From owner-freebsd-pf@FreeBSD.ORG Mon Oct 8 10:48:51 2007 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1319116A418 for ; Mon, 8 Oct 2007 10:48:51 +0000 (UTC) (envelope-from tobi@casino.uni-stuttgart.de) Received: from out1.smtp.messagingengine.com (out1.smtp.messagingengine.com [66.111.4.25]) by mx1.freebsd.org (Postfix) with ESMTP id C50B013C459 for ; Mon, 8 Oct 2007 10:48:50 +0000 (UTC) (envelope-from tobi@casino.uni-stuttgart.de) Received: from compute1.internal (compute1.internal [10.202.2.41]) by out1.messagingengine.com (Postfix) with ESMTP id 42DB92F600 for ; Mon, 8 Oct 2007 06:48:50 -0400 (EDT) Received: from heartbeat2.messagingengine.com ([10.202.2.161]) by compute1.internal (MEProxy); Mon, 08 Oct 2007 06:48:50 -0400 X-Sasl-enc: p8n1cvEoqzZkt7mzLapXLxsXnIgXnhofnUAJ5V7pW0Cn 1191840529 Received: from [192.168.1.101] (unknown [193.239.254.142]) by mail.messagingengine.com (Postfix) with ESMTP id B662D18F45 for ; Mon, 8 Oct 2007 06:48:49 -0400 (EDT) Message-ID: <470A0B00.2040606@casino.uni-stuttgart.de> Date: Mon, 08 Oct 2007 13:48:32 +0300 From: Tobias Ernst User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; de-AT; rv:1.8.1.6) Gecko/20070802 SeaMonkey/1.1.4 MIME-Version: 1.0 To: freebsd-pf@freebsd.org References: <46EDE839.8060501@criticalmagic.com> <20070917202951.GF2742@heff.fud.org.nz> <46EEE5C9.8050103@criticalmagic.com> <20070917204318.GB9614@heff.fud.org.nz> <4701FAD7.4050600@casino.uni-stuttgart.de> In-Reply-To: <4701FAD7.4050600@casino.uni-stuttgart.de> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Subject: Filtering bridge plus router - further interface woes X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Oct 2007 10:48:51 -0000 Dear list, I have now applied the phys_local_phys patch on 6.2, which does its job for inbound packets to the local firewall, but I am still not able to see outbound packets on the physical interfaces. As a reminder, my firewall is bridging between various logical segments of our internal net, which consists of only 1 IP subnet, and is also acting as a router for the entire external net: bridge0 = em0, em1 (various logical segments of our internal net) bridge0 has IP x.x.x.254 (gateway for our internal net) em2 is the external interface and has IP x.x.y.123 I used "log-all" type rules to find out which interfaces the packets run through from pf's perspective. Let's consider a ssh connection from an outside computer O connected to em2 to an inside computer I connected to em0. Packets from O to I will appear, in order, on the interfaces em2, bridge0 Packets from I to O will appear, in order, on the interfaces em0, bridge0, em2 What I would like to have is to see the packet from O to I also on em0, and I would not like to see bridge0 /at all/. I have played around with the other sysctl variables. It turnes out, that setting pfil_bridge to 0 makes "em2" disappear from the list above, but bridge 0 remains, which I think is counter-intuitive or maybe even a bug. Setting pfil_member to 0 does not make any difference. Are there any further patches from -CURRENT that would make such a behaviour possible? Also, I wonder whether I could use "synproxy state" for connections from O to I. I know that "synproxy state" does not work for bridges, but those packets are arriving on em2 which is not member of the bridge and are then being routed before being put on the bridge, so there should be a possibility for proxying. However, packets still don't get through when I change a "keep state" rule to "synproxy state". TIA Regards Tobias -- Universität Stuttgart|Fakultät für Architektur und Stadtplanung|casinoIT 70174 Stuttgart Geschwister-Scholl-Straße 24D T +49 (0)711 121-4228 F +49 (0)711 121-4276 E office@casino.uni-stuttgart.de I http://www.casino.uni-stuttgart.de From owner-freebsd-pf@FreeBSD.ORG Mon Oct 8 11:08:33 2007 Return-Path: Delivered-To: freebsd-pf@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C7E2916A418 for ; Mon, 8 Oct 2007 11:08:33 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id AF99A13C45D for ; Mon, 8 Oct 2007 11:08:33 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.1/8.14.1) with ESMTP id l98B8Xm6083393 for ; Mon, 8 Oct 2007 11:08:33 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.1/8.14.1/Submit) id l98B8Wmn083389 for freebsd-pf@FreeBSD.org; Mon, 8 Oct 2007 11:08:32 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 8 Oct 2007 11:08:32 GMT Message-Id: <200710081108.l98B8Wmn083389@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-pf@FreeBSD.org Cc: Subject: Current problem reports assigned to you X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Oct 2007 11:08:33 -0000 Current FreeBSD problem reports Critical problems S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/111220 pf [pf] repeatable hangs while manipulating pf tables 1 problem total. Serious problems S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/82271 pf [pf] cbq scheduler cause bad latency o kern/92949 pf [pf] PF + ALTQ problems with latency o kern/110698 pf [pf] nat rule of pf without "on" clause causes invalid o bin/116610 pf [patch] teach tcpdump(1) to cope with the new-style pf 4 problems total. Non-critical problems S Tracker Resp. Description -------------------------------------------------------------------------------- o sparc/93530 pf [pf] Incorrect checksums when using pf's route-to on s o kern/93825 pf [pf] pf reply-to doesn't work o kern/106400 pf [pf] fatal trap 12 at restart of PF with ALTQ if ng0 d s conf/110838 pf tagged parameter on nat not working on FreeBSD 5.2 o kern/114567 pf [pf] LOR pf_ioctl.c + if.c o kern/115640 pf [net] [pf] pfctl -k dont works o kern/116645 pf pfctl -k does not work in securelevel 3 7 problems total. From owner-freebsd-pf@FreeBSD.ORG Tue Oct 9 19:47:25 2007 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 90A9F16A41A for ; Tue, 9 Oct 2007 19:47:25 +0000 (UTC) (envelope-from m@obmail.net) Received: from unclebob.obfuscated.net (stewie.obfuscated.net [69.8.202.125]) by mx1.freebsd.org (Postfix) with ESMTP id 66D1513C48A for ; Tue, 9 Oct 2007 19:47:25 +0000 (UTC) (envelope-from m@obmail.net) Received: from [10.0.1.196] (pool-96-228-136-165.tampfl.fios.verizon.net [96.228.136.165]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by unclebob.obfuscated.net (Postfix) with ESMTP id 5AD1E1700B for ; Tue, 9 Oct 2007 15:19:58 -0400 (EDT) Mime-Version: 1.0 (Apple Message framework v752.3) Content-Transfer-Encoding: 7bit Message-Id: Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed To: freebsd-pf@freebsd.org From: Michael Conlen Date: Tue, 9 Oct 2007 15:19:55 -0400 X-Mailer: Apple Mail (2.752.3) Subject: PF in FreeBSD 5.3 versus 6.x X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Oct 2007 19:47:25 -0000 I've noticed at some point between 5.3 and 6.0 that PF seems to be dropping more packets than with 5.3 and there is increased deviation in latency. Using the same equipment handling about 25k PPS each way I see about 0.3% packet loss with FreeBSD 6.2 and 6.0 with sub 0.1% loss with FreeBSD 5.3. Similarly the worst case response times for ICMP packets is much less in 5.3 than in either version of 6. I'm using something pretty vanilla in terms of setup. No ALTQ support or features, no redirects, just a lot of blocking and allowing. The firewalls are using server class 3Com and Intel Gigabit (Fiber) cards. The changes were noticed going forward and undone by going back to FreeBSD 5.3 so I don't suspect physical problems at the moment. My pf.conf is essentially a block in all followed by a block in quick against a table with 2000 entries, many of the /24 or /16 followed by pass rules to the various host:ports we allow. If I login to the firewalls themselves and run mtr in each direction I don't see any traffic loss. It's only when crossing the firewalls. Usage is about 25k packets per second and 100Mbit/sec 5 minute max traffic. The switches are Foundry SI-800g. Also doing about 25k/sec searches with 400 inserts a second and 270 removals and 407 matches/sec. The state table seems to run about 70,000 to 90,000 Are there issues I should be aware of and should pf be able to handle this kind of load? -- Michael Conlen From owner-freebsd-pf@FreeBSD.ORG Tue Oct 9 23:17:49 2007 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7D0C416A417 for ; Tue, 9 Oct 2007 23:17:49 +0000 (UTC) (envelope-from dmehler26@woh.rr.com) Received: from ms-smtp-02.ohiordc.rr.com (ms-smtp-02.ohiordc.rr.com [65.24.5.136]) by mx1.freebsd.org (Postfix) with ESMTP id 2E56F13C4AA for ; Tue, 9 Oct 2007 23:17:48 +0000 (UTC) (envelope-from dmehler26@woh.rr.com) Received: from satellite (cpe-65-31-42-110.woh.res.rr.com [65.31.42.110]) by ms-smtp-02.ohiordc.rr.com (8.13.6/8.13.6) with SMTP id l99NHieQ001320 for ; Tue, 9 Oct 2007 19:17:45 -0400 (EDT) Message-ID: <000301c80aca$99695db0$0200a8c0@satellite> From: "Dave" To: Date: Tue, 9 Oct 2007 19:17:44 -0400 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="Windows-1252"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.3138 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.3138 X-Virus-Scanned: Symantec AntiVirus Scan Engine Subject: pf and sip X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Dave List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Oct 2007 23:17:49 -0000 Hello, I've got a FreeBSD 6.2 gateway/router/firewall providing nat services among others. I've just tried to hook up voip phone services, i did some checking and it is using the sip protocol. I'm not getting a dial tone and calls aren't happening. According to the digital box i have it can't contact the login server. Below are my pf rules. If anyone has pf and sip working i'd be interested in hearing from you. Thanks. Dave. ipphone1="192.168.0.9" sip="5060" sip1="5061" # One translation line per IP phone. static-port is necessary to make pf retain the UDP # ephemeral port, so that the remote SIP proxy knows what session we belong to nat on $ext_if proto udp from $ipphone1 to any -> ($ext_if) static-port # experimental sip for viatalk pass in quick on $int_if inet proto udp from 192.168.0.9 port $sip to any keep state pass in quick on $int_if inet proto udp from 192.168.0.9 port $sip1 to any keep state pass out quick on $ext_if inet proto udp from $int_if port $sip to any keep state pass out quick on $ext_if inet proto udp from $int_if port $sip1 to any keep state From owner-freebsd-pf@FreeBSD.ORG Tue Oct 9 23:54:46 2007 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C96C316A418 for ; Tue, 9 Oct 2007 23:54:46 +0000 (UTC) (envelope-from andrew@ugh.net.au) Received: from starbug.ugh.net.au (starbug.ugh.net.au [202.3.36.37]) by mx1.freebsd.org (Postfix) with ESMTP id 9349713C448 for ; Tue, 9 Oct 2007 23:54:46 +0000 (UTC) (envelope-from andrew@ugh.net.au) Received: from localhost (starbug.ugh.net.au [202.3.36.37]) by starbug.ugh.net.au (Postfix) with ESMTP id 0D730386C4F for ; Wed, 10 Oct 2007 09:56:01 +1000 (EST) Date: Wed, 10 Oct 2007 09:56:01 +1000 (EST) From: Andrew To: freebsd-pf@freebsd.org Message-ID: <20071010014130.K98290@starbug.ugh.net.au> X-WonK: *wibble* MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Subject: HFSC and what the parameters mean X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Oct 2007 23:54:46 -0000 I'm trying to make sure I understand the meaning of bandwidth, realtime and linkshare when it comes to hfsc queues. Given the lines: altq on $up_int bandwidth 98Mb hfsc queue { ex_q1, ex_q2 } queue ex_q1 bandwidth 90% priority 6 hfsc(realtime 80% linkshare 90%) queue ex_q2 bandwidth 10% priority 5 hfsc(realtime 0% linkshare 10% default) My understanding is the bandwidth declaration on line 1 (the altq line) sets the total available bandwidth for altq to use. It will never send out traffic faster than this. In this case I have set it to 98Mb, being my (optimistic?) guess at the usable bandwidth on 100Mb ethernet. The bandwidth parameter on the ex_q lines, from my reading on the pf.conf man page sets the maximum bandwidth this child queue can use. This can't add up to more than 100%. Given that, if I wanted to have 2 queues, both of which could use 100% of the bandwidth but one given priority in case of congestion what value should I use here? I saw somewhere that in the case of hsfc that this bandwidth statement was an alias for the linkshare setting so that would mean the comment in the man page doesn't apply when using hfsc? realtime is the minimum amount of bandwidth this queue should be provided with. linkshare is the amount of the packet queue (the queue reffered to by the qlimit option) that will be used for this queue if congestion occurs and packets need queueing. priority controls the order in which packets are dequeued from the packet queue. That should mean that the above config lines create 2 queues - ex_q1 and ex_q2. Traffic in queue 1 gets to use 80% of the 98Mb of available bandwidth regardless of how much other traffic there may be. Traffic in queue 2 gets no guarentees but can use any bandwidth that is otherwise unused. How is the share of the remaining 20% divided? As the priority of queue 1 is higher (and the question only comes into play when there is more traffic than bandwidth) queue 1 should always get the bandwidth so is this not the same as setting realtime parameter to 100%? Thanks, Andrew From owner-freebsd-pf@FreeBSD.ORG Wed Oct 10 09:33:45 2007 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B931E16A420; Wed, 10 Oct 2007 09:33:45 +0000 (UTC) (envelope-from mohacsi@niif.hu) Received: from mail.ki.iif.hu (mail.ki.iif.hu [IPv6:2001:738:0:411::241]) by mx1.freebsd.org (Postfix) with ESMTP id 415E613C4C3; Wed, 10 Oct 2007 09:33:45 +0000 (UTC) (envelope-from mohacsi@niif.hu) Received: from localhost (localhost [IPv6:::1]) by mail.ki.iif.hu (Postfix) with ESMTP id AB0A5849D6; Wed, 10 Oct 2007 11:33:43 +0200 (CEST) X-Virus-Scanned: by amavisd-new at mignon.ki.iif.hu Received: from mail.ki.iif.hu ([127.0.0.1]) by localhost (mignon.ki.iif.hu [127.0.0.1]) (amavisd-new, port 10024) with LMTP id XiFxkz52nJiY; Wed, 10 Oct 2007 11:33:40 +0200 (CEST) Received: from scone.ki.iif.hu (unknown [IPv6:2001:738:0:410:213:ceff:fe7f:3279]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.ki.iif.hu (Postfix) with ESMTP id 78F0884978; Wed, 10 Oct 2007 11:33:39 +0200 (CEST) Message-ID: <470C9C07.7070901@niif.hu> Date: Wed, 10 Oct 2007 11:31:51 +0200 From: Janos Mohacsi User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.8.1.6) Gecko/20070806 SeaMonkey/1.1.4 MIME-Version: 1.0 To: bug-followup@FreeBSD.org, janos.mohacsi@bsd.hu, freebsd-pf@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: Subject: Re: docs/112579: No ipv6 related pf examples in /usr/share/examples/pf X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Oct 2007 09:33:45 -0000 The examples are mostly assuming the new openbsd default (also pf 4.1 in 7.0-current) of keep-state. The doc group should take care of it or freebsd-pf working group? Regards, Janos Mohacsi From owner-freebsd-pf@FreeBSD.ORG Fri Oct 12 04:16:55 2007 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C880B16A419 for ; Fri, 12 Oct 2007 04:16:55 +0000 (UTC) (envelope-from biancalana@gmail.com) Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.180]) by mx1.freebsd.org (Postfix) with ESMTP id 659C513C45A for ; Fri, 12 Oct 2007 04:16:55 +0000 (UTC) (envelope-from biancalana@gmail.com) Received: by py-out-1112.google.com with SMTP id u77so1510364pyb for ; Thu, 11 Oct 2007 21:16:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=LVv+EsnnsOUQERROXNkac8LQU5T08rSwhiNOf7h+/N0=; b=e9fZbFjwT0ea+1uCcDERcXu66l/CV6FdZGib5xURcAsvoS6YRJfH2awua0TW2frZziD+yUCQw7ojkgGkF3L3vkDeokkWdGBsiewm0FQb1N7BD/M3c0BcpNLKKy6AaO53NWo8TtNo4J4S7a6ZC6+K3CD/Ukesb7Pn0WhFah/WH5o= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=ZAwLnQKHXDGN0l1nL5rmxRlVTq7EDQRCFfFTxTh5kEekTumkvsE3ruI/PYtpowHzLzd9l0W+tJBlbKsbKPWv4wWQ0WL4Zbf+74JNVaD9qOojAJjbtZ/o0nQeIb5Xp4fYDkIRo32dmmkqt4eH6b0eHKM97PIv/BHsVlDXCmbgAiM= Received: by 10.65.200.8 with SMTP id c8mr5524003qbq.1192160874394; Thu, 11 Oct 2007 20:47:54 -0700 (PDT) Received: by 10.64.184.9 with HTTP; Thu, 11 Oct 2007 20:47:54 -0700 (PDT) Message-ID: <8e10486b0710112047i4d7ed61fx5bff9f5ae8a54ea1@mail.gmail.com> Date: Fri, 12 Oct 2007 00:47:54 -0300 From: "Alexandre Biancalana" To: freebsd-pf@freebsd.org In-Reply-To: <200709192100.24173.max@love2party.net> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <8e10486b0708212053w3769b68dxd33b90b7b906e5e9@mail.gmail.com> <12687223.post@talk.nabble.com> <200709151343.37635.max@love2party.net> <200709192100.24173.max@love2party.net> Subject: Re: ifconfig carpdev X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Oct 2007 04:16:55 -0000 On 9/19/07, Max Laier wrote: > > So here you go ... this is the ***ALPHA*** version of carpdev support. > Note that there are *a lot* of raw edges, untested areas and missing > features still, but "it's working"[tm]. > Hi Max ! Any Beta version is coming ? Regards, Alexandre From owner-freebsd-pf@FreeBSD.ORG Fri Oct 12 04:55:14 2007 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6DAEC16A46C for ; Fri, 12 Oct 2007 04:55:14 +0000 (UTC) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.171]) by mx1.freebsd.org (Postfix) with ESMTP id F1A6713C44B for ; Fri, 12 Oct 2007 04:55:13 +0000 (UTC) (envelope-from max@love2party.net) Received: from amd64.laiers.local (dslb-088-066-018-083.pools.arcor-ip.net [88.66.18.83]) by mrelayeu.kundenserver.de (node=mrelayeu5) with ESMTP (Nemesis) id 0ML25U-1IgCYJ41qM-00040X; Fri, 12 Oct 2007 06:55:12 +0200 From: Max Laier Organization: FreeBSD To: freebsd-pf@freebsd.org Date: Fri, 12 Oct 2007 06:55:02 +0200 User-Agent: KMail/1.9.7 References: <8e10486b0708212053w3769b68dxd33b90b7b906e5e9@mail.gmail.com> <200709192100.24173.max@love2party.net> <8e10486b0710112047i4d7ed61fx5bff9f5ae8a54ea1@mail.gmail.com> In-Reply-To: <8e10486b0710112047i4d7ed61fx5bff9f5ae8a54ea1@mail.gmail.com> X-Face: ,,8R(x[kmU]tKN@>gtH1yQE4aslGdu+2]; R]*pL,U>^H?)gW@49@wdJ`H<=?utf-8?q?=25=7D*=5FBD=0A=09U=5For=3D=5CmOZf764=26nYj=3DJYbR1PW0ud?=>|!~,,CPC.1-D$FG@0h3#'5"k{V]a~.<=?utf-8?q?mZ=7D44=23Se=7Em=0A=09Fe=7E=5C=5DX5B=5D=5Fxj?=(ykz9QKMw_l0C2AQ]}Ym8)fU MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart2687675.UhiiMbXyFh"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200710120655.10376.max@love2party.net> X-Provags-ID: V01U2FsdGVkX1/4lPTESva34RBo3fA6AuXbwqascLw023T1ZwL uLHnwatNBqzdTJQywsqIpGvqMf7KQAZCkEzCUvEbinWpK6L9s4 hsJsvLLqOH6pY7ecxEkEgMYUA8pMHEWxa1MBjqWo+Q= Cc: Subject: Re: ifconfig carpdev X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Oct 2007 04:55:14 -0000 --nextPart2687675.UhiiMbXyFh Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Friday 12 October 2007, Alexandre Biancalana wrote: > On 9/19/07, Max Laier wrote: > > So here you go ... this is the ***ALPHA*** version of carpdev > > support. Note that there are *a lot* of raw edges, untested areas and > > missing features still, but "it's working"[tm]. > > Hi Max ! > > Any Beta version is coming ? hacking away on it ... got it to panic twice earlier, but in terms of=20 functionality it's done (for IPv4) ... I'll put out a beta for IPv4 ASAP. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart2687675.UhiiMbXyFh Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQBHDv4uXyyEoT62BG0RAiYpAJ45LIAphmC/Y4gAWB8QQw2qpEyNrgCdHyoD DodNBnQjnMjc3PihiOVFTbU= =bilm -----END PGP SIGNATURE----- --nextPart2687675.UhiiMbXyFh-- From owner-freebsd-pf@FreeBSD.ORG Fri Oct 12 05:20:15 2007 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BAF8616A420 for ; Fri, 12 Oct 2007 05:20:15 +0000 (UTC) (envelope-from gergely.czuczy@harmless.hu) Received: from marvin.harmless.hu (marvin.harmless.hu [195.56.55.204]) by mx1.freebsd.org (Postfix) with ESMTP id 79CCC13C49D for ; Fri, 12 Oct 2007 05:20:15 +0000 (UTC) (envelope-from gergely.czuczy@harmless.hu) Received: from localhost (marvin-mail [192.168.0.2]) by marvin.harmless.hu (Postfix) with ESMTP id 4D25E7BFF0D; Fri, 12 Oct 2007 07:20:13 +0200 (CEST) X-Virus-Scanned: by amavisd-new-2.4.2 (20060627) (Debian) at harmless.hu Received: from marvin.harmless.hu ([192.168.0.2]) by localhost (marvin.harmless.hu [192.168.0.2]) (amavisd-new, port 10024) with ESMTP id ZSVhPcfRtI9a; Fri, 12 Oct 2007 07:20:13 +0200 (CEST) Received: from marvin.harmless.hu (localhost [127.0.0.1]) by marvin.harmless.hu (Postfix) with ESMTP id 66E567BFF0C; Fri, 12 Oct 2007 07:20:09 +0200 (CEST) Date: Fri, 12 Oct 2007 07:20:09 +0200 From: Gergely CZUCZY To: Max Laier Message-ID: <20071012052008.GA78037@harmless.hu> References: <8e10486b0708212053w3769b68dxd33b90b7b906e5e9@mail.gmail.com> <200709192100.24173.max@love2party.net> <8e10486b0710112047i4d7ed61fx5bff9f5ae8a54ea1@mail.gmail.com> <200710120655.10376.max@love2party.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=x-unknown; protocol="application/pgp-signature"; boundary="oyUTqETQ0mS9luUI" Content-Disposition: inline In-Reply-To: <200710120655.10376.max@love2party.net> User-Agent: mutt-ng/devel-r804 (FreeBSD) Cc: freebsd-pf@freebsd.org Subject: Re: ifconfig carpdev X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Oct 2007 05:20:15 -0000 --oyUTqETQ0mS9luUI Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Oct 12, 2007 at 06:55:02AM +0200, Max Laier wrote: > On Friday 12 October 2007, Alexandre Biancalana wrote: > > On 9/19/07, Max Laier wrote: > > > So here you go ... this is the ***ALPHA*** version of carpdev > > > support. Note that there are *a lot* of raw edges, untested areas and > > > missing features still, but "it's working"[tm]. > > > > Hi Max ! > > > > Any Beta version is coming ? >=20 > hacking away on it ... got it to panic twice earlier, but in terms of=20 > functionality it's done (for IPv4) ... I'll put out a beta for IPv4 ASAP. When It's Done, will it hit RELENG_7? Sincerely, Gergely Czuczy mailto: gergely.czuczy@harmless.hu --=20 Weenies test. Geniuses solve problems that arise. --oyUTqETQ0mS9luUI Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) owFNk89qFEEQxqNRlAERwQco/2B0szOZ3RiTrJq40ZhEogYjBgkivbO1O4093WN3 zW42ZxEPguJNFAxePAkePPkOevEBfADx4sGDXqzeTaLDNNPTXd+Pqq+rnx8aHtp7 5MuHj+ujT1+82vN++FFjNCuIdDvMhO1IHVbiuBJOTsXjk+G5cDyZRpzAarXRmG5V psYXDu87eNloQk3h7V6ONSDcoLFcCanPQ5IK65AuFtQKp4KduCvS5cZJkkbXQGol Ne7u3bZCuxbacF4npil1uwYPC0PYDHMrNYmGwiC4qeGqlWW4mRBUqmWoxvEkCIL4 XG1iohZX69dhNObFMlwXG7AsJFroWqbUghkYiJuix1JPMA3e9YQy1BVuCN20CHNS 6EQoocU/YV86PVaZHvOx/8gXMrFxSZkOVnNhqRdppJn/VTOwaiBFpvZMAW0DURQB pdIBv5QilEql+vLKYp2/0EHr2BcwLUiEzZvY2Wa4Is+NpQhuMJhlXC71oYJHSYAy VPIqK7qAzTa6MhRsqWPrfIhwwJVtszLpHFsLLRRUWHTgSCpVhkZBcFzSiIOusQ84 4vg6Zfcir+orF2W/7GO7C3XdgzkksZs2V5SYzLNng5mL1ZijUpF4FIguW+5DqG9A 25CfkoFcaJkAdWWCgMIq9nSQitTcTDZzXNYA1Sp04rtGKEk96CfaNBrhdMtYWFrp nD3TRy+NKAU5AwwPAQ2f4E4E1FfrK1GwlqKGJQ+4woAydLl+n07K49b88vyNhfuT swE/q1In7LLqlYNgAW2bZ3B5s0g2e0EmpCJTg/ZgOUr6y5e45TOFzkVpEQRh6DNf Q9SSbfbHEcEC/xTOu25UByG3hps6c4MzFVY6jIIns8P7h/zd2rmYR/bSl6E31yrB 7+V089uB12/Fpz3w7v2zlZdDW49HPt9RR7d+fDx199fXkyf+zP38fuIv =c288 -----END PGP SIGNATURE----- --oyUTqETQ0mS9luUI-- From owner-freebsd-pf@FreeBSD.ORG Fri Oct 12 05:51:49 2007 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7362316A418 for ; Fri, 12 Oct 2007 05:51:49 +0000 (UTC) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.183]) by mx1.freebsd.org (Postfix) with ESMTP id 0680B13C447 for ; Fri, 12 Oct 2007 05:51:48 +0000 (UTC) (envelope-from max@love2party.net) Received: from amd64.laiers.local (dslb-088-066-018-083.pools.arcor-ip.net [88.66.18.83]) by mrelayeu.kundenserver.de (node=mrelayeu8) with ESMTP (Nemesis) id 0ML31I-1IgDR33WpX-00088x; Fri, 12 Oct 2007 07:51:46 +0200 From: Max Laier Organization: FreeBSD To: Gergely CZUCZY Date: Fri, 12 Oct 2007 07:51:35 +0200 User-Agent: KMail/1.9.7 References: <8e10486b0708212053w3769b68dxd33b90b7b906e5e9@mail.gmail.com> <200710120655.10376.max@love2party.net> <20071012052008.GA78037@harmless.hu> In-Reply-To: <20071012052008.GA78037@harmless.hu> X-Face: ,,8R(x[kmU]tKN@>gtH1yQE4aslGdu+2]; R]*pL,U>^H?)gW@49@wdJ`H<=?utf-8?q?=25=7D*=5FBD=0A=09U=5For=3D=5CmOZf764=26nYj=3DJYbR1PW0ud?=>|!~,,CPC.1-D$FG@0h3#'5"k{V]a~.<=?utf-8?q?mZ=7D44=23Se=7Em=0A=09Fe=7E=5C=5DX5B=5D=5Fxj?=(ykz9QKMw_l0C2AQ]}Ym8)fU MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1519372.N4kONhSjQW"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200710120751.44332.max@love2party.net> X-Provags-ID: V01U2FsdGVkX18+WOj2qJuqhLi+REPXhEUGTPds6XLgCTft096 jmE3Y1a2V/cZWolSz9FS/pL3yQlFr0Lo3tQYbrWgxPg+m0nHnn x1tDoSLhJrwOdtVXOC3LTGqw8KKCB6Ft6K57LFlxTM= Cc: freebsd-pf@freebsd.org Subject: Re: ifconfig carpdev X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Oct 2007 05:51:49 -0000 --nextPart1519372.N4kONhSjQW Content-Type: text/plain; charset="iso-8859-6" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Friday 12 October 2007, Gergely CZUCZY wrote: > On Fri, Oct 12, 2007 at 06:55:02AM +0200, Max Laier wrote: > > On Friday 12 October 2007, Alexandre Biancalana wrote: > > > On 9/19/07, Max Laier wrote: > > > > So here you go ... this is the ***ALPHA*** version of carpdev > > > > support. Note that there are *a lot* of raw edges, untested areas > > > > and missing features still, but "it's working"[tm]. > > > > > > Hi Max ! > > > > > > Any Beta version is coming ? > > > > hacking away on it ... got it to panic twice earlier, but in terms of > > functionality it's done (for IPv4) ... I'll put out a beta for IPv4 > > ASAP. > > When It's Done, will it hit RELENG_7? There is one ABI breakage in the patch (the change of the ioctl structure=20 to include the carpdev name). It might be possible to backdoor this=20 through SIOCGPRIVATE_0 or similar - in which case it would be MFC'able. =20 In any case there is still a lot of work to be done. 7.0 certainly not,=20 7.1 maybe ... 8.0 very likely (unless something completely different is=20 implemented by then). =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart1519372.N4kONhSjQW Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQBHDwtwXyyEoT62BG0RArnyAJ9PNuSptsBO2n15hhn9fRl45fmxQQCdFxLm WdmEvaUofXg679AQYqrMYC4= =wOXw -----END PGP SIGNATURE----- --nextPart1519372.N4kONhSjQW--