From owner-freebsd-pf@FreeBSD.ORG Mon Aug 10 11:07:02 2009 Return-Path: Delivered-To: freebsd-pf@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 452251065678 for ; Mon, 10 Aug 2009 11:07:02 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 199558FC3C for ; Mon, 10 Aug 2009 11:07:02 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n7AB71b2025255 for ; Mon, 10 Aug 2009 11:07:01 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n7AB716S025251 for freebsd-pf@FreeBSD.org; Mon, 10 Aug 2009 11:07:01 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 10 Aug 2009 11:07:01 GMT Message-Id: <200908101107.n7AB716S025251@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-pf@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-pf@FreeBSD.org X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Aug 2009 11:07:03 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/136781 pf [pf] Packets appear to drop with pf scrub and if_bridg o kern/135948 pf [pf] [gre] pf not natting gre protocol o kern/135162 pf [pfsync] pfsync(4) not usable with GENERIC kernel o kern/134996 pf [pf] Anchor tables not included when pfctl(8) is run w o kern/133732 pf [pf] max-src-conn issue o kern/132769 pf [pf] [lor] 2 LOR's with pf task mtx / ifnet and rtent f kern/132176 pf [pf] pf stalls connection when using route-to [regress o conf/130381 pf [rc.d] [pf] [ip6] ipv6 not fully configured when pf st o kern/129861 pf [pf] [patch] Argument names reversed in pf_table.c:_co o kern/127920 pf [pf] ipv6 and synproxy don't play well together o conf/127814 pf [pf] The flush in pf_reload in /etc/rc.d/pf does not w o kern/127439 pf [pf] deadlock in pf f kern/127345 pf [pf] Problem with PF on FreeBSD7.0 [regression] o kern/127121 pf [pf] [patch] pf incorrect log priority o kern/127042 pf [pf] [patch] pf recursion panic if interface group is o kern/125467 pf [pf] pf keep state bug while handling sessions between s kern/124933 pf [pf] [ip6] pf does not support (drops) IPv6 fragmented o kern/124364 pf [pf] [panic] Kernel panic with pf + bridge o kern/122773 pf [pf] pf doesn't log uid or pid when configured to o kern/122014 pf [pf] [panic] FreeBSD 6.2 panic in pf o kern/121704 pf [pf] PF mangles loopback packets o kern/120281 pf [pf] [request] lost returning packets to PF for a rdr o kern/120057 pf [pf] [patch] Allow proper settings of ALTQ_HFSC. The c o bin/118355 pf [pf] [patch] pfctl(8) help message options order false o kern/114567 pf [pf] [lor] pf_ioctl.c + if.c o kern/114095 pf [carp] carp+pf delay with high state limit o kern/111220 pf [pf] repeatable hangs while manipulating pf tables s conf/110838 pf [pf] tagged parameter on nat not working on FreeBSD 5. o kern/103283 pf pfsync fails to sucessfully transfer some sessions o kern/103281 pf pfsync reports bulk update failures o kern/93825 pf [pf] pf reply-to doesn't work o sparc/93530 pf [pf] Incorrect checksums when using pf's route-to on s o kern/92949 pf [pf] PF + ALTQ problems with latency o bin/86635 pf [patch] pfctl(8): allow new page character (^L) in pf. o kern/82271 pf [pf] cbq scheduler cause bad latency 35 problems total. From owner-freebsd-pf@FreeBSD.ORG Thu Aug 13 22:04:18 2009 Return-Path: Delivered-To: pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 62F4B1065695; Thu, 13 Aug 2009 22:04:18 +0000 (UTC) (envelope-from tom@uffner.com) Received: from eris.uffner.com (uffner.com [66.208.243.25]) by mx1.freebsd.org (Postfix) with ESMTP id 0C0488FC52; Thu, 13 Aug 2009 22:04:17 +0000 (UTC) Received: from xiombarg.uffner.com (static-71-162-143-94.phlapa.fios.verizon.net [71.162.143.94]) (authenticated bits=0) by eris.uffner.com (8.14.3/8.14.3) with ESMTP id n7DLS6sq036591 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Thu, 13 Aug 2009 17:28:15 -0400 (EDT) (envelope-from tom@uffner.com) Message-ID: <4A8484E4.6090504@uffner.com> Date: Thu, 13 Aug 2009 17:25:56 -0400 From: Tom Uffner User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.8.1.22) Gecko/20090721 SeaMonkey/1.1.17 MIME-Version: 1.0 To: pf@freebsd.org, current@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Subject: packet forwarding/firewall performance question X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Aug 2009 22:04:18 -0000 I am curious what level of performance I should expect from the firewall box described below in terms of packets/sec and bytes/sec. it is an 800 MHz VIA c3 with a Gigabit switch on the inside interface and 20 Mbs symetric Fios on the outside. both interfaces are 100 Mbs. it is running sshd, bsnmpd, sendmail (outbound only), bind9 (serving local domain info & queries from 5-15 machines on the LAN) and isc-dhcpd. it acts as a border firewall/router for a small LAN w/ 5 static external addresses & the rest NATed. Kernel: http://www.uffner.com/temp/GATEWAY.txt dmesg: http://www.uffner.com/temp/dmesg.txt rc.conf: http://www.uffner.com/temp/rc.conf.txt pf.conf: http://www.uffner.com/temp/pf.conf.txt i'm hoping a few people will give me estimates on what kind of throughput i should theoretically expect before i provide any actual test data. also, any suggestions on tuning would be welcome. so far in preliminary tests, enabling polling on the network interfaces reduces my performance slightly both to/from and through the box. net.inet.ip.fastforwarding doesn't seem to make much difference either way but i haven't done very thorough testing of it. increasing net.inet.tcp.sendbuf_max & recvbuf_max may have helped, but again, not sufficiently tested. From owner-freebsd-pf@FreeBSD.ORG Thu Aug 13 23:10:22 2009 Return-Path: Delivered-To: pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C39611065696 for ; Thu, 13 Aug 2009 23:10:22 +0000 (UTC) (envelope-from cbuechler@gmail.com) Received: from mail-yw0-f180.google.com (mail-yw0-f180.google.com [209.85.211.180]) by mx1.freebsd.org (Postfix) with ESMTP id 7F05B8FC5D for ; Thu, 13 Aug 2009 23:10:22 +0000 (UTC) Received: by ywh10 with SMTP id 10so2899390ywh.7 for ; Thu, 13 Aug 2009 16:10:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=5njWV4LLYzP9rsYGCoxku8MhPCwK0wREqvM+zuwX22s=; b=PXLZuwPfuc33U6YcdBAv5WpcZmjucKrCR0XdTmAR4i4+b/C9YJMvGHQcGx5VtlBdSY wgQFtSb8Dhgtio5OMnRFA792fXTb6JMxn/+qY3TCV5eFf97+H0zqECwJjNpLEF60z+1r i0G6iIxFMyFPgesR5IcfLc8+UhdyhLSQ1JYOM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=Ke7TON8Q1EpFJLvKSdg0LATfJ61iEBiOA/pAhV1VVAvAirzHIZpACgiEVv4KuQiEsP ihFevo4wjkd8ftj499ueC7T5F9zR4CbRnQHKZ0Lky6Xq7mi7qYZxE/un5hkULsDsvm+I TepLx4AqEGwcjtz29qkRff2yjPpSE0nYbjQHw= MIME-Version: 1.0 Received: by 10.150.214.7 with SMTP id m7mr1882685ybg.48.1250203480936; Thu, 13 Aug 2009 15:44:40 -0700 (PDT) In-Reply-To: <4A8484E4.6090504@uffner.com> References: <4A8484E4.6090504@uffner.com> Date: Thu, 13 Aug 2009 18:44:40 -0400 Message-ID: From: Chris Buechler To: Tom Uffner Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: pf@freebsd.org Subject: Re: packet forwarding/firewall performance question X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Aug 2009 23:10:22 -0000 On Thu, Aug 13, 2009 at 5:25 PM, Tom Uffner wrote: > I am curious what level of performance I should expect from the > firewall box described below in terms of packets/sec and bytes/sec. > > it is an 800 MHz VIA c3 with a Gigabit switch on the inside interface > and 20 Mbs symetric Fios on the outside. both interfaces are 100 Mbs. > it is running sshd, bsnmpd, sendmail (outbound only), bind9 (serving > local domain info & queries from 5-15 machines on the LAN) and isc-dhcpd. > it acts as a border firewall/router for a small LAN w/ 5 static external > addresses & the rest NATed. > Keeping this on pf since you aren't running -current. With what sounds like a nearly identical box, I've gotten 100 Mb wire speed with 7.x-based pfSense versions, which should be virtually identical to stock FreeBSD performance. I would expect 100 Mb wire speed with CPU to spare, using out of the box settings. > so far in preliminary tests, enabling polling on the network interfaces > reduces my performance slightly both to/from and through the box. That's to be expected, the only benefit of polling is to prevent live lock under extreme load. With only 100 Mb NICs I doubt if you could even get into that scenario with an 800 MHz CPU. > net.inet.ip.fastforwarding doesn't seem to make much difference either > way but i haven't done very thorough testing of it. I believe that has more impact with routing, and little or none when firewalling/NATing. > increasing > net.inet.tcp.sendbuf_max & recvbuf_max may have helped, but again, not > sufficiently tested. I don't think that has any impact on traffic through the system, rather that's for traffic initiated by the system, but not completely sure. From owner-freebsd-pf@FreeBSD.ORG Thu Aug 13 23:58:00 2009 Return-Path: Delivered-To: pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 46B7B106568B; Thu, 13 Aug 2009 23:58:00 +0000 (UTC) (envelope-from cswiger@mac.com) Received: from asmtpout019.mac.com (asmtpout019.mac.com [17.148.16.94]) by mx1.freebsd.org (Postfix) with ESMTP id 3406C8FC15; Thu, 13 Aug 2009 23:58:00 +0000 (UTC) MIME-version: 1.0 Content-transfer-encoding: 7BIT Content-type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Received: from cswiger1.apple.com ([17.227.140.124]) by asmtp019.mac.com (Sun Java(tm) System Messaging Server 6.3-8.01 (built Dec 16 2008; 32bit)) with ESMTPSA id <0KOC00EVM7SN1040@asmtp019.mac.com>; Thu, 13 Aug 2009 15:57:59 -0700 (PDT) Message-id: From: Chuck Swiger To: Tom Uffner In-reply-to: <4A8484E4.6090504@uffner.com> Date: Thu, 13 Aug 2009 15:57:59 -0700 References: <4A8484E4.6090504@uffner.com> X-Mailer: Apple Mail (2.936) Cc: pf@freebsd.org, current@freebsd.org Subject: Re: packet forwarding/firewall performance question X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Aug 2009 23:58:00 -0000 Hi-- On Aug 13, 2009, at 2:25 PM, Tom Uffner wrote: > it is an 800 MHz VIA c3 with a Gigabit switch on the inside interface > and 20 Mbs symetric Fios on the outside. both interfaces are 100 Mbs. I'd done a bit of testing of a VIA EPIA C3 (either a 600 or 800) with the on-board vr0 and an Intel fxp card, and it seemed to go OK up to ~ 8MB/s aka ~65 megabits/sec with a fairly short IPFW-based firewall doing NAT and suchlike. It's probably OK for your purpose, but the EPIA motherboard I had was somewhat flaky. I'd had the vr0 interface get wedged every few days, and trying to use both ATA channels in an UDMA mode tended to result in a total system hang; using only one ATA device, UDMA-100 was fine. I never ended up putting the box into a production use as a consequence. I've had better luck with something like the Soerkris 480x ... -- -Chuck From owner-freebsd-pf@FreeBSD.ORG Fri Aug 14 13:55:19 2009 Return-Path: Delivered-To: pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C5709106568F; Fri, 14 Aug 2009 13:55:19 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [65.122.17.42]) by mx1.freebsd.org (Postfix) with ESMTP id A0A838FC51; Fri, 14 Aug 2009 13:55:19 +0000 (UTC) Received: from fledge.watson.org (fledge.watson.org [65.122.17.41]) by cyrus.watson.org (Postfix) with ESMTPS id 52F8F46B0C; Fri, 14 Aug 2009 09:55:19 -0400 (EDT) Date: Fri, 14 Aug 2009 14:55:19 +0100 (BST) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: Tom Uffner In-Reply-To: <4A8484E4.6090504@uffner.com> Message-ID: References: <4A8484E4.6090504@uffner.com> User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: pf@freebsd.org, current@freebsd.org Subject: Re: packet forwarding/firewall performance question X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Aug 2009 13:55:19 -0000 On Thu, 13 Aug 2009, Tom Uffner wrote: > i'm hoping a few people will give me estimates on what kind of throughput i > should theoretically expect before i provide any actual test data. > > also, any suggestions on tuning would be welcome. > > so far in preliminary tests, enabling polling on the network interfaces > reduces my performance slightly both to/from and through the box. > net.inet.ip.fastforwarding doesn't seem to make much difference either > way but i haven't done very thorough testing of it. increasing > net.inet.tcp.sendbuf_max & recvbuf_max may have helped, but again, not > sufficiently tested. I can't speak to absolute numbers, but I wouldn't expect net.inet.tcp.* changes to make any difference, as they should affect only locally terminated sockets on the firewall host, not forwarded packets. You might want to try experimenting with net.isr.direct -- try setting it to 0, as this changes the kernel dispatch model for the network stack. On a UP box, I would probably anticipate a performance loss for making that change, or similar configuration changes for multiple netisr threads using net.isr.maxthreads. If you're using firewall code, fast forwarding is unlikely to make a difference. Depending on the cache/memory/CPU trade-off, you might find turning off flowtable support helps -- net.inet.flowtable.enable=0. Robert N M Watson Computer Laboratory University of Cambridge From owner-freebsd-pf@FreeBSD.ORG Sat Aug 15 18:01:02 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 40B07106568D for ; Sat, 15 Aug 2009 18:01:02 +0000 (UTC) (envelope-from zvujovic@gmail.com) Received: from mail-fx0-f205.google.com (mail-fx0-f205.google.com [209.85.220.205]) by mx1.freebsd.org (Postfix) with ESMTP id 417688FC15 for ; Sat, 15 Aug 2009 18:01:00 +0000 (UTC) Received: by fxm1 with SMTP id 1so1616477fxm.7 for ; Sat, 15 Aug 2009 11:00:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:date:to:subject:from :content-type:mime-version:content-transfer-encoding:message-id :user-agent; bh=rcCTMDaXObBybPD8dBaPf0TftGOJ8Phcjwdlq21vuZ4=; b=WRfH9rsZvAPyFGDaa98TQBXtgmsHbX1jhIIyMvKw70qQO6WEghi00W00vQCKOCu68K XQqL3+RsiD9+6fLSvuQhfVPkGY/EgDYraJ7y+XanRR5yExmrFUw3d5TcyxsHoDp9Rft1 7erdtchp3UP3mCNAi3waUzTXsV/IN56ooOFK4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=date:to:subject:from:content-type:mime-version :content-transfer-encoding:message-id:user-agent; b=mPs6B+S4DW2NJfuWO6o/IAeAhblSHYhXmt2ASWkpZaOH9rCkWLDIXCQ3gPyA1pLXaF +QDL7OdibB3efP8RYTQ37nlcPW518H6pWrDoaBPSw0Z/D1laMMqycaWrp+X4aHb15/S5 HmB04W43NlW+gWhomLNZT8D5J4ju66JoPVAjo= Received: by 10.103.125.37 with SMTP id c37mr873340mun.69.1250357287366; Sat, 15 Aug 2009 10:28:07 -0700 (PDT) Received: from freebsd.svarog-r00lz.info (77-105-44-157.adsl-2.sezampro.yu [77.105.44.157]) by mx.google.com with ESMTPS id 14sm11945053muo.3.2009.08.15.10.28.04 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sat, 15 Aug 2009 10:28:06 -0700 (PDT) Date: Sat, 15 Aug 2009 19:27:42 +0200 To: freebsd-pf@freebsd.org From: z0ran Content-Type: text/plain; format=flowed; delsp=yes; charset=us-ascii MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Message-ID: User-Agent: Opera Mail/9.64 (FreeBSD) Subject: freebsd-8-beta2 and pf X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 15 Aug 2009 18:01:02 -0000 First of all i couldn't enable pf with "pfctl -e", then i couldn't load module with "kldload pf.ko", it gives me % kldload /boot/kernel/pf.ko kldload: can't load /boot/kernel/pf.ko: Exec format error and at the end i couldn't find in kernel: device pf device pflog device pfsync This is my % uname -a FreeBSD freebsd.svarog-r00lz.info 8.0-BETA2 FreeBSD 8.0-BETA2 #0: Wed Jul 15 21:48:41 UTC 2009 root@mason.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64 and % file /boot/kernel/pf.ko /boot/kernel/pf.ko: ELF 64-bit LSB relocatable, x86-64, version 1 (FreeBSD), not stripped % kldstat Id Refs Address Size Name 1 15 0xffffffff80100000 ef0820 kernel 2 1 0xffffffff80ff1000 196498 zfs.ko 3 2 0xffffffff81188000 3a98 opensolaris.ko 4 1 0xffffffff8118c000 23f48 snd_hda.ko 5 2 0xffffffff811b0000 86d88 sound.ko this is my /var/log/messages: Aug 15 07:00:00 freebsd newsyslog[1234]: logfile turned over due to size>100K Aug 15 07:01:45 freebsd console-kit-daemon[1145]: WARNING: kvm_getenvv failed: cannot open /proc/1209/mem Aug 15 07:01:45 freebsd gnome-session[1209]: WARNING: Unable to determine session: Unable to lookup session information for process '1209' Aug 15 13:55:14 freebsd console-kit-daemon[1145]: WARNING: kvm_getenvv failed: cannot open /proc/1209/mem Aug 15 13:55:14 freebsd gnome-session[1209]: WARNING: Unable to determine session: Unable to lookup session information for process '1209' Aug 15 13:55:58 freebsd kernel: lock order reversal: Aug 15 13:55:58 freebsd kernel: 1st 0xffffff0044baca48 filedesc structure (filedesc structure) @ /usr/src/sys/kern/kern_descrip.c:1088 Aug 15 13:55:58 freebsd kernel: 2nd 0xffffff0053e287f8 zfs (zfs) @ /usr/src/sys/kern/vfs_subr.c:4091 Aug 15 13:55:58 freebsd kernel: KDB: stack backtrace: Aug 15 13:55:58 freebsd kernel: db_trace_self_wrapper() at db_trace_self_wrapper+0x2a Aug 15 13:55:58 freebsd kernel: _witness_debugger() at _witness_debugger+0x2e Aug 15 13:55:58 freebsd kernel: witness_checkorder() at witness_checkorder+0x81e Aug 15 13:55:58 freebsd kernel: __lockmgr_args() at __lockmgr_args+0xcf3 Aug 15 13:55:58 freebsd kernel: vop_stdlock() at vop_stdlock+0x39 Aug 15 13:55:58 freebsd kernel: VOP_LOCK1_APV() at VOP_LOCK1_APV+0x9b Aug 15 13:55:58 freebsd kernel: _vn_lock() at _vn_lock+0x47 Aug 15 13:55:58 freebsd kernel: knlist_remove_kq() at knlist_remove_kq+0x67 Aug 15 13:55:58 freebsd kernel: knote_fdclose() at knote_fdclose+0x177 Aug 15 13:55:58 freebsd kernel: kern_close() at kern_close+0xe9 Aug 15 13:55:58 freebsd kernel: syscall() at syscall+0x1af Aug 15 13:55:58 freebsd kernel: Xfast_syscall() at Xfast_syscall+0xe1 Aug 15 13:55:58 freebsd kernel: --- syscall (6, FreeBSD ELF64, close), rip = 0x800e46f8c, rsp = 0x7fffffffe538, rbp = 0x800f7eb80 --- and this is /var/run/dmesg.boot Copyright (c) 1992-2009 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD is a registered trademark of The FreeBSD Foundation. FreeBSD 8.0-BETA2 #0: Wed Jul 15 21:48:41 UTC 2009 root@mason.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC WARNING: WITNESS option enabled, expect reduced performance. Timecounter "i8254" frequency 1193182 Hz quality 0 CPU: AMD Phenom(tm) 9550 Quad-Core Processor (2200.09-MHz K8-class CPU) Origin = "AuthenticAMD" Id = 0x100f23 Stepping = 3 Features=0x178bfbff Features2=0x802009 AMD Features=0xee500800 AMD Features2=0x7ff TSC: P-state invariant real memory = 3221225472 (3072 MB) avail memory = 2829471744 (2698 MB) ACPI APIC Table: <073108 APIC1642> FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs FreeBSD/SMP: 1 package(s) x 4 core(s) cpu0 (BSP): APIC ID: 0 cpu1 (AP): APIC ID: 1 cpu2 (AP): APIC ID: 2 cpu3 (AP): APIC ID: 3 This module (opensolaris) contains code covered by the Common Development and Distribution License (CDDL) see http://opensolaris.org/os/licensing/opensolaris_license/ ioapic0 irqs 0-23 on motherboard kbd1 at kbdmux0 acpi0: <073108 RSDT1642> on motherboard acpi0: [ITHREAD] acpi0: Power Button (fixed) acpi0: reservation of fee00000, 1000 (3) failed acpi0: reservation of ffb80000, 80000 (3) failed acpi0: reservation of fec10000, 20 (3) failed acpi0: reservation of 0, a0000 (3) failed acpi0: reservation of 100000, aff00000 (3) failed ACPI HPET table warning: Sequence is non-zero (2) Timecounter "ACPI-safe" frequency 3579545 Hz quality 850 acpi_timer0: <32-bit timer at 3.579545MHz> port 0x808-0x80b on acpi0 acpi_hpet0: iomem 0xfed00000-0xfed003ff on acpi0 Timecounter "HPET" frequency 14318180 Hz quality 900 pcib0: port 0xcf8-0xcff on acpi0 pci0: on pcib0 pcib1: at device 1.0 on pci0 pci1: on pcib1 vgapci0: port 0xc000-0xc0ff mem 0xd0000000-0xdfffffff,0xfe9f0000-0xfe9fffff,0xfe800000-0xfe8fffff irq 18 at device 5.0 on pci1 hdac0: mem 0xfe9e8000-0xfe9ebfff irq 19 at device 5.1 on pci1 hdac0: HDA Driver Revision: 20090624_0136 hdac0: [ITHREAD] pcib2: irq 18 at device 6.0 on pci0 pci2: on pcib2 re0: port 0xd800-0xd8ff mem 0xfeaff000-0xfeafffff,0xfdff0000-0xfdffffff irq 18 at device 0.0 on pci2 re0: Using 1 MSI messages re0: Chip rev. 0x3c000000 re0: MAC rev. 0x00400000 miibus0: on re0 rgephy0: PHY 1 on miibus0 rgephy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-FDX, auto re0: Ethernet address: 00:21:97:08:14:22 re0: [FILTER] atapci0: port 0xb000-0xb007,0xa000-0xa003,0x9000-0x9007,0x8000-0x8003,0x7000-0x700f mem 0xfe7ff800-0xfe7ffbff irq 22 at device 17.0 on pci0 atapci0: [ITHREAD] atapci0: AHCI v1.10 controller with 4 3Gbps ports, PM supported ata2: on atapci0 ata2: port is not ready (timeout 0ms) tfd = 000001d0 ata2: software reset clear timeout ata2: [ITHREAD] ata3: on atapci0 ata3: [ITHREAD] ata4: on atapci0 ata4: [ITHREAD] ata5: on atapci0 ata5: [ITHREAD] ohci0: mem 0xfe7fe000-0xfe7fefff irq 16 at device 18.0 on pci0 ohci0: [ITHREAD] usbus0: on ohci0 ohci1: mem 0xfe7fd000-0xfe7fdfff irq 16 at device 18.1 on pci0 ohci1: [ITHREAD] usbus1: on ohci1 ehci0: mem 0xfe7ff000-0xfe7ff0ff irq 17 at device 18.2 on pci0 ehci0: [ITHREAD] usbus2: EHCI version 1.0 usbus2: on ehci0 ohci2: mem 0xfe7fc000-0xfe7fcfff irq 18 at device 19.0 on pci0 ohci2: [ITHREAD] usbus3: on ohci2 ohci3: mem 0xfe7fb000-0xfe7fbfff irq 18 at device 19.1 on pci0 ohci3: [ITHREAD] usbus4: on ohci3 ehci1: mem 0xfe7fa800-0xfe7fa8ff irq 19 at device 19.2 on pci0 ehci1: [ITHREAD] usbus5: EHCI version 1.0 usbus5: on ehci1 pci0: at device 20.0 (no driver attached) atapci1: port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xff00-0xff0f at device 20.1 on pci0 ata0: on atapci1 ata0: [ITHREAD] ata1: on atapci1 ata1: [ITHREAD] hdac1: mem 0xfe7f4000-0xfe7f7fff irq 16 at device 20.2 on pci0 hdac1: HDA Driver Revision: 20090624_0136 hdac1: [ITHREAD] isab0: at device 20.3 on pci0 isa0: on isab0 pcib3: at device 20.4 on pci0 pci3: on pcib3 rl0: port 0xe800-0xe8ff mem 0xfebffc00-0xfebffcff irq 20 at device 5.0 on pci3 miibus1: on rl0 rlphy0: PHY 0 on miibus1 rlphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto rl0: Ethernet address: 00:a1:b0:01:38:1a rl0: [ITHREAD] ohci4: mem 0xfe7f9000-0xfe7f9fff irq 18 at device 20.5 on pci0 ohci4: [ITHREAD] usbus6: on ohci4 acpi_button0: on acpi0 acpi_tz0: on acpi0 atkbdc0: port 0x60,0x64 irq 1 on acpi0 atkbd0: irq 1 on atkbdc0 kbd0 at atkbd0 atkbd0: [GIANT-LOCKED] atkbd0: [ITHREAD] psm0: irq 12 on atkbdc0 psm0: [GIANT-LOCKED] psm0: [ITHREAD] psm0: model IntelliMouse, device ID 3 atrtc0: port 0x70-0x71 irq 8 on acpi0 uart0: <16550 or compatible> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0 uart0: [FILTER] ACPI Warning: \\_SB_.PCI0.SBRG.FDC_._FDE: Return type mismatch - found Package, expected Buffer 20090521 nspredef-1051 fdc0: port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on acpi0 fdc0: [FILTER] driver bug: Unable to set devclass (devname: (null)) cpu0: on acpi0 acpi_throttle0: on cpu0 hwpstate0: on cpu0 cpu1: on acpi0 cpu2: on acpi0 cpu3: on acpi0 driver bug: Unable to set devclass (devname: (null)) orm0: at iomem 0xcf000-0xcffff on isa0 sc0: at flags 0x100 on isa0 sc0: VGA <16 virtual consoles, flags=0x300> vga0: at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0 ppc0: cannot reserve I/O port range WARNING: ZFS is considered to be an experimental feature in FreeBSD. Timecounters tick every 1.000 msec usbus6: 12Mbps Full Speed USB v1.0 usbus0: 12Mbps Full Speed USB v1.0 usbus1: 12Mbps Full Speed USB v1.0 usbus2: 480Mbps High Speed USB v2.0 usbus3: 12Mbps Full Speed USB v1.0 usbus4: 12Mbps Full Speed USB v1.0 usbus5: 480Mbps High Speed USB v2.0 ZFS NOTICE: system has less than 4GB and prefetch enable is not set... disabling. ZFS filesystem version 13 ZFS storage pool version 13 ugen6.1: at usbus6 uhub0: on usbus6 ugen0.1: at usbus0 uhub1: on usbus0 ugen1.1: at usbus1 uhub2: on usbus1 ugen2.1: at usbus2 uhub3: on usbus2 ugen3.1: at usbus3 uhub4: on usbus3 ugen4.1: at usbus4 uhub5: on usbus4 ugen5.1: at usbus5 uhub6: on usbus5 acd0: DVDR at ata1-master UDMA66 ad4: 238475MB at ata2-master SATA300 hdac0: HDA Codec #0: ATI RS690/780 HDMI pcm0: at cad 0 nid 1 on hdac0 hdac1: HDA Codec #0: IDT 92HD206X pcm1: at cad 0 nid 1 on hdac1 pcm2: at cad 0 nid 1 on hdac1 pcm3: at cad 0 nid 1 on hdac1 SMP: AP CPU #3 Launched! SMP: AP CPU #1 Launched! SMP: AP CPU #2 Launched! WARNING: WITNESS option enabled, expect reduced performance. GEOM: ad4s1: geometry does not match label (255h,63s != 16h,63s). uhub0: 2 ports with 2 removable, self powered uhub1: 3 ports with 3 removable, self powered uhub2: 3 ports with 3 removable, self powered uhub4: 3 ports with 3 removable, self powered uhub5: 3 ports with 3 removable, self powered Root mount waiting for: usbus5 usbus2 Root mount waiting for: usbus5 usbus2 uhub3: 6 ports with 6 removable, self powered uhub6: 6 ports with 6 removable, self powered Trying to mount root from zfs:tank/root KLD pf.ko: depends on kernel - not available linker_load_file: Unsupported file type KLD pflog.ko: depends on pf - not available linker_load_file: Unsupported file type KLD pf.ko: depends on kernel - not available linker_load_file: Unsupported file type now, why is it pf.ko not available, any idea please, thanks in advance! -- Using Opera's revolutionary e-mail client: http://www.opera.com/mail/ From owner-freebsd-pf@FreeBSD.ORG Sat Aug 15 19:02:08 2009 Return-Path: Delivered-To: pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 11EA31065672 for ; Sat, 15 Aug 2009 19:02:08 +0000 (UTC) (envelope-from tom@uffner.com) Received: from eris.uffner.com (uffner.com [66.208.243.25]) by mx1.freebsd.org (Postfix) with ESMTP id AF1228FC3F for ; Sat, 15 Aug 2009 19:02:07 +0000 (UTC) Received: from xiombarg.uffner.com (static-71-162-143-94.phlapa.fios.verizon.net [71.162.143.94]) (authenticated bits=0) by eris.uffner.com (8.14.3/8.14.3) with ESMTP id n7FJ4Ds0031187 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for ; Sat, 15 Aug 2009 15:04:14 -0400 (EDT) (envelope-from tom@uffner.com) Message-ID: <4A87062B.1020706@uffner.com> Date: Sat, 15 Aug 2009 15:02:03 -0400 From: Tom Uffner User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.8.1.22) Gecko/20090721 SeaMonkey/1.1.17 MIME-Version: 1.0 To: pf@freebsd.org References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Subject: Re: freebsd-8-beta2 and pf X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 15 Aug 2009 19:02:08 -0000 z0ran wrote: > now, why is it pf.ko not available, any idea please, thanks in advance! did you build your kernel & pf modules at the same time? if not, try checking out the kernel sources for some consistent date and doing a "make buildkernel", complete with all the modules. that sort of error occurs in current if your modules are out of sync with your kernel after a version bump. From owner-freebsd-pf@FreeBSD.ORG Sat Aug 15 23:58:29 2009 Return-Path: Delivered-To: pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0854A106568B for ; Sat, 15 Aug 2009 23:58:29 +0000 (UTC) (envelope-from tom@uffner.com) Received: from eris.uffner.com (uffner.com [66.208.243.25]) by mx1.freebsd.org (Postfix) with ESMTP id BCA9C8FC43 for ; Sat, 15 Aug 2009 23:58:27 +0000 (UTC) Received: from xiombarg.uffner.com (static-71-162-143-94.phlapa.fios.verizon.net [71.162.143.94]) (authenticated bits=0) by eris.uffner.com (8.14.3/8.14.3) with ESMTP id n7G00ThV051949 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Sat, 15 Aug 2009 20:00:35 -0400 (EDT) (envelope-from tom@uffner.com) Message-ID: <4A874B9B.9080807@uffner.com> Date: Sat, 15 Aug 2009 19:58:19 -0400 From: Tom Uffner User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.8.1.22) Gecko/20090721 SeaMonkey/1.1.17 MIME-Version: 1.0 To: z0ran References: <4A87056D.2090106@uffner.com> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: pf@freebsd.org Subject: Re: freebsd-8-beta2 and pf X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 15 Aug 2009 23:58:29 -0000 z0ran wrote: > i tried to rebuild my kernel with and without pf modules, i also rebuild > it without "make options DEBUG=-g" and without "# Debugging for use in > -current options KDB options GDB options DDB options INVARIANTS" (that > was sugestion from freebsd forum) and no matter what i do it always > loads GENERIC kernel..so far, no idea why..anyway, thanks on so fast > respond. since 8.0 has reached beta status, i guess you are "allowed" to run it w/o being an expert and following the current & commits mailing lists, etc. but I would strongly suggest that you read /usr/src/UPDATING, and review the sections of the handbook on updating your system and building kernels. chances are you will figure out on your own what you are doing wrong, or what is broken. i can guarantee that it does work (at least on i386) because my system is FreeBSD xiombarg.uffner.com 8.0-BETA2 FreeBSD 8.0-BETA2 #0: Mon Aug 3 04:25:34 EDT 2009 tom@xiombarg.uffner.com:/usr/obj/usr/src/sys/XIOMBARG i386 and pf works fine either as a module or compiled in the kernel tomm