From owner-freebsd-net@freebsd.org Sun Oct 4 02:12:49 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 426A0A0E8E0 for ; Sun, 4 Oct 2015 02:12:49 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 2DCAC14AF for ; Sun, 4 Oct 2015 02:12:49 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id t942CnhK018861 for ; Sun, 4 Oct 2015 02:12:49 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 156226] [lagg]: failover does not announce the failover to switch Date: Sun, 04 Oct 2015 02:12:49 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: feature, needs-qa, patch X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: koobs@FreeBSD.org X-Bugzilla-Status: Open X-Bugzilla-Priority: Normal X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: mfc-stable9? mfc-stable10? X-Bugzilla-Changed-Fields: bug_status flagtypes.name Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 Oct 2015 02:12:49 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=156226 Kubilay Kocak changed: What |Removed |Added ---------------------------------------------------------------------------- Status|In Progress |Open Flags| |mfc-stable9?, mfc-stable10? --- Comment #9 from Kubilay Kocak --- If lagg(4) doesn't currently send a gratutious ARP on failover/failback, then it probably should. I was under the impression that it did, but that may (still) not be the case. Unless your switches have portfast enabled, failover/failback scenarios can take a long time to 'recover' and start passing traffic. We need someone to review this and get it committed -- You are receiving this mail because: You are the assignee for the bug. From owner-freebsd-net@freebsd.org Sun Oct 4 06:43:32 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E3568A10331 for ; Sun, 4 Oct 2015 06:43:32 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id CF45B1CDD for ; Sun, 4 Oct 2015 06:43:32 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id t946hWO2085375 for ; Sun, 4 Oct 2015 06:43:32 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 156226] [lagg]: failover does not announce the failover to switch Date: Sun, 04 Oct 2015 06:43:30 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: feature, needs-qa, patch X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: weberge42@gmail.com X-Bugzilla-Status: Open X-Bugzilla-Priority: Normal X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: mfc-stable9? mfc-stable10? X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 Oct 2015 06:43:33 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=156226 --- Comment #10 from weberge42@gmail.com --- Maybe the smaller patch from https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201916 is sufficient. -- You are receiving this mail because: You are the assignee for the bug. From owner-freebsd-net@freebsd.org Sun Oct 4 07:03:51 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7E46BA0E154 for ; Sun, 4 Oct 2015 07:03:51 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 6AAA417D0 for ; Sun, 4 Oct 2015 07:03:51 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id t9473prm062635 for ; Sun, 4 Oct 2015 07:03:51 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 201916] [patch] mac address does not update when removing the primary iface from a lagg Date: Sun, 04 Oct 2015 07:03:50 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.0-CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: koobs@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: see_also Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 Oct 2015 07:03:51 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201916 Kubilay Kocak changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.freebsd.org/bu | |gzilla/show_bug.cgi?id=1562 | |26 -- You are receiving this mail because: You are the assignee for the bug. From owner-freebsd-net@freebsd.org Sun Oct 4 07:03:51 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 12960A0E151 for ; Sun, 4 Oct 2015 07:03:51 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id F227017CB for ; Sun, 4 Oct 2015 07:03:50 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id t9473oU2062624 for ; Sun, 4 Oct 2015 07:03:50 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 156226] [lagg]: failover does not announce the failover to switch Date: Sun, 04 Oct 2015 07:03:50 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: feature, needs-qa, patch X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: koobs@FreeBSD.org X-Bugzilla-Status: Open X-Bugzilla-Priority: Normal X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: mfc-stable9? mfc-stable10? X-Bugzilla-Changed-Fields: see_also Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 Oct 2015 07:03:51 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=156226 Kubilay Kocak changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.freebsd.org/bu | |gzilla/show_bug.cgi?id=2019 | |16 -- You are receiving this mail because: You are the assignee for the bug. From owner-freebsd-net@freebsd.org Sun Oct 4 17:21:47 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 54578A1050E for ; Sun, 4 Oct 2015 17:21:47 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 409A6130D for ; Sun, 4 Oct 2015 17:21:47 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id t94HLlZh040915 for ; Sun, 4 Oct 2015 17:21:47 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 203524] TCP checksum failed on igb network adapter Date: Sun, 04 Oct 2015 17:21:46 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 10.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: linimon@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: assigned_to Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 Oct 2015 17:21:47 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=203524 Mark Linimon changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|freebsd-bugs@FreeBSD.org |freebsd-net@FreeBSD.org -- You are receiving this mail because: You are the assignee for the bug. From owner-freebsd-net@freebsd.org Sun Oct 4 20:32:35 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E905EA0E08D for ; Sun, 4 Oct 2015 20:32:34 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id CDE261EAA for ; Sun, 4 Oct 2015 20:32:34 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: by mailman.ysv.freebsd.org (Postfix) id CA083A0E08C; Sun, 4 Oct 2015 20:32:34 +0000 (UTC) Delivered-To: net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AFB30A0E08B for ; Sun, 4 Oct 2015 20:32:34 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from mx2.freebsd.org (mx2.freebsd.org [IPv6:2001:1900:2254:206a::19:2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx2.freebsd.org", Issuer "Gandi Standard SSL CA 2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 9994A1EA8; Sun, 4 Oct 2015 20:32:34 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from butcher-nb.yandex.net (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx2.freebsd.org (Postfix) with ESMTP id 3BB4A1D3C; Sun, 4 Oct 2015 20:32:32 +0000 (UTC) (envelope-from ae@FreeBSD.org) Subject: Re: Page fault after destroying/reconfiguring GRE interface To: Julian Kornberger , "net@freebsd.org" References: <56106056.7040006@tzi.de> From: "Andrey V. Elsukov" X-Enigmail-Draft-Status: N1110 Message-ID: <56118C9A.7080303@FreeBSD.org> Date: Sun, 4 Oct 2015 23:31:22 +0300 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0 MIME-Version: 1.0 In-Reply-To: <56106056.7040006@tzi.de> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="iiD4qLXNv0UkHNqWAkBqPiPCmd9pbWjpD" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 Oct 2015 20:32:35 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --iiD4qLXNv0UkHNqWAkBqPiPCmd9pbWjpD Content-Type: multipart/mixed; boundary="------------050806010300050009010003" This is a multi-part message in MIME format. --------------050806010300050009010003 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 04.10.2015 02:10, Julian Kornberger wrote: > my machine (FreeBSD 10.2) crashes sometimes after I destroy or > reconfigure a GRE interface. You find my crash dumps at: > http://www.informatik.uni-bremen.de/~juliank/crash/ >=20 > [...] > #7 0xffffffff80d307f2 in calltrap () > at /usr/src/sys/amd64/amd64/exception.S:236 > #8 0xffffffff81e125eb in in_gre_encapcheck (m=3D0xfffff8001ef81d00, of= f=3D20, > proto=3D47, arg=3D0xfffff800613f3000) > at /usr/src/sys/modules/if_gre/../../netinet/ip_gre.c:112 > #9 0xffffffff80a75142 in encap4_input (m=3D0xfffff8001ef81d00, off=3D2= 0) > at /usr/src/sys/netinet/ip_encap.c:149 > #10 0xffffffff80a77f57 in ip_input (m=3D0xfffff8001ef81d00) > at /usr/src/sys/netinet/ip_input.c:734 > [...] >=20 > Any ideas? Can you test this patch? --=20 WBR, Andrey V. Elsukov --------------050806010300050009010003 Content-Type: text/x-patch; name="ip_encap.diff" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="ip_encap.diff" Index: sys/netinet/ip_encap.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- sys/netinet/ip_encap.c (revision 287393) +++ sys/netinet/ip_encap.c (working copy) @@ -181,7 +181,6 @@ encap4_input(struct mbuf *m, int off) match =3D ep; } } - mtx_unlock(&encapmtx); =20 if (match) { /* found a match, "match" has the best one */ @@ -191,8 +190,10 @@ encap4_input(struct mbuf *m, int off) (*psw->pr_input)(m, off); } else m_freem(m); + mtx_unlock(&encapmtx); return; - } + } else + mtx_unlock(&encapmtx); =20 /* last resort: inject to raw socket */ rip_input(m, off); @@ -255,12 +256,15 @@ encap6_input(struct mbuf **mp, int *offp, int prot psw =3D (const struct ip6protosw *)match->psw; if (psw && psw->pr_input) { encap_fillarg(m, match); - return (*psw->pr_input)(mp, offp, proto); + prio =3D (*psw->pr_input)(mp, offp, proto); } else { m_freem(m); - return IPPROTO_DONE; + prio =3D IPPROTO_DONE; } - } + mtx_unlock(&encapmtx); + return (prio); + } else + mtx_unlock(&encapmtx); =20 /* last resort: inject to raw socket */ return rip6_input(mp, offp, proto); --------------050806010300050009010003-- --iiD4qLXNv0UkHNqWAkBqPiPCmd9pbWjpD Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJWEYyaAAoJEAHF6gQQyKF6Z3EH/10X2yd1QqdkR6RFshgnAOIV pYFLkxKrwF/rp5oK/+VJXQAVTNChgN9uhVe0Aym3aXv20T1WsTXQlBQpCtbB2/9I 2TIbWrR/z6b+P5Qq8JFEYXTRaKuSCOD50pr/3o/uwT8KbdOuJ15w4VucwOgz2kHY 76W/6+xZ1S779wQU4ZV/VaX+tcijShIdwVZRRTqOD2LwWekf2ZxTRC74Ntm1BHw0 GBfL4d/c2bgPQ3An0f3cxaL5EYSH7X2RqHngxg+jnzrzLyYxqO82OoubpS5aeXyO GfzlLrzx0pCcj0FDzyfyyvG+G+Vr91TS+68l4nR7o25qzVNpm1cx4qpvqzbTVKA= =/f12 -----END PGP SIGNATURE----- --iiD4qLXNv0UkHNqWAkBqPiPCmd9pbWjpD-- From owner-freebsd-net@freebsd.org Sun Oct 4 21:00:25 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7DAF5A0F9EB for ; Sun, 4 Oct 2015 21:00:25 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 585BB1D86 for ; Sun, 4 Oct 2015 21:00:25 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id t94L0PWv024713 for ; Sun, 4 Oct 2015 21:00:25 GMT (envelope-from bugzilla-noreply@FreeBSD.org) Message-Id: <201510042100.t94L0PWv024713@kenobi.freebsd.org> From: bugzilla-noreply@FreeBSD.org To: freebsd-net@FreeBSD.org Subject: Problem reports for freebsd-net@FreeBSD.org that need special attention X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 Date: Sun, 04 Oct 2015 21:00:25 +0000 Content-Type: text/plain; charset="UTF-8" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 Oct 2015 21:00:25 -0000 To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status | Bug Id | Description ------------+-----------+--------------------------------------------------- Open | 194515 | Fatal Trap 12 Kernel with vimage Open | 199136 | [if_tap] Added down_on_close sysctl variable to t 2 problems total for which you should take action. From owner-freebsd-net@freebsd.org Sun Oct 4 21:49:14 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AADC1A10472 for ; Sun, 4 Oct 2015 21:49:14 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 982131881 for ; Sun, 4 Oct 2015 21:49:14 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id t94LnEp8061583 for ; Sun, 4 Oct 2015 21:49:14 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 201916] [patch] mac address does not update when removing the primary iface from a lagg Date: Sun, 04 Oct 2015 21:49:14 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.0-CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: j@nitrology.com X-Bugzilla-Status: New X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 Oct 2015 21:49:14 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201916 Jason Wolfe changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |j@nitrology.com --- Comment #2 from Jason Wolfe --- https://reviews.freebsd.org/D3301 was the Phab for this one. -- You are receiving this mail because: You are the assignee for the bug. From owner-freebsd-net@freebsd.org Mon Oct 5 01:27:34 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4C87AA10973 for ; Mon, 5 Oct 2015 01:27:34 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 3906D1140 for ; Mon, 5 Oct 2015 01:27:34 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id t951RYot014712 for ; Mon, 5 Oct 2015 01:27:34 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 203524] TCP checksum failed on igb network adapter Date: Mon, 05 Oct 2015 01:27:34 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 10.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: eugen@grosbein.net X-Bugzilla-Status: New X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Oct 2015 01:27:34 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=203524 --- Comment #1 from eugen@grosbein.net --- Please read ipfw(8) manual page, section BUGG; this is known and documented problem of ipfw nat: Due to the architecture of libalias(3), ipfw nat is not compatible with the TCP segmentation offloading (TSO). Thus, to reliably nat your net- work traffic, please disable TSO on your NICs using ifconfig(8). This PR should be closed. -- You are receiving this mail because: You are the assignee for the bug. From owner-freebsd-net@freebsd.org Mon Oct 5 07:28:58 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 08F4BA10A13 for ; Mon, 5 Oct 2015 07:28:58 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E9C9328B for ; Mon, 5 Oct 2015 07:28:57 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id t957SvXV041179 for ; Mon, 5 Oct 2015 07:28:57 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 156226] [lagg]: failover does not announce the failover to switch Date: Mon, 05 Oct 2015 07:28:55 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: feature, needs-qa, patch X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: eugen@grosbein.net X-Bugzilla-Status: Open X-Bugzilla-Priority: Normal X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: mfc-stable9? mfc-stable10? X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Oct 2015 07:28:58 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=156226 --- Comment #11 from eugen@grosbein.net --- (In reply to weberge42 from comment #8) Each switch has its "MAC aging" time, so one may configure switch so that it does not "take ages to see traffic flowing again". And yes, lagg's failover needs that NIC drivers bring link down in case of voluntary "ifconfig down" -- You are receiving this mail because: You are the assignee for the bug. From owner-freebsd-net@freebsd.org Mon Oct 5 07:52:20 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0681FA10F98 for ; Mon, 5 Oct 2015 07:52:20 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E6F86E96 for ; Mon, 5 Oct 2015 07:52:19 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id t957qJOL083461 for ; Mon, 5 Oct 2015 07:52:19 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 156226] [lagg]: failover does not announce the failover to switch Date: Mon, 05 Oct 2015 07:52:19 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: feature, needs-qa, patch X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: weberge42@gmail.com X-Bugzilla-Status: Open X-Bugzilla-Priority: Normal X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: mfc-stable9? mfc-stable10? X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Oct 2015 07:52:20 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=156226 --- Comment #12 from weberge42@gmail.com --- Yes, but each switch has different default and miniumum values. Fortiswitch: 10s, HP Procurve 60s, don't know about cisco. So that would mean XXs no service in case of a failover which may be acceptable if its short enough. But what if you can't (or not allowed) to change this settings ? I don't quite understand what you mean with: >And yes, lagg's failover needs that NIC drivers bring link down in case of >voluntary "ifconfig down" Who issues the ifconfig down ? I just don't see any relationship between manual ifconfig in case of a failover. Can you please elaborate this a bit more ? Maybe i'm missing something. -- You are receiving this mail because: You are the assignee for the bug. From owner-freebsd-net@freebsd.org Mon Oct 5 08:36:00 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 20898A0FD73 for ; Mon, 5 Oct 2015 08:36:00 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 06669A6B for ; Mon, 5 Oct 2015 08:35:59 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id t958Zx8P096672 for ; Mon, 5 Oct 2015 08:35:59 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 156226] [lagg]: failover does not announce the failover to switch Date: Mon, 05 Oct 2015 08:36:00 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: feature, needs-qa, patch X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: eugen@grosbein.net X-Bugzilla-Status: Open X-Bugzilla-Priority: Normal X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: mfc-stable9? mfc-stable10? X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Oct 2015 08:36:00 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=156226 --- Comment #13 from eugen@grosbein.net --- (In reply to weberge42 from comment #12) > each switch has different default and miniumum values Yes, and one should not depend on default values but configure switches as required. > But what if you can't (or not allowed) to change this settings ? Too bad for you if you have manageable equipment but can't manage it. > I just don't see any relationship between manual ifconfig in case of a failover. Can you please elaborate this a bit more ? Maybe i'm missing something. In case of "non-manual" failure physical link goes down generally and corresponding switch changes its FIB at once. If one connects redundant layer-2 links to different switches, one should use some kind of signalling protocol like RSTP. -- You are receiving this mail because: You are the assignee for the bug. From owner-freebsd-net@freebsd.org Mon Oct 5 09:40:38 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0F67399A938 for ; Mon, 5 Oct 2015 09:40:38 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 0D15669C22 for ; Mon, 5 Oct 2015 09:32:49 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id t959WmE1061124 for ; Mon, 5 Oct 2015 09:32:48 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 156226] [lagg]: failover does not announce the failover to switch Date: Mon, 05 Oct 2015 09:32:49 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: feature, needs-qa, patch X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: pvz@itassistans.se X-Bugzilla-Status: Open X-Bugzilla-Priority: Normal X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: mfc-stable9? mfc-stable10? X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Oct 2015 09:40:38 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=156226 --- Comment #14 from pvz@itassistans.se --- The patch could probably be simplified. I suggested when I created the case four years ago that the solution might be to send out a gratuitous ARP. However, that would not seem to be a correct generic solution, in that you're adding coupling to IPv4 and IPv6, where the problem actually occurs further down the network stack. It would be entirely appropriate to send out *any* type of broadcast Ethernet frame. For example, VMware ESXi uses RARP in this scenario: http://rickardnobel.se/vswitch-notify-switches-setting/ This would be a valid approach no matter if the switches in question are connected to an IPv4 network, an IPv6-only network, or even, God forbid, IPX or PPPoE or anything else that might run over Ethernet (not IP neccessarilly) ... The only goal is to update the MAC forwarding tables in the switches, what the actual payload in Ethernet is doesn't matter. You might even be able to send out a completely empty broadcast frame. This is of course then also complicated by the hypothetical but plausible scenario where you might have VLANs configured on top of the lagg, where these "notify packets" would have to be sent for each VLAN, because switches typically have per-VLAN forwarding tables. -- You are receiving this mail because: You are the assignee for the bug. From owner-freebsd-net@freebsd.org Mon Oct 5 09:45:17 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9C14E99AEAF for ; Mon, 5 Oct 2015 09:45:17 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 88CFC3C6 for ; Mon, 5 Oct 2015 09:45:17 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id t959jH8B081224 for ; Mon, 5 Oct 2015 09:45:17 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 156226] [lagg]: failover does not announce the failover to switch Date: Mon, 05 Oct 2015 09:45:17 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: feature, needs-qa, patch X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: eugen@grosbein.net X-Bugzilla-Status: Open X-Bugzilla-Priority: Normal X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: mfc-stable9? mfc-stable10? X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Oct 2015 09:45:17 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=156226 --- Comment #15 from eugen@grosbein.net --- (In reply to pvz from comment #14) > the hypothetical but plausible scenario That's competly real scenario. My FreeBSD-based PPPoE BRAS'es run hundreds of VLANs over lagg port-channels and each VLAN carries PPPoE frames only, no IP traffic at all. Of course, I use LACP for failover (and load balancing too). And LACP does not send its signalling traffic over each vlan (and should not). Why don't people want to use already invented layer-2 signalling protocols but try to invent a wheel every time? -- You are receiving this mail because: You are the assignee for the bug. From owner-freebsd-net@freebsd.org Mon Oct 5 13:23:49 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7F0FE99A98C for ; Mon, 5 Oct 2015 13:23:49 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 6B8D1F96 for ; Mon, 5 Oct 2015 13:23:49 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id t95DNndC063196 for ; Mon, 5 Oct 2015 13:23:49 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 156226] [lagg]: failover does not announce the failover to switch Date: Mon, 05 Oct 2015 13:23:49 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: feature, needs-qa, patch X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: pvz@itassistans.se X-Bugzilla-Status: Open X-Bugzilla-Priority: Normal X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: mfc-stable9? mfc-stable10? X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Oct 2015 13:23:49 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=156226 --- Comment #16 from pvz@itassistans.se --- In this case it's not even a case of a protocol though, it's rather just some functionality to prod even the dumbest stack of switches that are smart enough to know about MAC learning to do the right thing. I think though that this could well be made into a really simple user-space daemon with a few hundred lines of code and no configuration file, though it would be "cleaner" (for a regular end user) for it to just be built into lagg. The code would be something like: every now and then, iterate over all laggs. If the master has changed, send out an ethernet frame on the interface, and on any VLAN interfaces on top of the lagg. Would that be something that could be included in the base system as a feature rather than just adding the functionality to lagg? -- You are receiving this mail because: You are the assignee for the bug. From owner-freebsd-net@freebsd.org Mon Oct 5 14:06:44 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EA6229B2B5E for ; Mon, 5 Oct 2015 14:06:44 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D67EE91D for ; Mon, 5 Oct 2015 14:06:44 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id t95E6iwO069370 for ; Mon, 5 Oct 2015 14:06:44 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 156226] [lagg]: failover does not announce the failover to switch Date: Mon, 05 Oct 2015 14:06:43 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: feature, needs-qa, patch X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: weberge42@gmail.com X-Bugzilla-Status: Open X-Bugzilla-Priority: Normal X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: mfc-stable9? mfc-stable10? X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Oct 2015 14:06:45 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=156226 --- Comment #17 from weberge42@gmail.com --- > Yes, and one should not depend on default values but configure switches as required. Bad luck if the MINIMUM value is 60s. > If one connects redundant layer-2 links to different switches, one should use some kind of signalling protocol like RSTP. Would not be needed if lagg announces the change. Simpler than fiddling around with protocols. Its also not granted that the infrastructure one is using supports/allows other protocols. > Too bad for you if you have manageable equipment but can't manage it. One does not always have access / permissions to do so. Company rules or whatever and people in charge of the network not always cooperative. But this is another point and not part of THIS problem. As for the rest. I'm glad it works for you. We have no need for PPPoE. Just for IPv4. Announcing the changes is the simplest solution. If failover using lagg with different switches is not supported or is considered exotic, the feature should be removed. The docs do not mention that this is the case. > I think though that this could well be made into a really simple user-space daemon Would be possible i think but i would vote against it. IMHO this is clearly a driver task to accomplish. -- You are receiving this mail because: You are the assignee for the bug. From owner-freebsd-net@freebsd.org Mon Oct 5 14:46:22 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 184B99B59C4 for ; Mon, 5 Oct 2015 14:46:22 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 046AEE63 for ; Mon, 5 Oct 2015 14:46:22 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id t95EkLL7048008 for ; Mon, 5 Oct 2015 14:46:21 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 156226] [lagg]: failover does not announce the failover to switch Date: Mon, 05 Oct 2015 14:46:22 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: feature, needs-qa, patch X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: eugen@grosbein.net X-Bugzilla-Status: Open X-Bugzilla-Priority: Normal X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: mfc-stable9? mfc-stable10? X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Oct 2015 14:46:22 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=156226 --- Comment #18 from eugen@grosbein.net --- (In reply to weberge42 from comment #17) > If failover using lagg with different switches is not supported or is considered exotic, the feature should be removed. The docs do not mention that this is the case. lagg failover works just fine at present using links connected to the switch(es) with single FIB (just one switch or stack of switches) and should not be removed. I agree that documentation may need some warnings against not supported configurations but it cannot foretell all kinds of network setups built on wrong assumptions. OTOH, it can give a hint towards other known ways to build failure-resistant setups like RSTP etc. Some short hint, because man page is not textbook. -- You are receiving this mail because: You are the assignee for the bug. From owner-freebsd-net@freebsd.org Mon Oct 5 17:42:38 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AEE8B99A488 for ; Mon, 5 Oct 2015 17:42:38 +0000 (UTC) (envelope-from juliank@tzi.de) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 943FCCAD for ; Mon, 5 Oct 2015 17:42:38 +0000 (UTC) (envelope-from juliank@tzi.de) Received: by mailman.ysv.freebsd.org (Postfix) id 935ED99A487; Mon, 5 Oct 2015 17:42:38 +0000 (UTC) Delivered-To: net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 92FB199A486 for ; Mon, 5 Oct 2015 17:42:38 +0000 (UTC) (envelope-from juliank@tzi.de) Received: from mailhost.informatik.uni-bremen.de (mailhost.informatik.uni-bremen.de [IPv6:2001:638:708:30c9::12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mailhost.informatik.uni-bremen.de", Issuer "Universitaet Bremen CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 33CCECAC; Mon, 5 Oct 2015 17:42:37 +0000 (UTC) (envelope-from juliank@tzi.de) X-Virus-Scanned: amavisd-new at informatik.uni-bremen.de Received: from submithost.informatik.uni-bremen.de (submithost.informatik.uni-bremen.de [134.102.201.11]) by mailhost.informatik.uni-bremen.de (8.14.5/8.14.5) with ESMTP id t95HgXKZ010316; Mon, 5 Oct 2015 19:42:33 +0200 (CEST) Received: from [IPv6:2001:470:7408:0:51df:89a5:4b29:75ea] (unknown [IPv6:2001:470:7408:0:51df:89a5:4b29:75ea]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by submithost.informatik.uni-bremen.de (Postfix) with ESMTPSA id 3nV8QK3rXNz4pY6; Mon, 5 Oct 2015 19:42:33 +0200 (CEST) Subject: Re: Page fault after destroying/reconfiguring GRE interface To: "Andrey V. Elsukov" , "net@freebsd.org" References: <56106056.7040006@tzi.de> <56118C9A.7080303@FreeBSD.org> From: Julian Kornberger Message-ID: <5612B688.9000803@tzi.de> Date: Mon, 5 Oct 2015 19:42:32 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0 MIME-Version: 1.0 In-Reply-To: <56118C9A.7080303@FreeBSD.org> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Oct 2015 17:42:38 -0000 Hi Andrey, I compiled and installed a new Kernel with your patch, but is does not help. It seems as if the crash only occurs if I have two GRE interfaces and I destroy the second one (gre1). If I destroy the first one (gre0), it does not crash: gre0 with 10.9.0.13 -> 10.9.0.12 gre1 with 10.9.0.15 -> 10.9.0.14 (destroyed) Kind Regards Julian Kornberger From owner-freebsd-net@freebsd.org Mon Oct 5 18:06:33 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A99049B5890 for ; Mon, 5 Oct 2015 18:06:33 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 9691BE8B for ; Mon, 5 Oct 2015 18:06:33 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id t95I6Xiu043115 for ; Mon, 5 Oct 2015 18:06:33 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 203476] [net] [igb] not optimal checksum processing Date: Mon, 05 Oct 2015 18:06:33 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 10.2-STABLE X-Bugzilla-Keywords: IntelNetworking, patch X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: erj@freebsd.org X-Bugzilla-Status: New X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: keywords Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Oct 2015 18:06:33 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=203476 Eric Joyner changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |IntelNetworking -- You are receiving this mail because: You are the assignee for the bug. From owner-freebsd-net@freebsd.org Mon Oct 5 18:24:31 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 374C29B674A for ; Mon, 5 Oct 2015 18:24:31 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 1DEB5F59 for ; Mon, 5 Oct 2015 18:24:31 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: by mailman.ysv.freebsd.org (Postfix) id 1B1649B6749; Mon, 5 Oct 2015 18:24:31 +0000 (UTC) Delivered-To: net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1AA9A9B6748 for ; Mon, 5 Oct 2015 18:24:31 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from mx2.freebsd.org (mx2.freebsd.org [8.8.178.116]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx2.freebsd.org", Issuer "Gandi Standard SSL CA 2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 08871F58 for ; Mon, 5 Oct 2015 18:24:31 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from butcher-nb.yandex.net (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx2.freebsd.org (Postfix) with ESMTP id D96EC66C11; Mon, 5 Oct 2015 18:24:29 +0000 (UTC) (envelope-from ae@FreeBSD.org) Subject: Re: Page fault after destroying/reconfiguring GRE interface To: Julian Kornberger , "net@freebsd.org" References: <56106056.7040006@tzi.de> <56118C9A.7080303@FreeBSD.org> <5612B688.9000803@tzi.de> From: "Andrey V. Elsukov" Message-ID: <5612C014.7090506@FreeBSD.org> Date: Mon, 5 Oct 2015 21:23:16 +0300 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0 MIME-Version: 1.0 In-Reply-To: <5612B688.9000803@tzi.de> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="v4MBjnxGTQoH8KvMS76eB9v6AHl4nNCnD" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Oct 2015 18:24:31 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --v4MBjnxGTQoH8KvMS76eB9v6AHl4nNCnD Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 05.10.2015 20:42, Julian Kornberger wrote: > Hi Andrey, >=20 > I compiled and installed a new Kernel with your patch, but is does not > help. It seems as if the crash only occurs if I have two GRE interfaces= > and I destroy the second one (gre1). If I destroy the first one (gre0),= > it does not crash: >=20 > gre0 with 10.9.0.13 -> 10.9.0.12 > gre1 with 10.9.0.15 -> 10.9.0.14 (destroyed) It seems this panic now only possible when ip_encap list contains stale pointer to gre softc. And since you use releng/10.2 branch, try also apply this patch from stable/10: https://svnweb.freebsd.org/base?view=3Drevision&revision=3D288529 --=20 WBR, Andrey V. Elsukov --v4MBjnxGTQoH8KvMS76eB9v6AHl4nNCnD Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJWEsAUAAoJEAHF6gQQyKF6K1gH/14ZAxgVtAzTyscc6OVcDBIy lfx7mvYQkhQzGUqZXESiOjIfSmOozVWXHVHf1EiaQ8lqpf2iToF/PlasM+LwlncE nUVSQAsmvO9xXlK/z5UEzi/RhKrquwZaoXqZNxBgiRwvwIuIlPYi1eTEkdR6EjD2 9y87vhW3aRDjJbEGxT6E4RK8BerNH4ZNEV1ETz/VGQ4XpoSEl0FPZPiQRIgVWaU1 HkbwPtOI8bQsoOMYYSVvGv3hBTQPR91Qm3jSX+UuewIwU9GnCH1plir59UskHMbh 8frpmndwhn0sim+BVTX5UOvWlbMYqmr71h3ZYZwpzX/612tDw88tcxh9ztyaOTs= =GSEa -----END PGP SIGNATURE----- --v4MBjnxGTQoH8KvMS76eB9v6AHl4nNCnD-- From owner-freebsd-net@freebsd.org Mon Oct 5 21:20:24 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 926549B640A for ; Mon, 5 Oct 2015 21:20:24 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7EFE7316 for ; Mon, 5 Oct 2015 21:20:24 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id t95LKO3r048066 for ; Mon, 5 Oct 2015 21:20:24 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 156226] [lagg]: failover does not announce the failover to switch Date: Mon, 05 Oct 2015 21:20:23 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: feature, needs-qa, patch X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: weberge42@gmail.com X-Bugzilla-Status: Open X-Bugzilla-Priority: Normal X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: mfc-stable9? mfc-stable10? X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Oct 2015 21:20:24 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=156226 --- Comment #19 from weberge42@gmail.com --- Whqt would be the correct setup using 1 Server, 2 Nics and 2 non stacked Switches to achive a basic failover scenario for IPv4 ? RSTP (as STP usually is) sounds too complicated for this. The description used in the manpage is basically the same as for linux bonding with active-passive mode. This setup works fine across 2 single, non stacked switches. I guess the driver sends a gratatious ARP (or RARP like vmware) to the switches. -- You are receiving this mail because: You are the assignee for the bug. From owner-freebsd-net@freebsd.org Tue Oct 6 06:40:17 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 064A49B6E55 for ; Tue, 6 Oct 2015 06:40:17 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E5DB3A62 for ; Tue, 6 Oct 2015 06:40:16 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id t966eG6U071588 for ; Tue, 6 Oct 2015 06:40:16 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 156226] [lagg]: failover does not announce the failover to switch Date: Tue, 06 Oct 2015 06:40:17 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: feature, needs-qa, patch X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: eugen@grosbein.net X-Bugzilla-Status: Open X-Bugzilla-Priority: Normal X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: mfc-stable9? mfc-stable10? X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Oct 2015 06:40:17 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=156226 --- Comment #20 from eugen@grosbein.net --- RSTP is very simple thing. And it is general solution suitable for IPv4, IPv6, vlan trunk, PPPoE, IPX or anything else because it deals with links at layer 2. -- You are receiving this mail because: You are the assignee for the bug. From owner-freebsd-net@freebsd.org Tue Oct 6 08:10:13 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DEAB79B19B7 for ; Tue, 6 Oct 2015 08:10:13 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id CB3951CFA for ; Tue, 6 Oct 2015 08:10:13 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id t968ADv1005764 for ; Tue, 6 Oct 2015 08:10:13 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 201916] [patch] mac address does not update when removing the primary iface from a lagg Date: Tue, 06 Oct 2015 08:10:13 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.0-CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: hrs@FreeBSD.org X-Bugzilla-Status: In Progress X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: hrs@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_status cc assigned_to Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Oct 2015 08:10:14 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201916 Hiroki Sato changed: What |Removed |Added ---------------------------------------------------------------------------- Status|New |In Progress CC| |hrs@FreeBSD.org Assignee|freebsd-net@FreeBSD.org |hrs@FreeBSD.org -- You are receiving this mail because: You are the assignee for the bug. From owner-freebsd-net@freebsd.org Tue Oct 6 10:26:33 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 734D09B6C28 for ; Tue, 6 Oct 2015 10:26:33 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 5F2C5D6C for ; Tue, 6 Oct 2015 10:26:33 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id t96AQXN8033791 for ; Tue, 6 Oct 2015 10:26:33 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 156226] [lagg]: failover does not announce the failover to switch Date: Tue, 06 Oct 2015 10:26:32 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: feature, needs-qa, patch X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: pvz@itassistans.se X-Bugzilla-Status: Open X-Bugzilla-Priority: Normal X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: mfc-stable9? mfc-stable10? X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Oct 2015 10:26:33 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=156226 --- Comment #21 from pvz@itassistans.se --- I would not call RSTP "simple" compared to sending a single broadcast frame (of any protocol) out on the new active NIC on a failover, especially not once you consider that to use it you have to bridge together the two NICs and make sure you to configure your costs appropriately so that you don't accidentally make your server an unintentional bridge in your network, cutting off the link you actually do want active. There's a reason other vendors have implemented this simple and elegant solution for this problem. It is because it works, and will work in any correctly functioning Ethernet network (with the exception of possible security features). Implementing this feature to the lagg failover mode does not preclude sysadmins who dislike this mode to implement other solutions such as LACP (with the other end being a MLAG) or bridging with RSTP. It does make FreeBSD usable in scenarios where sysadmins might not have much say about the network operations of the environment at large. -- You are receiving this mail because: You are the assignee for the bug. From owner-freebsd-net@freebsd.org Tue Oct 6 12:36:00 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2C2E29B109C for ; Tue, 6 Oct 2015 12:36:00 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 1895935F for ; Tue, 6 Oct 2015 12:36:00 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id t96CZx6u060694 for ; Tue, 6 Oct 2015 12:35:59 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 156226] [lagg]: failover does not announce the failover to switch Date: Tue, 06 Oct 2015 12:36:00 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: feature, needs-qa, patch X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: eugen@grosbein.net X-Bugzilla-Status: Open X-Bugzilla-Priority: Normal X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: mfc-stable9? mfc-stable10? X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Oct 2015 12:36:00 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=156226 --- Comment #22 from eugen@grosbein.net --- (In reply to pvz from comment #21) "single broadcast frame" won't work for all cases, f.e. multiple vlans over lagg but RSTP will. And there is no rocket science in creating bridge as RSTP runs by default on bridges under FreeBSD. -- You are receiving this mail because: You are the assignee for the bug. From owner-freebsd-net@freebsd.org Tue Oct 6 14:29:30 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D208D9B6DE7 for ; Tue, 6 Oct 2015 14:29:30 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id BE27DDD2 for ; Tue, 6 Oct 2015 14:29:30 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id t96ETUb3015883 for ; Tue, 6 Oct 2015 14:29:30 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 202875] ixv driver in 11.0-CURRENT doesn't pass traffic using KVM hypervisor Date: Tue, 06 Oct 2015 14:29:30 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.0-CURRENT X-Bugzilla-Keywords: IntelNetworking X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: jeffrey.e.pieper@intel.com X-Bugzilla-Status: New X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Oct 2015 14:29:30 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=202875 --- Comment #9 from Jeff Pieper --- We believe to have this isolated and are testing a fix now. We should have an update within a day or two. -- You are receiving this mail because: You are the assignee for the bug. From owner-freebsd-net@freebsd.org Wed Oct 7 09:46:50 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 94F599B9940 for ; Wed, 7 Oct 2015 09:46:50 +0000 (UTC) (envelope-from girgen@FreeBSD.org) Received: from mail.pingpong.net (mail.pingpong.net [79.136.116.202]) by mx1.freebsd.org (Postfix) with ESMTP id 1DA6012A2 for ; Wed, 7 Oct 2015 09:46:49 +0000 (UTC) (envelope-from girgen@FreeBSD.org) Received: from mail.pingpong.net (localhost [127.0.0.1]) by mail.pingpong.net (Postfix) with ESMTP id 2FFD5E864 for ; Wed, 7 Oct 2015 11:39:43 +0200 (CEST) X-Virus-Scanned: by amavisd-new at pingpong.net Received: from mail.pingpong.net ([127.0.0.1]) by mail.pingpong.net (mail.pingpong.net [127.0.0.1]) (amavisd-new, port 10024) with LMTP id c_o3ZKVdGZ94 for ; Wed, 7 Oct 2015 11:39:43 +0200 (CEST) Received: from [10.0.0.143] (citron2.pingpong.net [195.178.173.68]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.pingpong.net (Postfix) with ESMTPSA id 0753BE7F2 for ; Wed, 7 Oct 2015 11:39:42 +0200 (CEST) From: Palle Girgensohn Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Subject: Process hung in STOPPED_SINGLE, wchan vodead, and cannot be killed or continued Message-Id: <60F10B6B-0B90-4728-B405-4B916CDF7FD6@FreeBSD.org> Date: Wed, 7 Oct 2015 11:39:42 +0200 To: freebsd-net@freebsd.org Mime-Version: 1.0 (Mac OS X Mail 9.0 \(3094\)) X-Mailer: Apple Mail (2.3094) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Oct 2015 09:46:50 -0000 Hi, I see a process that is hung in a jail, and cannot be killed or = continued: # ps HO wchan,nwchan,ppid -p 92266 PID WCHAN NWCHAN PPID TT STAT TIME COMMAND 92266 - - 1 - TJ 0:00,73 /usr/local/bin/jsvc = -home /usr/local/openjdk8 -server 92266 vodead fffff811a5e6b400 1 - TJ 0:00,48 /usr/local/bin/jsvc = -home /usr/local/openjdk8 -server # top ... PID USERNAME THR PRI NICE SIZE RES STATE C TIME WCPU = COMMAND 92266 nobody 2 20 0 4470M 418M STOP 2 0:20 0.00% = jsvc # ps axu USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND nobody 92266 0,0 0,4 4577204 427756 - TJ 11:02pm 0:20,08 = /usr/local/bin/jsvc -home /usr/local/openjdk8 ... # sockstat USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN = ADDRESS =20 nobody jsvc 92266 15 stream (not connected) nobody jsvc 92266 16 tcp4 127.0.0.1:8078 *:* ? ? ? ? tcp4 127.0.0.1:8078 = 127.0.0.1:22789 ... # sockstat | grep '^?' |wc -l 151 # netstat -an | less netstat: kvm not available: /dev/mem: No such file or directory Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address = (state) tcp4 374 0 127.0.0.1.8078 127.0.0.1.32866 CLOSED ... # procstat -t 92266 PID TID COMM TDNAME CPU PRI STATE WCHAN =20= 92266 105754 jsvc - 20 120 stop - = =20 92266 106982 jsvc - 2 120 stop vodead = =20 # procstat -k 92266 PID TID COMM TDNAME KSTACK = =20 92266 105754 jsvc - mi_switch = thread_suspend_switch thread_single exit1 sys_sys_exit amd64_syscall = Xfast_syscall=20 92266 106982 jsvc - mi_switch sleepq_switch = sleepq_wait _sleep vnode_create_vobject zfs_freebsd_open VOP_OPEN_APV = vn_open_vnode vn_open_cred kern_openat amd64_syscall Xfast_syscall=20 8078 is the java port that it used to listen to... all look like this ? ? ? ? tcp4 127.0.0.1:8078 = 127.0.0.1:53583 # gdb -p 92266 /usr/local/bin/jsvc=20 GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you = are welcome to change it and/or distribute copies of it under certain = conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for = details. This GDB was configured as "amd64-marcel-freebsd"...(no debugging = symbols found)... Attaching to program: /usr/local/bin/jsvc, process 92266 [ just hangs ]... ^Z [1]+ Stopped gdb -p 92266 /usr/local/bin/jsvc [root@tranbar /]#=20 [root@tranbar /]#=20 [root@tranbar /]# kill %1 [root@tranbar /]#=20 [1]+ Terminated gdb -p 92266 /usr/local/bin/jsvc [root@tranbar /]#=20 The culprit to begin with could be this: Oct 7 07:54:00 host kernel: sonewconn: pcb 0xfffff80b49171310: Listen = queue overflow: 151 already in queue awaiting acceptance (6 occurrences) Occurred all through the night, saturating a service, *very likely* the = one now showing problems, but i was never there to check. 151 lost = network sockets (see sockstat above) connects the dots. It seems the service entered STOP when we tried to stop it. jsvc is = similar to daemontools, and I remeber seeing a references to a parent = process 92265, but I might be imaginating, since the ppid =3D 1. Trying to shut down the jail we got hanging shutdown processes: from host:/var/log/console.jailname: ... Stopping tomcat. Waiting for PIDS: 9226690 second watchdog timeout expired. Shutdown = terminated. Ons 7 Okt 2015 08:27:19 CEST ... # freebsd-version -ku 10.2-RELEASE-p3 10.2-RELEASE-p3 So basically, is there a way to get rid of this process without = rebooting? Palle From owner-freebsd-net@freebsd.org Wed Oct 7 13:57:43 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C10269D0478 for ; Wed, 7 Oct 2015 13:57:43 +0000 (UTC) (envelope-from feld@FreeBSD.org) Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 9B86DE5C for ; Wed, 7 Oct 2015 13:57:43 +0000 (UTC) (envelope-from feld@FreeBSD.org) Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.nyi.internal (Postfix) with ESMTP id 9DC8B21BB3 for ; Wed, 7 Oct 2015 09:57:42 -0400 (EDT) Received: from web3 ([10.202.2.213]) by compute2.internal (MEProxy); Wed, 07 Oct 2015 09:57:42 -0400 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:message-id:mime-version:subject:to:x-sasl-enc :x-sasl-enc; s=smtpout; bh=CgkJUMPVe6sdvLjSATQPswmReOM=; b=TsXjV /8RUWDB1mTJt296dzlnZeLkrxzpsIx/juw3CTi4l9ba3lxY/M+QNE0b8rPUnOHJW Gbj0Fr7iYw4WiQwf/av/QB4Xfi42LO4A5l2hOZVB1VwZDjEJu+S+yIKrdMk7jPdj XI1PyttCwG/HL7bw0epgs9VybuBquRYfy6EiAc= Received: by web3.nyi.internal (Postfix, from userid 99) id 7976910D273; Wed, 7 Oct 2015 09:57:42 -0400 (EDT) Message-Id: <1444226262.4164898.403785985.524883DA@webmail.messagingengine.com> X-Sasl-Enc: pE2N0afJamw6iow9cPCacCzBCFdoRl8DfZ3Wh4hw52a1 1444226262 From: Mark Felder To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain X-Mailer: MessagingEngine.com Webmail Interface - ajax-bd1c65cb Subject: Struggling with IPFW on CURRENT Date: Wed, 07 Oct 2015 08:57:42 -0500 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Oct 2015 13:57:43 -0000 Hi all, I've only used IPFW in the past for the most basic of tasks. I'd like to use it with in-kernel NAT protecting both v4 and v6 and add dummynet/pipe later, but I have to get the basic working first. I'm either overlooking something obvious or there's a major issue. Has there been work in CURRENT? I haven't tried on any RELEASE.... Problems I'm running into: * Inbound v4 traffic to the firewall is blocked, but inbound v6 traffic to firewall and hosts behind it are not. Both v4 and v6 should be handled by keywords: tcp, udp, ip, me. * TCP sessions seem to be killed every ~300s * "in via $pif" doesn't seem to work. ex: block icmp from internet to $pif fails to do anything. However, "block out via $pif" blocks it... * Does IPFW not track outbound traffic to allow it back through -- related/established ? I have trouble blocking inbound traffic without blocking originated/outbound traffic because the firewall blocks the return packets. * Port forwarding is failingl, probably due to the issues with the "in via" that I'm experiencing. Research says once I have the redirect_port configured I should be good to go as long as I match the traffic and skip to the NAT rule. Skip rules don't stop processing, so it should hit the next rule which is the last rule in my config -- allow from any to any. (Documentation for in-kernel NAT is nonexistent and really needs help). The rule 425 below should be working, but logs show that rule is ignored and it's being blocked at 550. Comment out 550 and it works... #!/bin/sh # http://blog.pcbsd.org/2015/01/using-trueos-as-a-ipfw-based-home-router/ # Below based on example from Kris Moore # Flush out the list before we begin. ipfw -q -f flush # Set rules command prefix cmd="ipfw add" pif="re0" # interface name of NIC attached to Internet pif6="gif0" # interface name of NIC attached to Internet IPv6 (tunnel) iif="bridge0" # interface name of NIC attached to LAN (re1, wlan0 bridged) ks="keep-state" # Laziness skip="skipto 600" # Create the NAT redirect rules ###################################### ipfw -q nat 1 config if $pif unreg_only reset \ redirect_port tcp 172.16.1.122:32400 32400 ###################################### # Allow everything through the local NIC ###################################### $cmd 00020 allow log all from any to any via $iif ###################################### # No restrictions on Loopback Interface ###################################### $cmd 00025 allow log all from any to any via lo0 ###################################### # Catch spoofing from outside ###################################### $cmd 00090 deny log ip from any to any not antispoof in ###################################### # NAT the inbound stuff ###################################### $cmd 0100 nat 1 ip from any to any in via $pif ###################################### # Allow packet through if it matches existing entry in dynamic rules ###################################### $cmd 00101 check-state ###################################### # Allow all outgoing packets ###################################### $cmd 00110 $skip tcp from any to any out via $pif setup $ks $cmd 00111 $skip udp from any to any out via $pif $ks ###################################### # Deny all inbound traffic from non-routable reserved address spaces ###################################### $cmd 00300 deny log all from 192.168.0.0/16 to any in via $pif #RFC 1918 private IP $cmd 00301 deny log all from 172.16.0.0/12 to any in via $pif #RFC 1918 private IP $cmd 00302 deny log all from 10.0.0.0/8 to any in via $pif #RFC 1918 private IP $cmd 00303 deny log all from 127.0.0.0/8 to any in via $pif #loopback $cmd 00304 deny log all from 0.0.0.0/8 to any in via $pif #loopback $cmd 00305 deny log all from 169.254.0.0/16 to any in via $pif #DHCP auto-config $cmd 00306 deny log all from 192.0.2.0/24 to any in via $pif #reserved for doc $cmd 00307 deny log all from 204.152.64.0/23 to any in via $pif #Sun cluster interconnect $cmd 00308 deny log all from 224.0.0.0/3 to any in via $pif #Class D & E multicast ###################################### # Deny public pings ###################################### $cmd 00310 deny log icmp from any to any in via $pif # This does not work ###################################### # Allow specific ports IN now (for services behind NAT) ###################################### $cmd 00425 $skip tcp from any to any 32400 in via $pif setup $ks ###################################### # Deny all other troublemakers $cmd 00550 deny log tcp from any to any via $pif $cmd 00551 deny log udp from any to any via $pif $cmd 00552 deny log tcp from any to any via $pif6 # Added just-in-case because v6 $cmd 00553 deny log udp from any to any via $pif6 # uses gif0, but doesn't work # Skip location for NAT $cmd 600 nat 1 ip from any to any out via $pif $cmd 610 allow log ip from any to any setup $ks -- Mark Felder ports-secteam member feld@FreeBSD.org From owner-freebsd-net@freebsd.org Wed Oct 7 14:31:53 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 951849D194F for ; Wed, 7 Oct 2015 14:31:53 +0000 (UTC) (envelope-from mad@madpilot.net) Received: from mail.madpilot.net (grunt.madpilot.net [78.47.145.38]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 20FCB182; Wed, 7 Oct 2015 14:31:52 +0000 (UTC) (envelope-from mad@madpilot.net) Received: from mail (mail [192.168.254.3]) by mail.madpilot.net (Postfix) with ESMTP id 3nWJ5C5SXXzZsp; Wed, 7 Oct 2015 16:31:43 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=madpilot.net; h= content-transfer-encoding:content-type:content-type:in-reply-to :mime-version:user-agent:date:date:message-id:from:from :references:subject:subject:received:received; s=mail; t= 1444228302; x=1446042703; bh=fRnpXa9lnASEHv9KQp7f3042EbEnY8obLI/ TEgeWSAY=; b=fzRfZAsUKo4nBmjBxGp9gc1GkZrbuS6jarpNRhkEFPZDfRkhcbM Dbdx6v5cR2fUGfXYKurDHeHyqhQm3tDC8MY7IBJUK0PZi3ujDWUQXlJJH2bQCNxQ Dg76T1Bu/dqvzeEFpz7voNxDor566oh70Xy+/+asCz3iZUq18HhflM5Y= Received: from mail.madpilot.net ([192.168.254.3]) by mail (mail.madpilot.net [192.168.254.3]) (amavisd-new, port 10024) with ESMTP id bmZrML-_quek; Wed, 7 Oct 2015 16:31:42 +0200 (CEST) Received: from tommy.madpilot.net (micro.madpilot.net [88.149.173.206]) by mail.madpilot.net (Postfix) with ESMTPSA; Wed, 7 Oct 2015 16:31:41 +0200 (CEST) Subject: Re: Struggling with IPFW on CURRENT To: Mark Felder , freebsd-net@freebsd.org References: <1444226262.4164898.403785985.524883DA@webmail.messagingengine.com> From: Guido Falsi Message-ID: <56152CCD.3010302@madpilot.net> Date: Wed, 7 Oct 2015 16:31:41 +0200 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 MIME-Version: 1.0 In-Reply-To: <1444226262.4164898.403785985.524883DA@webmail.messagingengine.com> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Oct 2015 14:31:53 -0000 On 10/07/15 15:57, Mark Felder wrote: > Hi all, > > I've only used IPFW in the past for the most basic of tasks. I'd like to > use it with in-kernel NAT protecting both v4 and v6 and add > dummynet/pipe later, but I have to get the basic working first. I'm > either overlooking something obvious or there's a major issue. Has there > been work in CURRENT? I haven't tried on any RELEASE.... My experience with ipfw is almost exclusively on RELEASE, but I don't think that much has changed in the rules syntax. > > Problems I'm running into: > > * Inbound v4 traffic to the firewall is blocked, but inbound v6 traffic > to firewall and hosts behind it are not. Both v4 and v6 should be > handled by keywords: tcp, udp, ip, me. I'm sorry but I have made no tests with IPv6, so I can't help you on this one. I suspect you should also investigate using sysctl net.inet.ip.fw.one_pass=0. The ruleset below seems to require it in a few places. > > * TCP sessions seem to be killed every ~300s sysctl net.inet.ip.fw.dyn_ack_lifetime= default is 300. > > * "in via $pif" doesn't seem to work. ex: block icmp from internet to > $pif fails to do anything. However, "block out via $pif" blocks it... I suspect this is related to one pass above. > > * Does IPFW not track outbound traffic to allow it back through -- > related/established ? I have trouble blocking inbound traffic without > blocking originated/outbound traffic because the firewall blocks the > return packets. It does only for stateful rules, with keep-state, which you are using. Which rules are failing to do that? > > * Port forwarding is failingl, probably due to the issues with the "in > via" that I'm experiencing. Research says once I have the redirect_port > configured I should be good to go as long as I match the traffic and > skip to the NAT rule. Skip rules don't stop processing, so it should hit > the next rule which is the last rule in my config -- allow from any to > any. (Documentation for in-kernel NAT is nonexistent and really needs > help). The rule 425 below should be working, but logs show that rule is > ignored and it's being blocked at 550. Comment out 550 and it works... As above, if I remember correctly this setup requires one_pass=1 to work, I'm not completely sure this is your problem though. I think it's worth a try. Please note that my structure is just an example, there are many other ways to organize your firewall. I have a setup that uses many stateful rules, but some people prefer stateless firewalling, which requires rules for both inbound and outbound traffic. Hope this helps. -- Guido Falsi From owner-freebsd-net@freebsd.org Wed Oct 7 14:36:46 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C56DD9D1BDA for ; Wed, 7 Oct 2015 14:36:46 +0000 (UTC) (envelope-from feld@FreeBSD.org) Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 9C3DF6A3 for ; Wed, 7 Oct 2015 14:36:46 +0000 (UTC) (envelope-from feld@FreeBSD.org) Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id 5F6A1217C5 for ; Wed, 7 Oct 2015 10:36:45 -0400 (EDT) Received: from web3 ([10.202.2.213]) by compute3.internal (MEProxy); Wed, 07 Oct 2015 10:36:45 -0400 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-sasl-enc:x-sasl-enc; s=smtpout; bh=5Nh+s1UtZ8t0AOG lAu9KhxaXquE=; b=hldQz8SXSzfb7BePb7Q8VoYnhiZTHORO4f7phvQvmQlYKja C0wIktJlrNYAqM7XTDjq9APT82XJxxCffACWoeis2oIbTUfhvf/w9Gji1ZgeHwzd vK+5hs4PHlE7BQL6595DCZMS559lcksy8AWCM3661tSPCUMCYGZ8O9Lvzqyk= Received: by web3.nyi.internal (Postfix, from userid 99) id 3C62C10D4A9; Wed, 7 Oct 2015 10:36:44 -0400 (EDT) Message-Id: <1444228604.4174170.403845001.7FAB35BB@webmail.messagingengine.com> X-Sasl-Enc: v0cPhvB4vcGHddUeQwq+US3Z8k7MTcCUmyFNfvwZ/GnT 1444228604 From: Mark Felder To: Guido Falsi , freebsd-net@freebsd.org MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain X-Mailer: MessagingEngine.com Webmail Interface - ajax-bd1c65cb In-Reply-To: <56152CCD.3010302@madpilot.net> References: <1444226262.4164898.403785985.524883DA@webmail.messagingengine.com> <56152CCD.3010302@madpilot.net> Subject: Re: Struggling with IPFW on CURRENT Date: Wed, 07 Oct 2015 09:36:44 -0500 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Oct 2015 14:36:47 -0000 On Wed, Oct 7, 2015, at 09:31, Guido Falsi wrote: > On 10/07/15 15:57, Mark Felder wrote: > > Hi all, > > > > I've only used IPFW in the past for the most basic of tasks. I'd like to > > use it with in-kernel NAT protecting both v4 and v6 and add > > dummynet/pipe later, but I have to get the basic working first. I'm > > either overlooking something obvious or there's a major issue. Has there > > been work in CURRENT? I haven't tried on any RELEASE.... > > My experience with ipfw is almost exclusively on RELEASE, but I don't > think that much has changed in the rules syntax. > > > > > Problems I'm running into: > > > > * Inbound v4 traffic to the firewall is blocked, but inbound v6 traffic > > to firewall and hosts behind it are not. Both v4 and v6 should be > > handled by keywords: tcp, udp, ip, me. > > I'm sorry but I have made no tests with IPv6, so I can't help you on > this one. > > > I suspect you should also investigate using sysctl > net.inet.ip.fw.one_pass=0. The ruleset below seems to require it in a > few places. > > > > > * TCP sessions seem to be killed every ~300s > > sysctl net.inet.ip.fw.dyn_ack_lifetime= > > default is 300. > These are active TCP sessions though... like IRC and SSH... But again, probably related to one_pass. > > > > * "in via $pif" doesn't seem to work. ex: block icmp from internet to > > $pif fails to do anything. However, "block out via $pif" blocks it... > > I suspect this is related to one pass above. > > > > > * Does IPFW not track outbound traffic to allow it back through -- > > related/established ? I have trouble blocking inbound traffic without > > blocking originated/outbound traffic because the firewall blocks the > > return packets. > > It does only for stateful rules, with keep-state, which you are using. > Which rules are failing to do that? > I don't have any in the provided example, but noticed it when experimenting. > > > > * Port forwarding is failingl, probably due to the issues with the "in > > via" that I'm experiencing. Research says once I have the redirect_port > > configured I should be good to go as long as I match the traffic and > > skip to the NAT rule. Skip rules don't stop processing, so it should hit > > the next rule which is the last rule in my config -- allow from any to > > any. (Documentation for in-kernel NAT is nonexistent and really needs > > help). The rule 425 below should be working, but logs show that rule is > > ignored and it's being blocked at 550. Comment out 550 and it works... > > As above, if I remember correctly this setup requires one_pass=1 to > work, I'm not completely sure this is your problem though. I think it's > worth a try. > I'll give it a try. Hopefully this will be successful. > > Please note that my structure is just an example, there are many other > ways to organize your firewall. I have a setup that uses many stateful > rules, but some people prefer stateless firewalling, which requires > rules for both inbound and outbound traffic. > > Hope this helps. > > -- > Guido Falsi Yeah, I could do stateless and require both inbound and outbound rules but that's tedious and I hate the idea of having to toy with my firewall every time I want to connect to something new/unusual. -- Mark Felder ports-secteam member feld@FreeBSD.org From owner-freebsd-net@freebsd.org Wed Oct 7 14:43:39 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E53B99D0194 for ; Wed, 7 Oct 2015 14:43:39 +0000 (UTC) (envelope-from rj@obsigna.com) Received: from mo6-p00-ob.smtp.rzone.de (mo6-p00-ob.smtp.rzone.de [IPv6:2a01:238:20a:202:5300::8]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.smtp.rzone.de", Issuer "TeleSec ServerPass DE-2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 7E799B37 for ; Wed, 7 Oct 2015 14:43:39 +0000 (UTC) (envelope-from rj@obsigna.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1444229015; l=3388; s=domk; d=obsigna.com; h=To:References:Content-Transfer-Encoding:Cc:Date:In-Reply-To:From: Subject:Mime-Version:Content-Type; bh=5c3gqJZxYHy1PzxRSTI9tTzNyZ0OpaNpc02Uz5XbKk8=; b=HJr9tav45Fa9jfuSc47rh7TSDfTQzU7zSZCy4wxhehBhL5UscJr38NUH7CYoY2srs8i Sb2n71nbUkQCg4aTRoR6uDx9xD6+1JLLUYUBRzKpeTqEpgGcXbQ8mnzH3NdZo4P0nQKpI etnsoCqMIaNfCxmxeYSEDpp/gVYpWMpVLj4= X-RZG-AUTH: :O2kGeEG7b/pS1EK7WHa0hxqKZr4lnx6UhToX1IWHkW4X7v2ImaU2BqdKiuqxheHHhTLx X-RZG-CLASS-ID: mo00 Received: from mail.obsigna.com (bb032267.virtua.com.br [187.3.34.103]) by smtp.strato.de (RZmta 37.13 DYNA|AUTH) with ESMTPSA id 402a43r97EhX52T (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (curve secp521r1 with 521 ECDH bits, eq. 15360 bits RSA)) (Client did not present a certificate); Wed, 7 Oct 2015 16:43:33 +0200 (CEST) Received: from [192.168.222.67] (unknown [192.168.222.67]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.obsigna.com (Postfix) with ESMTPSA id 1C19C14B90549; Wed, 7 Oct 2015 11:43:30 -0300 (BRT) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 9.0 \(3094\)) Subject: Re: Struggling with IPFW on CURRENT From: "Dr. Rolf Jansen" In-Reply-To: <1444228604.4174170.403845001.7FAB35BB@webmail.messagingengine.com> Date: Wed, 7 Oct 2015 11:43:28 -0300 Cc: Guido Falsi , freebsd-net@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: <242ED31C-C8C1-403C-8676-42DA2F256134@obsigna.com> References: <1444226262.4164898.403785985.524883DA@webmail.messagingengine.com> <56152CCD.3010302@madpilot.net> <1444228604.4174170.403845001.7FAB35BB@webmail.messagingengine.com> To: Mark Felder X-Mailer: Apple Mail (2.3094) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Oct 2015 14:43:40 -0000 > Am 07.10.2015 um 11:36 schrieb Mark Felder : > On Wed, Oct 7, 2015, at 09:31, Guido Falsi wrote: >> On 10/07/15 15:57, Mark Felder wrote: >>> Hi all, >>>=20 >>> I've only used IPFW in the past for the most basic of tasks. I'd = like to >>> use it with in-kernel NAT protecting both v4 and v6 and add >>> dummynet/pipe later, but I have to get the basic working first. I'm >>> either overlooking something obvious or there's a major issue. Has = there >>> been work in CURRENT? I haven't tried on any RELEASE.... >>=20 >> My experience with ipfw is almost exclusively on RELEASE, but I don't >> think that much has changed in the rules syntax. >>=20 >>>=20 >>> Problems I'm running into: >>>=20 >>> * Inbound v4 traffic to the firewall is blocked, but inbound v6 = traffic >>> to firewall and hosts behind it are not. Both v4 and v6 should be >>> handled by keywords: tcp, udp, ip, me. >>=20 >> I'm sorry but I have made no tests with IPv6, so I can't help you on >> this one. >>=20 >>=20 >> I suspect you should also investigate using sysctl >> net.inet.ip.fw.one_pass=3D0. The ruleset below seems to require it in = a >> few places. >>=20 >>>=20 >>> * TCP sessions seem to be killed every ~300s >>=20 >> sysctl net.inet.ip.fw.dyn_ack_lifetime=3D >>=20 >> default is 300. >>=20 >=20 > These are active TCP sessions though... like IRC and SSH... But again, > probably related to one_pass. >=20 >>>=20 >>> * "in via $pif" doesn't seem to work. ex: block icmp from internet = to >>> $pif fails to do anything. However, "block out via $pif" blocks = it... >>=20 >> I suspect this is related to one pass above. >>=20 >>>=20 >>> * Does IPFW not track outbound traffic to allow it back through -- >>> related/established ? I have trouble blocking inbound traffic = without >>> blocking originated/outbound traffic because the firewall blocks the >>> return packets. >>=20 >> It does only for stateful rules, with keep-state, which you are = using. >> Which rules are failing to do that? >>=20 >=20 > I don't have any in the provided example, but noticed it when > experimenting. >=20 >>>=20 >>> * Port forwarding is failingl, probably due to the issues with the = "in >>> via" that I'm experiencing. Research says once I have the = redirect_port >>> configured I should be good to go as long as I match the traffic and >>> skip to the NAT rule. Skip rules don't stop processing, so it should = hit >>> the next rule which is the last rule in my config -- allow from any = to >>> any. (Documentation for in-kernel NAT is nonexistent and really = needs >>> help). The rule 425 below should be working, but logs show that rule = is >>> ignored and it's being blocked at 550. Comment out 550 and it = works... >>=20 >> As above, if I remember correctly this setup requires one_pass=3D1 to >> work, I'm not completely sure this is your problem though. I think = it's >> worth a try. >>=20 >=20 > I'll give it a try. Hopefully this will be successful. You definitely need net.inet.ip.fw.one_pass=3D0 for statefule IPFW+NAT = for the IPv4 traffic. IPv6 does not pass NAT anyway and is not affected. I assume, that you have gateway_enable=3D"YES" and = ipv6_gateway_enable=3D"YES" in your /etc/rc.conf =E2=80=94 sometimes = this becomes forgotten. Best regards Rolf From owner-freebsd-net@freebsd.org Wed Oct 7 15:01:01 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id ACDEC9D0D0E for ; Wed, 7 Oct 2015 15:01:01 +0000 (UTC) (envelope-from mad@madpilot.net) Received: from mail.madpilot.net (grunt.madpilot.net [78.47.145.38]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 3F13667E; Wed, 7 Oct 2015 15:01:00 +0000 (UTC) (envelope-from mad@madpilot.net) Received: from mail (mail [192.168.254.3]) by mail.madpilot.net (Postfix) with ESMTP id 3nWJky137jzZsp; Wed, 7 Oct 2015 17:00:58 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=madpilot.net; h= content-transfer-encoding:content-type:content-type:in-reply-to :mime-version:user-agent:date:date:message-id:from:from :references:subject:subject:received:received; s=mail; t= 1444230056; x=1446044457; bh=4RP/962Zr+68TdpZjAcSFTXY76EC8gVPWbW Lcvc3cr0=; b=PqjHdSWcd0iywsmr1KGY1CdAAjlF8V++kK1BV8t2YegKp//3AOL oltkOHzin9PiU8to18Nqk53V2mQGhIgQ0an0dJ3H3OHcJiGmw7p4N4cPdgM0Z+3t tcj5/yFdRWruQ/Y4uWkmKSdOFdN4f1UpZWjXDM/aDN+xJUASuRADXHQI= Received: from mail.madpilot.net ([192.168.254.3]) by mail (mail.madpilot.net [192.168.254.3]) (amavisd-new, port 10024) with ESMTP id Hurb3ck17_iv; Wed, 7 Oct 2015 17:00:56 +0200 (CEST) Received: from tommy.madpilot.net (micro.madpilot.net [88.149.173.206]) by mail.madpilot.net (Postfix) with ESMTPSA; Wed, 7 Oct 2015 17:00:56 +0200 (CEST) Subject: Re: Struggling with IPFW on CURRENT To: Mark Felder , freebsd-net@freebsd.org References: <1444226262.4164898.403785985.524883DA@webmail.messagingengine.com> <56152CCD.3010302@madpilot.net> <1444228604.4174170.403845001.7FAB35BB@webmail.messagingengine.com> From: Guido Falsi Message-ID: <561533A7.2010501@madpilot.net> Date: Wed, 7 Oct 2015 17:00:55 +0200 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 MIME-Version: 1.0 In-Reply-To: <1444228604.4174170.403845001.7FAB35BB@webmail.messagingengine.com> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Oct 2015 15:01:01 -0000 On 10/07/15 16:36, Mark Felder wrote: >> I suspect you should also investigate using sysctl >> net.inet.ip.fw.one_pass=0. The ruleset below seems to require it in a >> few places. >> >>> >>> * TCP sessions seem to be killed every ~300s >> >> sysctl net.inet.ip.fw.dyn_ack_lifetime= >> >> default is 300. >> > > These are active TCP sessions though... like IRC and SSH... But again, > probably related to one_pass. I misinterpreted that point. But the fact that they get killed after a time so similar to the timeout looks suspicious :) >>> * Does IPFW not track outbound traffic to allow it back through -- >>> related/established ? I have trouble blocking inbound traffic without >>> blocking originated/outbound traffic because the firewall blocks the >>> return packets. >> >> It does only for stateful rules, with keep-state, which you are using. >> Which rules are failing to do that? >> > > I don't have any in the provided example, but noticed it when > experimenting. I see, well unstateful rules keep no information, so you need separate rules for inbound and outbound traffic. > >>> >>> * Port forwarding is failingl, probably due to the issues with the "in >>> via" that I'm experiencing. Research says once I have the redirect_port >>> configured I should be good to go as long as I match the traffic and >>> skip to the NAT rule. Skip rules don't stop processing, so it should hit >>> the next rule which is the last rule in my config -- allow from any to >>> any. (Documentation for in-kernel NAT is nonexistent and really needs >>> help). The rule 425 below should be working, but logs show that rule is >>> ignored and it's being blocked at 550. Comment out 550 and it works... >> >> As above, if I remember correctly this setup requires one_pass=1 to >> work, I'm not completely sure this is your problem though. I think it's >> worth a try. >> > > I'll give it a try. Hopefully this will be successful. > >> >> Please note that my structure is just an example, there are many other >> ways to organize your firewall. I have a setup that uses many stateful >> rules, but some people prefer stateless firewalling, which requires >> rules for both inbound and outbound traffic. > > Yeah, I could do stateless and require both inbound and outbound rules > but that's tedious and I hate the idea of having to toy with my firewall > every time I want to connect to something new/unusual. > I agree, that's why I also use lots of stateful rules. BTW ping and traceroute from natted hosts could require some special care too work correctly. But your rules look quite permissive so maybe those will work OOB. -- Guido Falsi From owner-freebsd-net@freebsd.org Wed Oct 7 15:10:08 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 19C109D12BC for ; Wed, 7 Oct 2015 15:10:08 +0000 (UTC) (envelope-from feld@FreeBSD.org) Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E06BB9E2 for ; Wed, 7 Oct 2015 15:10:07 +0000 (UTC) (envelope-from feld@FreeBSD.org) Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id 05DE5211E1 for ; Wed, 7 Oct 2015 11:10:07 -0400 (EDT) Received: from web3 ([10.202.2.213]) by compute3.internal (MEProxy); Wed, 07 Oct 2015 11:10:07 -0400 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-sasl-enc:x-sasl-enc; s=smtpout; bh=NjfD6/FhrXF6Z2p DfHw9OU8Duio=; b=PWwSIDpxq9ti+xDLro7/O7ofTc45gzVKrIFrzjc+/gGYB8c 3zP6yI/RMmDJbPZAUWGT1+evDD5zi5tX/+yV0dmiPRiSKFfH7SZEhG2CwVh/L7rv Tv17UUyJgcTFyZHbV94lTQ51L/C2gizdhj86dez8tP4Qwl5oXCXRHuBgjgPg= Received: by web3.nyi.internal (Postfix, from userid 99) id CC75D111902; Wed, 7 Oct 2015 11:10:06 -0400 (EDT) Message-Id: <1444230606.4186557.403881505.01840524@webmail.messagingengine.com> X-Sasl-Enc: 2gEf8i7A9E+1+QPn2Bx5sHshV5XEENufcD8BtbPlXvna 1444230606 From: Mark Felder To: "Dr. Rolf Jansen" Cc: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" X-Mailer: MessagingEngine.com Webmail Interface - ajax-bd1c65cb In-Reply-To: <242ED31C-C8C1-403C-8676-42DA2F256134@obsigna.com> References: <1444226262.4164898.403785985.524883DA@webmail.messagingengine.com> <56152CCD.3010302@madpilot.net> <1444228604.4174170.403845001.7FAB35BB@webmail.messagingengine.com> <242ED31C-C8C1-403C-8676-42DA2F256134@obsigna.com> Subject: Re: Struggling with IPFW on CURRENT Date: Wed, 07 Oct 2015 10:10:06 -0500 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Oct 2015 15:10:08 -0000 On Wed, Oct 7, 2015, at 09:43, Dr. Rolf Jansen wrote: >=20 >=20 > You definitely need net.inet.ip.fw.one_pass=3D0 for statefule IPFW+NAT for > the IPv4 traffic. IPv6 does not pass NAT anyway and is not affected. >=20 > I assume, that you have gateway_enable=3D"YES" and > ipv6_gateway_enable=3D"YES" in your /etc/rc.conf =E2=80=94 sometimes this= becomes > forgotten. >=20 > Best regards >=20 > Rolf >=20 Yes, I do have those. My firewall has been fully functioning in pf for years, but options for QoS in FreeBSD are poor. OpenBSD's QoS in their newer pf is great. I've heard enough about dummynet to want to try it out, but getting the most basic configuration working so I can convert the rest of my firewall ruleset has been rather painful so far. It seems I've been missing this rather important sysctl setting because the traffic hasn't been flowing through my ruleset the way I expected it to. Thanks for your input! --=20 Mark Felder ports-secteam member feld@FreeBSD.org From owner-freebsd-net@freebsd.org Thu Oct 8 08:12:32 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 900D49D1706 for ; Thu, 8 Oct 2015 08:12:32 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [115.70.110.159]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id C4A6BD53; Thu, 8 Oct 2015 08:12:31 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from localhost (localhost [127.0.0.1]) by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id t988CLeN073131; Thu, 8 Oct 2015 19:12:22 +1100 (EST) (envelope-from smithi@nimnet.asn.au) Date: Thu, 8 Oct 2015 19:12:21 +1100 (EST) From: Ian Smith To: Mark Felder cc: freebsd-net@freebsd.org Subject: Re: Struggling with IPFW on CURRENT In-Reply-To: <1444226262.4164898.403785985.524883DA@webmail.messagingengine.com> Message-ID: <20151008174837.M67283@sola.nimnet.asn.au> References: <1444226262.4164898.403785985.524883DA@webmail.messagingengine.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Oct 2015 08:12:32 -0000 On Wed, 7 Oct 2015 08:57:42 -0500, Mark Felder wrote: > Hi all, > > I've only used IPFW in the past for the most basic of tasks. I'd like to > use it with in-kernel NAT protecting both v4 and v6 and add > dummynet/pipe later, but I have to get the basic working first. I'm > either overlooking something obvious or there's a major issue. Has there > been work in CURRENT? I haven't tried on any RELEASE.... I doubt there's anything in CURRENT that might affect your ruleset. > Problems I'm running into: > > * Inbound v4 traffic to the firewall is blocked, but inbound v6 traffic > to firewall and hosts behind it are not. Both v4 and v6 should be > handled by keywords: tcp, udp, ip, me. Firstly, I've read the whole thread but it's not clear to me whether you started out with one_pass=0 ? If not, you need that for sure, or NAT'd packets will just be passed without further checks. This could explain why e.g. your deny icmp rule wasn't working; they'd be already allowed. And later, when adding dummynet, you'll also want to use one_pass=0. You need to use 'ip4' specifically on your nat rules, whether you use ipfw nat or divert with natd. natd can crash and ipfw nat results when passed ip6 packets are at best undefined. Apart from that, you may want to examine the various ipv6 rules in rc.firewall complementing your valid address checking rules for ipv4; otherwise I can't comment on ip6. > * TCP sessions seem to be killed every ~300s This seems to suggest that keepalives may be being blocked, not sure. > * "in via $pif" doesn't seem to work. ex: block icmp from internet to > $pif fails to do anything. However, "block out via $pif" blocks it... I'd suggest replacing every instance of 'in via' with 'in recv' and every instance of 'out via' with 'out xmit' for clarity. The only rule you have that uses via without any direction appropriately is rule 25. Seeing you're logging everything for now, I'd replace rule 20 with $cmd 00020 allow log all from any to any in recv $iif $cmd 00021 allow log all from any to any out xmit $iif I'm never sure this rule is appropriate anyway, as you're passing all inbound traffic from the LAN without any checks, e.g. antispoofing or other restrictions you may wish to apply to LAN <-> internet traffic; splitting this rule in two leaves scope for later refinement. > * Does IPFW not track outbound traffic to allow it back through -- > related/established ? I have trouble blocking inbound traffic without > blocking originated/outbound traffic because the firewall blocks the > return packets. Once we're sure that one_pass was/is 0, we can look at that. I see Kris mentioned that setting in the referenced article for ipfw nat, but not for the earlier ruleset for natd, although it's needed in either case. > * Port forwarding is failingl, probably due to the issues with the "in > via" that I'm experiencing. Research says once I have the redirect_port > configured I should be good to go as long as I match the traffic and > skip to the NAT rule. Skip rules don't stop processing, so it should hit > the next rule which is the last rule in my config -- allow from any to > any. (Documentation for in-kernel NAT is nonexistent and really needs > help). The rule 425 below should be working, but logs show that rule is > ignored and it's being blocked at 550. Comment out 550 and it works... Again depending on one_pass. I can't disagree about the thinness of ipfw nat docs, but you should refer to natd(8) as kind-of suggested as a fuller reference; apart from the recently discovered omission from ipfw nat of proxy_only, and the abbreviated operators, you can safely take natd(8) as a deeper explanation of ipfw nat. Both use libalias(3). Frankly I still find the 'skipto .. keep-state' approach relatively confusing compared to say the rc.firewall 'workstation' approach to (mostly) stateful rules, but we've been blighted by that for so long it seems irredeemable until $someone rewrites the dreadful handbook IPFW section, and I can't be that someone - way too verbose for one thing :) I'm quite sure you don't want to add 'setup keep-state' to the final pass-all rule after NAT'ing outbound-to-net packets; just 'allow all from any to any' would be appropriate there. In the earlier natd set, Kris had a 'deny log all from any to any' before the outbound nat skip target, but not the later set you followed. You should add that, so that packets not otherwise blocked don't fall through to the most likely inappropriate nat then pass-all rules. And do you really want to block ALL icmp, including unreachable and time exceeded, disallowing even the router or LAN clients ability to do TCP PMTU discovery, traceroutes or pings? If not you'll want to add a rule, best stateless, like 'allow icmp from any to any icmptypes 3,11' early on and if you like statefully, out to net, 'allow icmptypes 0,3,8,11'. cheers, Ian From owner-freebsd-net@freebsd.org Thu Oct 8 09:32:42 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CA15E9D1892; Thu, 8 Oct 2015 09:32:42 +0000 (UTC) (envelope-from hps@selasky.org) Received: from mail.turbocat.net (heidi.turbocat.net [88.198.202.214]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 8A477BC5; Thu, 8 Oct 2015 09:32:41 +0000 (UTC) (envelope-from hps@selasky.org) Received: from laptop015.home.selasky.org (cm-176.74.213.204.customer.telag.net [176.74.213.204]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.turbocat.net (Postfix) with ESMTPSA id E51F81FE022; Thu, 8 Oct 2015 11:32:31 +0200 (CEST) Subject: Re: ix(intel) vs mlxen(mellanox) 10Gb performance To: Daniel Braniss , Rick Macklem References: <1D52028A-B39F-4F9B-BD38-CB1D73BF5D56@cs.huji.ac.il> <1153838447.28656490.1440193567940.JavaMail.zimbra@uoguelph.ca> <15D19823-08F7-4E55-BBD0-CE230F67D26E@cs.huji.ac.il> <818666007.28930310.1440244756872.JavaMail.zimbra@uoguelph.ca> <49173B1F-7B5E-4D59-8651-63D97B0CB5AC@cs.huji.ac.il> <1815942485.29539597.1440370972998.JavaMail.zimbra@uoguelph.ca> <55DAC623.60006@selasky.org> <62C7B1A3-CC6B-41A1-B254-6399F19F8FF7@cs.huji.ac.il> <2112273205.29795512.1440419111720.JavaMail.zimbra@uoguelph.ca> <1E679659-BA50-42C3-B569-03579E322685@cs.huji.ac.il> Cc: pyunyh@gmail.com, FreeBSD stable , FreeBSD Net From: Hans Petter Selasky Message-ID: <56163896.3020907@selasky.org> Date: Thu, 8 Oct 2015 11:34:14 +0200 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0 MIME-Version: 1.0 In-Reply-To: <1E679659-BA50-42C3-B569-03579E322685@cs.huji.ac.il> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Oct 2015 09:32:42 -0000 Hi, I've now MFC'ed r287775 to 10-stable and 9-stable. I hope this will resolve the issues with m_defrag() being called on too long mbuf chains due to an off-by-one in the driver TSO parameters and that it will be easier to maintain these parameters in the future. Some comments were made that we might want to have an option to select if the IP-header should be counted or not. Certain network drivers require copying of the whole ETH/TCP/IP-header into separate memory areas, and can then handle one more data payload mbuf for TSO. Others required DMA-ing of the whole mbuf TSO chain. I think it is acceptable to have one TX-DMA segment slot free, in case of 2K mbuf clusters being used for TSO. From my experience the limitation typically kicks in when 2K mbuf clusters are used for TSO instead of 4K mbuf clusters. 65536 / 4096 = 16, whereas 65536 / 2048 = 32. If an ethernet hardware driver has a limitation of 24 data segments (mlxen), and assuming that each mbuf represent a single segment, then iff the majority of mbufs being transmitted are 2K clusters we may have a small, 1/24 = 4.2%, loss of TX capability per TSO packet. From what I've seen using iperf, which in turn calls m_uiotombuf() which in turn calls m_getm2(), MJUMPPAGESIZE'ed mbuf clusters are preferred for large data transfers, so this issue might only happen in case of NODELAY being used on the socket and if the writes are small from the application point of view. If an application is writing small amounts of data per send() system call, it is expected to degrade the system performance. Please file a PR if it becomes an issue. Someone asked me to MFC r287775 to 10.X release aswell. Is this still required? --HPS From owner-freebsd-net@freebsd.org Thu Oct 8 12:32:36 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 819889D16D5; Thu, 8 Oct 2015 12:32:36 +0000 (UTC) (envelope-from rmacklem@uoguelph.ca) Received: from esa-annu.net.uoguelph.ca (esa-annu.mail.uoguelph.ca [131.104.91.36]) by mx1.freebsd.org (Postfix) with ESMTP id 269401EDC; Thu, 8 Oct 2015 12:32:35 +0000 (UTC) (envelope-from rmacklem@uoguelph.ca) IronPort-PHdr: 9a23:CZe7jhEZjK1HvBSkyYJXlZ1GYnF86YWxBRYc798ds5kLTJ75oMSwAkXT6L1XgUPTWs2DsrQf27aQ7P2rBDZIyK3CmU5BWaQEbwUCh8QSkl5oK+++Imq/EsTXaTcnFt9JTl5v8iLzG0FUHMHjew+a+SXqvnYsExnyfTB4Ov7yUtaLyZ/ni6btptaOOU1hv3mUX/BbFF2OtwLft80b08NJC50a7V/3mEZOYPlc3mhyJFiezF7W78a0+4N/oWwL46pyv+YJa6jxfrw5QLpEF3xmdjltvIy4/SXEGCuG4GBUamgKjhdSSzPI6BjhXYa55ivircJm1S2TJs7nC7cuVmLxwb1sTUrSiSwEfxsw+2LTh8k42LheqRmioxF665PTb5yYMOJ+OKjUK4BJDVFdV9pcAnQSSri3aJECWq9YZb5V X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A2CyAgCNYRZW/61jaINeg3tuBr1AAQ2BWhcKgnKCCjVKAoF+FAEBAQEBAQEBgQmCH4IHAQEBAwEBAQEgKyALBQsCAQgYAgINGQICJwEJJgIECAIFBAEcBIgFCA2uTJQwAQEBAQEBAQEBAQEBAQEBAQEBFgSBIoVRhH6EOwEBHDQHgmmBRQWWCIUYhRiEPoQ5lWYCHwEBQoIRHYFwIjMHhiU6gQYBAQE X-IronPort-AV: E=Sophos;i="5.17,654,1437451200"; d="scan'208";a="243370407" Received: from nipigon.cs.uoguelph.ca (HELO zcs1.mail.uoguelph.ca) ([131.104.99.173]) by esa-annu.net.uoguelph.ca with ESMTP; 08 Oct 2015 08:32:28 -0400 Received: from localhost (localhost [127.0.0.1]) by zcs1.mail.uoguelph.ca (Postfix) with ESMTP id 803BE15F565; Thu, 8 Oct 2015 08:32:28 -0400 (EDT) Received: from zcs1.mail.uoguelph.ca ([127.0.0.1]) by localhost (zcs1.mail.uoguelph.ca [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id vosyeExQTXCM; Thu, 8 Oct 2015 08:32:27 -0400 (EDT) Received: from localhost (localhost [127.0.0.1]) by zcs1.mail.uoguelph.ca (Postfix) with ESMTP id CC86C15F56D; Thu, 8 Oct 2015 08:32:27 -0400 (EDT) X-Virus-Scanned: amavisd-new at zcs1.mail.uoguelph.ca Received: from zcs1.mail.uoguelph.ca ([127.0.0.1]) by localhost (zcs1.mail.uoguelph.ca [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id zY5zWHc1e1gS; Thu, 8 Oct 2015 08:32:27 -0400 (EDT) Received: from zcs1.mail.uoguelph.ca (zcs1.mail.uoguelph.ca [172.17.95.18]) by zcs1.mail.uoguelph.ca (Postfix) with ESMTP id 9DC8315F565; Thu, 8 Oct 2015 08:32:27 -0400 (EDT) Date: Thu, 8 Oct 2015 08:32:27 -0400 (EDT) From: Rick Macklem To: Hans Petter Selasky Cc: Daniel Braniss , pyunyh@gmail.com, FreeBSD Net , FreeBSD stable Message-ID: <855415533.28142431.1444307547414.JavaMail.zimbra@uoguelph.ca> In-Reply-To: <56163896.3020907@selasky.org> References: <1D52028A-B39F-4F9B-BD38-CB1D73BF5D56@cs.huji.ac.il> <49173B1F-7B5E-4D59-8651-63D97B0CB5AC@cs.huji.ac.il> <1815942485.29539597.1440370972998.JavaMail.zimbra@uoguelph.ca> <55DAC623.60006@selasky.org> <62C7B1A3-CC6B-41A1-B254-6399F19F8FF7@cs.huji.ac.il> <2112273205.29795512.1440419111720.JavaMail.zimbra@uoguelph.ca> <1E679659-BA50-42C3-B569-03579E322685@cs.huji.ac.il> <56163896.3020907@selasky.org> Subject: Re: ix(intel) vs mlxen(mellanox) 10Gb performance MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Originating-IP: [172.17.95.11] X-Mailer: Zimbra 8.0.9_GA_6191 (ZimbraWebClient - FF34 (Win)/8.0.9_GA_6191) Thread-Topic: ix(intel) vs mlxen(mellanox) 10Gb performance Thread-Index: eT4NUGq9p4YEyXbCx7sOzdsvj3/VsQ== X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Oct 2015 12:32:36 -0000 Hans Petter Selasky wrote: > Hi, > > I've now MFC'ed r287775 to 10-stable and 9-stable. I hope this will > resolve the issues with m_defrag() being called on too long mbuf chains > due to an off-by-one in the driver TSO parameters and that it will be > easier to maintain these parameters in the future. > > Some comments were made that we might want to have an option to select > if the IP-header should be counted or not. Certain network drivers > require copying of the whole ETH/TCP/IP-header into separate memory > areas, and can then handle one more data payload mbuf for TSO. Others > required DMA-ing of the whole mbuf TSO chain. I think it is acceptable > to have one TX-DMA segment slot free, in case of 2K mbuf clusters being > used for TSO. From my experience the limitation typically kicks in when > 2K mbuf clusters are used for TSO instead of 4K mbuf clusters. 65536 / > 4096 = 16, whereas 65536 / 2048 = 32. If an ethernet hardware driver has > a limitation of 24 data segments (mlxen), and assuming that each mbuf > represent a single segment, then iff the majority of mbufs being > transmitted are 2K clusters we may have a small, 1/24 = 4.2%, loss of TX > capability per TSO packet. From what I've seen using iperf, which in > turn calls m_uiotombuf() which in turn calls m_getm2(), MJUMPPAGESIZE'ed > mbuf clusters are preferred for large data transfers, so this issue > might only happen in case of NODELAY being used on the socket and if the > writes are small from the application point of view. If an application > is writing small amounts of data per send() system call, it is expected > to degrade the system performance. > Btw, last year I did some testing with NFS generating chains of 4K (page size) clusters instead of 2K (MCLBYTES). Although not easily reproduced, I was able to fragment the KVM used for the cluster enough that allocations would fail. (I could only get it to happen when the code used 4K clusters for large NFS requests/replies and 2K clusters otherwise, resulting in a mix of allocations of both sizes.) As such, I never committed the changes to head. Any kernel change that does 4K cluster allocations needs to be carefully tested carefully (a small i386 like I have), imho. > Please file a PR if it becomes an issue. > > Someone asked me to MFC r287775 to 10.X release aswell. Is this still > required? > > --HPS Thanks for doing this, rick > _______________________________________________ > freebsd-stable@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" > From owner-freebsd-net@freebsd.org Thu Oct 8 13:02:12 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 47CFC9D1CBD for ; Thu, 8 Oct 2015 13:02:12 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 34E0EBC6 for ; Thu, 8 Oct 2015 13:02:12 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id t98D2CI0020849 for ; Thu, 8 Oct 2015 13:02:12 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 203175] Daily kernel crashes in tcp_twclose
on 10.2-p2 using VIMAGE Date: Thu, 08 Oct 2015 13:02:12 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 10.2-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: jch@freebsd.org X-Bugzilla-Status: New X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Oct 2015 13:02:12 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=203175 --- Comment #12 from Julien Charbon --- Just an update: The first tentative patch seems to address completely this issue, I am working on a more longterm patch following -net advices. I will add the corresponding review here. -- You are receiving this mail because: You are the assignee for the bug. From owner-freebsd-net@freebsd.org Thu Oct 8 14:07:56 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3AB409D015C for ; Thu, 8 Oct 2015 14:07:56 +0000 (UTC) (envelope-from feld@FreeBSD.org) Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com [66.111.4.29]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 1040925A for ; Thu, 8 Oct 2015 14:07:55 +0000 (UTC) (envelope-from feld@FreeBSD.org) Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id 4F1AF200C3 for ; Thu, 8 Oct 2015 09:58:33 -0400 (EDT) Received: from web3 ([10.202.2.213]) by compute1.internal (MEProxy); Thu, 08 Oct 2015 09:58:33 -0400 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-sasl-enc:x-sasl-enc; s=smtpout; bh=75SxZX2zmnCc0J/ nt3f/GHTvHK0=; b=klGfwiz749xpRBFDat4x08skd5Cs0KPda35PrnoxsaD3sUr +jT22yBx+OmWD8WQjWt2IytHZ5/K+0DGLnqmZb2By+5FXFrIwukkfKb+ijtFbtg0 TT0uX/CvVWmNWIjKnBIpNht743cELNScm39WYWxv8Bq0XI6N48CH3GFLPmbs= Received: by web3.nyi.internal (Postfix, from userid 99) id 29DA5103072; Thu, 8 Oct 2015 09:58:33 -0400 (EDT) Message-Id: <1444312713.1845041.404860897.7D83D8A3@webmail.messagingengine.com> X-Sasl-Enc: iPZKskIN/xVydZz5zPHuQQtBlmEu3juf3FzpAuO3WKKE 1444312713 From: Mark Felder To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain X-Mailer: MessagingEngine.com Webmail Interface - ajax-3fc6701a In-Reply-To: <20151008174837.M67283@sola.nimnet.asn.au> References: <1444226262.4164898.403785985.524883DA@webmail.messagingengine.com> <20151008174837.M67283@sola.nimnet.asn.au> Subject: Re: Struggling with IPFW on CURRENT Date: Thu, 08 Oct 2015 08:58:33 -0500 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Oct 2015 14:07:56 -0000 On Thu, Oct 8, 2015, at 03:12, Ian Smith wrote: > On Wed, 7 Oct 2015 08:57:42 -0500, Mark Felder wrote: > > Hi all, > > > > I've only used IPFW in the past for the most basic of tasks. I'd like to > > use it with in-kernel NAT protecting both v4 and v6 and add > > dummynet/pipe later, but I have to get the basic working first. I'm > > either overlooking something obvious or there's a major issue. Has there > > been work in CURRENT? I haven't tried on any RELEASE.... > > I doubt there's anything in CURRENT that might affect your ruleset. > > > Problems I'm running into: > > > > * Inbound v4 traffic to the firewall is blocked, but inbound v6 traffic > > to firewall and hosts behind it are not. Both v4 and v6 should be > > handled by keywords: tcp, udp, ip, me. > > Firstly, I've read the whole thread but it's not clear to me whether you > started out with one_pass=0 ? If not, you need that for sure, or NAT'd > packets will just be passed without further checks. This could explain > why e.g. your deny icmp rule wasn't working; they'd be already allowed. > > And later, when adding dummynet, you'll also want to use one_pass=0. > I am using one_pass=0 now. > You need to use 'ip4' specifically on your nat rules, whether you use > ipfw nat or divert with natd. natd can crash and ipfw nat results when > passed ip6 packets are at best undefined. Apart from that, you may want > to examine the various ipv6 rules in rc.firewall complementing your > valid address checking rules for ipv4; otherwise I can't comment on ip6. > Interesting. I haven't found this advice from anyone else but I did consider it to be more terse. > > * TCP sessions seem to be killed every ~300s > > This seems to suggest that keepalives may be being blocked, not sure. > > > * "in via $pif" doesn't seem to work. ex: block icmp from internet to > > $pif fails to do anything. However, "block out via $pif" blocks it... > > I'd suggest replacing every instance of 'in via' with 'in recv' and > every instance of 'out via' with 'out xmit' for clarity. The only rule > you have that uses via without any direction appropriately is rule 25. > Seeing you're logging everything for now, I'd replace rule 20 with > > $cmd 00020 allow log all from any to any in recv $iif > $cmd 00021 allow log all from any to any out xmit $iif > "The via keyword causes the interface to always be checked." I thought that was a good thing, but perhaps it actually means "it's wasting cycles checking the interface because you're not being more specific in your rules." > I'm never sure this rule is appropriate anyway, as you're passing all > inbound traffic from the LAN without any checks, e.g. antispoofing or > other restrictions you may wish to apply to LAN <-> internet traffic; > splitting this rule in two leaves scope for later refinement. > Yeah, this wasn't a finished product. I just wanted basic access so I could start migrating more rules over, adding restrictions for other VLANs, etc. > > * Does IPFW not track outbound traffic to allow it back through -- > > related/established ? I have trouble blocking inbound traffic without > > blocking originated/outbound traffic because the firewall blocks the > > return packets. > > Once we're sure that one_pass was/is 0, we can look at that. I see Kris > mentioned that setting in the referenced article for ipfw nat, but not > for the earlier ruleset for natd, although it's needed in either case. > > > * Port forwarding is failingl, probably due to the issues with the "in > > via" that I'm experiencing. Research says once I have the redirect_port > > configured I should be good to go as long as I match the traffic and > > skip to the NAT rule. Skip rules don't stop processing, so it should hit > > the next rule which is the last rule in my config -- allow from any to > > any. (Documentation for in-kernel NAT is nonexistent and really needs > > help). The rule 425 below should be working, but logs show that rule is > > ignored and it's being blocked at 550. Comment out 550 and it works... > > Again depending on one_pass. I can't disagree about the thinness of > ipfw nat docs, but you should refer to natd(8) as kind-of suggested as a > fuller reference; apart from the recently discovered omission from ipfw > nat of proxy_only, and the abbreviated operators, you can safely take > natd(8) as a deeper explanation of ipfw nat. Both use libalias(3). > > Frankly I still find the 'skipto .. keep-state' approach relatively > confusing compared to say the rc.firewall 'workstation' approach to > (mostly) stateful rules, but we've been blighted by that for so long it > seems irredeemable until $someone rewrites the dreadful handbook IPFW > section, and I can't be that someone - way too verbose for one thing :) > I think skipto will work better for me because I will have multiple NATs due to OpenVPN, etc. > I'm quite sure you don't want to add 'setup keep-state' to the final > pass-all rule after NAT'ing outbound-to-net packets; just 'allow all > from any to any' would be appropriate there. > You're right. I noticed this when I had a 90% working config except outbound ip4 was failing (ipv6 sites worked great!). I left a note in my config to not ever add "setup keep-state" for that :-) > In the earlier natd set, Kris had a 'deny log all from any to any' > before the outbound nat skip target, but not the later set you followed. > You should add that, so that packets not otherwise blocked don't fall > through to the most likely inappropriate nat then pass-all rules. > Hmm I'll review this again, thanks for the tip. > And do you really want to block ALL icmp, including unreachable and time > exceeded, disallowing even the router or LAN clients ability to do TCP > PMTU discovery, traceroutes or pings? If not you'll want to add a rule, > best stateless, like 'allow icmp from any to any icmptypes 3,11' early > on and if you like statefully, out to net, 'allow icmptypes 0,3,8,11'. > > cheers, Ian > No, it was not intentional. I always allow echoreq (0) for IPv4. Is that not enough for PMTU? I'm going to have to go read docs on it again. I've been a bad netizen and ignored 3 and 11 for quite a while, and echoreply is outbound and allowed by default so I didn't have it explicitly stated. I need to find that reference I was using that discussed ICMP attacks... For IPv6 I always allow 1,2,3,4,128,129,135,136. -- Mark Felder ports-secteam member feld@FreeBSD.org From owner-freebsd-net@freebsd.org Thu Oct 8 14:25:17 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 974139D0DF8 for ; Thu, 8 Oct 2015 14:25:17 +0000 (UTC) (envelope-from vanhu@zeninc.net) Received: from smtp.zeninc.net (smtp.zeninc.net [80.67.176.25]) by mx1.freebsd.org (Postfix) with ESMTP id 1CBDAFDE for ; Thu, 8 Oct 2015 14:25:16 +0000 (UTC) (envelope-from vanhu@zeninc.net) Received: from nono (nono.zen.inc [192.168.1.95]) by smtp.zeninc.net (smtpd) with ESMTP id 5C2072798C4 for ; Thu, 8 Oct 2015 16:18:48 +0200 (CEST) Received: by nono (Postfix, from userid 1000) id 3FC572186E; Thu, 8 Oct 2015 16:18:48 +0200 (CEST) Date: Thu, 8 Oct 2015 16:18:48 +0200 From: VANHULLEBUS Yvan To: freebsd-net@freebsd.org Subject: Re: transport mode IPSec with Windows 7, static keys Message-ID: <20151008141847.GA28325@zeninc.net> References: <20150922084111.GA89385@admin.sibptus.tomsk.ru> <20150925064234.GA63016@admin.sibptus.tomsk.ru> <20150926143057.GA88375@admin.sibptus.tomsk.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20150926143057.GA88375@admin.sibptus.tomsk.ru> User-Agent: All mail clients suck. This one just sucks less. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Oct 2015 14:25:17 -0000 Hi. On Sat, Sep 26, 2015 at 08:30:57PM +0600, Victor Sudakov wrote: [.....] > The two sysctls: > > net.key.preferred_oldsa=0 When there are more than one SA available (most common case is when a new SA is keyed as the old one becomes near to end of life), this sysctl tells the kernel which one to use. Old IKEv1 RFC says to use the older one (sysctl set to 1), but most implementations uses the newest as soon as it is available (sysctl set to 0). Having to tweak that for peer reboot situations probably means that windows'IKE daemon does not send a correct DELETE_SA, or it is not properly handled on FreeBSD side for some unknown reason. > net.key.blockacq_count=0 Basically, blockacq is a mechanism to avoid sending a keying request to IKE daemon for each packet which should be tunneled (you may have a lot of such packets during negociation time). Setting this sysctl to 0 will disable this feature, and setting it to a low value may have the same result in your setup. This will generate faster keying requests, but may overload IKE daemon during rekeying (each request from the kernel has to be read and handled). > seem to fix the reboot problem. Could anyone explain the mechanism? I > have never had to tweak them to get IPsec working between FreeBSD hosts. Yvan. From owner-freebsd-net@freebsd.org Thu Oct 8 14:33:34 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DFAF59D1242 for ; Thu, 8 Oct 2015 14:33:34 +0000 (UTC) (envelope-from sobomax@sippysoft.com) Received: from mail-wi0-f182.google.com (mail-wi0-f182.google.com [209.85.212.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 75FDB7BD for ; Thu, 8 Oct 2015 14:33:34 +0000 (UTC) (envelope-from sobomax@sippysoft.com) Received: by wicge5 with SMTP id ge5so28664729wic.0 for ; Thu, 08 Oct 2015 07:33:27 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:date:message-id:subject:from :to:content-type; bh=xkmetzN2TIl4coNiIKdADZSqghmsfO8eb3DxpwiUIdc=; b=cD8TGvWiE9PDqIl+hU271TLaIZNVIAHDameZZVDFbMPZiduL9CyAjG4ApsvovrFaLW u+Vn851GFyUDLPKSH+CTxWwUdqXuIzPGiJfvETKoUejs93T+/ut9cpz6n2yJRQSMpzC2 vb8OmoDHw3gR3CfrMnRbudwnr0WeK6D1a3jvIvHlDXRU4Je49bwNNAe8vi8ufKEDM2Af gKFHn6PX92p/M21xWfa8kZyec0W6mU5Kyag6RibKk1+9zdWY6B6QMJhFRPkKShQUTL7R NwKegqfUMrOXGSbMYlOEGy0My6lzF1+3YP0rQxVf6Y9LzxshP4kCHnBcsp9dzbSTtBeR p4Yw== X-Gm-Message-State: ALoCoQnQyZ8Izrjb4mKQ2f7I6Yl+Q85/ud55HmtQChufeWvy2yT4e71TGaZ0gd+o7btD5wowHXhR MIME-Version: 1.0 X-Received: by 10.180.93.131 with SMTP id cu3mr4380559wib.8.1444314807271; Thu, 08 Oct 2015 07:33:27 -0700 (PDT) Sender: sobomax@sippysoft.com Received: by 10.27.8.7 with HTTP; Thu, 8 Oct 2015 07:33:27 -0700 (PDT) Date: Thu, 8 Oct 2015 07:33:27 -0700 X-Google-Sender-Auth: _bGtJE1LTWY5y7rCYydatcEOKaY Message-ID: Subject: Some MSI are not routed correctly From: Maxim Sobolev To: jhb@freebsd.org, FreeBSD Net Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Oct 2015 14:33:35 -0000 Hi John & others, We've came across a weird MSI routing issue on one of our newest dual E5-2690v3 (haswell) Supermicro X10DRL-i boxes running latest 10.2-p4. It is fitted with dual port Intel I350 card, in addition to the built-in I210 chip that is not used. The hw.igb.num_queues is set to 4, and the driver reports binding to the CPUs 0-3 for the first port and CPUs 4-7 for the second, however when verified with top -P under the load, interrupts are only delivered to the CPUs 0-3, no interrupt time is recorded on the CPUs 4-7. systat -vm shows that all 8 queues are firing interrupts, so my guess that for whatever reason bus_bind_intr() is not doing what's expected to do for half of those interrupts. What's interesting is that on a similar box (same chassis/mobo/cpu) but equipped with the quad-port X540-AT2 10Gig card, interrupts are routed properly. The latter is running with hw.ix.num_queues="3". pcib2: port 0xcf8-0xcff on acpi0 pci0: on pcib2 pcib3: irq 26 at device 1.0 on pci0 pci1: on pcib3 igb0: mem 0xc7200000-0xc72fffff,0xc7304000-0xc7307fff irq 26 at device 0.0 on pci1 igb0: Using MSIX interrupts with 5 vectors igb0: Ethernet address: a0:36:9f:76:af:20 igb0: Bound queue 0 to cpu0 igb0: Bound queue 1 to cpu1 igb0: Bound queue 2 to cpu2 igb0: Bound queue 3 to cpu3 igb0: netmap queues/slots: TX 4/4096, RX 4/4096 igb1: mem 0xc7100000-0xc71fffff,0xc7300000-0xc7303fff irq 28 at device 0.1 on pci1 igb1: Using MSIX interrupts with 5 vectors igb1: Ethernet address: a0:36:9f:76:af:21 igb1: Bound queue 0 to cpu4 igb1: Bound queue 1 to cpu5 igb1: Bound queue 2 to cpu6 igb1: Bound queue 3 to cpu7 igb1: netmap queues/slots: TX 4/4096, RX 4/4096 pcib2: port 0xcf8-0xcff on acpi0 pci0: on pcib2 pcib3: irq 26 at device 1.0 on pci0 pci1: on pcib3 pcib4: irq 32 at device 2.0 on pci0 pci2: on pcib4 pcib5: irq 40 at device 3.0 on pci0 pci3: on pcib5 ix0: port 0x6020-0x603f mem 0xc7c00000-0xc7dfffff,0xc7e04000-0xc7e07fff irq 40 at device 0.0 on pci3 ix0: Using MSIX interrupts with 4 vectors ix0: Bound queue 0 to cpu 0 ix0: Bound queue 1 to cpu 1 ix0: Bound queue 2 to cpu 2 ix0: Ethernet address: 0c:c4:7a:5e:be:64 ix0: PCI Express Bus: Speed 5.0GT/s Width x8 ix0: netmap queues/slots: TX 3/4096, RX 3/4096 ix1: port 0x6000-0x601f mem 0xc7a00000-0xc7bfffff,0xc7e00000-0xc7e03fff irq 44 at device 0.1 on pci3 ix1: Using MSIX interrupts with 4 vectors ix1: Bound queue 0 to cpu 3 ix1: Bound queue 1 to cpu 4 ix1: Bound queue 2 to cpu 5 ix1: Ethernet address: 0c:c4:7a:5e:be:65 ix1: PCI Express Bus: Speed 5.0GT/s Width x8 ix1: netmap queues/slots: TX 3/4096, RX 3/4096 Some extra debug is here: http://sobomax.sippysoft.com/haswell_bug/bad.dmesg http://sobomax.sippysoft.com/haswell_bug/lstopo_bad.png http://sobomax.sippysoft.com/haswell_bug/systat_vm_bad.png http://sobomax.sippysoft.com/haswell_bug/top_P_bad.png http://sobomax.sippysoft.com/haswell_bug/good.dmesg http://sobomax.sippysoft.com/haswell_bug/lstopo_good.png http://sobomax.sippysoft.com/haswell_bug/systat_vm_good.png http://sobomax.sippysoft.com/haswell_bug/top_P_good.png Any ideas on how to debug that further are welcome. The box in the production, but we can remove traffic during off-peak to run some test/debug code on. Thanks! From owner-freebsd-net@freebsd.org Thu Oct 8 16:42:55 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3EA7C9D0CB2 for ; Thu, 8 Oct 2015 16:42:55 +0000 (UTC) (envelope-from rj@obsigna.com) Received: from mo6-p00-ob.smtp.rzone.de (mo6-p00-ob.smtp.rzone.de [IPv6:2a01:238:20a:202:5300::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.smtp.rzone.de", Issuer "TeleSec ServerPass DE-2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id C78DADE5 for ; Thu, 8 Oct 2015 16:42:54 +0000 (UTC) (envelope-from rj@obsigna.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1444322569; l=324; s=domk; d=obsigna.com; h=To:References:Content-Transfer-Encoding:Date:In-Reply-To:From: Subject:Mime-Version:Content-Type; bh=UDf3SDzuQchro/fs7eH9Z5CRuEwlZN/xeYr5EMVTURw=; b=obln3aWz5W5yrGLehcXfBqDPyz/1bd4FOwx1DxjIYWKGOwpwnqbso4nDu/hLB0cmHL7 kDNtES6KqdKWS41Syo+dIAer24fTlHb4yp0JAb7DNNd0makE50Hex52Ap+IHsYt4NdMsT zWkdmxhJSbdHmIpWGj03EmCwGuRVKU4XnVU= X-RZG-AUTH: :O2kGeEG7b/pS1EK7WHa0hxqKZr4lnx6UhToX1IWHkW4X7v2ImaU2CVqpyLmhRLYqDvUKtTE= X-RZG-CLASS-ID: mo00 Received: from mail.obsigna.com (b150a57f.virtua.com.br [177.80.165.127]) by smtp.strato.de (RZmta 37.13 DYNA|AUTH) with ESMTPSA id R01fa2r98GgnJ6n (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (curve secp521r1 with 521 ECDH bits, eq. 15360 bits RSA)) (Client did not present a certificate) for ; Thu, 8 Oct 2015 18:42:49 +0200 (CEST) Received: from [192.168.222.67] (unknown [192.168.222.67]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.obsigna.com (Postfix) with ESMTPSA id 067EE14B90549 for ; Thu, 8 Oct 2015 13:42:46 -0300 (BRT) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 9.0 \(3094\)) Subject: Re: transport mode IPSec with Windows 7, static keys From: "Dr. Rolf Jansen" In-Reply-To: <20151008141847.GA28325@zeninc.net> Date: Thu, 8 Oct 2015 13:42:44 -0300 Content-Transfer-Encoding: quoted-printable Message-Id: <60DDD34B-9BFC-4564-8DE9-92E111709821@obsigna.com> References: <20150922084111.GA89385@admin.sibptus.tomsk.ru> <20150925064234.GA63016@admin.sibptus.tomsk.ru> <20150926143057.GA88375@admin.sibptus.tomsk.ru> <20151008141847.GA28325@zeninc.net> To: freebsd-net@freebsd.org X-Mailer: Apple Mail (2.3094) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Oct 2015 16:42:55 -0000 > Am 08.10.2015 um 11:18 schrieb VANHULLEBUS Yvan : > On Sat, Sep 26, 2015 at 08:30:57PM +0600, Victor Sudakov wrote: >> The two sysctls: >>=20 >> net.key.preferred_oldsa=3D0 By the way, the actual sysctl oid is "net.key.prefered_oldsa" =E2=80=94 = preferred wrongly spelled with one 'r' only. From owner-freebsd-net@freebsd.org Fri Oct 9 08:12:44 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1BA149D0090; Fri, 9 Oct 2015 08:12:44 +0000 (UTC) (envelope-from kp@vega.codepro.be) Received: from venus.codepro.be (venus.codepro.be [IPv6:2a01:4f8:162:1127::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.codepro.be", Issuer "Gandi Standard SSL CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id DA09D186B; Fri, 9 Oct 2015 08:12:43 +0000 (UTC) (envelope-from kp@vega.codepro.be) Received: from vega.codepro.be (unknown [172.16.1.3]) by venus.codepro.be (Postfix) with ESMTP id 442ED14682; Fri, 9 Oct 2015 10:12:39 +0200 (CEST) Received: by vega.codepro.be (Postfix, from userid 1001) id 3D547717E; Fri, 9 Oct 2015 10:12:39 +0200 (CEST) Date: Fri, 9 Oct 2015 10:12:39 +0200 From: Kristof Provost To: freebsd-pf@freebsd.org, freebsd-net@freebsd.org Cc: mark@rootbsd.net Subject: Re: pf+TSO patch Message-ID: <20151009081238.GA2441@vega.codepro.be> References: <20151002100805.GL3433@vega.codepro.be> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20151002100805.GL3433@vega.codepro.be> X-Checked-By-NSA: Probably User-Agent: Mutt/1.5.24 (2015-08-30) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Oct 2015 08:12:44 -0000 A quick update: Sean Bruno tested the patch and found a problem with rdr rules. I've managed to reproduce and fix that. The current version on https://reviews.freebsd.org/D3779 has the fix. I believe that version to be working correctly (to the point that I trust it with my own e-mail), but I'd appreciate further testing and/or review. Regards, Kristof On 2015-10-02 12:08:05 (+0200), Kristof Provost wrote: > Hi, > > I've found a little time to look at the pf TSO issue (which made pf > unusable on Xen VMs, like Amazon EC2). > > I've posted the patch here: > https://reviews.freebsd.org/D3779 > > It still needs a bit more testing, but so far it looks good. > > I'd be very grateful for any brave souls who want to give this a try. > > This work was very kindly sponsored by RootBSD (rootbsd.net). > > Regards, > Kristof From owner-freebsd-net@freebsd.org Fri Oct 9 10:14:36 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7397E9D2217 for ; Fri, 9 Oct 2015 10:14:36 +0000 (UTC) (envelope-from archycho@gmail.com) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 53EB3136 for ; Fri, 9 Oct 2015 10:14:36 +0000 (UTC) (envelope-from archycho@gmail.com) Received: by mailman.ysv.freebsd.org (Postfix) id 511349D2216; Fri, 9 Oct 2015 10:14:36 +0000 (UTC) Delivered-To: net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 50A589D2215 for ; Fri, 9 Oct 2015 10:14:36 +0000 (UTC) (envelope-from archycho@gmail.com) Received: from mail-pa0-x22f.google.com (mail-pa0-x22f.google.com [IPv6:2607:f8b0:400e:c03::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 2411E135 for ; Fri, 9 Oct 2015 10:14:36 +0000 (UTC) (envelope-from archycho@gmail.com) Received: by padhy16 with SMTP id hy16so83096953pad.1 for ; Fri, 09 Oct 2015 03:14:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:content-type:subject:message-id:date:to:mime-version; bh=Z/leZBkgj2NDsQN5eXyAMHMYSqvDOK7tbEUhH8Wokv8=; b=unhWxcyROE65HiOpl0EB5cHa3GNhQ+NWqRn3TgWBePgxKN8/sUn4lXKVaVUGRwjG0b 0wU5kTs4U38GqBv++j7ZaqcS1r6986KuFBFmIp0/ZwllwW1G7d9GluUJxp2OhU6fxBCx 2BEQcAjkfWvxz96mozJcBbFw5jlSphACSlYWTehS5Y3UUJ7RHjk8TFNjJhEDfrEhi7H4 hPoc2JbBh38+tkSdOcTgxvgJCaOUDTnfjJweIsFOWfASQChjL61V/4EGxycFt4Ydwzi5 mlSGKozoId8kfflnyaSZLnDuRinMgrWQ5P9EtCqAhKlw1+3ke8JctyCRkE8fjm2TmaSg p/2w== X-Received: by 10.66.186.39 with SMTP id fh7mr14567623pac.48.1444385675596; Fri, 09 Oct 2015 03:14:35 -0700 (PDT) Received: from [172.16.255.196] ([113.87.212.109]) by smtp.gmail.com with ESMTPSA id rx10sm1462882pab.21.2015.10.09.03.14.34 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 09 Oct 2015 03:14:35 -0700 (PDT) From: Archy Cho Subject: Freebsd 10.2 amd64 netmap ipfw Message-Id: <803EEF77-2371-4F1C-9251-0BCB47897879@gmail.com> Date: Fri, 9 Oct 2015 18:14:58 +0800 To: net@freebsd.org, rizzo@iet.unipi.it Mime-Version: 1.0 (Mac OS X Mail 9.0 \(3094\)) X-Mailer: Apple Mail (2.3094) Content-Type: text/plain; charset=big5 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Oct 2015 10:14:36 -0000 Dear All I wish to try the new netmap driver with IPFW2 and dummynet. I have google around and could not find any documents of all steps to = set a working filtering box. I have recompile the kernel with the followings. ########################################### cpu HAMMER ident ROUTER options DUMMYNET options IPFIREWALL options IPFIREWALL_DEFAULT_TO_ACCEPT options IPDIVERT device pf device pflog device pfsync options ALTQ options ALTQ_CBQ options ALTQ_RED options ALTQ_RIO options ALTQ_HFSC options ALTQ_CDNR options ALTQ_PRIQ options ALTQ_NOPCC options TCP_SIGNATURE options IPSEC options IPSEC_FILTERTUNNEL device cryptodev device crypto options HZ=3D1000 device carp device netmap ########################################### /etc/rc.conf as follow: ########################################### firewall_enable=3D"YES" firewall_script=3D"/etc/rc.firewall" firewall_type=3D"/etc/ipfw.conf" firewall_quiet=3D"YES" firewall_logging_enable=3D=A1=A7YES" ########################################### /etc/ipfw.conf ########################################### add 65535 pass ip from any to any ########################################### with command ipfw show ,=20 ########################################### 65535 369224 135934287 allow ip from any to any ########################################### I have downloaded https://github.com/luigirizzo/netmap/archive/master.zip = https://github.com/luigirizzo/netmap-ipfw/archive/next.zip = and compiled with the command make NETMAP_INC=3D/root/netmap-master/src after getting kipfw , and try the command , ./kipfw netmap:ix0 netmap:ix1 all connection lost with ix0 ( I just ping the connecting IP address ) ifconfig ix0 ix0: flags=3D8843 metric 0 mtu = 1500 = options=3D8407bb ether 00:1b:21:ba:89:50 inet 10.0.85.2 netmask 0xfffffffc broadcast 10.0.85.3=20 nd6 options=3D29 media: Ethernet autoselect (10Gbase-SR ) status: active I think I must misunderstand something , could anyone send me advise? Or any documents could help to build a NETMAP IPFW firewall box ? Thanks all for kindly helping hands. ArchyCho From owner-freebsd-net@freebsd.org Fri Oct 9 17:15:00 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5696F9D1B79 for ; Fri, 9 Oct 2015 17:15:00 +0000 (UTC) (envelope-from jim@netgate.com) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 31181322 for ; Fri, 9 Oct 2015 17:15:00 +0000 (UTC) (envelope-from jim@netgate.com) Received: by mailman.ysv.freebsd.org (Postfix) id 303A49D1B77; Fri, 9 Oct 2015 17:15:00 +0000 (UTC) Delivered-To: net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2FD799D1B76 for ; Fri, 9 Oct 2015 17:15:00 +0000 (UTC) (envelope-from jim@netgate.com) Received: from mail-qk0-x231.google.com (mail-qk0-x231.google.com [IPv6:2607:f8b0:400d:c09::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id E477F321 for ; Fri, 9 Oct 2015 17:14:59 +0000 (UTC) (envelope-from jim@netgate.com) Received: by qkas79 with SMTP id s79so35271610qka.0 for ; Fri, 09 Oct 2015 10:14:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netgate.com; s=google; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=03iJwGzSvkg8uYF8bTX5elTo8/G14hYBKsa8iza32pg=; b=LRRhaGoHDZidISdUggdgpIAUw/gcQjQgpPv58uc1HVyDJVtdHgoLoKyhMOxVpm7KCW xSWwCTaBDuRen7/Dc4hNt9iKf7FLQCaP4RVpypfvgiQIdwjezp/PYNfGX5DeK8INXvHy netR1Jfccx50C+5LiDmyWsT4XqNJjwq19rWYE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:content-transfer-encoding:message-id:references :to; bh=03iJwGzSvkg8uYF8bTX5elTo8/G14hYBKsa8iza32pg=; b=WK+/gwyD+dO7YhdejPIJw2aphTygQYijEXufy64H9e21Ak/CDxmzFT9RGHnpAXTCjj fNGnZNFcK6XksldOI4TfzXmxJDQD1BpPQMlrBCUVjLfHF7goTH7yDogM1RO1JuwG0ScC D/2fS55sx2zZyZhwkWapV6g0s0R+ZyLXeYT3fJiyLwihEjy2D33IeGR0FrozaP+v4A2y R9FGLmO2WQarPQqNY98xJCc9+pgkKv9vmw8etRUag11wwFTbJ6b2qMhsuvFhUZjp2LOC aA3oqQ1jR1/S8OtwBvVR06cF+uLauOc+y8bujkY7fznqsl+bKTxQu5W7WxT10Yr2GyHf KHsw== X-Gm-Message-State: ALoCoQmH05fDao8FHedWlx9sngJ5NlA75ujOCuLD4IrBlF9Q5U1rA6TR7nOIYpc2npk0D7yK2UjY X-Received: by 10.55.17.129 with SMTP id 1mr17172083qkr.25.1444410898756; Fri, 09 Oct 2015 10:14:58 -0700 (PDT) Received: from [10.50.47.246] ([200.19.188.5]) by smtp.gmail.com with ESMTPSA id q75sm1054334qki.3.2015.10.09.10.14.57 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 09 Oct 2015 10:14:58 -0700 (PDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (1.0) Subject: Re: Freebsd 10.2 amd64 netmap ipfw From: Jim Thompson X-Mailer: iPhone Mail (13A452) In-Reply-To: <803EEF77-2371-4F1C-9251-0BCB47897879@gmail.com> Date: Fri, 9 Oct 2015 14:14:55 -0300 Cc: net@freebsd.org, rizzo@iet.unipi.it Content-Transfer-Encoding: quoted-printable Message-Id: <70A66D48-19E8-4C32-B2A7-5173C82CE3C1@netgate.com> References: <803EEF77-2371-4F1C-9251-0BCB47897879@gmail.com> To: Archy Cho X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Oct 2015 17:15:00 -0000 > On Oct 9, 2015, at 7:14 AM, Archy Cho wrote: >=20 > I think I must misunderstand something , could anyone send me advise? > Or any documents could help to build a NETMAP IPFW firewall box ? See the last several paragraphs of:=20 https://github.com/luigirizzo/netmap-ipfw/blob/next/README Note that the "telnet localhost 5566" traffic generator hack mentioned in th= e README doesn't work without a recompile, but you won't need it for running= real traffic. Jim From owner-freebsd-net@freebsd.org Fri Oct 9 17:55:13 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1D84C9D147D for ; Fri, 9 Oct 2015 17:55:13 +0000 (UTC) (envelope-from hiren@strugglingcoder.info) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 01C17CCE for ; Fri, 9 Oct 2015 17:55:13 +0000 (UTC) (envelope-from hiren@strugglingcoder.info) Received: by mailman.ysv.freebsd.org (Postfix) id F32A29D147C; Fri, 9 Oct 2015 17:55:12 +0000 (UTC) Delivered-To: net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id F1C929D147B for ; Fri, 9 Oct 2015 17:55:12 +0000 (UTC) (envelope-from hiren@strugglingcoder.info) Received: from mail.strugglingcoder.info (strugglingcoder.info [65.19.130.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.strugglingcoder.info", Issuer "mail.strugglingcoder.info" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id D5EBCCCA; Fri, 9 Oct 2015 17:55:12 +0000 (UTC) (envelope-from hiren@strugglingcoder.info) Received: from localhost (unknown [10.1.1.3]) (Authenticated sender: hiren@strugglingcoder.info) by mail.strugglingcoder.info (Postfix) with ESMTPA id A9697106473; Fri, 9 Oct 2015 10:55:11 -0700 (PDT) Date: Fri, 9 Oct 2015 10:55:11 -0700 From: hiren panchasara To: Lawrence Stewart , koobs@freebsd.org, Andre Oppermann , "freebsd-net@freebsd.org" , nitroboost@gmail.com Subject: Re: TCP Initial Window 10 MFC Message-ID: <20151009175511.GE96320@strugglingcoder.info> References: <201307051458.r65EwObo066269@svn.freebsd.org> <520AED2F.4050001@freebsd.org> <520BB3F0.4020506@freebsd.org> <520C4F03.9040601@freebsd.org> <5316413D.7050000@FreeBSD.org> <53169C19.5020008@freebsd.org> <20150423082916.GJ28632@strugglingcoder.info> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="ey/N+yb7u/X9mFhi" Content-Disposition: inline In-Reply-To: <20150423082916.GJ28632@strugglingcoder.info> User-Agent: Mutt/1.5.23 (2014-03-12) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Oct 2015 17:55:13 -0000 --ey/N+yb7u/X9mFhi Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Resurrecting this old thread. On 04/23/15 at 01:29P, hiren panchasara wrote: > On 03/04/14 at 10:22P, hiren panchasara wrote: > > On Tue, Mar 4, 2014 at 7:38 PM, Lawrence Stewart = wrote: > > > >=20 > > > I lost the battle of wills on this topic and 10.0 shipped with IW10 > > > enabled by default :( > > > > > > As for having it configurable, it is a trivial patch which perhaps, > > > Hiren, you might be willing to take a stab at? I obviously did not > > > manage to carve out the time last year to push forward with the agend= a I > > > proposed in this thread, but I will get back to it at some point. > >=20 > > Hi Lawrence, > >=20 > > Let's fix it the right way if possible. > >=20 > > Below is a rough/untested quick patch I came up with. Is this how you > > were planning to have "nonstandard" sysctl knob designed? >=20 > A bit more updated patch: > https://people.freebsd.org/~hiren/initcwnd.patch >=20 > How do we go about the existing knob 'sysctl > net.inet.tcp.experimental.initcwnd10' ? > I am going to leave the existing sysctl initcwnd10 as is for now so people can keep using it. Here is the review: https://reviews.freebsd.org/D3858 Cheers, Hiren --ey/N+yb7u/X9mFhi Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQF8BAABCgBmBQJWF/98XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBNEUyMEZBMUQ4Nzg4RjNGMTdFNjZGMDI4 QjkyNTBFMTU2M0VERkU1AAoJEIuSUOFWPt/l7I4IAJwvA2SK3mCALcyXdXRXo6Rc GyVtjVxG2bjyAcB4MvITf67l7Aa4vgBheP9inzsmwjEDcfZ7S8bMxo3gzxIYEahW Pduk814oJKF+knS96W2Kbha7VhWnQEECv0sp7ItdXwWFvoSWkLg2r+i/IVlh3Euv TRNBX8drKBNNBgbK6rOOo3pTCXzXP2FtZWPnER4UZ+uw9JH2htS7rqNsSnQqTi6N //feHroThvDOVdYZepnfNUsvadnKUZ/CTw5Qv3rl2OBp3Qpcp69gMc3CtEoyDd6M iUm13vx8hR/oCz4bJLHiFyczQGW45MzBJHIxewU2RbeYlWcDukKS33VdNMDZsv4= =TMni -----END PGP SIGNATURE----- --ey/N+yb7u/X9mFhi-- From owner-freebsd-net@freebsd.org Sat Oct 10 09:31:41 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0FCB49D247D for ; Sat, 10 Oct 2015 09:31:41 +0000 (UTC) (envelope-from archycho@gmail.com) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id E342C1325 for ; Sat, 10 Oct 2015 09:31:40 +0000 (UTC) (envelope-from archycho@gmail.com) Received: by mailman.ysv.freebsd.org (Postfix) id E25E39D247B; Sat, 10 Oct 2015 09:31:40 +0000 (UTC) Delivered-To: net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E1F719D247A for ; Sat, 10 Oct 2015 09:31:40 +0000 (UTC) (envelope-from archycho@gmail.com) Received: from mail-pa0-x22c.google.com (mail-pa0-x22c.google.com [IPv6:2607:f8b0:400e:c03::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id B48EF1324 for ; Sat, 10 Oct 2015 09:31:40 +0000 (UTC) (envelope-from archycho@gmail.com) Received: by pablk4 with SMTP id lk4so109073415pab.3 for ; Sat, 10 Oct 2015 02:31:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=3M+KLvcqv9bRDDLcoBrHXFBXHL94w6giFsgj49veEis=; b=JE+gYFu/QpF8BVTtUXvJWtGgN8qukTTY8gaknAA6CVI82FG4LPaqCkKhLPJhkc3tO6 y0vIOVE2xJW+wxP0rbeQCO3cVDs6VptoCLfMpGExcWCbMUjI0AfdVyhJoPkJr42yLQej tfdfSZ2qwzwsifjcG8WU+N6bCbU9NVjm2SyAvIoUEOKY+sXtIBrlJ/Uj4zo0USz31t9m 6bT8izMlUD/vw6mEb9M+oD0g2Z/vdT3tG6uZ1grWOhhKh+MzAa5C8GQ/+y3/ow8FFJJQ UeW1YRA+BKg5m6DxybbgI3FbK4kyyXuZtNZ12JbvpNRYaMoYBERQS+f1EipokakYczRY 3rmg== X-Received: by 10.66.55.66 with SMTP id q2mr21522090pap.89.1444469500377; Sat, 10 Oct 2015 02:31:40 -0700 (PDT) Received: from [192.168.168.178] (183179028116.ctinets.com. [183.179.28.116]) by smtp.gmail.com with ESMTPSA id w8sm3029251pbs.87.2015.10.10.02.31.39 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sat, 10 Oct 2015 02:31:39 -0700 (PDT) Content-Type: text/plain; charset=big5 Mime-Version: 1.0 (Mac OS X Mail 9.0 \(3094\)) Subject: Re: Freebsd 10.2 amd64 netmap ipfw From: Archy Cho In-Reply-To: <70A66D48-19E8-4C32-B2A7-5173C82CE3C1@netgate.com> Date: Sat, 10 Oct 2015 17:31:37 +0800 Cc: net@freebsd.org, rizzo@iet.unipi.it Content-Transfer-Encoding: quoted-printable Message-Id: <2ED21620-6B73-4EBB-A532-7152E443B5A9@gmail.com> References: <803EEF77-2371-4F1C-9251-0BCB47897879@gmail.com> <70A66D48-19E8-4C32-B2A7-5173C82CE3C1@netgate.com> To: Jim Thompson X-Mailer: Apple Mail (2.3094) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 Oct 2015 09:31:41 -0000 Dear Jim Sorry , maybe my poor english. My freebsd box have 4 interfaces , 2ix and 2igb . I connect ssh via igb0. What I am facing is , I have re-compiled kernel to have netmap.ko , a router box (just static routes ) with ix0 and ix1.=20 I compile the kipfw and run =A1=A7 ./kipfw netmap:ix0 netmap:ix1 =A1=A7 = ,=20 all connection with ix0 and ix1 will getting blocked ,=20 my ipfw rules is only one line =A1=A7 add 65534 pass ip from any to = any=A1=A8 . My question is , do netmap with ipfw could be used for a production = filtering box ? I google around and see someone was working but I could not get full = documents for installation or testing. Thanks for advise. Archy Cho > Jim Thompson =A9=F3 2015=A6~10=A4=EB10=A4=E9 = =A4W=A4=C81:14 =BCg=B9D=A1G >=20 >=20 >> On Oct 9, 2015, at 7:14 AM, Archy Cho wrote: >>=20 >> I think I must misunderstand something , could anyone send me advise? >> Or any documents could help to build a NETMAP IPFW firewall box ? >=20 > See the last several paragraphs of:=20 >=20 > https://github.com/luigirizzo/netmap-ipfw/blob/next/README >=20 > Note that the "telnet localhost 5566" traffic generator hack mentioned = in the README doesn't work without a recompile, but you won't need it = for running real traffic. >=20 > Jim >=20 From owner-freebsd-net@freebsd.org Sat Oct 10 13:21:02 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 876409D2546 for ; Sat, 10 Oct 2015 13:21:02 +0000 (UTC) (envelope-from archycho@gmail.com) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 64960A8F for ; Sat, 10 Oct 2015 13:21:02 +0000 (UTC) (envelope-from archycho@gmail.com) Received: by mailman.ysv.freebsd.org (Postfix) id 61CE29D2545; Sat, 10 Oct 2015 13:21:02 +0000 (UTC) Delivered-To: net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 492EF9D2544 for ; Sat, 10 Oct 2015 13:21:02 +0000 (UTC) (envelope-from archycho@gmail.com) Received: from mail-pa0-x244.google.com (mail-pa0-x244.google.com [IPv6:2607:f8b0:400e:c03::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 1CFA1A8A for ; Sat, 10 Oct 2015 13:21:02 +0000 (UTC) (envelope-from archycho@gmail.com) Received: by pablk4 with SMTP id lk4so13360179pab.1 for ; Sat, 10 Oct 2015 06:21:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; bh=GvWqLyvBwot+5Pcqcbh+Ip56hq3dBCD5YcETw1FBtg8=; b=JBfGDcnCTXywU0JpZW4NQHAkTSvKGvAUkZkhmp/o+OSdQp0PU1Srl+uDsWPFgBggXv 3gsAWJBxOObPnIg8DIykhjMZpOa4IaSFaEzrI69ZZ92axwXN5BoEq6p4mbwwR0jdiadn hY0b7aBvD96QOXsQcESvf4uPzRwayAxmmyPi5rYZP/uK+Y0ddA3K8d+CpZbVVPXMFTXc t1aGwyAxsIbcdoxCmM0LgZsvlgM6E/xs+OiBwXdfiv5y61sf0pMq8JsJDrUa3jNvaadP Ujtjnz14YSn3Qn3shntpr5n7YyOrzSEKTvhEKsHkpasXAwv4roSwa2ar3su+WYUiPt+m tFnw== X-Received: by 10.68.69.108 with SMTP id d12mr22063529pbu.137.1444483261725; Sat, 10 Oct 2015 06:21:01 -0700 (PDT) Received: from [192.168.168.178] (183179028116.ctinets.com. [183.179.28.116]) by smtp.gmail.com with ESMTPSA id z6sm8244593pbt.51.2015.10.10.06.21.00 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sat, 10 Oct 2015 06:21:01 -0700 (PDT) Mime-Version: 1.0 (Mac OS X Mail 9.0 \(3094\)) Subject: Re: Freebsd 10.2 amd64 netmap ipfw From: Archy Cho In-Reply-To: <70A66D48-19E8-4C32-B2A7-5173C82CE3C1@netgate.com> Date: Sat, 10 Oct 2015 21:20:58 +0800 Cc: net@freebsd.org, rizzo@iet.unipi.it Message-Id: <7337D8A6-B708-425B-B5B3-9E8FFBB8C411@gmail.com> References: <803EEF77-2371-4F1C-9251-0BCB47897879@gmail.com> <70A66D48-19E8-4C32-B2A7-5173C82CE3C1@netgate.com> To: Jim Thompson X-Mailer: Apple Mail (2.3094) X-Mailman-Approved-At: Sat, 10 Oct 2015 13:33:21 +0000 Content-Type: text/plain; charset=big5 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 Oct 2015 13:21:02 -0000 Dear Jim and all My map as follow: +---------------------+ +---------------------------------+ = +------------------------+ | Cisco Router | | Freebsd 10.2 amd64 custom kernel| = | Linux box with | | IP 10.0.85.1/30 | | recompiled with "device netmap" | = | IP 172.16.0.1/30 | | | +--------->+ ix0 =3D 10.0.85.2/30 | = <-----------+ control the Freebsd box=20 | | | ix1 =3D down | = | via ssh | | | | igb0 =3D 172.16.0.2/30 | = | | +---------------------+ +---------------------------------+ = +------------------------+ 1) I have recompiled the kernel with device netmap 2) I downloaded the next.zip and compiled got the kipfw and ipfw 3) I connect via linux box , ssh 172.16.0.2 Do anyone advise , how could I enable netmap ipfw to filter traffic from = Cisco Router ? Archy Cho > Jim Thompson =A9=F3 2015=A6~10=A4=EB10=A4=E9 = =A4W=A4=C81:14 =BCg=B9D=A1G >=20 >=20 >> On Oct 9, 2015, at 7:14 AM, Archy Cho wrote: >>=20 >> I think I must misunderstand something , could anyone send me advise? >> Or any documents could help to build a NETMAP IPFW firewall box ? >=20 > See the last several paragraphs of:=20 >=20 > https://github.com/luigirizzo/netmap-ipfw/blob/next/README >=20 > Note that the "telnet localhost 5566" traffic generator hack mentioned = in the README doesn't work without a recompile, but you won't need it = for running real traffic. >=20 > Jim >=20 From owner-freebsd-net@freebsd.org Sat Oct 10 14:03:49 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id BDEDF9D23B6 for ; Sat, 10 Oct 2015 14:03:49 +0000 (UTC) (envelope-from bmerry@ska.ac.za) Received: from mail-ig0-f170.google.com (mail-ig0-f170.google.com [209.85.213.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 9736AA97 for ; Sat, 10 Oct 2015 14:03:49 +0000 (UTC) (envelope-from bmerry@ska.ac.za) Received: by igcrk20 with SMTP id rk20so52205855igc.1 for ; Sat, 10 Oct 2015 07:03:49 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:date:message-id:subject:from:to :content-type; bh=cp9CD3htycbl4suo8z3Ks9ZXyU40yzZI35elzlfcmEw=; b=BMGxSFgp+QQd66JNnsVuxUxsMpZqL007U8MmuGkT4yOleB/TzIeXiGsiFHUwnKiIaX FqAtBdTmKv0zCzi1LnIISp31rKvXw96l2mqozn92DusZa99fEMI6pVsotThkSz4PUMuz utD8EDVIu7/lhqmsafMErwFi5k7SCVrAxXG6DzqL/uBIxVZx4kBsIaqqOG57u9vYDAS2 ZhyQr7gR7ufSEm/VpGvudlSwQQpex2EnvY1p2NexQ4r05v6FRctEDPTKWeRVGK8WZRpl aPfJ958BsqgaAuvBVFcTXZPjODGE38N1a3RE3Y99vouIX+3RCt5HirV4ai3QsW8q40O/ vUlw== X-Gm-Message-State: ALoCoQmYjnD+c/XvFx6kQ/Xlnf1WMP39H1QTnxm2SxZAdQbR+Zj/umf+cTuvE/Q+8ajBuCZvqYTZ MIME-Version: 1.0 X-Received: by 10.50.23.80 with SMTP id k16mr4347915igf.62.1444485828817; Sat, 10 Oct 2015 07:03:48 -0700 (PDT) Received: by 10.107.46.103 with HTTP; Sat, 10 Oct 2015 07:03:48 -0700 (PDT) Date: Sat, 10 Oct 2015 16:03:48 +0200 Message-ID: Subject: netmap: recommended NIC for 40GbE capture on Linux? From: Bruce Merry To: freebsd-net@freebsd.org Content-Type: text/plain; charset=UTF-8 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 Oct 2015 14:03:49 -0000 Hi We're aim to do some high-speed data capture and processing on data being sent from an FPGA over Ethernet. The data is about 3.3Mpps with 512 bytes of application-level data per packet (plus somewhere around 64 bytes of app-level headers, plus UDP+IP+Ethernet headers). I'm looking for some advice on what hardware to use. We currently have Mellanox ConnectX-3 NICs with QSFP+. My experiments with pkt-gen on a single flow (generated by pkt-gen on another machine) are topping out at receiving 2.4 Mpps, with ksortirqd pushing one core at 100%. This is with netmap trunk, which does not build a custom mlx4 driver. I've also tried https://github.com/caldweba/netmap, which does, but which is broken (receives only 1023 pps, confirmed broken by the repo owner). Before we spend money, I'd love to hear someone report success with capturing a single flow at >4Mpps, >20Gbps using netmap on Linux and what NIC they use. Ideally this would include transparent mode working so that ARP, ICMP etc can be handled by the host stack. Alternatively, if anyone is managing this on ConnectX-3, I'd love to know how (I have already disabled flow control and adaptive interrupt mitigation on the receiver). Thanks Bruce -- Bruce Merry Senior Science Processing Developer SKA South Africa From owner-freebsd-net@freebsd.org Sat Oct 10 13:43:00 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6EB10A106B9 for ; Sat, 10 Oct 2015 13:43:00 +0000 (UTC) (envelope-from archycho@gmail.com) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 4B3151C7B for ; Sat, 10 Oct 2015 13:43:00 +0000 (UTC) (envelope-from archycho@gmail.com) Received: by mailman.ysv.freebsd.org (Postfix) id 4865EA106B8; Sat, 10 Oct 2015 13:43:00 +0000 (UTC) Delivered-To: net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2E14EA106B7 for ; Sat, 10 Oct 2015 13:43:00 +0000 (UTC) (envelope-from archycho@gmail.com) Received: from mail-pa0-x244.google.com (mail-pa0-x244.google.com [IPv6:2607:f8b0:400e:c03::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id F29C91C78 for ; Sat, 10 Oct 2015 13:42:59 +0000 (UTC) (envelope-from archycho@gmail.com) Received: by pacik9 with SMTP id ik9so13429060pac.3 for ; Sat, 10 Oct 2015 06:42:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; bh=w6i7O4YT6i5ZJ6f84UZ5mZ6mOfKgeuVzbHLBEg/1OcM=; b=CDiWDa/eSNmwpP5/jajdkaVHwjRbsvx6t4cjMLuktk8Q73Mn9wFpE1M9jtPoU031/O h1ZZTU4sWc7T4mVQW9gS/pYoBeLjmmX7uWRkc8QI5YIxYd+yhN67FtinRFfrEt7r/u+p maAYzqctSb2Zabx7g4qKU4ymX2/tWJsWJ2J6eXrrkWFRgRrEBLjfFH2dp4Y+psM7UPlL AvAn6T6c3J8CrMtwuieHeu2EhMCvAjJ7EpofTN5ENmr4eMWCaqLyVU7OMGYduaBfaTAO PoTSEBKYx6OTgqLelt9WlFKVcPKzx43MZn9C8V1+LIir7g8W1q63XTTg5itdKLdeqas0 JonA== X-Received: by 10.68.93.227 with SMTP id cx3mr22358502pbb.155.1444484579651; Sat, 10 Oct 2015 06:42:59 -0700 (PDT) Received: from [192.168.168.178] (183179028116.ctinets.com. [183.179.28.116]) by smtp.gmail.com with ESMTPSA id w8sm4293015pbs.87.2015.10.10.06.42.58 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sat, 10 Oct 2015 06:42:59 -0700 (PDT) Mime-Version: 1.0 (Mac OS X Mail 9.0 \(3094\)) Subject: Re: Freebsd 10.2 amd64 netmap ipfw From: Archy Cho In-Reply-To: <7337D8A6-B708-425B-B5B3-9E8FFBB8C411@gmail.com> Date: Sat, 10 Oct 2015 21:42:57 +0800 Cc: net@freebsd.org, rizzo@iet.unipi.it Message-Id: <32A72733-2D71-4FBA-93D3-B90BDDD4BFD3@gmail.com> References: <803EEF77-2371-4F1C-9251-0BCB47897879@gmail.com> <70A66D48-19E8-4C32-B2A7-5173C82CE3C1@netgate.com> <7337D8A6-B708-425B-B5B3-9E8FFBB8C411@gmail.com> To: Jim Thompson X-Mailer: Apple Mail (2.3094) X-Mailman-Approved-At: Sat, 10 Oct 2015 14:06:01 +0000 Content-Type: text/plain; charset=big5 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 Oct 2015 13:43:00 -0000 Dear All Sorry , I would like to ask do netmap with ipfw will only work as a = bridge ? ie: +-----------------------+ +---------------------------+ = +----------------------+ | Cisco Router A | | Freebsd 10.2 amd64 | = | Cisco Router B | | Int Te1/1 | | ix0 connect to Cisco A | = | Int Te1/1 | | 10.0.85.1/30 | +-----> | Int Te1/1 | = +------> | 10.0.85.2/30 | | | ^-----+ | ix1 connect to Cisco B | = ^------+ | | | | | Int Te1/1 | = | | +-----------------------+ +---------------------------+ = +----------------------+ Do the kipfw with netmap should work as this diagram ? Archy Cho > Archy Cho =A9=F3 2015=A6~10=A4=EB10=A4=E9 = =A4U=A4=C89:20 =BCg=B9D=A1G >=20 > Dear Jim and all >=20 > My map as follow: >=20 > +---------------------+ +---------------------------------+ = +------------------------+ > | Cisco Router | | Freebsd 10.2 amd64 custom kernel| = | Linux box with | > | IP 10.0.85.1/30 | | recompiled with "device netmap" | = | IP 172.16.0.1/30 | > | | +--------->+ ix0 =3D 10.0.85.2/30 = | <-----------+ control the Freebsd box=20 > | | | ix1 =3D down = | | via ssh | > | | | igb0 =3D 172.16.0.2/30 = | | | > +---------------------+ +---------------------------------+ = +------------------------+ >=20 > 1) I have recompiled the kernel with device netmap > 2) I downloaded the next.zip and compiled got the kipfw and ipfw > 3) I connect via linux box , ssh 172.16.0.2 >=20 > Do anyone advise , how could I enable netmap ipfw to filter traffic = from Cisco Router ? >=20 > Archy Cho >=20 >> Jim Thompson > =A9=F3 = 2015=A6~10=A4=EB10=A4=E9 =A4W=A4=C81:14 =BCg=B9D=A1G >>=20 >>=20 >>> On Oct 9, 2015, at 7:14 AM, Archy Cho > wrote: >>>=20 >>> I think I must misunderstand something , could anyone send me = advise? >>> Or any documents could help to build a NETMAP IPFW firewall box ? >>=20 >> See the last several paragraphs of:=20 >>=20 >> https://github.com/luigirizzo/netmap-ipfw/blob/next/README = >>=20 >> Note that the "telnet localhost 5566" traffic generator hack = mentioned in the README doesn't work without a recompile, but you won't = need it for running real traffic. >>=20 >> Jim >>=20 >=20 From owner-freebsd-net@freebsd.org Sat Oct 10 14:33:01 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8207AA105F0 for ; Sat, 10 Oct 2015 14:33:01 +0000 (UTC) (envelope-from rizzo.unipi@gmail.com) Received: from mail-lb0-x22a.google.com (mail-lb0-x22a.google.com [IPv6:2a00:1450:4010:c04::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 0BB2B1B83 for ; Sat, 10 Oct 2015 14:33:01 +0000 (UTC) (envelope-from rizzo.unipi@gmail.com) Received: by lbwr8 with SMTP id r8so106113353lbw.2 for ; Sat, 10 Oct 2015 07:32:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=rj9iSTSXURl3676IJIVrJIw702qtn4Hi8neUfVinRmY=; b=QFGnEsP0XZO53PGVLejrSYb4Gj7xbIeN+WT41FL9MTlFw7Dmn8+5s0fbwy5PCzUI9m tXecmACWw8+o+/WzPKOHFxiK/62jsBP0LYHqmoE5b7Xl3BXtcTFWHAIOLTTum7gD3Px9 6Ono5gL9KovY/m48y+QYKjMPHbTB6UhzkIqELFAte1U4lXfon4PTPaj89GLozRyM5/61 Y88Ic06aK7cWBXU4sMI5RC1uuTgvSKfULPRHePsz9k2O35wl0yCpTg5PEB+9nxdDgsMD jzv/dPvvEvw7wrBGMc2nL4gZt1rBrGL5Azi78D0AWNjzamnTnz56SHmNSR3hKJVWQae2 4uRA== MIME-Version: 1.0 X-Received: by 10.25.211.85 with SMTP id k82mr5900184lfg.100.1444487578656; Sat, 10 Oct 2015 07:32:58 -0700 (PDT) Sender: rizzo.unipi@gmail.com Received: by 10.114.96.168 with HTTP; Sat, 10 Oct 2015 07:32:58 -0700 (PDT) In-Reply-To: References: Date: Sat, 10 Oct 2015 16:32:58 +0200 X-Google-Sender-Auth: 5-HPohQm82EiFmSuutRqiqqyQSw Message-ID: Subject: Re: netmap: recommended NIC for 40GbE capture on Linux? From: Luigi Rizzo To: Bruce Merry Cc: "freebsd-net@freebsd.org" Content-Type: text/plain; charset=UTF-8 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 Oct 2015 14:33:01 -0000 On Sat, Oct 10, 2015 at 4:03 PM, Bruce Merry wrote: > Hi > > We're aim to do some high-speed data capture and processing on data > being sent from an FPGA over Ethernet. The data is about 3.3Mpps with > 512 bytes of application-level data per packet (plus somewhere around > 64 bytes of app-level headers, plus UDP+IP+Ethernet headers). I'm > looking for some advice on what hardware to use. > > We currently have Mellanox ConnectX-3 NICs with QSFP+. My experiments > with pkt-gen on a single flow (generated by pkt-gen on another > machine) are topping out at receiving 2.4 Mpps, with ksortirqd pushing > one core at 100%. This is with netmap trunk, which does not build a > custom mlx4 driver. I've also tried > https://github.com/caldweba/netmap, which does, but which is broken > (receives only 1023 pps, confirmed broken by the repo owner). > > Before we spend money, I'd love to hear someone report success with > capturing a single flow at >4Mpps, >20Gbps using netmap on Linux and > what NIC they use. Ideally this would include transparent mode working > so that ARP, ICMP etc can be handled by the host stack. > > Alternatively, if anyone is managing this on ConnectX-3, I'd love to > know how (I have already disabled flow control and adaptive interrupt > mitigation on the receiver). > hi Bruce, email me privately for more details. We have native netmap support in FreeBSD for the intel 40G and and almost ready linux version of the same, which we hope to be available by the end of the year. Recently mellanox kindly sent us a couple of their 40g cards (not sure which type), for which i plan to adapt the mlx4_netmap_linux code that you found in the other repo (which i wrote a few years ago). Again we may work on that around the end of the year. cheers luigi -- -----------------------------------------+------------------------------- Prof. Luigi RIZZO, rizzo@iet.unipi.it . Dip. di Ing. dell'Informazione http://www.iet.unipi.it/~luigi/ . Universita` di Pisa TEL +39-050-2217533 . via Diotisalvi 2 Mobile +39-338-6809875 . 56122 PISA (Italy) -----------------------------------------+------------------------------- From owner-freebsd-net@freebsd.org Sat Oct 10 14:35:33 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 03368A106EB for ; Sat, 10 Oct 2015 14:35:33 +0000 (UTC) (envelope-from jim@netgate.com) Received: from mail-qg0-x22e.google.com (mail-qg0-x22e.google.com [IPv6:2607:f8b0:400d:c04::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id C19501C65 for ; Sat, 10 Oct 2015 14:35:32 +0000 (UTC) (envelope-from jim@netgate.com) Received: by qgez77 with SMTP id z77so91490773qge.1 for ; Sat, 10 Oct 2015 07:35:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netgate.com; s=google; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=QGaUZr47VL0cMSCnkC91W1uhL6SmJkHjBWWNs1w5Iug=; b=XGwsFw1vjN0dqBYOabcj2v55A4vEQgjt5iuUtvhANXpas9HzLTF9osdwqwuPgIDVh7 Ks4WhfzBdpuf9yzVeCoqWKb/Yc5+wTJ0EfpEzYSxXxcSjBPCN+T7ytOeDK9EIi/DeJPZ n1R0ZEcvDeRIgu/0zzSm4g02DCQeUXxvwOaRA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:content-transfer-encoding:message-id:references :to; bh=QGaUZr47VL0cMSCnkC91W1uhL6SmJkHjBWWNs1w5Iug=; b=h4goHTb80JmuNdhYsAwhzc2zjdMCRBzXkeeWSSg1dR6Ip+fkFZoeAHqMcNbUsxREu+ F4ChIkm9xpwcVC2FGtnCKjniGuX3RBlkxLlacJhDTmjYAJHI5JUwErU0FFruAeKuL+z2 c6FsHB21CZEhpOnySDg30Ex0lnGCDOHChiH2RGslHw5dHz6cXKNZhBcWZrkcUVSLC4XG YaormUDoGLo8eKWcE54hIRIp20RiisaPypP8r87OMhdMAaa8C7j89EtJlwckkiqK7eli JWDABz5ebonCJjY0ze4wjPIXKADS0GIArUz39JLSjp4F5XKh/Y620oaBVPvxwtGxV5VC uUfw== X-Gm-Message-State: ALoCoQnS+SbiepNomCD9HQCWy45ZeDY2RxoFlYusy+iAo20xXbuliuq40DikH4lRu06Nhgbh76iv X-Received: by 10.140.25.134 with SMTP id 6mr22329624qgt.96.1444487731794; Sat, 10 Oct 2015 07:35:31 -0700 (PDT) Received: from [10.50.1.76] ([200.19.188.5]) by smtp.gmail.com with ESMTPSA id o65sm2988178qhb.21.2015.10.10.07.35.30 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sat, 10 Oct 2015 07:35:31 -0700 (PDT) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 9.0 \(3094\)) Subject: Re: netmap: recommended NIC for 40GbE capture on Linux? From: Jim Thompson In-Reply-To: Date: Sat, 10 Oct 2015 11:35:27 -0300 Cc: freebsd-net@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: References: To: Bruce Merry X-Mailer: Apple Mail (2.3094) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 Oct 2015 14:35:33 -0000 > Before we spend money, I'd love to hear someone report success with = capturing a single flow at >4Mpps, >20Gbps using netmap on Linux and > what NIC they use. You said linux, and this is freebsd-net, but this blog post (from = yesterday) is probably apt. https://blog.cloudflare.com/single-rx-queue-kernel-bypass-with-netmap/ > Ideally this would include transparent mode working so that ARP, ICMP = etc can be handled by the host stack. netmap-fwd (written by loos@ and announced yesterday at BSDcon Brazil) = does this (re-injecting frames designed for =E2=80=99this=E2=80=99 host = on the host ring, though there is a mode to handle ARP and ICMP in the fastpath code). netmap-fwd is an implementation of the ip_fastforward code from FreeBSD = on top of netmap. It currently does around 5Mpps, single-stream, on a = single core using Chelsio or Intel NICs. It=E2=80=99s IPv4-only right now, but once we = add IPv6(*), it will be open sourced. PPS @ 64-byte frames (pkt-gen) through DUT Device under test Network interface = Kernel forwarding Fastforward enabled Tryforward patch netmap-fwd = application C2358 (2 core, 1.7 Ghz) Intel I354 = 123 kbps 217 kbps 213 kbps = 945 kpps C2758 (8 core, 2.4 GHz) Chelsio T520 10G 270 apps = 426 apps 431 apps 1.683 = Mpps Xeon-D 1540 (8 core, 2 GHz) Intel X552 10G 439 kbps = 557 kbps 544 kbps 2.230 = Mpps Xeon E3-1275 (4 core, 3.5 GHz) Intel X520-2 1.058 = Mpps 1.331 Mpps 1.297 Mpps 5.053 = Mpps =E2=80=98Tryforward' above is the code in = https://reviews.freebsd.org/D3737 (We haven=E2=80=99t tried it on linux.) I find it likely that an application that acts as a simple filter like = https://github.com/jibi/nm-single-rx-queue/blob/master/main.c or = https://github.com/erikarn/netmap-tools/tree/master/src/bridge=20 will greatly exceed the 5Mpps figure above. See also: = http://adrianchadd.blogspot.com.br/2015/04/intel-ddio-llc-cache-buffer-ali= gnment.html Jim (*) this work will need to wait until after we can get pfSense 2.3 = released= From owner-freebsd-net@freebsd.org Sat Oct 10 14:59:38 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id BA2699D267C; Sat, 10 Oct 2015 14:59:38 +0000 (UTC) (envelope-from rizzo.unipi@gmail.com) Received: from mail-lb0-x229.google.com (mail-lb0-x229.google.com [IPv6:2a00:1450:4010:c04::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4B915E3B; Sat, 10 Oct 2015 14:59:38 +0000 (UTC) (envelope-from rizzo.unipi@gmail.com) Received: by lbbwt4 with SMTP id wt4so106921944lbb.1; Sat, 10 Oct 2015 07:59:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:date:message-id:subject:from:to:cc:content-type; bh=QueWrcmBH9IzrmxPDJeDs/Z1YwVrPxeYvBDmMN1ndg0=; b=UcbadvgniHlgFUNtiTJJfGAVMndHwhCQasqQtifmbjhS3uP4t2xQAiJArECB4ljGd/ PgONVHiJBhgwDCJzKWpOIQI9PuuIOZ2UuxW4K4ziaIM0lU22U1SyRLYXSjTB9k61sFXp puxCdIJEViTa9Rv/0B+44iNmZE2Z023jTBy7lTVKrE8e5TRoJrKdd3KxdK2PgPrCD1e6 QcPpMfhic8Q2hdjOzKUiT+XuSkMQen9PktUlsb9SvS9KdMLojpTRUbp3LdtySHQE7epA Xc/QqpWcEP5qmh6dxhVJ/TLcwSPAid/R/K/AEniGxf+MEy+4ekQtj1ZXkxP+7znDN3e0 k0cw== MIME-Version: 1.0 X-Received: by 10.112.134.73 with SMTP id pi9mr8835510lbb.83.1444489175975; Sat, 10 Oct 2015 07:59:35 -0700 (PDT) Sender: rizzo.unipi@gmail.com Received: by 10.114.96.168 with HTTP; Sat, 10 Oct 2015 07:59:35 -0700 (PDT) Date: Sat, 10 Oct 2015 16:59:35 +0200 X-Google-Sender-Auth: 7V2hLJ343lt8wuaRDI8Gx9B45sI Message-ID: Subject: nice stuff from cloudflare (and, we need something like ethtool!) From: Luigi Rizzo To: FreeBSD Current Cc: "freebsd-net@freebsd.org" Content-Type: text/plain; charset=UTF-8 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 Oct 2015 14:59:38 -0000 the nice folks at cloudflare implemented a nice feature in netmap that puts some queues of the NIC in netmap mode leaving others attached to the host stack https://blog.cloudflare.com/single-rx-queue-kernel-bypass-with-netmap/ and use ethtool (and native NIC filters) to steer traffic around. [FWIW, the chelsio native netmap driver is similar except that the netmap queue has a different MAC address] While their code was developed on linux, it should run almost unmodified on FreeBSD (and we plan to import it soon), except for the fact that we don't have ethtool hence no device-independent mechanism to configure traffic steering. We really need to address the latter. cheers luigi -- -----------------------------------------+------------------------------- Prof. Luigi RIZZO, rizzo@iet.unipi.it . Dip. di Ing. dell'Informazione http://www.iet.unipi.it/~luigi/ . Universita` di Pisa TEL +39-050-2217533 . via Diotisalvi 2 Mobile +39-338-6809875 . 56122 PISA (Italy) -----------------------------------------+------------------------------- From owner-freebsd-net@freebsd.org Sat Oct 10 14:27:31 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C71BDA10229 for ; Sat, 10 Oct 2015 14:27:31 +0000 (UTC) (envelope-from archycho@gmail.com) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id A35E71498 for ; Sat, 10 Oct 2015 14:27:31 +0000 (UTC) (envelope-from archycho@gmail.com) Received: by mailman.ysv.freebsd.org (Postfix) id A27D2A10228; Sat, 10 Oct 2015 14:27:31 +0000 (UTC) Delivered-To: net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 881B0A10227 for ; Sat, 10 Oct 2015 14:27:31 +0000 (UTC) (envelope-from archycho@gmail.com) Received: from mail-pa0-x22f.google.com (mail-pa0-x22f.google.com [IPv6:2607:f8b0:400e:c03::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 57F521497 for ; Sat, 10 Oct 2015 14:27:31 +0000 (UTC) (envelope-from archycho@gmail.com) Received: by padhy16 with SMTP id hy16so112799919pad.1 for ; Sat, 10 Oct 2015 07:27:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; bh=JBE5RjAy69KeG6bwO7nWZKSbbCSFhHyp5iLLEzhrP7o=; b=ue0UQn4iRkPf3W5SsHTusLWdBFI6pAFo83uHCJ+S71i9sPuz3O/RXH3G8BMm4fbgwp 9zGgQOxIO+j87zDVQkUvQTiEq9IxWUYycu2WgD2aXUnw9jU8pEiUkPhUkca+xNu3no8e 2aUdtBBeQFBGKbH1+gePawrj90/vjf+iEfdu9ujx9+MyrrtC2cqIQGy4wpbeKj0YRhdB 8r8Vol2SkwAvjapaQWmwDYsangEnuFJ5FqBtgE3UPkLK61n10ArMj7x+T/Y7XmbFBMg0 pgpRoDAqhuqVvZwvKRKCk1+mKcW0YBTCnLdDWj1H81QsQB7invGuWAcjJo5RFgsnPYsi i/pg== X-Received: by 10.68.69.45 with SMTP id b13mr22609653pbu.67.1444487250918; Sat, 10 Oct 2015 07:27:30 -0700 (PDT) Received: from [192.168.168.178] (183179028116.ctinets.com. [183.179.28.116]) by smtp.gmail.com with ESMTPSA id dk2sm8517995pbd.57.2015.10.10.07.27.29 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sat, 10 Oct 2015 07:27:30 -0700 (PDT) Mime-Version: 1.0 (Mac OS X Mail 9.0 \(3094\)) Subject: Re: Freebsd 10.2 amd64 netmap ipfw From: Archy Cho In-Reply-To: <7337D8A6-B708-425B-B5B3-9E8FFBB8C411@gmail.com> Date: Sat, 10 Oct 2015 22:27:28 +0800 Cc: net@freebsd.org, rizzo@iet.unipi.it Message-Id: <395800C2-6ED1-42CF-A788-64D5192DE4C0@gmail.com> References: <803EEF77-2371-4F1C-9251-0BCB47897879@gmail.com> <70A66D48-19E8-4C32-B2A7-5173C82CE3C1@netgate.com> <7337D8A6-B708-425B-B5B3-9E8FFBB8C411@gmail.com> To: Jim Thompson X-Mailer: Apple Mail (2.3094) X-Mailman-Approved-At: Sat, 10 Oct 2015 16:05:44 +0000 Content-Type: text/plain; charset=big5 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 Oct 2015 14:27:31 -0000 Dear Professor Luigi=20 After I read the past mailing list , I got it working now ,=20 but I have something to ask. Quote from=20 http://lists.freebsd.org/pipermail/freebsd-net/2014-November/040380.html = = WITHOUT kipfw you will be OUT of communication. If you want to have communication without kipfw please configure if_bridge(4) properly. My testing boxes , I could communicate with bridge + kipfw ,=20 but not without bridge , is that normal ? ( I have tested , after kipfw = with bridge , filtering rules still could be applied ) And do kipfw could be enable as multithread for a single bridge to = provide better performance ? Thank you so much . Archy Cho > Archy Cho =A9=F3 2015=A6~10=A4=EB10=A4=E9 = =A4U=A4=C89:20 =BCg=B9D=A1G >=20 > Dear Jim and all >=20 > My map as follow: >=20 > +---------------------+ +---------------------------------+ = +------------------------+ > | Cisco Router | | Freebsd 10.2 amd64 custom kernel| = | Linux box with | > | IP 10.0.85.1/30 | | recompiled with "device netmap" | = | IP 172.16.0.1/30 | > | | +--------->+ ix0 =3D 10.0.85.2/30 = | <-----------+ control the Freebsd box=20 > | | | ix1 =3D down = | | via ssh | > | | | igb0 =3D 172.16.0.2/30 = | | | > +---------------------+ +---------------------------------+ = +------------------------+ >=20 > 1) I have recompiled the kernel with device netmap > 2) I downloaded the next.zip and compiled got the kipfw and ipfw > 3) I connect via linux box , ssh 172.16.0.2 >=20 > Do anyone advise , how could I enable netmap ipfw to filter traffic = from Cisco Router ? >=20 > Archy Cho >=20 >> Jim Thompson > =A9=F3 = 2015=A6~10=A4=EB10=A4=E9 =A4W=A4=C81:14 =BCg=B9D=A1G >>=20 >>=20 >>> On Oct 9, 2015, at 7:14 AM, Archy Cho > wrote: >>>=20 >>> I think I must misunderstand something , could anyone send me = advise? >>> Or any documents could help to build a NETMAP IPFW firewall box ? >>=20 >> See the last several paragraphs of:=20 >>=20 >> https://github.com/luigirizzo/netmap-ipfw/blob/next/README = >>=20 >> Note that the "telnet localhost 5566" traffic generator hack = mentioned in the README doesn't work without a recompile, but you won't = need it for running real traffic. >>=20 >> Jim >>=20 >=20 From owner-freebsd-net@freebsd.org Sat Oct 10 18:04:30 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DAC71A10D16 for ; Sat, 10 Oct 2015 18:04:30 +0000 (UTC) (envelope-from sbruno@freebsd.org) Received: from mail.ignoranthack.me (ignoranthack.me [199.102.79.106]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id C02801163 for ; Sat, 10 Oct 2015 18:04:30 +0000 (UTC) (envelope-from sbruno@freebsd.org) Received: from [192.168.200.208] (unknown [50.136.155.142]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: sbruno@ignoranthack.me) by mail.ignoranthack.me (Postfix) with ESMTPSA id 94E3A193E80 for ; Sat, 10 Oct 2015 18:04:28 +0000 (UTC) Subject: Re: netmap: recommended NIC for 40GbE capture on Linux? To: freebsd-net@freebsd.org References: From: Sean Bruno Message-ID: <5619532B.4020304@freebsd.org> Date: Sat, 10 Oct 2015 11:04:27 -0700 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 Oct 2015 18:04:30 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 10/10/15 07:03, Bruce Merry wrote: > Hi > > We're aim to do some high-speed data capture and processing on > data being sent from an FPGA over Ethernet. The data is about > 3.3Mpps with 512 bytes of application-level data per packet (plus > somewhere around 64 bytes of app-level headers, plus > UDP+IP+Ethernet headers). I'm looking for some advice on what > hardware to use. > > We currently have Mellanox ConnectX-3 NICs with QSFP+. My > experiments with pkt-gen on a single flow (generated by pkt-gen on > another machine) are topping out at receiving 2.4 Mpps, with > ksortirqd pushing one core at 100%. This is with netmap trunk, > which does not build a custom mlx4 driver. I've also tried > https://github.com/caldweba/netmap, which does, but which is > broken (receives only 1023 pps, confirmed broken by the repo > owner). > > Before we spend money, I'd love to hear someone report success > with capturing a single flow at >4Mpps, >20Gbps using netmap on > Linux and what NIC they use. Ideally this would include transparent > mode working so that ARP, ICMP etc can be handled by the host > stack. > > Alternatively, if anyone is managing this on ConnectX-3, I'd love > to know how (I have already disabled flow control and adaptive > interrupt mitigation on the receiver). > > Thanks Bruce > I'm unsure where to ask netmap+linux question to be honest. So, my responses won't be very useful to you. If you feel like doing even *more* science, FreeBSD does have the same capabilities and supports the card that you're using. It might be more work for you to do, but you might find FreeBSD-current (11.0 test) refreshing enough to warrant more investigation. ftp://ftp.freebsd.org/pub/FreeBSD/snapshots/amd64/amd64/ISO-IMAGES/11.0/ sean -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQF8BAEBCgBmBQJWGVMoXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCQUFENDYzMkU3MTIxREU4RDIwOTk3REQx MjAxRUZDQTFFNzI3RTY0AAoJEBIB78oecn5kyooH/1bIoaytmkUR73ysuRoBTKcY UHSc7bvngiMLK15cAKRn9UzXoQHjZRQBMXb9mr1omPwdkzsmfx3JAdOIuNhKi0li nYYth8/Cs/GUyKxjaYBs/oLydKoZahgiaeNaEqftQmxkOINOXMI6xLxr4p1kMy6k AbF/LkaSgoyBH/Yu96EK7dQBNCroJuI6BKI7EZdLL93seecsTLx78+qEfXJJI7FC w5vSD5amFMDKMiAewMzhiHzY+uO5rcYzxGbCineF+6aaKT4jbxJ/X6OoEvw8Zzto tkSmDiwxFG14YAsn0RQ4BXF3NDFQOLcH0YzTe+mSNwkrv5rSmAdUaTADuiBd+2o= =Sz+N -----END PGP SIGNATURE-----