From owner-freebsd-ipfw@FreeBSD.ORG Mon Jun 4 11:07:41 2012 Return-Path: Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 893DE106564A for ; Mon, 4 Jun 2012 11:07:41 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 72DE98FC24 for ; Mon, 4 Jun 2012 11:07:41 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q54B7f3M017476 for ; Mon, 4 Jun 2012 11:07:41 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q54B7er3017472 for freebsd-ipfw@FreeBSD.org; Mon, 4 Jun 2012 11:07:40 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 4 Jun 2012 11:07:40 GMT Message-Id: <201206041107.q54B7er3017472@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-ipfw@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-ipfw@FreeBSD.org X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Jun 2012 11:07:41 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o conf/167822 ipfw [ipfw] [patch] start script doesn't load firewall_type o kern/166406 ipfw [ipfw] ipfw does not set ALTQ identifier for ipv6 traf o kern/165190 ipfw [ipfw] [lo] [patch] loopback interface is not marking f kern/163873 ipfw [ipfw] ipfw fwd does not work with 'via interface' in o kern/158066 ipfw [ipfw] ipfw + netgraph + multicast = multicast packets o kern/157796 ipfw [ipfw] IPFW in-kernel NAT nat loopback / Default Route o kern/157689 ipfw [ipfw] ipfw nat config does not accept nonexistent int o kern/156770 ipfw [ipfw] [dummynet] [patch]: performance improvement and f kern/155927 ipfw [ipfw] ipfw stops to check packets for compliance with o bin/153252 ipfw [ipfw][patch] ipfw lockdown system in subsequent call o kern/153161 ipfw [ipfw] does not support specifying rules with ICMP cod o kern/152113 ipfw [ipfw] page fault on 8.1-RELEASE caused by certain amo o kern/148827 ipfw [ipfw] divert broken with in-kernel ipfw o kern/148689 ipfw [ipfw] antispoof wrongly triggers on link local IPv6 a o kern/148430 ipfw [ipfw] IPFW schedule delete broken. o kern/148091 ipfw [ipfw] ipfw ipv6 handling broken. o kern/143973 ipfw [ipfw] [panic] ipfw forward option causes kernel reboo o kern/143621 ipfw [ipfw] [dummynet] [patch] dummynet and vnet use result o kern/137346 ipfw [ipfw] ipfw nat redirect_proto is broken o kern/137232 ipfw [ipfw] parser troubles o kern/135476 ipfw [ipfw] IPFW table breaks after adding a large number o o kern/129036 ipfw [ipfw] 'ipfw fwd' does not change outgoing interface n p kern/128260 ipfw [ipfw] [patch] ipfw_divert damages IPv6 packets o kern/127230 ipfw [ipfw] [patch] Feature request to add UID and/or GID l f kern/122963 ipfw [ipfw] tcpdump does not show packets redirected by 'ip s kern/121807 ipfw [request] TCP and UDP port_table in ipfw o kern/121122 ipfw [ipfw] [patch] add support to ToS IP PRECEDENCE fields o kern/116009 ipfw [ipfw] [patch] Ignore errors when loading ruleset from o bin/104921 ipfw [patch] ipfw(8) sometimes treats ipv6 input as ipv4 (a o kern/104682 ipfw [ipfw] [patch] Some minor language consistency fixes a o kern/103454 ipfw [ipfw] [patch] [request] add a facility to modify DF b o kern/103328 ipfw [ipfw] [request] sugestions about ipfw table o kern/102471 ipfw [ipfw] [patch] add tos and dscp support o kern/97951 ipfw [ipfw] [patch] ipfw does not tie interface details to o kern/95084 ipfw [ipfw] [regression] [patch] IPFW2 ignores "recv/xmit/v o kern/86957 ipfw [ipfw] [patch] ipfw mac logging o bin/83046 ipfw [ipfw] ipfw2 error: "setup" is allowed for icmp, but s o kern/82724 ipfw [ipfw] [patch] [request] Add setnexthop and defaultrou o bin/78785 ipfw [patch] ipfw(8) verbosity locks machine if /etc/rc.fir o bin/65961 ipfw [ipfw] ipfw2 memory corruption inside add() o kern/60719 ipfw [ipfw] Headerless fragments generate cryptic error mes s kern/55984 ipfw [ipfw] [patch] time based firewalling support for ipfw o kern/48172 ipfw [ipfw] [patch] ipfw does not log size and flags o kern/46159 ipfw [ipfw] [patch] [request] ipfw dynamic rules lifetime f a kern/26534 ipfw [ipfw] Add an option to ipfw to log gid/uid of who cau 45 problems total. From owner-freebsd-ipfw@FreeBSD.ORG Tue Jun 5 14:11:28 2012 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1EC281065674 for ; Tue, 5 Jun 2012 14:11:28 +0000 (UTC) (envelope-from dhartmei@insomnia.benzedrine.cx) Received: from insomnia.benzedrine.cx (106-30.3-213.fix.bluewin.ch [213.3.30.106]) by mx1.freebsd.org (Postfix) with ESMTP id 7BF1F8FC12 for ; Tue, 5 Jun 2012 14:11:26 +0000 (UTC) Received: from insomnia.benzedrine.cx (localhost.benzedrine.cx [127.0.0.1]) by insomnia.benzedrine.cx (8.14.1/8.13.4) with ESMTP id q55EBP2B027775 (version=TLSv1/SSLv3 cipher=DHE-DSS-AES256-SHA bits=256 verify=NO) for ; Tue, 5 Jun 2012 16:11:25 +0200 (MEST) Received: (from dhartmei@localhost) by insomnia.benzedrine.cx (8.14.1/8.12.10/Submit) id q55EBOsO021335 for freebsd-ipfw@freebsd.org; Tue, 5 Jun 2012 16:11:24 +0200 (MEST) Date: Tue, 5 Jun 2012 16:11:24 +0200 From: Daniel Hartmeier To: freebsd-ipfw@freebsd.org Message-ID: <20120605141124.GF13069@insomnia.benzedrine.cx> References: <20120524114555.GL29536@insomnia.benzedrine.cx> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20120524114555.GL29536@insomnia.benzedrine.cx> User-Agent: Mutt/1.5.12-2006-07-14 Subject: Re: kern/168190: pfil hook leaving ip_len in wrong byte order (ipfw?) X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Jun 2012 14:11:28 -0000 The problem turned out to be in ipfilter, for more details see http://marc.info/?l=freebsd-net&m=133888532814565 Daniel From owner-freebsd-ipfw@FreeBSD.ORG Tue Jun 5 17:49:37 2012 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C6C071065670 for ; Tue, 5 Jun 2012 17:49:37 +0000 (UTC) (envelope-from mike@magicislandtechnologies.com) Received: from mail.magicislandtechnologies.com (mail.magicislandtechnologies.com [74.208.96.3]) by mx1.freebsd.org (Postfix) with ESMTP id 6784C8FC08 for ; Tue, 5 Jun 2012 17:49:37 +0000 (UTC) Received: (qmail 10783 invoked from network); 6 Jun 2012 01:47:04 +0400 Received: from adsl-99-118-117-244.dsl.sfldmi.sbcglobal.net (HELO ?99.118.117.244?) (99.118.117.244) by mail.magicislandtechnologies.com with (DHE-RSA-AES256-SHA encrypted) SMTP; 6 Jun 2012 01:47:04 +0400 Message-ID: <4FCE4871.4000708@magicislandtechnologies.com> Date: Tue, 05 Jun 2012 13:57:05 -0400 From: Michael Spratt User-Agent: Thunderbird 2.0.0.22 (X11/20090605) MIME-Version: 1.0 To: freebsd-ipfw@freebsd.org References: <20120524114555.GL29536@insomnia.benzedrine.cx> <20120605141124.GF13069@insomnia.benzedrine.cx> In-Reply-To: <20120605141124.GF13069@insomnia.benzedrine.cx> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Daniel Hartmeier Subject: Re: kern/168190: pfil hook leaving ip_len in wrong byte order (ipfw?) X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Jun 2012 17:49:37 -0000 Dear respected sir/s, How can I mangle all forwarded packets on freebsd/pf/ipfw/ stamping them with a hard set MSS like 512, I need to clamp my mss on the freebsd forwarder/router because of gre tunnels breaking MTUPD for extranet clients, and some sites like yahoo/hotmail will often not work. What function in freebsd/pf/ipfw will allow me to tag all my packets/connections with MSS=512 as I foward them or as they come in or out of an interface. That would be cool if the OS offered a sysctl overide. Linux iptables equivilent of iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu or iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 512 Daniel Hartmeier wrote: > The problem turned out to be in ipfilter, for more details see > http://marc.info/?l=freebsd-net&m=133888532814565 > > Daniel > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" > > From owner-freebsd-ipfw@FreeBSD.ORG Fri Jun 8 21:56:55 2012 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 588B5106564A; Fri, 8 Jun 2012 21:56:55 +0000 (UTC) (envelope-from sodynet1@gmail.com) Received: from mail-ob0-f182.google.com (mail-ob0-f182.google.com [209.85.214.182]) by mx1.freebsd.org (Postfix) with ESMTP id 131098FC16; Fri, 8 Jun 2012 21:56:54 +0000 (UTC) Received: by obcni5 with SMTP id ni5so3822447obc.13 for ; Fri, 08 Jun 2012 14:56:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=/GYoG3cBJzsXQGHWBVOeOqriBwfWsh4PpHLkrEx74+8=; b=Mk1LXAPmJzVq+MJ8HWFSffYG2FWPQbCL2Eft9LRaFDSmKdqlx/oBZhRgvmwNuLyfLj V3q3FpeZWUJ6R54yT0bZgLgfo6X10waLhXAfVZnu4veHLB0L50xeUC6rAShY+TheWsAS vFvcWSfhLpMhmjAAKVp6pdf2lBNeksEmpnuAH4efSs9ekA3AaQ4sy5Wiedq3HE3Hgc6A iCbiQqd8Tg/+zIhmdYZV4YRJijGVCgfVQpo2G7PVsfFWA6cXx0WuJPRg9Ha/1vX7CGrv gYjrKdx6lijwMVVOue8FeA0918wGR23kt+0sjuq0ar198QF4GsI1tJjcv9Kda01A/wFy YsbQ== MIME-Version: 1.0 Received: by 10.60.9.134 with SMTP id z6mr8672465oea.46.1339192614408; Fri, 08 Jun 2012 14:56:54 -0700 (PDT) Received: by 10.182.44.101 with HTTP; Fri, 8 Jun 2012 14:56:54 -0700 (PDT) Date: Sat, 9 Jun 2012 00:56:54 +0300 Message-ID: From: Sami Halabi To: freebsd-net@freebsd.org, freebsd-ipfw@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Subject: ipfw rules consuming CPU X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Jun 2012 21:56:55 -0000 Hi, I Manage a FreeBSD server as an edge router & firewall. the setup has 10G interfaces (ixgbe-82599EB) and 1G interfaces(em-82571EB & bce-BCM5709) connected to 10G/1G switches. With the following setup i get higher cpu usage: bce1-upstream provider with little bandwidth, so i use pipes to limit users, and subnets ix0 - Internet Exchange some rules. . . .from 4000 starts pipes for specefic ips bandwidth allocations 04000 6210053001 5845967300616 pipe 1003 ip from 182.46.92.13 to any out xmit bce1 04100 41289897537 3064110648124 pipe 1004 ip from any to 182.46.92.13 in recv bce1 . . . .7000 is the wider pipeline for the whole block 07000 9127154724 4651308720315 pipe 1000 ip from 182.46.92.0/24 to any out xmit bce1 07100 4837016828 458027989917 pipe 1002 ip from any to 182.46.92.0/24 in recv bce1 last rule default to accept... specefic pipes (1003-...) have limits say between 1-10Mbps, and the wider pipe (1000 and 1002) has a global limit of 40MBps that should be reached by all other non-specefic ips, config like this: #Wide ipfw pipe 1000 config bw 40Mbit/s queue 200Kbytes ipfw pipe 1002 config bw 40Mbit/s queue 200Kbytes #specefic ipfw pipe 1003 config bw 9Mbit/s queue 200Kbytes ipfw pipe 1004 config bw 9Mbit/s queue 200Kbytes ipfw pipe 1005 config bw 3Mbit/s queue 200Kbytes ipfw pipe 1006 config bw 3Mbit/s queue 200Kbytes ipfw pipe 1007 config bw 5Mbit/s queue 200Kbytes ipfw pipe 1008 config bw 5Mbit/s queue 200Kbytes ipfw pipe 1009 config bw 10Mbit/s queue 200Kbytes ipfw pipe 1010 config bw 10Mbit/s queue 200Kbytes with this configuration when i have lots of traffic (3-6GB) going via ix0 (not necessarly the ips described above, lets say to a server in my net ip 1832.46.93.4 and users behind the Internet Exchange) i see high cpu usage (70-90%). my first test was to: ipfw add 1 allow all from any to any, and cpu usage drops immediatly to 10-15%. but that not why i want (i wantto keep thelimits) so I add rule right before 4000 and the cpu usage drops down to 10-20%: 03020 1669463072808 1493341413029803 allow ip from any to any via ix0 Any advice why this happens? or should it be there in the first place? I use FreeBSD 8.1-R-p10-amd64. Thanks in advance, -- Sami Halabi Information Systems Engineer NMS Projects Expert FreeBSD SysAdmin Expert From owner-freebsd-ipfw@FreeBSD.ORG Sat Jun 9 10:16:53 2012 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx2.freebsd.org (mx2.freebsd.org [69.147.83.53]) by hub.freebsd.org (Postfix) with ESMTP id 0B0FA1065674; Sat, 9 Jun 2012 10:16:53 +0000 (UTC) (envelope-from melifaro@FreeBSD.org) Received: from dhcp170-36-red.yandex.net (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx2.freebsd.org (Postfix) with ESMTP id 97FF715EEF9; Sat, 9 Jun 2012 10:15:43 +0000 (UTC) Message-ID: <4FD3224A.3080700@FreeBSD.org> Date: Sat, 09 Jun 2012 14:15:38 +0400 From: "Alexander V. Chernikov" User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:12.0) Gecko/20120511 Thunderbird/12.0.1 MIME-Version: 1.0 To: Sami Halabi References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org, freebsd-ipfw@freebsd.org Subject: Re: ipfw rules consuming CPU X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Jun 2012 10:16:53 -0000 On 09.06.2012 01:56, Sami Halabi wrote: > Hi, > > I Manage a FreeBSD server as an edge router& firewall. > the setup has 10G interfaces (ixgbe-82599EB) and 1G interfaces(em-82571EB& > bce-BCM5709) connected to 10G/1G switches. > > With the following setup i get higher cpu usage: > bce1-upstream provider with little bandwidth, so i use pipes to limit > users, and subnets > ix0 - Internet Exchange > > some rules. > . > . > .from 4000 starts pipes for specefic ips bandwidth allocations > 04000 6210053001 5845967300616 pipe 1003 ip from 182.46.92.13 to any > out xmit bce1 > 04100 41289897537 3064110648124 pipe 1004 ip from any to 182.46.92.13 > in recv bce1 You should use pipe tablearg for that. Traversing 4k rules effectively kills all performance. > . > . > . > .7000 is the wider pipeline for the whole block > 07000 9127154724 4651308720315 pipe 1000 ip from 182.46.92.0/24 to > any out xmit bce1 > 07100 4837016828 458027989917 pipe 1002 ip from any to > 182.46.92.0/24 in recv bce1 > last rule default to accept... > > specefic pipes (1003-...) have limits say between 1-10Mbps, and the wider > pipe (1000 and 1002) has a global limit of 40MBps that should be reached by > all other non-specefic ips, config like this: > #Wide > ipfw pipe 1000 config bw 40Mbit/s queue 200Kbytes > ipfw pipe 1002 config bw 40Mbit/s queue 200Kbytes > #specefic > ipfw pipe 1003 config bw 9Mbit/s queue 200Kbytes > ipfw pipe 1004 config bw 9Mbit/s queue 200Kbytes > ipfw pipe 1005 config bw 3Mbit/s queue 200Kbytes > ipfw pipe 1006 config bw 3Mbit/s queue 200Kbytes > ipfw pipe 1007 config bw 5Mbit/s queue 200Kbytes > ipfw pipe 1008 config bw 5Mbit/s queue 200Kbytes > ipfw pipe 1009 config bw 10Mbit/s queue 200Kbytes > ipfw pipe 1010 config bw 10Mbit/s queue 200Kbytes > > > with this configuration when i have lots of traffic (3-6GB) going via ix0 > (not necessarly the ips described above, lets say to a server in my net ip > 1832.46.93.4 and users behind the Internet Exchange) i see high cpu usage > (70-90%). > > my first test was to: ipfw add 1 allow all from any to any, and cpu usage > drops immediatly to 10-15%. > but that not why i want (i wantto keep thelimits) so I add rule right > before 4000 and the cpu usage drops down to 10-20%: > 03020 1669463072808 1493341413029803 allow ip from any to any via ix0 > > > Any advice why this happens? or should it be there in the first place? > I use FreeBSD 8.1-R-p10-amd64. > > Thanks in advance, > -- WBR, Alexander From owner-freebsd-ipfw@FreeBSD.ORG Sat Jun 9 11:19:47 2012 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id F33761065670; Sat, 9 Jun 2012 11:19:46 +0000 (UTC) (envelope-from sodynet1@gmail.com) Received: from mail-ob0-f182.google.com (mail-ob0-f182.google.com [209.85.214.182]) by mx1.freebsd.org (Postfix) with ESMTP id 9B46B8FC0C; Sat, 9 Jun 2012 11:19:46 +0000 (UTC) Received: by obcni5 with SMTP id ni5so4859616obc.13 for ; Sat, 09 Jun 2012 04:19:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=mzcoWRdB/rHv/jj6MwtqRFo23rqKD7HOsW9BXTVs4og=; b=pOO5FFdbfOdCEIUKaTud2J+6WaOMJyTm8/WpGRwYX2EHMxQeYYgpXVX/P9l6vbxbBx HQb8gNaCPbkHvhq31AT3XLjO4BQXFIX0wghBsXiiF2+S0Uv+MTKVEJiV9kE3mibZVIST 5YSTQb5phci+yFkMGDvDeALq//9zLxR7H+QgDyVN5fQ2yGfdxUezWpoySMhrGfBFZhH6 nSwIfJjKyUezs6YELhgK/wafL/fv9wvu8t35KIXypAtZJLO1AXyCTjc+X8viZezequ0X GMqCBINctI/p8o+WqsTk5WgsXc+JXHzLvjNn+NetIqCjbn6HoGhGCFiYB++ewF4F5hS2 AeIw== MIME-Version: 1.0 Received: by 10.182.18.137 with SMTP id w9mr10346001obd.75.1339240786017; Sat, 09 Jun 2012 04:19:46 -0700 (PDT) Received: by 10.182.44.101 with HTTP; Sat, 9 Jun 2012 04:19:45 -0700 (PDT) In-Reply-To: <4FD3224A.3080700@FreeBSD.org> References: <4FD3224A.3080700@FreeBSD.org> Date: Sat, 9 Jun 2012 14:19:45 +0300 Message-ID: From: Sami Halabi To: "Alexander V. Chernikov" Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-net@freebsd.org, freebsd-ipfw@freebsd.org Subject: Re: ipfw rules consuming CPU X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Jun 2012 11:19:47 -0000 Hi, all rules togther less than 80 rules.... how tablearg helps this? each ip & pipe (up & down) are unique... any other advices? Sami On Sat, Jun 9, 2012 at 1:15 PM, Alexander V. Chernikov wrote: > On 09.06.2012 01:56, Sami Halabi wrote: > >> Hi, >> >> I Manage a FreeBSD server as an edge router& firewall. >> >> the setup has 10G interfaces (ixgbe-82599EB) and 1G interfaces(em-82571EB& >> bce-BCM5709) connected to 10G/1G switches. >> >> With the following setup i get higher cpu usage: >> bce1-upstream provider with little bandwidth, so i use pipes to limit >> users, and subnets >> ix0 - Internet Exchange >> >> some rules. >> . >> . >> .from 4000 starts pipes for specefic ips bandwidth allocations >> 04000 6210053001 5845967300616 pipe 1003 ip from 182.46.92.13 to any >> out xmit bce1 >> 04100 41289897537 3064110648124 pipe 1004 ip from any to 182.46.92.13 >> in recv bce1 >> > You should use pipe tablearg for that. Traversing 4k rules effectively > kills all performance. > > > . >> . >> . >> .7000 is the wider pipeline for the whole block >> 07000 9127154724 4651308720315 pipe 1000 ip from 182.46.92.0/24 to >> any out xmit bce1 >> 07100 4837016828 458027989917 pipe 1002 ip from any to >> 182.46.92.0/24 in recv bce1 >> last rule default to accept... >> >> specefic pipes (1003-...) have limits say between 1-10Mbps, and the wider >> pipe (1000 and 1002) has a global limit of 40MBps that should be reached >> by >> all other non-specefic ips, config like this: >> #Wide >> ipfw pipe 1000 config bw 40Mbit/s queue 200Kbytes >> ipfw pipe 1002 config bw 40Mbit/s queue 200Kbytes >> #specefic >> ipfw pipe 1003 config bw 9Mbit/s queue 200Kbytes >> ipfw pipe 1004 config bw 9Mbit/s queue 200Kbytes >> ipfw pipe 1005 config bw 3Mbit/s queue 200Kbytes >> ipfw pipe 1006 config bw 3Mbit/s queue 200Kbytes >> ipfw pipe 1007 config bw 5Mbit/s queue 200Kbytes >> ipfw pipe 1008 config bw 5Mbit/s queue 200Kbytes >> ipfw pipe 1009 config bw 10Mbit/s queue 200Kbytes >> ipfw pipe 1010 config bw 10Mbit/s queue 200Kbytes >> >> >> with this configuration when i have lots of traffic (3-6GB) going via ix0 >> (not necessarly the ips described above, lets say to a server in my net ip >> 1832.46.93.4 and users behind the Internet Exchange) i see high cpu usage >> (70-90%). >> >> my first test was to: ipfw add 1 allow all from any to any, and cpu usage >> drops immediatly to 10-15%. >> but that not why i want (i wantto keep thelimits) so I add rule right >> before 4000 and the cpu usage drops down to 10-20%: >> 03020 1669463072808 1493341413029803 allow ip from any to any via ix0 >> >> >> Any advice why this happens? or should it be there in the first place? >> I use FreeBSD 8.1-R-p10-amd64. >> >> Thanks in advance, >> >> > > -- > WBR, Alexander > -- Sami Halabi Information Systems Engineer NMS Projects Expert FreeBSD SysAdmin Expert From owner-freebsd-ipfw@FreeBSD.ORG Sat Jun 9 11:37:07 2012 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx2.freebsd.org (mx2.freebsd.org [69.147.83.53]) by hub.freebsd.org (Postfix) with ESMTP id BEEC91065672; Sat, 9 Jun 2012 11:37:07 +0000 (UTC) (envelope-from melifaro@FreeBSD.org) Received: from dhcp170-36-red.yandex.net (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx2.freebsd.org (Postfix) with ESMTP id 48D5A201BEC; Sat, 9 Jun 2012 11:36:20 +0000 (UTC) Message-ID: <4FD3352F.5060007@FreeBSD.org> Date: Sat, 09 Jun 2012 15:36:15 +0400 From: "Alexander V. Chernikov" User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:12.0) Gecko/20120511 Thunderbird/12.0.1 MIME-Version: 1.0 To: Sami Halabi References: <4FD3224A.3080700@FreeBSD.org> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org, freebsd-ipfw@freebsd.org Subject: Re: ipfw rules consuming CPU X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Jun 2012 11:37:07 -0000 On 09.06.2012 15:19, Sami Halabi wrote: > Hi, > all rules togther less than 80 rules.... However, it is too much. You should reduce this to 10 rules or less (at least for main traffic flow). (Btw, there is related http://wiki.freebsd.org/NetworkPerformanceTuning wiki page) > > how tablearg helps this? each ip & pipe (up & down) are unique... ipfw table 1 add 182.46.92.0/24 1000 ipfw table 1 add XXX.XXX.XX.0/24 1001 .. ipfw table 2 add 182.46.92.0/24 1002 ipfw table 2 add XXX.XXX.XX.0/24 1003 ipfw add 4000 pipe tablearg from table(1) to any out xmit bce1 ipfw add 4100 pipe tablearg from any to table(1) in recv bce1 It is often a good idea to split in/out rules initially (e.g. skipto 10000 ip from any to any out) You can send me your ipfw config and we can discuss it more detailed. > > any other advices? > > Sami > > On Sat, Jun 9, 2012 at 1:15 PM, Alexander V. Chernikov > > wrote: > > On 09.06.2012 01:56, Sami Halabi wrote: > > Hi, > > I Manage a FreeBSD server as an edge router& firewall. > > the setup has 10G interfaces (ixgbe-82599EB) and 1G > interfaces(em-82571EB& > bce-BCM5709) connected to 10G/1G switches. > > With the following setup i get higher cpu usage: > bce1-upstream provider with little bandwidth, so i use pipes to > limit > users, and subnets > ix0 - Internet Exchange > > some rules. > . > . > .from 4000 starts pipes for specefic ips bandwidth allocations > 04000 6210053001 5845967300616 pipe 1003 ip from > 182.46.92.13 to any > out xmit bce1 > 04100 41289897537 3064110648124 pipe 1004 ip from any to > 182.46.92.13 > in recv bce1 > > You should use pipe tablearg for that. Traversing 4k rules > effectively kills all performance. > > > . > . > . > .7000 is the wider pipeline for the whole block > 07000 9127154724 4651308720315 pipe 1000 ip from > 182.46.92.0/24 to > any out xmit bce1 > 07100 4837016828 458027989917 pipe 1002 ip from any to > 182.46.92.0/24 in recv bce1 > last rule default to accept... > > specefic pipes (1003-...) have limits say between 1-10Mbps, and > the wider > pipe (1000 and 1002) has a global limit of 40MBps that should be > reached by > all other non-specefic ips, config like this: > #Wide > ipfw pipe 1000 config bw 40Mbit/s queue 200Kbytes > ipfw pipe 1002 config bw 40Mbit/s queue 200Kbytes > #specefic > ipfw pipe 1003 config bw 9Mbit/s queue 200Kbytes > ipfw pipe 1004 config bw 9Mbit/s queue 200Kbytes > ipfw pipe 1005 config bw 3Mbit/s queue 200Kbytes > ipfw pipe 1006 config bw 3Mbit/s queue 200Kbytes > ipfw pipe 1007 config bw 5Mbit/s queue 200Kbytes > ipfw pipe 1008 config bw 5Mbit/s queue 200Kbytes > ipfw pipe 1009 config bw 10Mbit/s queue 200Kbytes > ipfw pipe 1010 config bw 10Mbit/s queue 200Kbytes > > > with this configuration when i have lots of traffic (3-6GB) > going via ix0 > (not necessarly the ips described above, lets say to a server in > my net ip > 1832.46.93.4 and users behind the Internet Exchange) i see high > cpu usage > (70-90%). > > my first test was to: ipfw add 1 allow all from any to any, and > cpu usage > drops immediatly to 10-15%. > but that not why i want (i wantto keep thelimits) so I add rule > right > before 4000 and the cpu usage drops down to 10-20%: > 03020 1669463072808 1493341413029803 allow ip from any to any > via ix0 > > > Any advice why this happens? or should it be there in the first > place? > I use FreeBSD 8.1-R-p10-amd64. > > Thanks in advance, > > > > -- > WBR, Alexander > > > > > -- > Sami Halabi > Information Systems Engineer > NMS Projects Expert > FreeBSD SysAdmin Expert > -- WBR, Alexander From owner-freebsd-ipfw@FreeBSD.ORG Sat Jun 9 15:02:15 2012 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 742531065674; Sat, 9 Jun 2012 15:02:15 +0000 (UTC) (envelope-from luigi@onelab2.iet.unipi.it) Received: from onelab2.iet.unipi.it (onelab2.iet.unipi.it [131.114.59.238]) by mx1.freebsd.org (Postfix) with ESMTP id 2D9188FC17; Sat, 9 Jun 2012 15:02:14 +0000 (UTC) Received: by onelab2.iet.unipi.it (Postfix, from userid 275) id E5A947300B; Sat, 9 Jun 2012 17:21:01 +0200 (CEST) Date: Sat, 9 Jun 2012 17:21:01 +0200 From: Luigi Rizzo To: "Alexander V. Chernikov" Message-ID: <20120609152101.GA39170@onelab2.iet.unipi.it> References: <4FD3224A.3080700@FreeBSD.org> <4FD3352F.5060007@FreeBSD.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4FD3352F.5060007@FreeBSD.org> User-Agent: Mutt/1.4.2.3i Cc: freebsd-net@freebsd.org, Sami Halabi , freebsd-ipfw@freebsd.org Subject: Re: ipfw rules consuming CPU X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Jun 2012 15:02:15 -0000 On Sat, Jun 09, 2012 at 03:36:15PM +0400, Alexander V. Chernikov wrote: > On 09.06.2012 15:19, Sami Halabi wrote: > >Hi, > >all rules togther less than 80 rules.... > However, it is too much. > You should reduce this to 10 rules or less (at least for main traffic flow). you should definitely try hard to use tablearg or similar tricks to reduce the number of rules traversed. A couple of years ago we did some detailed measurement of the cost of the various operations, see "Dummynet revisited" and "An emulation tool for PlanetLab" at http://info.iet.unipi.it/~luigi/research.html cheers luigi From owner-freebsd-ipfw@FreeBSD.ORG Sat Jun 9 20:07:10 2012 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id C6461106566C for ; Sat, 9 Jun 2012 20:07:10 +0000 (UTC) (envelope-from mike@magicislandtechnologies.com) Received: from mail.magicislandtechnologies.com (mail.magicislandtechnologies.com [74.208.96.3]) by mx1.freebsd.org (Postfix) with ESMTP id 7F0728FC17 for ; Sat, 9 Jun 2012 20:07:10 +0000 (UTC) Received: (qmail 10442 invoked from network); 10 Jun 2012 04:11:12 +0400 Received: from adsl-99-121-29-49.dsl.sfldmi.sbcglobal.net (HELO ?99.121.29.49?) (99.121.29.49) by mail.magicislandtechnologies.com with (DHE-RSA-AES256-SHA encrypted) SMTP; 10 Jun 2012 04:11:12 +0400 Message-ID: <4FD3B05E.3050006@magicislandtechnologies.com> Date: Sat, 09 Jun 2012 16:21:50 -0400 From: Michael Spratt User-Agent: Thunderbird 2.0.0.22 (X11/20090605) MIME-Version: 1.0 To: "Alexander V. Chernikov" References: <4FD3224A.3080700@FreeBSD.org> In-Reply-To: <4FD3224A.3080700@FreeBSD.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org, Sami Halabi , freebsd-ipfw@freebsd.org Subject: Re: ipfw rules consuming CPU X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Jun 2012 20:07:10 -0000 I have Linux & FreeBSD systems running ipfw with 80 rules with 70Mb/s symmetric, passing traffic for about 1000-1200 hosts. Alexander V. Chernikov wrote: > On 09.06.2012 01:56, Sami Halabi wrote: >> Hi, >> >> I Manage a FreeBSD server as an edge router& firewall. >> the setup has 10G interfaces (ixgbe-82599EB) and 1G >> interfaces(em-82571EB& >> bce-BCM5709) connected to 10G/1G switches. >> >> With the following setup i get higher cpu usage: >> bce1-upstream provider with little bandwidth, so i use pipes to limit >> users, and subnets >> ix0 - Internet Exchange >> >> some rules. >> . >> . >> .from 4000 starts pipes for specefic ips bandwidth allocations >> 04000 6210053001 5845967300616 pipe 1003 ip from 182.46.92.13 >> to any >> out xmit bce1 >> 04100 41289897537 3064110648124 pipe 1004 ip from any to >> 182.46.92.13 >> in recv bce1 > You should use pipe tablearg for that. Traversing 4k rules effectively > kills all performance. > >> . >> . >> . >> .7000 is the wider pipeline for the whole block >> 07000 9127154724 4651308720315 pipe 1000 ip from >> 182.46.92.0/24 to >> any out xmit bce1 >> 07100 4837016828 458027989917 pipe 1002 ip from any to >> 182.46.92.0/24 in recv bce1 >> last rule default to accept... >> >> specefic pipes (1003-...) have limits say between 1-10Mbps, and the >> wider >> pipe (1000 and 1002) has a global limit of 40MBps that should be >> reached by >> all other non-specefic ips, config like this: >> #Wide >> ipfw pipe 1000 config bw 40Mbit/s queue 200Kbytes >> ipfw pipe 1002 config bw 40Mbit/s queue 200Kbytes >> #specefic >> ipfw pipe 1003 config bw 9Mbit/s queue 200Kbytes >> ipfw pipe 1004 config bw 9Mbit/s queue 200Kbytes >> ipfw pipe 1005 config bw 3Mbit/s queue 200Kbytes >> ipfw pipe 1006 config bw 3Mbit/s queue 200Kbytes >> ipfw pipe 1007 config bw 5Mbit/s queue 200Kbytes >> ipfw pipe 1008 config bw 5Mbit/s queue 200Kbytes >> ipfw pipe 1009 config bw 10Mbit/s queue 200Kbytes >> ipfw pipe 1010 config bw 10Mbit/s queue 200Kbytes >> >> >> with this configuration when i have lots of traffic (3-6GB) going via >> ix0 >> (not necessarly the ips described above, lets say to a server in my >> net ip >> 1832.46.93.4 and users behind the Internet Exchange) i see high cpu >> usage >> (70-90%). >> >> my first test was to: ipfw add 1 allow all from any to any, and cpu >> usage >> drops immediatly to 10-15%. >> but that not why i want (i wantto keep thelimits) so I add rule right >> before 4000 and the cpu usage drops down to 10-20%: >> 03020 1669463072808 1493341413029803 allow ip from any to any via ix0 >> >> >> Any advice why this happens? or should it be there in the first place? >> I use FreeBSD 8.1-R-p10-amd64. >> >> Thanks in advance, >> > > From owner-freebsd-ipfw@FreeBSD.ORG Sat Jun 9 20:19:11 2012 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id C6DA5106564A; Sat, 9 Jun 2012 20:19:11 +0000 (UTC) (envelope-from sodynet1@gmail.com) Received: from mail-ob0-f182.google.com (mail-ob0-f182.google.com [209.85.214.182]) by mx1.freebsd.org (Postfix) with ESMTP id 6E0A38FC1E; Sat, 9 Jun 2012 20:19:11 +0000 (UTC) Received: by obcni5 with SMTP id ni5so5571284obc.13 for ; Sat, 09 Jun 2012 13:19:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=FP48LHnFG2rGApaMwpUftineE5NSzHabfW2hXfQDx2E=; b=dtGjDqsL7YQAmBV0Tyl/0QcmJUxokHecL1CIuHZQYf9cmo0Uc0F8zhOb/tfSzCM21A SA8C7U/xnTY3Id8/cmeWnp9hZ28SpQlpX/Y9fY8w55+vgXMQseHLKrmjEZOjOdywz3W0 FM7TgHrOHTgPd0Rx0iRang6D69wYExlh3SBsjzCtYzlZPS+8tqowNuxO8+X+NnYBlxYP oQXP/Em7PQMv7qrbpKIRnEMBQzsobu+0q+dWaMmMWhFRIJNsvGlGidt3GCdUhb+5Te4b Z4onDd8pAIbZa9SoVGLDNsgfeyD3lKANA43qcfLs5c444VDmwnRx6gIgGw+h6BmDO8YX C6Fg== MIME-Version: 1.0 Received: by 10.182.36.102 with SMTP id p6mr11332923obj.77.1339273150978; Sat, 09 Jun 2012 13:19:10 -0700 (PDT) Received: by 10.182.44.101 with HTTP; Sat, 9 Jun 2012 13:19:10 -0700 (PDT) In-Reply-To: <4FD3B05E.3050006@magicislandtechnologies.com> References: <4FD3224A.3080700@FreeBSD.org> <4FD3B05E.3050006@magicislandtechnologies.com> Date: Sat, 9 Jun 2012 23:19:10 +0300 Message-ID: From: Sami Halabi To: Michael Spratt Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-net@freebsd.org, "Alexander V. Chernikov" , freebsd-ipfw@freebsd.org Subject: Re: ipfw rules consuming CPU X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Jun 2012 20:19:11 -0000 on my box with 130 rules 100Mbit the cpu don't go above 5%. I daily manage 1.5-6GB. Thanks in advance, Sami On Sat, Jun 9, 2012 at 11:21 PM, Michael Spratt < mike@magicislandtechnologies.com> wrote: > I have Linux & FreeBSD systems running ipfw with 80 rules with 70Mb/s > symmetric, passing traffic for about 1000-1200 hosts. > > > Alexander V. Chernikov wrote: > >> On 09.06.2012 01:56, Sami Halabi wrote: >> >>> Hi, >>> >>> I Manage a FreeBSD server as an edge router& firewall. >>> the setup has 10G interfaces (ixgbe-82599EB) and 1G >>> interfaces(em-82571EB& >>> bce-BCM5709) connected to 10G/1G switches. >>> >>> With the following setup i get higher cpu usage: >>> bce1-upstream provider with little bandwidth, so i use pipes to limit >>> users, and subnets >>> ix0 - Internet Exchange >>> >>> some rules. >>> . >>> . >>> .from 4000 starts pipes for specefic ips bandwidth allocations >>> 04000 6210053001 5845967300616 pipe 1003 ip from 182.46.92.13 to >>> any >>> out xmit bce1 >>> 04100 41289897537 3064110648124 pipe 1004 ip from any to >>> 182.46.92.13 >>> in recv bce1 >>> >> You should use pipe tablearg for that. Traversing 4k rules effectively >> kills all performance. >> >> . >>> . >>> . >>> .7000 is the wider pipeline for the whole block >>> 07000 9127154724 4651308720315 pipe 1000 ip from 182.46.92.0/24to >>> any out xmit bce1 >>> 07100 4837016828 458027989917 pipe 1002 ip from any to >>> 182.46.92.0/24 in recv bce1 >>> last rule default to accept... >>> >>> specefic pipes (1003-...) have limits say between 1-10Mbps, and the wider >>> pipe (1000 and 1002) has a global limit of 40MBps that should be reached >>> by >>> all other non-specefic ips, config like this: >>> #Wide >>> ipfw pipe 1000 config bw 40Mbit/s queue 200Kbytes >>> ipfw pipe 1002 config bw 40Mbit/s queue 200Kbytes >>> #specefic >>> ipfw pipe 1003 config bw 9Mbit/s queue 200Kbytes >>> ipfw pipe 1004 config bw 9Mbit/s queue 200Kbytes >>> ipfw pipe 1005 config bw 3Mbit/s queue 200Kbytes >>> ipfw pipe 1006 config bw 3Mbit/s queue 200Kbytes >>> ipfw pipe 1007 config bw 5Mbit/s queue 200Kbytes >>> ipfw pipe 1008 config bw 5Mbit/s queue 200Kbytes >>> ipfw pipe 1009 config bw 10Mbit/s queue 200Kbytes >>> ipfw pipe 1010 config bw 10Mbit/s queue 200Kbytes >>> >>> >>> with this configuration when i have lots of traffic (3-6GB) going via ix0 >>> (not necessarly the ips described above, lets say to a server in my net >>> ip >>> 1832.46.93.4 and users behind the Internet Exchange) i see high cpu usage >>> (70-90%). >>> >>> my first test was to: ipfw add 1 allow all from any to any, and cpu usage >>> drops immediatly to 10-15%. >>> but that not why i want (i wantto keep thelimits) so I add rule right >>> before 4000 and the cpu usage drops down to 10-20%: >>> 03020 1669463072808 1493341413029803 allow ip from any to any via ix0 >>> >>> >>> Any advice why this happens? or should it be there in the first place? >>> I use FreeBSD 8.1-R-p10-amd64. >>> >>> Thanks in advance, >>> >>> >> >> > -- Sami Halabi Information Systems Engineer NMS Projects Expert FreeBSD SysAdmin Expert From owner-freebsd-ipfw@FreeBSD.ORG Sat Jun 9 21:30:29 2012 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id BE62C106566C for ; Sat, 9 Jun 2012 21:30:29 +0000 (UTC) (envelope-from isabell@issyl0.co.uk) Received: from mail-ey0-f182.google.com (mail-ey0-f182.google.com [209.85.215.182]) by mx1.freebsd.org (Postfix) with ESMTP id 4BE438FC0C for ; Sat, 9 Jun 2012 21:30:29 +0000 (UTC) Received: by eaac13 with SMTP id c13so1733265eaa.13 for ; Sat, 09 Jun 2012 14:30:28 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=sender:date:from:to:subject:message-id:mime-version:content-type :content-disposition:user-agent:x-gm-message-state; bh=bA2MzARBlEoqBHdJ2F0fVtqGkQykJdPcDaZY13PkIRs=; b=B7YL2SmQVauOfVzcZWVdsTkVHXl/mAiCQJXyl8MYloV33Z82BxVVDM2NjXDTReL8nv m6VNGG33lR4SIuVU+gzgmfoKvAauM71zhMaIDtHa3QtVs6yR0FjKVFZALGEUNDgoLnQh pFArkxNwqqhEUweBTMcYvFAsyI6pbB8ozQJhTjmgOg6/VXDlmm8zpNDk3JmFhGDdl+Uy AFxbusvW7lr8qRvUTCUFfSiYwCn4TgFY/+ofFzQxEfYXMDuPcpzormQf4Tn9vWSMGO6a nXb/YmmHBEXJ8d8HyFj/CqO4rWu++v0rn2QllbN+uSjXZVQq/MlrU/EmV3Zd4Pdju77B K+Jg== Received: by 10.14.96.207 with SMTP id r55mr1650936eef.137.1339277428157; Sat, 09 Jun 2012 14:30:28 -0700 (PDT) Received: from sky.issyl0.co.uk ([2001:ba8:1f1:f1f0::2]) by mx.google.com with ESMTPS id o16sm35597938eeb.13.2012.06.09.14.30.26 (version=TLSv1/SSLv3 cipher=OTHER); Sat, 09 Jun 2012 14:30:27 -0700 (PDT) Sender: Isabell Long Date: Sat, 9 Jun 2012 22:30:24 +0100 From: Isabell Long To: freebsd-ipfw@freebsd.org Message-ID: <20120609213024.GA31044@sky.issyl0.co.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.20 (2009-06-14) X-Gm-Message-State: ALoCoQkMO+OLTwodl1tQ0unT3OhQaJJqOFsYNeVU0/Akdq1fHwAEeqYaWZ/gcf+XnIjCwK40ue+D Subject: Relevance of a very old PR (docs/59835)? X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Jun 2012 21:30:29 -0000 Hi all, I've just been looking through the long list of PRs and came across docs/59835 - it references FreeBSD 4.9 to 6.0 - does the issue raised still exist? If not, assuming that versions quite as old are no longer cared about, can I close the PR? Thanks, Isabell.