From owner-freebsd-pf@FreeBSD.ORG Sun Feb 21 08:50:07 2010 Return-Path: Delivered-To: pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CE3B31065676; Sun, 21 Feb 2010 08:50:07 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.cksoft.de (mail.cksoft.de [IPv6:2001:4068:10::3]) by mx1.freebsd.org (Postfix) with ESMTP id 85D6D8FC13; Sun, 21 Feb 2010 08:50:07 +0000 (UTC) Received: from localhost (amavis.fra.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id E585A41C74D; Sun, 21 Feb 2010 09:50:06 +0100 (CET) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([192.168.74.103]) by localhost (amavis.fra.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id M2eJQJq+aYvq; Sun, 21 Feb 2010 09:50:06 +0100 (CET) Received: by mail.cksoft.de (Postfix, from userid 66) id 2807341C707; Sun, 21 Feb 2010 09:50:06 +0100 (CET) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id CE7294448EC; Sun, 21 Feb 2010 08:45:22 +0000 (UTC) Date: Sun, 21 Feb 2010 08:45:22 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: Julian Elischer In-Reply-To: <4B80F076.5020109@elischer.org> Message-ID: <20100221084118.W27327@maildrop.int.zabbadoz.net> References: <1266739527.25137.519.camel@localhost> <4B80F076.5020109@elischer.org> X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: MULTIPART/MIXED; BOUNDARY="0-415875220-1266741835=:27327" Content-ID: <20100221084413.D27327@maildrop.int.zabbadoz.net> Cc: pf@freebsd.org, FreeBSD virtualization mailing list , Jim Sifferle Subject: Re: Network simulation using jails & vimage X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 21 Feb 2010 08:50:07 -0000 This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --0-415875220-1266741835=:27327 Content-Type: TEXT/PLAIN; CHARSET=ISO-8859-1; FORMAT=flowed Content-Transfer-Encoding: QUOTED-PRINTABLE Content-ID: <20100221084413.C27327@maildrop.int.zabbadoz.net> On Sun, 21 Feb 2010, Julian Elischer wrote: Hi, > Jim Sifferle wrote: >> Hi, >>=20 >> I've used ipfw and Dummynet as well as ipfw + DSCP recognition patch and >> pf/altq to simulate Internet and MPLS WAN environments for several >> years. All of my setups have run under VMWare, which for many reasons >> isn't ideal. I would like to collapse all of these VMs into one FreeBSD >> box using jails and vimages. >>=20 >> Does any FreeBSD branch / vimage release combination support separate pf >> AND ipfw configurations per jail? I need ipfw+pf/altq for HFSC queuing >> to simulate the queueing effects of MPLS provider edge and core >> routers.=20 > > -current (9) should be close, with patches for pf supplied by ceri. s,ceri,eri, (Ermal Lu=E7i) > 8 can do separate ipfw but pf is not changed. > 9 has bugs fixed. but I'm not sure if the changes for pf went in.. > they do exis tif they are not in already. No, pf hasn't gone in yet; it lives in user/eri/pf45/ in svn and I am not sure what the plans are. Apart from the latest changes 8 and 9 should be pretty much in sync wrt to VIMAGE I think. >> I'm hoping the latest 7.2-STABLE-201001 snapshot will work. The DSCP >> recognition patch for ipfw that I rely on doesn't seem to work with >> 8.0.=20 >> If 7.2 won't work for my needs, but 8 or 9-CURRENT will, is anyone aware >> of an updated ipfw DSCP patch? I haven't seen anything on Google or the >> freebsd-ipfw mailing list.=20 > > what is DSCP? I guess Differentiated Services CodePoint (if talking MPLS). /bz --=20 Bjoern A. Zeeb It will not break if you know what you are doing. --0-415875220-1266741835=:27327-- From owner-freebsd-pf@FreeBSD.ORG Sun Feb 21 09:00:03 2010 Return-Path: Delivered-To: pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 42DAA106566C for ; Sun, 21 Feb 2010 09:00:03 +0000 (UTC) (envelope-from julian@elischer.org) Received: from out-0.mx.aerioconnect.net (outq.internet-mail-service.net [216.240.47.240]) by mx1.freebsd.org (Postfix) with ESMTP id 2070C8FC0C for ; Sun, 21 Feb 2010 09:00:03 +0000 (UTC) Received: from idiom.com (postfix@mx0.idiom.com [216.240.32.160]) by out-0.mx.aerioconnect.net (8.13.8/8.13.8) with ESMTP id o1L8ZF8w002161; Sun, 21 Feb 2010 00:35:15 -0800 X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e Received: from julian-mac.elischer.org (h-67-100-89-137.snfccasy.static.covad.net [67.100.89.137]) by idiom.com (Postfix) with ESMTP id F07652D6021; Sun, 21 Feb 2010 00:35:14 -0800 (PST) Message-ID: <4B80F076.5020109@elischer.org> Date: Sun, 21 Feb 2010 00:36:06 -0800 From: Julian Elischer User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812) MIME-Version: 1.0 To: Jim Sifferle References: <1266739527.25137.519.camel@localhost> In-Reply-To: <1266739527.25137.519.camel@localhost> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.67 on 216.240.47.51 Cc: pf@freebsd.org, freebsd-virtualization@freebsd.org Subject: Re: Network simulation using jails & vimage X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 21 Feb 2010 09:00:03 -0000 Jim Sifferle wrote: > Hi, > > I've used ipfw and Dummynet as well as ipfw + DSCP recognition patch and > pf/altq to simulate Internet and MPLS WAN environments for several > years. All of my setups have run under VMWare, which for many reasons > isn't ideal. I would like to collapse all of these VMs into one FreeBSD > box using jails and vimages. > > Does any FreeBSD branch / vimage release combination support separate pf > AND ipfw configurations per jail? I need ipfw+pf/altq for HFSC queuing > to simulate the queueing effects of MPLS provider edge and core > routers. -current (9) should be close, with patches for pf supplied by ceri. 8 can do separate ipfw but pf is not changed. 9 has bugs fixed. but I'm not sure if the changes for pf went in.. they do exis tif they are not in already. > > I'm hoping the latest 7.2-STABLE-201001 snapshot will work. The DSCP > recognition patch for ipfw that I rely on doesn't seem to work with > 8.0. > > If 7.2 won't work for my needs, but 8 or 9-CURRENT will, is anyone aware > of an updated ipfw DSCP patch? I haven't seen anything on Google or the > freebsd-ipfw mailing list. what is DSCP? > > Thanks for your time, > > Jim > > _______________________________________________ > freebsd-virtualization@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization > To unsubscribe, send any mail to "freebsd-virtualization-unsubscribe@freebsd.org" From owner-freebsd-pf@FreeBSD.ORG Sun Feb 21 09:24:40 2010 Return-Path: Delivered-To: pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D72EC1065672; Sun, 21 Feb 2010 09:24:40 +0000 (UTC) (envelope-from jim@sifferle.net) Received: from mout.perfora.net (mout.perfora.net [74.208.4.194]) by mx1.freebsd.org (Postfix) with ESMTP id 88B8F8FC0C; Sun, 21 Feb 2010 09:24:40 +0000 (UTC) Received: from [192.65.23.38] (c-71-59-131-234.hsd1.wa.comcast.net [71.59.131.234]) by mrelay.perfora.net (node=mrus3) with ESMTP (Nemesis) id 0MCLMH-1NsATa0z0j-009siq; Sun, 21 Feb 2010 04:24:38 -0500 From: Jim Sifferle To: Julian Elischer In-Reply-To: <1266743653.3871.24.camel@localhost> References: <1266739527.25137.519.camel@localhost> <4B80F076.5020109@elischer.org> <1266743653.3871.24.camel@localhost> Content-Type: text/plain; charset="UTF-8" Date: Sun, 21 Feb 2010 01:24:34 -0800 Message-ID: <1266744274.3871.26.camel@localhost> Mime-Version: 1.0 X-Mailer: Evolution 2.28.2 (2.28.2-1.fc12) Content-Transfer-Encoding: 7bit X-Provags-ID: V01U2FsdGVkX1/1ElDkZGpRhMOEPntSOep+4VBi1lZK+wtAWac HHYZJUQAWqDXMZNtXDVg5Q9xt/n9yJgzDMZ9LssYoFKPKvz7ys nSpmefeGICkoJE/38FInA== Cc: pf@freebsd.org, freebsd-virtualization@freebsd.org Subject: Re: Network simulation using jails & vimage X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 21 Feb 2010 09:24:40 -0000 On Sun, 2010-02-21 at 01:14 -0800, Jim Sifferle wrote: > > what is DSCP? > > DSCP stands for Differentiated Services Code Point, a six byte field in I should have proofread better... the DSCP field is six bits, not bytes. :) Jim From owner-freebsd-pf@FreeBSD.ORG Sun Feb 21 09:26:55 2010 Return-Path: Delivered-To: pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3B35B106566B for ; Sun, 21 Feb 2010 09:26:55 +0000 (UTC) (envelope-from jim@sifferle.net) Received: from mout.perfora.net (mout.perfora.net [74.208.4.195]) by mx1.freebsd.org (Postfix) with ESMTP id 140EE8FC1B for ; Sun, 21 Feb 2010 09:26:54 +0000 (UTC) Received: from [192.65.23.38] (c-71-59-131-234.hsd1.wa.comcast.net [71.59.131.234]) by mrelay.perfora.net (node=mrus4) with ESMTP (Nemesis) id 0LpsQp-1NG6XC49N1-00f5Xn; Sun, 21 Feb 2010 04:14:17 -0500 From: Jim Sifferle To: Julian Elischer In-Reply-To: <4B80F076.5020109@elischer.org> References: <1266739527.25137.519.camel@localhost> <4B80F076.5020109@elischer.org> Content-Type: multipart/mixed; boundary="=-w58AwRQdd3WhlWyTGpuI" Date: Sun, 21 Feb 2010 01:14:13 -0800 Message-ID: <1266743653.3871.24.camel@localhost> Mime-Version: 1.0 X-Mailer: Evolution 2.28.2 (2.28.2-1.fc12) X-Provags-ID: V01U2FsdGVkX1/X8HMJ2dJ3RDakJdJPm8NI0/l5x5XLs9QEosb IQl06pEjp7mjYiKw2WLpM6FHn0XYiIkpEplcnZMeWgZ74uh22i lQOOiBJiU1J/tXBzBSTLA== Cc: pf@freebsd.org, freebsd-virtualization@freebsd.org Subject: Re: Network simulation using jails & vimage X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 21 Feb 2010 09:26:55 -0000 --=-w58AwRQdd3WhlWyTGpuI Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit On Sun, 2010-02-21 at 00:36 -0800, Julian Elischer wrote: > Jim Sifferle wrote: > > Hi, > > > > I've used ipfw and Dummynet as well as ipfw + DSCP recognition patch and > > pf/altq to simulate Internet and MPLS WAN environments for several > > years. All of my setups have run under VMWare, which for many reasons > > isn't ideal. I would like to collapse all of these VMs into one FreeBSD > > box using jails and vimages. > > > > Does any FreeBSD branch / vimage release combination support separate pf > > AND ipfw configurations per jail? I need ipfw+pf/altq for HFSC queuing > > to simulate the queueing effects of MPLS provider edge and core > > routers. > > -current (9) should be close, with patches for pf supplied by ceri. > > 8 can do separate ipfw but pf is not changed. > 9 has bugs fixed. but I'm not sure if the changes for pf went in.. > they do exis tif they are not in already. Hmmm... I think I need separate pf instances. I apply pf/altq QoS queues to both interfaces of the VM that simulates the MPLS provider edge router. The customer facing interface is a VLAN, and the QoS queues for this interface could be applied using the system-wide pf instance. The provider facing interface would be an eiface attached to the vimage and I don't believe available to pf at boot time. I will have to look around to see if the changes to support multiple pf instances have made it into 9-CURRENT. Where in the source tree should I look, or which mailing list would be best to ask this question on? > > I'm hoping the latest 7.2-STABLE-201001 snapshot will work. The DSCP > > recognition patch for ipfw that I rely on doesn't seem to work with > > 8.0. > > > > If 7.2 won't work for my needs, but 8 or 9-CURRENT will, is anyone aware > > of an updated ipfw DSCP patch? I haven't seen anything on Google or the > > freebsd-ipfw mailing list. > > what is DSCP? DSCP stands for Differentiated Services Code Point, a six byte field in the IP header used to differentiate between Classes of Service, and commonly used for CoS/QoS provisioning on MPLS WAN networks. The DSCP IP header field superceded the IP TOS field as of RFC 2474. Here's a pretty lightweight overview of how DSCP can be used: http://www.cisco.com/en/US/tech/tk543/tk757/technologies_tech_note09186a00800949f2.shtml For those who are interested, I've attached a simple ASCII diagram of the vimage layout I envision (and currently have using VMWare). Thanks for your help... Jim --=-w58AwRQdd3WhlWyTGpuI Content-Disposition: attachment; filename="wan-emulation.txt" Content-Type: text/plain; name="wan-emulation.txt"; charset="UTF-8" Content-Transfer-Encoding: 7bit --------------------------------------------------------------------------------------------------------------------------------------------- | Cisco 2950 48 Port Switch: Site 1: Vlan 100: LAN, Vlan 101: Internet, Vlan 102: MPLS | | Site 2: Vlan 200: LAN, Vlan 201: Internet, Vlan 202: MPLS | | Site 3: Vlan 300: LAN, Vlan 301: Internet, Vlan 302: MPLS | | Site 4: Vlan 400: LAN, Vlan 401: Internet, Vlan 402: MPLS | | | | Trunk Trunk Trunk Trunk | --------------------|-------------------------------|-------------------------------|-------------------------------|------------------------ | | | | / \ / \ / \ / \ / \ / \ / \ / \ / \ / \ / \ / \ --------------------------------------------------------------------------------------------------------------------------------------------- | | | | | | | | | | | | | | | | | | | | | | ---------------------- | ---------------------- | ---------------------- | ---------------------- | | | | | | | | | | | | | | | | | | MPLS PE RTR Vimage | | | MPLS PE RTR Vimage | | | MPLS PE RTR Vimage | | | MPLS PE RTR Vimage | | | | | x2 Interfaces | | | x2 Interfaces | | | x2 Interfaces | | | x2 Interfaces | | | | | (Vlan 102, eiface) | | | (Vlan 202, eiface) | | | (Vlan 302, eiface) | | | (Vlan 302, eiface) | | | | | IPFW+DSCP/ALTQ | | | IPFW+DSCP/ALTQ | | | IPFW+DSCP/ALTQ | | | IPFW+DSCP/ALTQ | | | | | Quagga bgpd | | | Quagga bgpd | | | Quagga bgpd | | | Quagga bgpd | | | | ---------------------- | ---------------------- | ---------------------- | ---------------------- | | | | | | | | | | | | | | | | | | | | | | | ---------------------------------------------------------------------------------------------------------------------- | | | | : : : | | | | | : : : | | | | | MPLS Cloud RTR Vimage: x4 Interfaces (Via MPLS PE Router Vimages); IPFW + Dummynet Pipes / Quagga bgpd | | | | | : : : | | | | | : : : | | | | ---------------------------------------------------------------------------------------------------------------------- | | | | | | | | | | | | | | | | | | | | -------------------------------------------------------------------------------------------------------------------------- | | | | | | | | | | | Internet Cloud RTR Vimage: x4 Interfaces (Vlan 101, 201, 301, 401); IPFW + Dummynet Pipes; Static routing | | | | | | | | | | | -------------------------------------------------------------------------------------------------------------------------- | | | |-------------------------------------------------------------------------------------------------------------------------------------------- --=-w58AwRQdd3WhlWyTGpuI-- From owner-freebsd-pf@FreeBSD.ORG Sun Feb 21 17:13:29 2010 Return-Path: Delivered-To: pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E758C106566B; Sun, 21 Feb 2010 17:13:29 +0000 (UTC) (envelope-from julian@elischer.org) Received: from out-0.mx.aerioconnect.net (outt.internet-mail-service.net [216.240.47.243]) by mx1.freebsd.org (Postfix) with ESMTP id C53588FC12; Sun, 21 Feb 2010 17:13:29 +0000 (UTC) Received: from idiom.com (postfix@mx0.idiom.com [216.240.32.160]) by out-0.mx.aerioconnect.net (8.13.8/8.13.8) with ESMTP id o1LHDROk002788; Sun, 21 Feb 2010 09:13:27 -0800 X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e Received: from julian-mac.elischer.org (h-67-100-89-137.snfccasy.static.covad.net [67.100.89.137]) by idiom.com (Postfix) with ESMTP id 553872D6013; Sun, 21 Feb 2010 09:13:27 -0800 (PST) Message-ID: <4B8169EB.4030100@elischer.org> Date: Sun, 21 Feb 2010 09:14:19 -0800 From: Julian Elischer User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812) MIME-Version: 1.0 To: "Bjoern A. Zeeb" References: <1266739527.25137.519.camel@localhost> <4B80F076.5020109@elischer.org> <20100221084118.W27327@maildrop.int.zabbadoz.net> In-Reply-To: <20100221084118.W27327@maildrop.int.zabbadoz.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit X-Scanned-By: MIMEDefang 2.67 on 216.240.47.51 Cc: pf@freebsd.org, FreeBSD virtualization mailing list , Jim Sifferle Subject: Re: Network simulation using jails & vimage X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 21 Feb 2010 17:13:30 -0000 Bjoern A. Zeeb wrote: > On Sun, 21 Feb 2010, Julian Elischer wrote: > > Hi, > >> Jim Sifferle wrote: >>> Hi, >>> >>> I've used ipfw and Dummynet as well as ipfw + DSCP recognition patch and >>> pf/altq to simulate Internet and MPLS WAN environments for several >>> years. All of my setups have run under VMWare, which for many reasons >>> isn't ideal. I would like to collapse all of these VMs into one FreeBSD >>> box using jails and vimages. >>> >>> Does any FreeBSD branch / vimage release combination support separate pf >>> AND ipfw configurations per jail? I need ipfw+pf/altq for HFSC queuing >>> to simulate the queueing effects of MPLS provider edge and core >>> routers. >> >> -current (9) should be close, with patches for pf supplied by ceri. > > s,ceri,eri, (Ermal Luçi) err yeah.. it'd be nice if itcould get committed Ermal, is it ready? > > >> 8 can do separate ipfw but pf is not changed. >> 9 has bugs fixed. but I'm not sure if the changes for pf went in.. >> they do exis tif they are not in already. > > No, pf hasn't gone in yet; it lives in user/eri/pf45/ in svn and I am > not sure what the plans are. > > Apart from the latest changes 8 and 9 should be pretty much in sync > wrt to VIMAGE I think. > > >>> I'm hoping the latest 7.2-STABLE-201001 snapshot will work. The DSCP >>> recognition patch for ipfw that I rely on doesn't seem to work with >>> 8.0. If 7.2 won't work for my needs, but 8 or 9-CURRENT will, is >>> anyone aware >>> of an updated ipfw DSCP patch? I haven't seen anything on Google or the >>> freebsd-ipfw mailing list. >> >> what is DSCP? > > I guess Differentiated Services CodePoint (if talking MPLS). > > > /bz > From owner-freebsd-pf@FreeBSD.ORG Mon Feb 22 11:07:04 2010 Return-Path: Delivered-To: freebsd-pf@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DE55B106566B for ; Mon, 22 Feb 2010 11:07:03 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id CD6458FC26 for ; Mon, 22 Feb 2010 11:07:03 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id o1MB73d9039784 for ; Mon, 22 Feb 2010 11:07:03 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id o1MB73Np039782 for freebsd-pf@FreeBSD.org; Mon, 22 Feb 2010 11:07:03 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 22 Feb 2010 11:07:03 GMT Message-Id: <201002221107.o1MB73Np039782@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-pf@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-pf@FreeBSD.org X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Feb 2010 11:07:04 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/143543 pf [pf] [panic] PF route-to causes kernel panic o bin/143504 pf [patch] outgoing states are not killed by authpf(8) o conf/142961 pf [pf] No way to adjust pidfile in pflogd o conf/142817 pf [patch] etc/rc.d/pf: silence pfctl o kern/141905 pf [pf] [panic] pf kernel panic on 7.2-RELEASE with empty o kern/140697 pf [pf] pf behaviour changes - must be documented o kern/137982 pf [pf] when pf can hit state limits, random IP failures o kern/136781 pf [pf] Packets appear to drop with pf scrub and if_bridg o kern/135948 pf [pf] [gre] pf not natting gre protocol o kern/135162 pf [pfsync] pfsync(4) not usable with GENERIC kernel o kern/134996 pf [pf] Anchor tables not included when pfctl(8) is run w o kern/133732 pf [pf] max-src-conn issue o kern/132769 pf [pf] [lor] 2 LOR's with pf task mtx / ifnet and rtent f kern/132176 pf [pf] pf stalls connection when using route-to [regress o conf/130381 pf [rc.d] [pf] [ip6] ipv6 not fully configured when pf st o kern/129861 pf [pf] [patch] Argument names reversed in pf_table.c:_co o kern/127920 pf [pf] ipv6 and synproxy don't play well together o conf/127814 pf [pf] The flush in pf_reload in /etc/rc.d/pf does not w o kern/127439 pf [pf] deadlock in pf f kern/127345 pf [pf] Problem with PF on FreeBSD7.0 [regression] o kern/127121 pf [pf] [patch] pf incorrect log priority o kern/127042 pf [pf] [patch] pf recursion panic if interface group is o kern/125467 pf [pf] pf keep state bug while handling sessions between s kern/124933 pf [pf] [ip6] pf does not support (drops) IPv6 fragmented o kern/124364 pf [pf] [panic] Kernel panic with pf + bridge o kern/122773 pf [pf] pf doesn't log uid or pid when configured to o kern/122014 pf [pf] [panic] FreeBSD 6.2 panic in pf o kern/121704 pf [pf] PF mangles loopback packets o kern/120281 pf [pf] [request] lost returning packets to PF for a rdr o kern/120057 pf [pf] [patch] Allow proper settings of ALTQ_HFSC. The c o bin/118355 pf [pf] [patch] pfctl(8) help message options order false o kern/114567 pf [pf] [lor] pf_ioctl.c + if.c o kern/114095 pf [carp] carp+pf delay with high state limit o kern/111220 pf [pf] repeatable hangs while manipulating pf tables s conf/110838 pf [pf] tagged parameter on nat not working on FreeBSD 5. o kern/103283 pf pfsync fails to sucessfully transfer some sessions o kern/103281 pf pfsync reports bulk update failures o kern/93825 pf [pf] pf reply-to doesn't work o sparc/93530 pf [pf] Incorrect checksums when using pf's route-to on s o kern/92949 pf [pf] PF + ALTQ problems with latency o bin/86635 pf [patch] pfctl(8): allow new page character (^L) in pf. o kern/82271 pf [pf] cbq scheduler cause bad latency 42 problems total. From owner-freebsd-pf@FreeBSD.ORG Tue Feb 23 10:33:45 2010 Return-Path: Delivered-To: pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AFBC5106568F; Tue, 23 Feb 2010 10:33:45 +0000 (UTC) (envelope-from ermal.luci@gmail.com) Received: from mail-ww0-f54.google.com (mail-ww0-f54.google.com [74.125.82.54]) by mx1.freebsd.org (Postfix) with ESMTP id 199638FC12; Tue, 23 Feb 2010 10:33:44 +0000 (UTC) Received: by wwb22 with SMTP id 22so726266wwb.13 for ; Tue, 23 Feb 2010 02:33:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:sender:received:in-reply-to :references:from:date:x-google-sender-auth:message-id:subject:to:cc :content-type; bh=bCe3hLnxPrlI311b2t9toxT5/MhFKAQpwOIey/0KnV8=; b=sFpmnEGehxudXawiFUZ3Jp2FPJ6++TLiR9CugKkgre0WqbKGmYLh8StIl6y0GepwbI XwRqatVk8isYe/sgsi9Bjit1HkNmlEoK57N4D9X5yYYggDSwa//DIk8/uWaQ42aICb8/ x4ZhLIlZN0lKxgOWAn/eskRnH1y3RQWt2ds3Y= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:cc:content-type; b=qO8YSMfk+psTv5+mGM9BeJlpevVCTuRZDiOpuLtjcVTyRWxHGTOaxgv0aBECbX6eKI u8jTZirji1EZzq1rV3qHI/S7OW/jU+v/vIkvf5rxByRHsD/rUgFn4vI6/v+irSLth/Jl /zZSzSdOWEuPER7teBXYWGBKkXZD0OMLYt2ug= MIME-Version: 1.0 Sender: ermal.luci@gmail.com Received: by 10.216.86.85 with SMTP id v63mr985531wee.32.1266919883143; Tue, 23 Feb 2010 02:11:23 -0800 (PST) In-Reply-To: <4B8169EB.4030100@elischer.org> References: <1266739527.25137.519.camel@localhost> <4B80F076.5020109@elischer.org> <20100221084118.W27327@maildrop.int.zabbadoz.net> <4B8169EB.4030100@elischer.org> From: =?ISO-8859-1?Q?Ermal_Lu=E7i?= Date: Tue, 23 Feb 2010 11:11:03 +0100 X-Google-Sender-Auth: 4f99a8d287dd534a Message-ID: <9a542da31002230211k2fb5d99do7ed574a8cd94f4d9@mail.gmail.com> To: Julian Elischer Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: "Bjoern A. Zeeb" , Jim Sifferle , FreeBSD virtualization mailing list , pf@freebsd.org Subject: Re: Network simulation using jails & vimage X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Feb 2010 10:33:45 -0000 On Sun, Feb 21, 2010 at 6:14 PM, Julian Elischer wrote= : > Bjoern A. Zeeb wrote: > >> On Sun, 21 Feb 2010, Julian Elischer wrote: >> >> Hi, >> >> Jim Sifferle wrote: >>> >>>> Hi, >>>> >>>> I've used ipfw and Dummynet as well as ipfw + DSCP recognition patch a= nd >>>> pf/altq to simulate Internet and MPLS WAN environments for several >>>> years. All of my setups have run under VMWare, which for many reasons >>>> isn't ideal. I would like to collapse all of these VMs into one FreeB= SD >>>> box using jails and vimages. >>>> >>>> Does any FreeBSD branch / vimage release combination support separate = pf >>>> AND ipfw configurations per jail? I need ipfw+pf/altq for HFSC queuin= g >>>> to simulate the queueing effects of MPLS provider edge and core >>>> routers. >>>> >>> >>> -current (9) should be close, with patches for pf supplied by ceri. >>> >> >> s,ceri,eri, (Ermal Lu=E7i) >> > > err yeah.. > > it'd be nice if itcould get committed > > Ermal, is it ready? > > It is usable look at http://svn.freebsd.org/base/user/eri/pf45/head/. For vnet pfsync/pflow/pflog needs some fixes still. > > >> >> 8 can do separate ipfw but pf is not changed. >>> 9 has bugs fixed. but I'm not sure if the changes for pf went in.. >>> they do exis tif they are not in already. >>> >> >> No, pf hasn't gone in yet; it lives in user/eri/pf45/ in svn and I am >> not sure what the plans are. >> >> Apart from the latest changes 8 and 9 should be pretty much in sync >> wrt to VIMAGE I think. >> >> >> I'm hoping the latest 7.2-STABLE-201001 snapshot will work. The DSCP >>>> recognition patch for ipfw that I rely on doesn't seem to work with >>>> 8.0. If 7.2 won't work for my needs, but 8 or 9-CURRENT will, is anyon= e >>>> aware >>>> of an updated ipfw DSCP patch? I haven't seen anything on Google or t= he >>>> freebsd-ipfw mailing list. >>>> >>> >>> what is DSCP? >>> >> >> I guess Differentiated Services CodePoint (if talking MPLS). >> >> >> /bz >> >> > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > --=20 Ermal From owner-freebsd-pf@FreeBSD.ORG Fri Feb 26 11:23:54 2010 Return-Path: Delivered-To: freebsd-pf@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0336F1065702; Fri, 26 Feb 2010 11:23:54 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id CDAC38FC16; Fri, 26 Feb 2010 11:23:53 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id o1QBNrpK025984; Fri, 26 Feb 2010 11:23:53 GMT (envelope-from linimon@freefall.freebsd.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id o1QBNra4025980; Fri, 26 Feb 2010 11:23:53 GMT (envelope-from linimon) Date: Fri, 26 Feb 2010 11:23:53 GMT Message-Id: <201002261123.o1QBNra4025980@freefall.freebsd.org> To: linimon@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-pf@FreeBSD.org From: linimon@FreeBSD.org Cc: Subject: Re: kern/144311: [pf] [icmp] massive ICMP storm on lo0 occurs when using pf(4) 'reply-to' X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Feb 2010 11:23:54 -0000 Old Synopsis: massive ICMP storm on lo0 occurs when using pf(4) 'reply-to' New Synopsis: [pf] [icmp] massive ICMP storm on lo0 occurs when using pf(4) 'reply-to' Responsible-Changed-From-To: freebsd-bugs->freebsd-pf Responsible-Changed-By: linimon Responsible-Changed-When: Fri Feb 26 11:23:27 UTC 2010 Responsible-Changed-Why: Over to maintainer(s). http://www.freebsd.org/cgi/query-pr.cgi?pr=144311 From owner-freebsd-pf@FreeBSD.ORG Fri Feb 26 17:05:58 2010 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AE39C1065675 for ; Fri, 26 Feb 2010 17:05:58 +0000 (UTC) (envelope-from yavuz.maslak@netiletisim.net) Received: from pop3.ihlas.net.tr (posta.ihlasnet.com.tr [213.238.128.150]) by mx1.freebsd.org (Postfix) with ESMTP id D86878FC31 for ; Fri, 26 Feb 2010 17:05:57 +0000 (UTC) Received: (qmail 55462 invoked by uid 89); 26 Feb 2010 18:39:10 +0200 Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=netiletisim.net; b=UZSy0vm5HnJcSCVzlWZzPxg0kmW4jXuEvW5k03QdT+zYi4alBu7tTH3qXKSRY6tFLpctSXEmZChc7WmUuvUMCXTmngQg9fK0cZoyHcQsRdNMv+VSFHxapLCgYbi0k/e/lW+TDRc6w3iombzj63Dt+sWAVbYq8JWU5JnkB5JJm+E= ; Received: from ihlasnetym (HELO desktop2002) (yavuz.maslak@netiletisim.net@213.238.150.220) by 0 with SMTP; 26 Feb 2010 18:39:10 +0200 Message-ID: <112F6287D4FF4F00BC460F8E7D0B71C3@desktop2002> From: =?iso-8859-9?Q?Yavuz_Ma=FElak?= To: Date: Fri, 26 Feb 2010 18:39:10 +0200 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-9"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal Importance: Normal X-Mailer: Microsoft Windows Live Mail 14.0.8089.726 X-MimeOLE: Produced By Microsoft MimeOLE V14.0.8089.726 X-Mailman-Approved-At: Fri, 26 Feb 2010 20:18:48 +0000 Subject: a transmit problem with pf X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Feb 2010 17:05:58 -0000 I have 2 leasedlines to reach to the internet. I use 2 routers for these leasedlines. One of them is a freebsd7.2. I activated pf on freebsd7.2. I have a fileserver which has a real ip. the fileserver's default gateway is other gateway server. When a traffic comes from internet via freebsd gateway towards the fileserver, if I try to upload a file which has about 10Mbyte from a remote pc to the file server, file transfer performance will be very bad. if I try to download a file from the file server, the file transfer performance will be very well. it is no problem. Or if I disable the pf, the problem will be finish and upload/download transfer speed is very well. Or incoming and outgoing traffic via my pf server , there is no problem. on pf.conf, all packets are set as pass; pass in all pass out all How can I sort this problem out ?