From owner-freebsd-ipfw@freebsd.org Sun May 31 21:00:18 2020 Return-Path: Delivered-To: freebsd-ipfw@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id DC83E2F0C11 for ; Sun, 31 May 2020 21:00:18 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 49ZrKt5cFrz3dgW for ; Sun, 31 May 2020 21:00:18 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: by mailman.nyi.freebsd.org (Postfix) id C07802F0C10; Sun, 31 May 2020 21:00:18 +0000 (UTC) Delivered-To: ipfw@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id C04002F0B1D for ; Sun, 31 May 2020 21:00:18 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49ZrKt4phcz3dtJ for ; Sun, 31 May 2020 21:00:18 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 9E6FF1FEEF for ; Sun, 31 May 2020 21:00:18 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 04VL0ICW073602 for ; Sun, 31 May 2020 21:00:18 GMT (envelope-from bugzilla-noreply@FreeBSD.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 04VL0ID8073601 for ipfw@FreeBSD.org; Sun, 31 May 2020 21:00:18 GMT (envelope-from bugzilla-noreply@FreeBSD.org) Message-Id: <202005312100.04VL0ID8073601@kenobi.freebsd.org> X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@FreeBSD.org using -f From: bugzilla-noreply@FreeBSD.org To: ipfw@FreeBSD.org Subject: Problem reports for ipfw@FreeBSD.org that need special attention Date: Sun, 31 May 2020 21:00:18 +0000 MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.33 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 31 May 2020 21:00:18 -0000 To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status | Bug Id | Description ------------+-----------+--------------------------------------------------- New | 215875 | [ipfw] ipfw lookup tables do not support mbuf_tag New | 232764 | [ipfw] share/examples/ipfw/change_rules.sh: Suppo 2 problems total for which you should take action. From owner-freebsd-ipfw@freebsd.org Fri Jun 5 16:13:47 2020 Return-Path: Delivered-To: freebsd-ipfw@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 623CD3304C7 for ; Fri, 5 Jun 2020 16:13:47 +0000 (UTC) (envelope-from pmc@citylink.dinoex.sub.org) Received: from uucp.dinoex.org (uucp.dinoex.sub.de [IPv6:2001:1440:5001:1::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "uucp.dinoex.sub.de", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49dnkx5v6Fz4Cc1 for ; Fri, 5 Jun 2020 16:13:45 +0000 (UTC) (envelope-from pmc@citylink.dinoex.sub.org) Received: from uucp.dinoex.sub.de (uucp.dinoex.org [185.220.148.12]) by uucp.dinoex.org (8.16.0.45/8.16.0.45) with ESMTPS id 055GD5Uq027715 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO); Fri, 5 Jun 2020 18:13:05 +0200 (CEST) (envelope-from pmc@citylink.dinoex.sub.org) X-Authentication-Warning: uucp.dinoex.sub.de: Host uucp.dinoex.org [185.220.148.12] claimed to be uucp.dinoex.sub.de Received: (from uucp@localhost) by uucp.dinoex.sub.de (8.16.0.45/8.16.0.45/Submit) with UUCP id 055GD5S3027714; Fri, 5 Jun 2020 18:13:05 +0200 (CEST) (envelope-from pmc@citylink.dinoex.sub.org) Received: from gate.oper.dinoex.org (gate-e [192.168.98.2]) by citylink.dinoex.sub.de (8.15.2/8.15.2) with ESMTP id 055E5xFU006101; Fri, 5 Jun 2020 16:05:59 +0200 (CEST) (envelope-from peter@gate.oper.dinoex.org) Received: from gate.oper.dinoex.org (gate-e [192.168.98.2]) by gate.oper.dinoex.org (8.15.2/8.15.2) with ESMTP id 055E4OCU005867; Fri, 5 Jun 2020 16:04:24 +0200 (CEST) (envelope-from peter@gate.oper.dinoex.org) Received: (from peter@localhost) by gate.oper.dinoex.org (8.15.2/8.15.2/Submit) id 055E4Oku005866; Fri, 5 Jun 2020 16:04:24 +0200 (CEST) (envelope-from peter) Date: Fri, 5 Jun 2020 16:04:24 +0200 From: Peter Sender: li-fbsd@citylink.dinoex.sub.org To: Stefan.Erl@dlr.de Cc: freebsd-ipfw@freebsd.org Subject: Re: Dummynet, pipes and VNET jails Message-ID: <20200605140424.GA2945@gate.oper.dinoex.org> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Milter: Spamilter (Reciever: uucp.dinoex.sub.de; Sender-ip: 185.220.148.12; Sender-helo: uucp.dinoex.sub.de; ) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (uucp.dinoex.org [185.220.148.12]); Fri, 05 Jun 2020 18:13:08 +0200 (CEST) X-Rspamd-Queue-Id: 49dnkx5v6Fz4Cc1 X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of pmc@citylink.dinoex.sub.org has no SPF policy when checking 2001:1440:5001:1::2) smtp.mailfrom=pmc@citylink.dinoex.sub.org X-Spamd-Result: default: False [-0.87 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.38)[-0.377]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_LONG(-0.83)[-0.834]; MIME_GOOD(-0.10)[text/plain]; HAS_XAW(0.00)[]; TO_DN_NONE(0.00)[]; AUTH_NA(1.00)[]; DMARC_NA(0.00)[sub.org]; RCVD_COUNT_THREE(0.00)[4]; TO_MATCH_ENVRCPT_SOME(0.00)[]; NEURAL_HAM_SHORT(-0.56)[-0.561]; RCPT_COUNT_TWO(0.00)[2]; R_SPF_NA(0.00)[no SPF record]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:8469, ipnet:2001:1440::/32, country:DE]; RCVD_TLS_LAST(0.00)[] X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Jun 2020 16:13:47 -0000 Hello Stefan, I experience the same issue as You describe. I suppose You have configured net.inet.ip.dummynet.io_fast=1 This means, packets that get immediately delivered do not even traverse the pipe - therefore You see no problem when no delay is on the pipe. If You switch net.inet.ip.dummynet.io_fast off, then you will see packets always disappear. And, in fact, these packets do NOT disappear. They get correctly re-inserted at the subsequent rule - but, since DUMMYNET appears to have no notion of jails, they do not get reinserted in the jail's ruleset, but in that of the base system! I just ran into this same problem, and to me it looks like DUMMYNET would need to be made jail-aware. Rel. is 11.3 - anybody knows if this has in the meantime been improved in R.12 ? cheerio, PMc On Tue, Jul 23, 2019 at 08:50:13AM +0000, Stefan.Erl@dlr.de wrote: ! Hi all, ! ! I have a problem with ipfw/dummynet, pipes and VNET jails using FreeBSD 12.0 ! release. Packets are lost in the pipe when any impairments are configured. ! ! I set up several VNET jails and connected them via epairs, in order to ! do tests with different network and routing configurations. On some jails, I ! want to run dummynet with pipes to add delay to the packets. Whenever ! I configure a pipe with zero delay, everything works. As soon as I add any delay ! (or loss, bw limit), the packets enter the pipe, but never exit it, and never ! appear on the target Jail. ! ! ! A simple test setup I've set up is the following: ! (JailB is configured for IP forwarding) ! ! --------- --------- --------- ! | JailA |-----| JailB |-----| JailC | ! --------- --------- --------- ! ! JailA: ping JailC ! ! JailB: ! ipfw flush ! ifpw add 10000 pipe 1 ip from JailA to any ! ipfw config pipe 1 delay 0ms ! ! This works fine, packets arrive at JailC. "ipfw show" shows increasing ! counters for rules 10000 and 65535 (allow ip from any to any) ! ! Then, if I add some delay: ! ! ipfw config pipe 1 delay 10ms ! ! Packets are lost in JailB, don't arrive at JailC. "ipfw show" shows ! increasing counters only for rule 10000, but not for 65535. ! ! ! IPFW and dummynet are compiled into the kernel, with kern.hz=1000 and ! IPFW_DEFAULT_TO_ACCEPT option. Dummynet pipes on the Jail ethernet interface ! outside a jail seem to work fine. ! ! I've found some threads from 2010 saying that there are some problems with ! dummynet and VNET jails. Are these still existing, is something else wrong, or ! am I missing something? ! ! Regards, ! Stefan