63.252.160.219" >server2_int="10.1.0.21" >server2_out="63.252.160.222" >server3_int="10.1.0.22" >server3_out="63.252.160.221" >server4_int="10.1.0.23" >server4_out="63.252.160.220" > >nat on $ext_if1 from $int_net to any -> ($ext_if1:0) >nat on $ext_if2 from $int_net to any -> ($ext_if2:0) >binat on $ext_if1 from $server1_int to any -> $server1_out >binat on $ext_if1 from $server2_int to any -> $server2_out >binat on $ext_if1 from $server3_int to any -> $server3_out >binat on $ext_if1 from $server4_int to any -> $server4_out > >pass in quick on $int_if inet from $int_net to $int_net keep state >pass out quick on $int_if inet from $int_net to $int_net keep state > >pass in on $ext_if1 tag $ext_if1 keep state >pass out on $ext_if1 route-to $ext_if1 keep state >pass out quick on $int_if reply-to $ext_if1 tagged $ext_if1 keep state > >pass in on $ext_if2 tag $ext_if2 keep state >pass out on $ext_if2 route-to $ext_if2 keep state >pass out quick on $int_if reply-to $ext_if2 tagged $ext_if2 keep state > >pass in on $vpn_if tag $vpn_if keep state >pass out on $vpn_if route-to $vpn_if keep state >pass out quick on $vpn_if reply-to $vpn_if tagged $vpn_if keep state > >pass in quick on $int_if route-to $isp1 from >{$server1_int,$server2_int,$server3_int,$server4_int} to {!10.0.0.0/26, >!$int_net} keep state >pass in quick on $int_if route-to $vpn from $int_net to 10.0.0.0/26 keep >state >pass in on $int_if route-to $isp2 from $int_net to {!10.0.0.0/26, >!$int_net} keep state > > >I tried this out and it was not a success. It seemend like nothing could >get anywhere. $int_net wasn't able to access the internet nor the subnets >on the otherside of the vpn. The binat'd servers were unaccessible from >the internet... and I got an arp error in the /var/log/messages about a >bunch of arp's not being on the local network... I got a stream of these >types of messages: > >Jan 27 12:12:02 router1 kernel: arplookup 69.57.244.70 failed: host is not >on local network >Jan 27 12:12:02 router1 kernel: arpresolve: can't allocate llinfo for >69.57.244.70 >Jan 27 12:12:02 router1 kernel: arplookup 12.24.195.78 failed: host is not >on local network >Jan 27 12:12:02 router1 kernel: arpresolve: can't allocate llinfo for >12.24.195.78 > > >so, we aren't quite there yet. Could I more simply change my default route >to ISP #2, and setup some sort of route-to statements specifically for the >binat's instead? Then I would also need to setup a rule for the openvpn to >go over ISP #1 instead of ISP #2. > >any suggestions... as always much apreciated. > >Thanks, >Stephane. > >>From: "Chris Dionissopoulos" >>Reply-To: "Chris Dionissopoulos" >>To: "Stephane Raimbault" >>Subject: Re: route-to rule. >>Date: Thu, 27 Jan 2005 03:40:43 +0200 >> >>Try to negate(="!") each network for "to" field like: >>{ !10.0.0.0/26, !$int_net} >>Also when you change line in a rule , you must backslash at the end ("\"). >> >>Chris. >> >> >> >>>Hi Chris, Thanks for the quick response, however I'm still getting >>>syntax errors on 2 of the 3 lines now: >>> >>>pass in quick on $int_if route-to $isp1 from >>>{$server1_int,$server2_int,$server3_int,$server4_int} to !{10.0.0.0/26, >>>$int_net} keep state >>>pass in quick on $int_if route-to $vpn from $int_net to 10.0.0.0/26 keep >>>state >>>pass in on $int_if route-to $isp2 from $int_net to !{10.0.0.0/26, >>>$int_net} keep state >>> >>>/etc/pf.conf:47: syntax error >>>/etc/pf.conf:49: syntax error >>> >>>Where line 47 is the first one above and 49 is the last (3rd line) above. >>> >>>Any thoughts? I'm scratching my head bald. >>> >>>Thanks, >>>Stephane. >>> >>> >> >> >>____________________________________________________________________ >>http://www.freemail.gr - δωρεάν υπηρεσία ηλεκτρονικού ταχυδρομείου. >>http://www.freemail.gr - free email service for the Greek-speaking. > >_________________________________________________________________ >Powerful Parental Controls Let your child discover the best the Internet >has to offer. >http://join.msn.com/?pgmarket=en-ca&page=byoa/prem&xAPID=1994&DI=1034&SU=http://hotmail.com/enca&HL=Market_MSNIS_Taglines > Start enjoying all the benefits of MSN® Premium right now and get the >first two months FREE*. > >_______________________________________________ >freebsd-pf@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-pf >To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" _________________________________________________________________ Designer Mail isn't just fun to send, it's fun to receive. Use special stationery, fonts and colors. http://join.msn.com/?pgmarket=en-ca&page=byoa/prem&xAPID=1994&DI=1034&SU=http://hotmail.com/enca&HL=Market_MSNIS_Taglines Start enjoying all the benefits of MSN® Premium right now and get the first two months FREE*.