From owner-freebsd-pf@FreeBSD.ORG Mon Aug 16 11:07:05 2010 Return-Path: Delivered-To: freebsd-pf@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A290410656A7 for ; Mon, 16 Aug 2010 11:07:05 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 907378FC24 for ; Mon, 16 Aug 2010 11:07:05 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id o7GB753P058960 for ; Mon, 16 Aug 2010 11:07:05 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id o7GB74Ho058958 for freebsd-pf@FreeBSD.org; Mon, 16 Aug 2010 11:07:05 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 16 Aug 2010 11:07:05 GMT Message-Id: <201008161107.o7GB74Ho058958@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-pf@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-pf@FreeBSD.org X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Aug 2010 11:07:05 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/148290 pf [pf] "sticky-address" option of Packet Filter (PF) blo o kern/148260 pf [pf] [patch] pf rdr incompatible with dummynet o kern/147789 pf [pf] Firewall PF no longer drops connections by sendin o kern/146832 pf [pf] "(self)" not always matching all local IPv6 addre o kern/144311 pf [pf] [icmp] massive ICMP storm on lo0 occurs when usin o kern/143543 pf [pf] [panic] PF route-to causes kernel panic o bin/143504 pf [patch] outgoing states are not killed by authpf(8) o conf/142961 pf [pf] No way to adjust pidfile in pflogd o conf/142817 pf [patch] etc/rc.d/pf: silence pfctl o kern/141905 pf [pf] [panic] pf kernel panic on 7.2-RELEASE with empty o kern/140697 pf [pf] pf behaviour changes - must be documented o kern/137982 pf [pf] when pf can hit state limits, random IP failures o kern/136781 pf [pf] Packets appear to drop with pf scrub and if_bridg o kern/135948 pf [pf] [gre] pf not natting gre protocol o kern/135162 pf [pfsync] pfsync(4) not usable with GENERIC kernel o kern/134996 pf [pf] Anchor tables not included when pfctl(8) is run w o kern/133732 pf [pf] max-src-conn issue o kern/132769 pf [pf] [lor] 2 LOR's with pf task mtx / ifnet and rtent f kern/132176 pf [pf] pf stalls connection when using route-to [regress o conf/130381 pf [rc.d] [pf] [ip6] ipv6 not fully configured when pf st o kern/129861 pf [pf] [patch] Argument names reversed in pf_table.c:_co o kern/127920 pf [pf] ipv6 and synproxy don't play well together o conf/127814 pf [pf] The flush in pf_reload in /etc/rc.d/pf does not w o kern/127439 pf [pf] deadlock in pf f kern/127345 pf [pf] Problem with PF on FreeBSD7.0 [regression] o kern/127121 pf [pf] [patch] pf incorrect log priority o kern/127042 pf [pf] [patch] pf recursion panic if interface group is o kern/125467 pf [pf] pf keep state bug while handling sessions between s kern/124933 pf [pf] [ip6] pf does not support (drops) IPv6 fragmented o kern/124364 pf [pf] [panic] Kernel panic with pf + bridge o kern/122773 pf [pf] pf doesn't log uid or pid when configured to o kern/122014 pf [pf] [panic] FreeBSD 6.2 panic in pf o kern/121704 pf [pf] PF mangles loopback packets o kern/120281 pf [pf] [request] lost returning packets to PF for a rdr o kern/120057 pf [pf] [patch] Allow proper settings of ALTQ_HFSC. The c o bin/118355 pf [pf] [patch] pfctl(8) help message options order false o kern/114567 pf [pf] [lor] pf_ioctl.c + if.c o kern/114095 pf [carp] carp+pf delay with high state limit o kern/111220 pf [pf] repeatable hangs while manipulating pf tables s conf/110838 pf [pf] tagged parameter on nat not working on FreeBSD 5. o kern/103283 pf pfsync fails to sucessfully transfer some sessions o kern/103281 pf pfsync reports bulk update failures o kern/93825 pf [pf] pf reply-to doesn't work o sparc/93530 pf [pf] Incorrect checksums when using pf's route-to on s o kern/92949 pf [pf] PF + ALTQ problems with latency o bin/86635 pf [patch] pfctl(8): allow new page character (^L) in pf. o kern/82271 pf [pf] cbq scheduler cause bad latency 47 problems total. From owner-freebsd-pf@FreeBSD.ORG Fri Aug 20 01:02:25 2010 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2D2071065675 for ; Fri, 20 Aug 2010 01:02:25 +0000 (UTC) (envelope-from PMahan@adaranet.com) Received: from barracuda.adaranet.com (smtp.adaranet.com [72.5.229.2]) by mx1.freebsd.org (Postfix) with ESMTP id 0BDC08FC15 for ; Fri, 20 Aug 2010 01:02:24 +0000 (UTC) X-ASG-Debug-ID: 1282265082-506109470001-7tp3by Received: from SJ-EXCH-1.adaranet.com ([10.10.1.29]) by barracuda.adaranet.com with ESMTP id CfU4nBgcJ09zsTaK; Thu, 19 Aug 2010 17:44:42 -0700 (PDT) X-Barracuda-Envelope-From: PMahan@adaranet.com Received: from SJ-EXCH-1.adaranet.com ([fe80::7042:d8c2:5973:c523]) by SJ-EXCH-1.adaranet.com ([fe80::7042:d8c2:5973:c523%14]) with mapi; Thu, 19 Aug 2010 17:44:40 -0700 From: Patrick Mahan X-Barracuda-BBL-IP: fe80::7042:d8c2:5973:c523 X-Barracuda-RBL-IP: fe80::7042:d8c2:5973:c523 To: "freebsd-pf@freebsd.org" Date: Thu, 19 Aug 2010 17:44:26 -0700 X-ASG-Orig-Subj: PF newbie questions Thread-Topic: PF newbie questions Thread-Index: ActAANdNSyghVAwhRUyS63tjvpONuA== Message-ID: <32AB5C9615CC494997D9ABB1DB12783C024C875098@SJ-EXCH-1.adaranet.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-cr-hashedpuzzle: An7B DAlr EmoB GL9A IQUt IQhr I4H7 KTpd KT2P LUEy QA8J QYRI Qf0V Q4H9 Rx0r TJch; 2; ZgByAGUAZQBiAHMAZAAtAHAAZgBAAGYAcgBlAGUAYgBzAGQALgBvAHIAZwA7AG0AYQBoAGEAbgBAAG0AYQBoAGEAbgAuAG8AcgBnAA==; Sosha1_v1; 7; {410F644B-D75E-47B1-99E6-6F6C93ECA97A}; cABtAGEAaABhAG4AQABhAGQAYQByAGEAbgBlAHQALgBjAG8AbQA=; Fri, 20 Aug 2010 00:44:26 GMT; UABGACAAbgBlAHcAYgBpAGUAIABxAHUAZQBzAHQAaQBvAG4AcwA= x-cr-puzzleid: {410F644B-D75E-47B1-99E6-6F6C93ECA97A} acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Barracuda-Connect: UNKNOWN[10.10.1.29] X-Barracuda-Start-Time: 1282265080 X-Barracuda-URL: http://172.16.10.203:8000/cgi-mod/mark.cgi X-Virus-Scanned: by bsmtpd at adaranet.com Cc: "mahan@mahan.org" Subject: PF newbie questions X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Aug 2010 01:02:25 -0000 All, I am programmer tasked with investigating the use of ALTQ with our software as a QoS mechanism. However, my current investigation is from just what the Packet Filter (PF) code is doing. I am currently looking at the packet classification occurring in the IPv4 output function (ip_output.c::ip_output()) which leads to (pf_ioctl.c::pf_check_out()). pf_check_out() calls pf_test() which in turns calls pf_normalize_ip() which looks to me to perform a re-assembly of IP fragments. Note that I am only going on a code review. I have not yet gotten a test bed that I can run using the kernel debugger. I am just a little concern over the potential for impact to the throughput by the re-assembling of an IP packet from its fragments (which would then be re-fragmented when it is transmitted later in ip_output()). Also, I noticed that when an interface is initialized for ALTQ, the ifq_drv_maxlen is set to 0. I sort of understand this having worked for Cisco for a few years of my existence and seeing how the internal hardware queues were throttled when software queues were enabled on an interface. However, it seems to me that limiting it to 0 is a bit drastic. Shouldn't it be something like 4-8 packet limit? Thanks for your patience, Patrick From owner-freebsd-pf@FreeBSD.ORG Fri Aug 20 05:22:54 2010 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A25471065698 for ; Fri, 20 Aug 2010 05:22:54 +0000 (UTC) (envelope-from bc979@lafn.org) Received: from zoom.lafn.org (zoom.lafn.org [206.117.18.8]) by mx1.freebsd.org (Postfix) with ESMTP id 869F28FC1C for ; Fri, 20 Aug 2010 05:22:54 +0000 (UTC) Received: from [10.0.1.4] (pool-71-109-159-124.lsanca.dsl-w.verizon.net [71.109.159.124]) (authenticated bits=0) by zoom.lafn.org (8.14.3/8.14.2) with ESMTP id o7K5BXnc066808 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO) for ; Thu, 19 Aug 2010 22:11:33 -0700 (PDT) (envelope-from bc979@lafn.org) From: Doug Hardie Content-Type: text/plain; charset=us-ascii Message-Id: Date: Thu, 19 Aug 2010 22:11:32 -0700 To: freebsd-pf@freebsd.org Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Apple Message framework v1081) X-Mailer: Apple Mail (2.1081) X-Virus-Scanned: clamav-milter 0.95.3 at zoom.lafn.org X-Virus-Status: Clean Subject: Filter Question X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Aug 2010 05:22:54 -0000 I have a situation where one of the web servers needs to have its output = throttled. I have pf with ALTQ CBQ running. The pf.conf file contains: altq on $ext_if cbq bandwidth 100% queue {normal, web} queue normal bandwidth 99% cbq(default) queue web bandwidth 10Kb cbq pass out log on $ext_if proto tcp to any pass log proto tcp from any to any port 8001 queue web pass log proto tcp from any port 8001 to any queue web It seems to work. Requests to the web server at port 8001 are logged = and the output is definitely throttled although there are never any = packets shown for the last rule since the original request generates = state which seems to effectively bypass rule processing for the response = from the web server. The throttle on the input is pretty much meaningless but doesn't seem to = cause any problems. Without it in the next to last rule, the throttle = is never invoked. Likewise I have not found a way to get the output = logged. Adding no state to the next to last rule has no effect. I = suspect that the last rule can be removed. Without the next to last rule, nothing is throttled. Is there a better way to do this?= From owner-freebsd-pf@FreeBSD.ORG Sat Aug 21 00:18:47 2010 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 27CE01065674 for ; Sat, 21 Aug 2010 00:18:47 +0000 (UTC) (envelope-from freebsd@vfemail.net) Received: from vfemail.net (dotsevenfive.vfemail.net [69.11.239.75]) by mx1.freebsd.org (Postfix) with ESMTP id D29F68FC16 for ; Sat, 21 Aug 2010 00:18:46 +0000 (UTC) Received: (qmail 18305 invoked by uid 89); 20 Aug 2010 23:47:54 -0000 Received: from localhost (HELO freequeue.vfemail.net) (127.0.0.1) by localhost with SMTP; 20 Aug 2010 23:47:50 -0000 Received: (qmail 89003 invoked by uid 89); 20 Aug 2010 21:40:02 -0000 Received: from unknown (HELO www-52-2.vfemail.net) (vfemail@172.16.100.52) by FreeQueue with SMTP; 20 Aug 2010 21:40:02 -0000 Received: (qmail 56857 invoked by uid 89); 20 Aug 2010 21:42:09 -0000 Received: by simscan 1.4.0 ppid: 56489, pid: 56836, t: 0.6030s scanners:none Received: from unknown (HELO bofh-x.m0osk.net) (ZnJlZWJzZEB2ZmVtYWlsLm5ldA==@82.3.149.69) by mail.vfemail.net with ESMTPA; 20 Aug 2010 21:42:08 -0000 Message-ID: <4C6EF6A3.1060204@vfemail.net> Date: Fri, 20 Aug 2010 22:41:55 +0100 From: Free BSD User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-GB; rv:1.9.1.9) Gecko/20100412 Thunderbird/3.0.4 MIME-Version: 1.0 To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: how to use pflog with lagg device X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Aug 2010 00:18:47 -0000 Dear List members I have a server using two different NICs as a LACP lagg device. as per the /etc/rc.conf file, the configuration is ifconfig_em0="up" ifconfig_re0="up" cloned_interfaces="lagg0" ifconfig_lagg0="laggproto lacp laggport em0 laggport re0" ipv4_addrs_lagg0="192.168.1.3/22" pflog_enable="YES" pflog_logfile="/var/log/pflog" pflog_program="/sbin/pflogd" pflog_flags="" and the ifconfig says em0: flags=8843 metric 0 mtu 1500 options=219b ether 00:22:19:1d:7b:a8 media: Ethernet autoselect (1000baseT ) status: active re0: flags=8843 metric 0 mtu 1500 options=389b ether 00:22:19:1d:7b:a8 media: Ethernet autoselect (1000baseT ) status: active plip0: flags=8810 metric 0 mtu 1500 pflog0: flags=141 metric 0 mtu 33200 lo0: flags=8049 metric 0 mtu 16384 options=3 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5 inet6 ::1 prefixlen 128 inet 127.0.0.1 netmask 0xff000000 nd6 options=3 pfsync0: flags=0<> metric 0 mtu 1460 syncpeer: 224.0.0.240 maxupd: 128 enc0: flags=0<> metric 0 mtu 1536 vboxnet0: flags=8802 metric 0 mtu 1500 ether 0a:00:27:00:00:00 lagg0: flags=8843 metric 0 mtu 1500 options=209b ether 00:22:19:1d:7b:a8 inet 192.168.1.3 netmask 0xfffffc00 broadcast 192.168.3.255 media: Ethernet autoselect status: active laggproto lacp laggport: re0 flags=1c laggport: em0 flags=1c However, if I try to view the log, it says tcpdump -n -e ttt -i pflog0 tcpdump: WARNING: em0: no IPv4 address assigned tcpdump: syntax error I have also tried with -i lagg0, and the same error was generated. I'm not sure if I'm doing something wrong. I went through the FB handbook as much as I could, also googled around -- no luck. Any pointer / suggestion is welcom. Thanks. ------------------------------------------------- This message sent via VFEmail.net http://www.vfemail.net $14.95 Lifetime accounts - 1GB disk, No bandwidth quotas! From owner-freebsd-pf@FreeBSD.ORG Sat Aug 21 01:03:15 2010 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7381C106566B for ; Sat, 21 Aug 2010 01:03:15 +0000 (UTC) (envelope-from gpalmer@freebsd.org) Received: from noop.in-addr.com (mail.in-addr.com [IPv6:2001:470:8:162::1]) by mx1.freebsd.org (Postfix) with ESMTP id 4CD738FC08 for ; Sat, 21 Aug 2010 01:03:15 +0000 (UTC) Received: from gjp by noop.in-addr.com with local (Exim 4.54 (FreeBSD)) id 1OmcUL-000GCH-Ej; Fri, 20 Aug 2010 21:03:13 -0400 Date: Fri, 20 Aug 2010 21:03:13 -0400 From: Gary Palmer To: Free BSD Message-ID: <20100821010313.GC86366@in-addr.com> References: <4C6EF6A3.1060204@vfemail.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4C6EF6A3.1060204@vfemail.net> Cc: freebsd-pf@freebsd.org Subject: Re: how to use pflog with lagg device X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Aug 2010 01:03:15 -0000 On Fri, Aug 20, 2010 at 10:41:55PM +0100, Free BSD wrote: > However, if I try to view the log, it says > > tcpdump -n -e ttt -i pflog0 > tcpdump: WARNING: em0: no IPv4 address assigned > tcpdump: syntax error Your command syntax is incorrect. You are missing a '-' from the 'ttt' option. Try: tcpdump -n -e -ttt -i pflog0 The pflog command I personally use is: tcpdump -s 0 -i pflog0 -n -tttte Regards, Gary From owner-freebsd-pf@FreeBSD.ORG Sat Aug 21 13:00:12 2010 Return-Path: Delivered-To: freebsd-pf@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 851751065673 for ; Sat, 21 Aug 2010 13:00:12 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 5BF2D8FC1D for ; Sat, 21 Aug 2010 13:00:12 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id o7LD0CYk000427 for ; Sat, 21 Aug 2010 13:00:12 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id o7LD0CTi000423; Sat, 21 Aug 2010 13:00:12 GMT (envelope-from gnats) Date: Sat, 21 Aug 2010 13:00:12 GMT Message-Id: <201008211300.o7LD0CTi000423@freefall.freebsd.org> To: freebsd-pf@FreeBSD.org From: "Bjoern A. Zeeb" Cc: Subject: Re: kern/144311: [pf] [icmp] massive ICMP storm on lo0 occurs when using pf(4) 'reply-to' X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: "Bjoern A. Zeeb" List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Aug 2010 13:00:12 -0000 The following reply was made to PR kern/144311; it has been noted by GNATS. From: "Bjoern A. Zeeb" To: bug-followup@FreeBSD.org, kasahara@nc.kyushu-u.ac.jp Cc: Subject: Re: kern/144311: [pf] [icmp] massive ICMP storm on lo0 occurs when using pf(4) 'reply-to' Date: Sat, 21 Aug 2010 12:47:15 +0000 (UTC) Hey, have you re-tried with an updated kernel and this patch again? It seems to help other people. Could you give us an update? /bz -- Bjoern A. Zeeb This signature is about you not me. From owner-freebsd-pf@FreeBSD.ORG Sat Aug 21 13:09:18 2010 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7989B106567A for ; Sat, 21 Aug 2010 13:09:18 +0000 (UTC) (envelope-from siseci@gmail.com) Received: from mail-gw0-f54.google.com (mail-gw0-f54.google.com [74.125.83.54]) by mx1.freebsd.org (Postfix) with ESMTP id 35ED38FC16 for ; Sat, 21 Aug 2010 13:09:18 +0000 (UTC) Received: by gwj23 with SMTP id 23so1887169gwj.13 for ; Sat, 21 Aug 2010 06:09:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type; bh=lkc6KiEACGPKD6wGOTbi49MrCGgmHaaIXo/kMcIV6DE=; b=JZNRO4CF+J8tCl3Fct5xHaq/qeT9fDJeFEdsIcDwsWjxu1hAyC0lenDRrba3rSHciA uQdJ06oR23+7UmVyfPtRj3j7sQGSVdPhoIFVzj1MpLGKHd8nJEg0B07HfsSm+czm6sCd 6s+MxMCYlZ1uNe1NtSCpFfXNCHATAzcNmVQYk= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=tm4pjNc4I8rCycchUiNY6Ew7iqTgpYtmez4Kr+zQwzVxBR1T0ciAqbG1Uf+n93t7qH DIo4C5xsO3LS1DQ9jSV2KAX460mV+nWvsR0t7e0+8oIgsnqFj4UZ0rRdOWMyO+I1boOu aNIibOFbxbXoRfbWCkHzgL8NrJlI6m9eN40fA= MIME-Version: 1.0 Received: by 10.100.209.14 with SMTP id h14mr3041251ang.106.1282394342253; Sat, 21 Aug 2010 05:39:02 -0700 (PDT) Received: by 10.101.128.30 with HTTP; Sat, 21 Aug 2010 05:39:02 -0700 (PDT) In-Reply-To: <4C6EF6A3.1060204@vfemail.net> References: <4C6EF6A3.1060204@vfemail.net> Date: Sat, 21 Aug 2010 15:39:02 +0300 Message-ID: From: "N. Ersen SISECI" To: Free BSD Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-pf@freebsd.org Subject: Re: how to use pflog with lagg device X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Aug 2010 13:09:18 -0000 Hi, There is a missing minus before ttt. tcpdump -n -e -ttt -i pflog0 Necati. 2010/8/21 Free BSD > Dear List members > > I have a server using two different NICs as a LACP lagg device. as per the > /etc/rc.conf file, the configuration is > > ifconfig_em0="up" > ifconfig_re0="up" > cloned_interfaces="lagg0" > ifconfig_lagg0="laggproto lacp laggport em0 laggport re0" > ipv4_addrs_lagg0="192.168.1.3/22" > > pflog_enable="YES" > pflog_logfile="/var/log/pflog" > pflog_program="/sbin/pflogd" > pflog_flags="" > > > and the ifconfig says > > em0: flags=8843 metric 0 mtu 1500 > > options=219b > ether 00:22:19:1d:7b:a8 > media: Ethernet autoselect (1000baseT ) > status: active > re0: flags=8843 metric 0 mtu 1500 > > options=389b > ether 00:22:19:1d:7b:a8 > media: Ethernet autoselect (1000baseT ) > status: active > plip0: flags=8810 metric 0 mtu 1500 > pflog0: flags=141 metric 0 mtu 33200 > lo0: flags=8049 metric 0 mtu 16384 > options=3 > inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5 > inet6 ::1 prefixlen 128 > inet 127.0.0.1 netmask 0xff000000 > nd6 options=3 > pfsync0: flags=0<> metric 0 mtu 1460 > syncpeer: 224.0.0.240 maxupd: 128 > enc0: flags=0<> metric 0 mtu 1536 > vboxnet0: flags=8802 metric 0 mtu 1500 > ether 0a:00:27:00:00:00 > lagg0: flags=8843 metric 0 mtu 1500 > > options=209b > ether 00:22:19:1d:7b:a8 > inet 192.168.1.3 netmask 0xfffffc00 broadcast 192.168.3.255 > media: Ethernet autoselect > status: active > laggproto lacp > laggport: re0 flags=1c > laggport: em0 flags=1c > > > However, if I try to view the log, it says > > tcpdump -n -e ttt -i pflog0 > tcpdump: WARNING: em0: no IPv4 address assigned > tcpdump: syntax error > > I have also tried with -i lagg0, and the same error was generated. I'm not > sure if I'm doing something wrong. I went through the FB handbook as much as > I could, also googled around -- no luck. > > Any pointer / suggestion is welcom. > > Thanks. > > > > > ------------------------------------------------- > This message sent via VFEmail.net > http://www.vfemail.net > $14.95 Lifetime accounts - 1GB disk, No bandwidth quotas! > > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > -- N. Ersen SISECI http://www.enderunix.org From owner-freebsd-pf@FreeBSD.ORG Sat Aug 21 15:19:57 2010 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8950E1065675 for ; Sat, 21 Aug 2010 15:19:57 +0000 (UTC) (envelope-from freebsd@vfemail.net) Received: from vfemail.net (dotsevenfive.vfemail.net [69.11.239.75]) by mx1.freebsd.org (Postfix) with ESMTP id AEF858FC08 for ; Sat, 21 Aug 2010 15:19:56 +0000 (UTC) Received: (qmail 84919 invoked by uid 89); 21 Aug 2010 15:15:34 -0000 Received: from localhost (HELO freequeue.vfemail.net) (127.0.0.1) by localhost with SMTP; 21 Aug 2010 15:15:34 -0000 Received: (qmail 71539 invoked by uid 89); 21 Aug 2010 14:21:06 -0000 Received: from unknown (HELO www-51-2.vfemail.net) (vfemail@172.16.100.51) by FreeQueue with SMTP; 21 Aug 2010 14:21:06 -0000 Received: (qmail 76333 invoked by uid 89); 21 Aug 2010 14:22:09 -0000 Received: by simscan 1.4.0 ppid: 76198, pid: 76330, t: 0.1323s scanners:none Received: from unknown (HELO bofh-x.m0osk.net) (ZnJlZWJzZEB2ZmVtYWlsLm5ldA==@82.3.149.69) by mail.vfemail.net with ESMTPA; 21 Aug 2010 14:22:09 -0000 Message-ID: <4C6FE106.1070408@vfemail.net> Date: Sat, 21 Aug 2010 15:21:58 +0100 From: Free BSD User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-GB; rv:1.9.1.9) Gecko/20100412 Thunderbird/3.0.4 MIME-Version: 1.0 To: "N. Ersen SISECI" References: <4C6EF6A3.1060204@vfemail.net> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-pf@freebsd.org Subject: Re: how to use pflog with lagg device X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Aug 2010 15:19:57 -0000 On 21/08/2010 13:39, N. Ersen SISECI wrote: > Hi, > > There is a missing minus before ttt. > > tcpdump -n -e -ttt -i pflog0 > > Necati. Dear Glen and Necati Thank you for pointing that out. can't believe I completely missed it! Yes, it worked like a charm Thanks ------------------------------------------------- This message sent via VFEmail.net http://www.vfemail.net $14.95 Lifetime accounts - 1GB disk, No bandwidth quotas!