Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 1 Feb 2005 19:06:50 +0300
From:      "Nickolay Kritsky" <Nickolay.Kritsky@astra-sw.com>
To:        "Jeremie Le Hen" <jeremie@le-hen.org>, <freebsd-net@freebsd.org>
Subject:   RE: dummynet and vr(4)/egress broken in 4.11 ?
Message-ID:  <D86BF562467D944EB435513F725B236A07C13A@exchange.stardevelopers4msi.com>

next in thread | raw e-mail | index | archive | help
Are you using ipnat for NAT'ing? If yes, can you post your ipnat rules?

Nick

-----Original Message-----
From: Jeremie Le Hen [mailto:jeremie@le-hen.org]
Sent: Sunday, January 30, 2005 5:40 PM
To: freebsd-net@freebsd.org
Subject: Re: dummynet and vr(4)/egress broken in 4.11 ?


> I didn't changed my kernel configuration file so much since my last
> kernel upgrade, I juste added gif(4), IPSEC_FILTERGIF and vr(4).
> I tested using this rule on ingress and egress of both my internal =
(sis0)
> and external interface (vr0) - inverting IPs where needed :-) - here =
are
> the results :
>=20
>            | ingress | egress  |
> -----------+---------+---------+
> vr0 (ext)  |   OK    |    -    |
> -----------+---------+---------+
> sis0 (int) |   OK    |   OK    |
> -----------+---------+---------+
>=20
> I think that it is now very important to tell you that while upgrading
> my box to FreeBSD 4.11, I also changed my external interface from a 10
> MBits ep(4) to a 100 MBits vr(4).
>=20
> I cannot switch back to ep(4) for the moment since it is not an option
> to have downtime, but according to the privous results, I'm pretty
> convinced there is a problem with the vr(4) driver (although I don't
> know how it can impact DUMMYNET).  Maybe the last commit on this
> driver in RELENG_4 (sys/pci/if_vr.c, rev 1.26.2.14) is the culprit.

Well, in fact I made further investigation :

	- Only TCP seems to be affected.  UDP and ICMP appear to work
	  without packet drop.

	- Switching back from my vr(4) to my ep(4) did not resolve the
	  problem.

Thus, it seems this problem is independant from the network driver
(which makes more sense because AFAIK the latters are not involved in
DUMMYNET, as they are in ALTQ for example).

I can still use pipes on interface ingress, internal interface egress,
but it fails when I use a pipe on egress on my external interface _for
packet being forwarded and NATed only_.  Weirdly I am still able to
use a TCP stream from the router itself.

I'll give a try to a 4.10 kernel ASAP.

Regards,
--=20
Jeremie Le Hen
jeremie@le-hen.org
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?D86BF562467D944EB435513F725B236A07C13A>