Date: Mon, 6 Dec 2004 15:23:09 +0100 From: Max Laier <max@love2party.net> To: freebsd-pf@freebsd.org, yongari@kt-is.co.kr Cc: gtg062h@mail.gatech.edu Subject: Re: FreeBSD bridge + filtering, BIG problem Message-ID: <200412061523.21530.max@love2party.net> In-Reply-To: <20041206024700.GA744@kt-is.co.kr> References: <20041201045203.262D443D5C@mx1.FreeBSD.org> <7c8f27920412051617123672bf@mail.gmail.com> <20041206024700.GA744@kt-is.co.kr>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart2149442.7Z0pZl6GtG Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Monday 06 December 2004 03:47, Pyun YongHyeon wrote: > On Sun, Dec 05, 2004 at 07:17:05PM -0500, Josh Kayse wrote: > > [...] > > > I managed to get your patch to apply to FreeBSD RELENG_5. > > > > I have a question about the bridge_fragment function though. Would > > this prevent packets from linux NFS clients from working, the > > fragmented ones with the DF flag set? Thanks for any information. > > I guess this has nothing to do with bridge. AFAIK, linux is known > to generate fragmented packets with DF bit set. Normally, scrub > rule of pf drops the fragmented packet that was told not to > framgent(i.e. DF bit set) > You may need an additional option "no-df" to pass the packet in > scrub rule. > > > I'll post the patch later if anyone wants it. It hasn't been > > Great! I believe, your patch would be quite useful to FreeBSD > pf/ipf users. > > > thoroughly tested but is currently running on a bridge setup in my > > test lab with my work machine behind it. > > One note, don't be fooled by "netstat -m" output after patching your > system. Its statistics were broken on 5.3R. For instance, on my P3 SMP: > > 19926 mbufs in use > 4294938777/19136 mbuf clusters in use (current/max) > ^^^^^^^^^^^^^^^^ > 0/4/5040 sfbufs in use (current/peak/max) > 4142247 KBytes allocated to network > ^^^^^^^^^^^^^^ > 0 requests for sfbufs denied > 0 requests for sfbufs delayed > 0 requests for I/O initiated by sendfile > 270 calls to protocol drain routines $vmstat -z | grep -i mbuf Has atomic counters that should[tm] be correct. So double-check with that=20 command. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart2149442.7Z0pZl6GtG Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQBBtGtZXyyEoT62BG0RAu9TAJ4rqh2nhGBpj/cbifH+HivMcfEmnwCeOIjh zt7s2hjN+IXVtfYQF6osqEg= =i2tN -----END PGP SIGNATURE----- --nextPart2149442.7Z0pZl6GtG--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200412061523.21530.max>