From owner-freebsd-pf@FreeBSD.ORG Mon May 25 09:30:30 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7679610656AB for ; Mon, 25 May 2009 09:30:30 +0000 (UTC) (envelope-from jmclaughlin@tssg.org) Received: from smtps.tssg.org (smtps.tssg.org [193.1.185.47]) by mx1.freebsd.org (Postfix) with ESMTP id 17D048FC1C for ; Mon, 25 May 2009 09:30:29 +0000 (UTC) (envelope-from jmclaughlin@tssg.org) X-IronPort-AV: E=Sophos;i="4.41,243,1241391600"; d="scan'208";a="344064" Received: from unknown (HELO [10.37.2.28]) ([10.37.2.28]) by smtps.tssg.org with ESMTP/TLS/DHE-RSA-AES256-SHA; 25 May 2009 10:18:04 +0100 Message-ID: <4A1A61D0.9010108@tssg.org> Date: Mon, 25 May 2009 10:16:00 +0100 From: John McLaughlin User-Agent: Thunderbird 2.0.0.21 (Windows/20090302) MIME-Version: 1.0 To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Address family problems with ECN + ALTQ on IPv6 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 May 2009 09:30:31 -0000 Hi, I'm trying to set up a testbed to play around with some ideas regarding ECN. The hardware scenario involves having a Linux box (has to be Linux) either side of a FreeBSD router. All addressing is IPv6 (also a requirement) I've configured Pf really in a really simple fashion thus: ext_if="xl0" altq on $ext_if cbq bandwidth 1Mb tbrsize 4000 qlimit 5 queue { def } queue def bandwidth 100% cbq(default red ecn) and this works insofar as the bandwidth is limited as specified. I use Netperf to generate traffic between the 2 endpoints through the router, but no packet ever gets marked with CE - only dropped. Traffic is always a TCP stream I investigated further be embedding debug statements into altq_ecn.c, and have discovered that the mark_ecn() function is failing at the line: if (af != AF_INET && af != AF_INET6) return (0); Checking the value of af, it is *always* returned as 0 - I would expect 28 from looking at socket.h. ECN usage between the two endpoints is negotiated successfully - using Wireshark I can see this in the SYN/SYN ACK packet. Furthermore the outgoing data packets are marked with the ECT(0) (10) codepoint, but the router never signals congestion with the CE (11) codepoint as it always fails the address family check Am I missing some sysctl configuration somewhere or possibly a kernel option, or is this a bug? The following are my kernel options: # ALTQ support device pf device pflog device pfsync options ALTQ options ALTQ_CBQ # Class Bases Queuing (CBQ) options ALTQ_RED # Random Early Detection (RED) options ALTQ_RIO # RED In/Out options ALTQ_HFSC # Hierarchical Packet Scheduler (HFSC) options ALTQ_PRIQ # Priority Queuing (PRIQ) options ALTQ_NOPCC # Required for SMP build Any help will be much appreciated! Regards, John McLaughlin