From owner-freebsd-pf@freebsd.org Sun Mar 13 01:04:20 2016 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EC61BA92AE0 for ; Sun, 13 Mar 2016 01:04:20 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from venus.codepro.be (venus.codepro.be [IPv6:2a01:4f8:162:1127::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.codepro.be", Issuer "Gandi Standard SSL CA 2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id BAEDDD09 for ; Sun, 13 Mar 2016 01:04:20 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from [10.1.0.56] (216.134.149.210.rev.iijgio.jp [210.149.134.216]) by venus.codepro.be (Postfix) with ESMTPSA id DF55319A76; Sun, 13 Mar 2016 02:04:15 +0100 (CET) Subject: Re: unable to block port on MacBook Pro Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\)) Content-Type: text/plain; charset=utf-8 From: Kristof Provost X-Checked-By-Nsa: Probably In-Reply-To: Date: Sun, 13 Mar 2016 10:04:10 +0900 Cc: freebsd-pf@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: References: To: Yakov Feldman X-Mailer: Apple Mail (2.3124) X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Mar 2016 01:04:21 -0000 > On 13 Mar 2016, at 06:31, Yakov Feldman wrote: >=20 > I am trying to block the process that is listening upon the port 9110 = on my > MacBook Pro in order to simulate network interruption. >=20 Are you running FreeBSD or OS X? If you=E2=80=99re running OS X you=E2=80=99ll need to talk to Apple = about this. Regards, Kristof From owner-freebsd-pf@freebsd.org Sun Mar 13 05:31:14 2016 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 85F82ACE291 for ; Sun, 13 Mar 2016 05:31:14 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 778E58B3 for ; Sun, 13 Mar 2016 05:31:14 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u2D5VE1I014723 for ; Sun, 13 Mar 2016 05:31:14 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-pf@FreeBSD.org Subject: [Bug 207598] pf adds icmp unreach on gre/ipsec somehow Date: Sun, 13 Mar 2016 05:31:14 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 10.2-STABLE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: kp@freebsd.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Mar 2016 05:31:14 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D207598 --- Comment #1 from Kristof Provost --- It doesn't look like a very simple setup, so ideally I'd like you to try to simplify it a bit. For example, is the ipsec bit required, or does it happen with just the GRE tunnels as well? It'd also be interesting to know if it happens both with and without 'scrub fragment reassemble'. Do you have anything 'special' in your pf.conf? (That is, route-to, dup-to, set state-policy, ... basically anything not pass or block.) (PS: I seem to be unable to send e-mail to you. Your mail server keeps tell= ing me '452 4.7.1 Try again later') --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-pf@freebsd.org Fri Mar 18 16:38:46 2016 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0A64AAD4ECE for ; Fri, 18 Mar 2016 16:38:46 +0000 (UTC) (envelope-from david@zeromail.us) Received: from mail-io0-x236.google.com (mail-io0-x236.google.com [IPv6:2607:f8b0:4001:c06::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id D1041163D for ; Fri, 18 Mar 2016 16:38:45 +0000 (UTC) (envelope-from david@zeromail.us) Received: by mail-io0-x236.google.com with SMTP id o5so59836363iod.2 for ; Fri, 18 Mar 2016 09:38:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zeromail-us.20150623.gappssmtp.com; s=20150623; h=mime-version:date:message-id:subject:from:to; bh=yGfV53kVxZmD4CimIDF17PQ600m5+U0YgsaW/WCnglQ=; b=PXnSwYJcEftuz904LknFKFzEgJM8KNzndtOHXsAkOOs7r5Z+EChvmna8/IA1cFFWol m2TjqFpZTSxplGZsUhqxg3UmXp5kUt8hCMlx9vzLUpa//PXc16oA33EfejRG9qcQZHoP AcDbLNrw4tDSrmAh1aflp2HaWffvcOn2fZ0e1ckWn+ni7M4ksM3trSr9dgYkzeu2eiFz pFluALwSmS/0BNiMWHZrdOPpcMx+jySfyk6UYVZgQcFGmetwE8L3hwFKbGu46PUJPBgL TQ8ZY+GQKGwgXrGiDALem7p5aUo4NRbinmCnlkvKUWie4IUPfynCbfsvKw8+RiJGMDpv +OWQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:date:message-id:subject:from:to; bh=yGfV53kVxZmD4CimIDF17PQ600m5+U0YgsaW/WCnglQ=; b=mQ2abpbAM52qDUhwaFcUKRGGNqxNYv2by4s4Z4Td+Q8xwt5nopXJCWREG5inQPFS2J Nfaqiw/ZVC7NZNWzEUKhyW/7gR5KX6RaO6FikDeyIbfMYDrNj+idcxRN4Bjvc4NXzmU0 z/asPgxqjW8+h4MWSP65Gmmt3YhC3nN4/mwIDmYP0M594R3cjuYDc3JhWHYlQ4ft3HPd H1s2ywQGO3LvUM/UFWet3GH2HTkbhfaphesQu5O2s8hZn1F+FORAgDCNxM93f51+14FW 1Ovcnicu6835uz+OgGEUZ3r7cCB+XQUmKogyi5cEq2FqFJVjD1JBdGhBmx4LRnSQZ7Pb +6aQ== X-Gm-Message-State: AD7BkJLYzaULNJ3IAEdHBuewuU1Qcbp5o3E75R74sdxdQMJU1JNX8aG9UKvM8kTJhN7oO4asCJERvhMEtcLf/A== MIME-Version: 1.0 X-Received: by 10.107.135.15 with SMTP id j15mr17695986iod.28.1458319125081; Fri, 18 Mar 2016 09:38:45 -0700 (PDT) Received: by 10.64.123.2 with HTTP; Fri, 18 Mar 2016 09:38:45 -0700 (PDT) X-Originating-IP: [103.234.208.134] Date: Fri, 18 Mar 2016 23:38:45 +0700 Message-ID: Subject: Invalid queue upload statistic From: "David S." To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.21 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Mar 2016 16:38:46 -0000 Dear All, This is my first post, my name is David and I'm currently developing FreeBSD as a BGP router and traffic shaper for my network. I already setup PF + ALTQ and working great, the bandwidth speed is match with my queue rule but the problem is the queue upload statistic. Before continuing the story please review my pf.conf below: === #/etc/pf.conf set limit states 10000000 set limit frags 10000000 set limit src-nodes 5000000 set limit table-entries 20000000 coba_net="{ 103.1.1.0/29, 103.1.2.0/28 }" altq on igb0 hfsc bandwidth 1000Mb queue {default_up,coba_up} altq on igb1 hfsc bandwidth 1000Mb queue {default_down,coba_down} queue coba_up bandwidth 2Mb qlimit 900 hfsc (realtime 2Mb, upperlimit 3Mb) queue coba_down bandwidth 2Mb qlimit 900 hfsc (realtime 2Mb, upperlimit 3Mb) pass quick on igb1.100 from $coba_net to any queue coba_down pass quick on igb0 from $coba_net to any queue coba_up === The problem is queue upload statistic is invalid and the queue download statistic is normal or match with my real bandwidth usage. I already do test using speedtest.net or upload and download file from my server to my another server on AWS and the bandwidth is match with my queue setup. For an example, I try to upload some file to my server on AWS and the real bandwidth usage is 4.5Mbps and here is the result from the iftop comparing to pfctl -s queue -vv: qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq TX: cum: 10.9MB peak: 6.13Mb rates: 4.59Mb 5.10Mb 4.83Mb RX: 180KB 100Kb 75.3Kb 84.3Kb 80.0Kb TOTAL: 11.0MB 6.23Mb 4.66Mb 5.18Mb 4.91Mb queue coba_up on igb0 bandwidth 2Mb qlimit 900 hfsc( realtime 2Mb upperlimit 3Mb ) [ pkts: 1606 bytes: 242657 dropped pkts: 0 bytes: 0 ] [ qlength: 0/900 ] [ measured: 8.8 packets/s, 9.38Kb/s ] But the download queue statistic is normal, please see below: qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq TX: cum: 770MB peak: 79.2Kb rates: 61.5Kb 59.6Kb 62.0Kb RX: 36.8MB 2.84Mb 2.83Mb 2.83Mb 2.83Mb TOTAL: 806MB 2.91Mb 2.89Mb 2.89Mb 2.89Mb queue coba_down on igb1 bandwidth 2Mb qlimit 900 hfsc( realtime 2Mb upperlimit 3Mb ) [ pkts: 37847 bytes: 30114656 dropped pkts: 0 bytes: 0 ] [ qlength: 32/900 ] [ measured: 248.4 packets/s, 3Mb/s ] Please help or give me some information to fix this problem, if any information need please let me know. Best regards, David Suhendrik. ------------------------------------------------ e. david@zeromail.us w. http://pnyet.web.id From owner-freebsd-pf@freebsd.org Fri Mar 18 18:51:01 2016 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 12D8AAD5DF4 for ; Fri, 18 Mar 2016 18:51:01 +0000 (UTC) (envelope-from ermal.luci@gmail.com) Received: from mail-yw0-x229.google.com (mail-yw0-x229.google.com [IPv6:2607:f8b0:4002:c05::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id C57581167 for ; Fri, 18 Mar 2016 18:51:00 +0000 (UTC) (envelope-from ermal.luci@gmail.com) Received: by mail-yw0-x229.google.com with SMTP id h129so150175302ywb.1 for ; Fri, 18 Mar 2016 11:51:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc; bh=MyBRYNedZVjYj6iRk2HjOlJ4Iha8oawpGwlrtdRFG/o=; b=feYrKukpGDvCJl5u8pQwqRBqW2aPbYSN8UU6lxwUgvLzC1ThCzKOfmxZ68bGMU2la3 bt9u8APf2GDywYPMdw9YoohCDO4uMC6iu9j9I+FPPlrtnxi+RDgiyVK6tK9NXtGhnzaU 0Hh0+xI9cnXlXesslIvWqj2HvXFN5vEzjvshev5MlPJQknkcgw0PUTyVdp0Rm7JXHFDJ nWsSXqJ1UEAYn1AdRgF/8c1Y1PEqRF+mQf7gBMEemYYbKzIhkH2QDYbf9eYxmX0kNQxd 0QNOTPAtbi3NBb2E8KtDQ5DIEakYUDma1XPR3hVDz+RHSq1NH6JQyu16b2DgyrumJa+Q 1dkQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:date :message-id:subject:from:to:cc; bh=MyBRYNedZVjYj6iRk2HjOlJ4Iha8oawpGwlrtdRFG/o=; b=FHvC2ggb2nSTx+7loRy6IP2ohQ+0XnXkRUxkTL99CSSVnfQ1Hhwjgizcq5bSSzgpnE bjkWWxJQeGNx8QySbrk5favYDaZUmjgrnNb+MUWDHvwukrLhufaociJSYc7paTeUxajK kijpgUUEaYQ7gD2pf4gmgGWFt0qCvAs4ziuhoRopW0wtu8xHu+9TkiGvuuk0QHI8B08q NpfTChkhcN7r1Rx8KHe/qErhd9iqCxY5BuTrbRxb6gZ60dozz9aZUaR+kflaVC2PTPud qoR/uYpGXG1zgyuR9PuLgaNQYBJDf/F9B/szqiSoitf6TWfJRbPB85zIHHE2H76YNtAe 3eKQ== X-Gm-Message-State: AD7BkJKEqMdCGhBf8yk8U4HJyjh7kZBU1YS8rml6p92RsgN4W15hhA7jJl3PZII2URCFAfpdgSVRcxwYGLLEIw== MIME-Version: 1.0 X-Received: by 10.13.222.1 with SMTP id h1mr8293890ywe.171.1458327060119; Fri, 18 Mar 2016 11:51:00 -0700 (PDT) Sender: ermal.luci@gmail.com Received: by 10.129.51.205 with HTTP; Fri, 18 Mar 2016 11:51:00 -0700 (PDT) In-Reply-To: References: Date: Fri, 18 Mar 2016 19:51:00 +0100 X-Google-Sender-Auth: PrQHU98vXcFutxvTMnca3pL0l2Y Message-ID: Subject: Re: Invalid queue upload statistic From: =?UTF-8?Q?Ermal_Lu=C3=A7i?= To: "David S." Cc: "freebsd-pf@freebsd.org" Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.21 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Mar 2016 18:51:01 -0000 On Fri, Mar 18, 2016 at 5:38 PM, David S. wrote: > Dear All, > > This is my first post, my name is David and I'm currently developing > FreeBSD as a BGP router and traffic shaper for my network. > > I already setup PF + ALTQ and working great, the bandwidth speed is match > with my queue rule but the problem is the queue upload statistic. Before > continuing the story please review my pf.conf below: > > === > #/etc/pf.conf > > set limit states 10000000 > set limit frags 10000000 > set limit src-nodes 5000000 > set limit table-entries 20000000 > > > coba_net="{ 103.1.1.0/29, 103.1.2.0/28 }" > > altq on igb0 hfsc bandwidth 1000Mb queue {default_up,coba_up} > altq on igb1 hfsc bandwidth 1000Mb queue {default_down,coba_down} > > queue coba_up bandwidth 2Mb qlimit 900 hfsc (realtime 2Mb, upperlimit 3Mb) > queue coba_down bandwidth 2Mb qlimit 900 hfsc (realtime 2Mb, upperlimit > 3Mb) > > pass quick on igb1.100 from $coba_net to any queue coba_down > pass quick on igb0 from $coba_net to any queue coba_up > > === > > The problem is queue upload statistic is invalid and the queue download > statistic is normal or match with my real bandwidth usage. I already do > test using speedtest.net or upload and download file from my server to my > another server on AWS and the bandwidth is match with my queue setup. > > For an example, I try to upload some file to my server on AWS and the real > bandwidth usage is 4.5Mbps and here is the result from the iftop comparing > to pfctl -s queue -vv: > > > qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq > TX: cum: 10.9MB peak: 6.13Mb rates: 4.59Mb 5.10Mb > 4.83Mb > RX: 180KB 100Kb 75.3Kb 84.3Kb > 80.0Kb > TOTAL: 11.0MB 6.23Mb 4.66Mb 5.18Mb > 4.91Mb > > > > queue coba_up on igb0 bandwidth 2Mb qlimit 900 hfsc( realtime 2Mb > upperlimit 3Mb ) > [ pkts: 1606 bytes: 242657 dropped pkts: 0 bytes: 0 > ] > [ qlength: 0/900 ] > [ measured: 8.8 packets/s, 9.38Kb/s ] > > > This is for ~5 second interval so it will never show what you are expecting but the calculation done during that time frame. > But the download queue statistic is normal, please see below: > > > qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq > TX: cum: 770MB peak: 79.2Kb rates: 61.5Kb 59.6Kb > 62.0Kb > RX: 36.8MB 2.84Mb 2.83Mb 2.83Mb > 2.83Mb > TOTAL: 806MB 2.91Mb 2.89Mb 2.89Mb > 2.89Mb > > queue coba_down on igb1 bandwidth 2Mb qlimit 900 hfsc( realtime 2Mb > upperlimit 3Mb ) > [ pkts: 37847 bytes: 30114656 dropped pkts: 0 bytes: 0 > ] > [ qlength: 32/900 ] > [ measured: 248.4 packets/s, 3Mb/s ] > > Please help or give me some information to fix this problem, if any > information need please let me know. > > Best regards, > David Suhendrik. > ------------------------------------------------ > e. david@zeromail.us > w. http://pnyet.web.id > _______________________________________________ > freebsd-pf@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > > -- > Ermal > From owner-freebsd-pf@freebsd.org Fri Mar 18 19:15:34 2016 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 15FE3AD4A9C for ; Fri, 18 Mar 2016 19:15:34 +0000 (UTC) (envelope-from david@zeromail.us) Received: from mail-io0-x232.google.com (mail-io0-x232.google.com [IPv6:2607:f8b0:4001:c06::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id BFADF3E9 for ; Fri, 18 Mar 2016 19:15:33 +0000 (UTC) (envelope-from david@zeromail.us) Received: by mail-io0-x232.google.com with SMTP id m184so148849487iof.1 for ; Fri, 18 Mar 2016 12:15:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zeromail-us.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=ktXiNTLrSpKXx+HDdYQBNPd6mUB1CdG04v3howwIQZg=; b=Qe++kVRC5eZqzfZ8Soqk/G1OCF6gbKzzsrdZeXk3IrQGhrRYVhKX9NoGnHJTrUsxho VyNcWvUySmv/2C/ct1oLuvS0tw/2uW3eBV6WVT72kz/9zA0/lnsy/iVLaVbcwcM23ou9 ervFDvOv5sTFqlzmWGpm+1981EakDoC80B+obtmH9PHhsUhVEQ48nddSadlx63dYiY+N A3YOdkVCDhIZPxLHL2Pa28WmmLDggMQD1jtj9beoMbVu6AXoC4iKXnk0vvUipBq1MOMk EZPeSN/9QuYTJi495PQ/e/eh/4irUotdErZjU4UX9fkvGwAs0llAGZ+XJByeT1xkRNYk Mg7A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=ktXiNTLrSpKXx+HDdYQBNPd6mUB1CdG04v3howwIQZg=; b=h4mTe46VCu2tmBW+Lo1FWnmQRa2tKNgKl9f8Qc3bmDU8E2LK4XzTbFVsst3H5owiGd Y8h2cLd5jV59Xjxuj64NGzTUms/8O3YZEyx56B7ir7pguCL1c8VdZrBpWWcVEKgeGhnb it2AXfA/NMMtgc4mYqqAh2zTsp9TAf2ZsJmASq3g8jC1sQxUzZqaZfP83aiYNVI6THok VEJSMGswEa8D2h6GtMbsGIv/9/HZkQCYjyHxfBc2iYROwjvmHyfIMyqP/k7ZsJ7EN4B+ jOfJN8JeO+Vjxno/6+nP8KFdJN7tM+pogOvkcwDzlZSrqvbK2//4agXgAqlE3rbcQ6Fd BCZA== X-Gm-Message-State: AD7BkJKPwVcMIkbiQA4Qq7jz5GBuTWgF2aBOJKB8ig66UkJMr1dre+NjvmhEOOSvSxZuLPUXok+tKhC5UfBQlw== MIME-Version: 1.0 X-Received: by 10.107.135.15 with SMTP id j15mr18441044iod.28.1458328532929; Fri, 18 Mar 2016 12:15:32 -0700 (PDT) Received: by 10.64.123.2 with HTTP; Fri, 18 Mar 2016 12:15:32 -0700 (PDT) X-Originating-IP: [103.234.208.134] In-Reply-To: References: Date: Sat, 19 Mar 2016 02:15:32 +0700 Message-ID: Subject: Re: Invalid queue upload statistic From: "David S." To: =?UTF-8?Q?Ermal_Lu=C3=A7i?= Cc: "freebsd-pf@freebsd.org" Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.21 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Mar 2016 19:15:34 -0000 Hi Ermal, Thank you for your response. I know that the queu statistic is based on 5 second interval, and when I trying to upload some files to the internet I can't view the real bits/sec. The question is still same, why isn't happen on download queue? This problem affect to my network monitoring graph, I use zabbix and please see attached image for the comparison between upload and download. For your additional info, I do the upload and download test at the same time, please see below for the latest test: queue coba_down on igb1 bandwidth 2Mb qlimit 900 hfsc( realtime 2Mb upperlimit 3Mb ) [ pkts: 20320 bytes: 30037652 dropped pkts: 0 bytes: 0 ] [ qlength: 13/900 ] [ measured: 158.4 packets/s, 1.87Mb/s ] queue coba_up on igb0 bandwidth 2Mb qlimit 900 hfsc( realtime 2Mb upperlimit 3Mb ) [ pkts: 21854 bytes: 1629807 dropped pkts: 0 bytes: 0 ] [ qlength: 0/900 ] [ measured: 158.8 packets/s, 101.99Kb/s ] #IFTOP TX: cum: 0.98GB peak: 6.33Mb rates: 6.29Mb 5.58Mb 5.33Mb <--- seems my upload rule not work RX: 378MB 2.96Mb 2.96Mb 2.93Mb 2.91Mb TOTAL: 1.35GB 9.26Mb 9.25Mb 8.51Mb 8.23Mb Thank you Best regards, David S. ------------------------------------------------ e. david@zeromail.us w. http://blog.pnyet.web.id On Sat, Mar 19, 2016 at 1:51 AM, Ermal Lu=C3=A7i wrote: > > > On Fri, Mar 18, 2016 at 5:38 PM, David S. wrote: > >> Dear All, >> >> This is my first post, my name is David and I'm currently developing >> FreeBSD as a BGP router and traffic shaper for my network. >> >> I already setup PF + ALTQ and working great, the bandwidth speed is matc= h >> with my queue rule but the problem is the queue upload statistic. Before >> continuing the story please review my pf.conf below: >> >> =3D=3D=3D >> #/etc/pf.conf >> >> set limit states 10000000 >> set limit frags 10000000 >> set limit src-nodes 5000000 >> set limit table-entries 20000000 >> >> >> coba_net=3D"{ 103.1.1.0/29, 103.1.2.0/28 }" >> >> altq on igb0 hfsc bandwidth 1000Mb queue {default_up,coba_up} >> altq on igb1 hfsc bandwidth 1000Mb queue {default_down,coba_down} >> >> queue coba_up bandwidth 2Mb qlimit 900 hfsc (realtime 2Mb, upperlimit 3M= b) >> queue coba_down bandwidth 2Mb qlimit 900 hfsc (realtime 2Mb, upperlimit >> 3Mb) >> >> pass quick on igb1.100 from $coba_net to any queue coba_down >> pass quick on igb0 from $coba_net to any queue coba_up >> >> =3D=3D=3D >> >> The problem is queue upload statistic is invalid and the queue download >> statistic is normal or match with my real bandwidth usage. I already do >> test using speedtest.net or upload and download file from my server to m= y >> another server on AWS and the bandwidth is match with my queue setup. >> >> For an example, I try to upload some file to my server on AWS and the re= al >> bandwidth usage is 4.5Mbps and here is the result from the iftop compari= ng >> to pfctl -s queue -vv: >> >> >> qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq= qqqqqqqq >> TX: cum: 10.9MB peak: 6.13Mb rates: 4.59Mb 5.10Mb >> 4.83Mb >> RX: 180KB 100Kb 75.3Kb 84.3Kb >> 80.0Kb >> TOTAL: 11.0MB 6.23Mb 4.66Mb 5.18Mb >> 4.91Mb >> >> >> >> queue coba_up on igb0 bandwidth 2Mb qlimit 900 hfsc( realtime 2Mb >> upperlimit 3Mb ) >> [ pkts: 1606 bytes: 242657 dropped pkts: 0 bytes: >> 0 >> ] >> [ qlength: 0/900 ] >> [ measured: 8.8 packets/s, 9.38Kb/s ] >> >> >> > > This is for ~5 second interval so it will never show what you are > expecting but the calculation done during that time frame. > > >> But the download queue statistic is normal, please see below: >> >> >> qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq= qqqqqqqq >> TX: cum: 770MB peak: 79.2Kb rates: 61.5Kb 59.6Kb >> 62.0Kb >> RX: 36.8MB 2.84Mb 2.83Mb 2.83Mb >> 2.83Mb >> TOTAL: 806MB 2.91Mb 2.89Mb 2.89Mb >> 2.89Mb >> >> queue coba_down on igb1 bandwidth 2Mb qlimit 900 hfsc( realtime 2Mb >> upperlimit 3Mb ) >> [ pkts: 37847 bytes: 30114656 dropped pkts: 0 bytes: >> 0 >> ] >> [ qlength: 32/900 ] >> [ measured: 248.4 packets/s, 3Mb/s ] >> >> Please help or give me some information to fix this problem, if any >> information need please let me know. >> >> Best regards, >> David Suhendrik. >> ------------------------------------------------ >> e. david@zeromail.us >> w. http://pnyet.web.id >> _______________________________________________ >> freebsd-pf@freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-pf >> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" >> >> -- >> Ermal >> >