From owner-freebsd-stable@FreeBSD.ORG Mon May 31 08:32:18 2010 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EC9EF106568B for ; Mon, 31 May 2010 08:32:18 +0000 (UTC) (envelope-from jdc@koitsu.dyndns.org) Received: from qmta08.emeryville.ca.mail.comcast.net (qmta08.emeryville.ca.mail.comcast.net [76.96.30.80]) by mx1.freebsd.org (Postfix) with ESMTP id D2B3F8FC19 for ; Mon, 31 May 2010 08:32:18 +0000 (UTC) Received: from omta20.emeryville.ca.mail.comcast.net ([76.96.30.87]) by qmta08.emeryville.ca.mail.comcast.net with comcast id Q8XY1e0011smiN4A88YJrJ; Mon, 31 May 2010 08:32:18 +0000 Received: from koitsu.dyndns.org ([98.248.46.159]) by omta20.emeryville.ca.mail.comcast.net with comcast id Q8YH1e0033S48mS8g8YHzB; Mon, 31 May 2010 08:32:18 +0000 Received: by icarus.home.lan (Postfix, from userid 1000) id 3C54E9B418; Mon, 31 May 2010 01:32:17 -0700 (PDT) Date: Mon, 31 May 2010 01:32:17 -0700 From: Jeremy Chadwick To: Giulio Ferro Message-ID: <20100531083217.GA74108@icarus.home.lan> References: <4BFF589F.2050102@zirakzigil.org> <201005281320.51027.max@love2party.net> <4C03511D.6070807@zirakzigil.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4C03511D.6070807@zirakzigil.org> User-Agent: Mutt/1.5.20 (2009-06-14) Cc: Max Laier , freebsd-stable@freebsd.org, freebsd-net@freebsd.org Subject: Re: PF + BRIDGE still causes system freezing X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 May 2010 08:32:19 -0000 On Mon, May 31, 2010 at 08:03:09AM +0200, Giulio Ferro wrote: > Max Laier wrote: > >On Friday 28 May 2010 07:46:07 Giulio Ferro wrote: > >>Months ago I reported a system freezing whenever bridge was used > >>with pf. This still happens now in 8.1 prerelease: after several minutes > >>to hours > >>that the bridge is active the system becomes unresponsive. > > > >as I told you last time your reported this problem: you need to > >simplify your setup in order to track down the problem. For all I > >know, you have created a routing or ethernet loop that is the > >cause of your problems. Unless you can provide a simple setup > >that can be reproduced, you have to track down the issue yourself > >- sorry. > > > >Max > > Ok, I've moved the vpn-bridging service to a server without pf, and now > it seems to work correctly. > > I maintain that this issue would need to look into, anyway... > I don't think that a system freezing is acceptable, even when the > administrator > makes some configuration mistakes: the o.s. should complain about > "routing or ethernet loop", without leaving him wondering... We don't know if physical cabling loops are the problem here, but I'll chime in with my two cents regardless. If you're prone to making cabling mistakes that result in layer 2 loops in your network, you should consider using protocols like spanning tree[1] on your switches. Be aware that STP induces a lot of other problems and complexities which very likely *will* be seen as issues within the OS (such as physical Ethernet link not coming up quickly, taking instead maybe 60-120 full seconds). I believe there are extension protocols that address this (such as RSTP). If you're actually using FreeBSD as a "smart switch", then there may be some spanning tree software that works on FreeBSD. I'm not familiar with this setup or what software may be available. The majority of folks connect their FreeBSD machines to a switch, and those switches can handle STP. [1]: http://en.wikipedia.org/wiki/Spanning_tree_protocol -- | Jeremy Chadwick jdc@parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB |