From owner-freebsd-pf@freebsd.org Mon Oct 16 13:03:17 2017 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CDBC2E3A5C3 for ; Mon, 16 Oct 2017 13:03:17 +0000 (UTC) (envelope-from R.Dahmen@m3connect.de) Received: from mailout-f3.arcor-ip.de (mailout-f3.arcor-ip.de [145.253.3.216]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 777B7802E7 for ; Mon, 16 Oct 2017 13:03:17 +0000 (UTC) (envelope-from R.Dahmen@m3connect.de) Received: from MX01.scientific.de (unknown [88.79.237.78]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailout-f3.arcor-ip.de (Arcor-IP) with ESMTPS id 248C9B43D0B for ; Mon, 16 Oct 2017 14:54:31 +0200 (CEST) Received: from MX01.scientific.de ([::1]) by MX01.scientific.de ([::1]) with mapi id 14.03.0361.001; Mon, 16 Oct 2017 14:55:04 +0200 From: Rolf Dahmen To: "freebsd-pf@freebsd.org" Subject: Issue using altq_priq unter FreeBSD 11.1 - help needed Thread-Topic: Issue using altq_priq unter FreeBSD 11.1 - help needed Thread-Index: AdNGfTkcET+ejV+PRBaL9i1p4eqGCA== Date: Mon, 16 Oct 2017 12:55:03 +0000 Message-ID: <201C56274507CA41A05709BADF3703F3761C03@MX01.scientific.de> Accept-Language: de-DE, en-US Content-Language: de-DE X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-originating-ip: [192.168.13.85] MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Oct 2017 13:03:17 -0000 Hi all, I=B4m Rolf Dahmen working as CTO for a german Wifi Service Provider. We do = have a certain issue that we are not able to configure QoS to prioritize qu= eues on FreeBSD using pf with altq. My SysOps engineers are stuck in gettin= g it done, so I`m looking forward to get a resolution or any consults onboa= rded. We have successfully recompiled the kernel to use pf with altq. We have configured 5 new queues "allowed, specialip, terminals, freeunlimit= ed, free" to pass the incoming traffic to prioritize the flow. The issue is= that always the defined default queue is used but never the user queues. I do think that our pf.conf is not complete: (pf.conf) altq on igb0 priq queue {allowed, specialip, terminals, freeunlimited, free= } queue free priority 5 priq(red) queue freeunlimited priority 4 priq(red) queue terminals priority 3 priq(red) queue specialip priority 2 priq(red) queue allowed priority 1 priq(default red) Gru=DF, Rolf Dahmen Chief Technology Officer (CTO) [cid:image001.jpg@01D168B7.D9C957D0] T: +49 (0)241 980 986 68 M: +49 (0)151 617 196 23 Fax: +49 (0)241 980 986 90 Web: www.m3connect.de E-Mail: r.dahmen@m3connect.de m3connect GmbH | Friedlandstr.18 | 52064 Aachen | DE/Germany | Amtsgericht = Aachen | HRB 8773 | USt.- ID: DE219 664 658 | Gesch=E4ftsf=FChrer/CEO: Emil= io Dragas, Markus Schindler From owner-freebsd-pf@freebsd.org Mon Oct 16 15:27:50 2017 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7D1E0E3D1D9 for ; Mon, 16 Oct 2017 15:27:50 +0000 (UTC) (envelope-from srs0=q8b8=bp=mail.sermon-archive.info=doug@sermon-archive.info) Received: from mail.sermon-archive.info (sermon-archive.info [71.177.216.148]) by mx1.freebsd.org (Postfix) with ESMTP id 6AB8184A8C for ; Mon, 16 Oct 2017 15:27:49 +0000 (UTC) (envelope-from srs0=q8b8=bp=mail.sermon-archive.info=doug@sermon-archive.info) Received: from [10.0.1.251] (mini [10.0.1.251]) by mail.sermon-archive.info (Postfix) with ESMTPSA id 3yG29s4HKpz2fq86; Mon, 16 Oct 2017 08:22:09 -0700 (PDT) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) Subject: Re: Issue using altq_priq unter FreeBSD 11.1 - help needed From: Doug Hardie In-Reply-To: <201C56274507CA41A05709BADF3703F3761C03@MX01.scientific.de> Date: Mon, 16 Oct 2017 08:22:09 -0700 Cc: "freebsd-pf@freebsd.org" Content-Transfer-Encoding: quoted-printable Message-Id: <088C50D8-0533-4969-939B-62A174598A4B@mail.sermon-archive.info> References: <201C56274507CA41A05709BADF3703F3761C03@MX01.scientific.de> To: Rolf Dahmen X-Mailer: Apple Mail (2.3273) X-Virus-Scanned: clamav-milter 0.99.2 at mail X-Virus-Status: Clean X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Oct 2017 15:27:50 -0000 You are missing the filtering commands to tell pf which traffic goes in = which queue. Here is an example using bandwidth queues that I used to = use. They are all commented out now since I don't need them anymore, = but kept them around just in case. This configuration restricted the = bandwidth for web and mail. If I remember correctly, I built this from = "The Book of PF" which I believe is available on the web now. ############ Queueing: rule-based bandwidth control. #altq on $ext_if cbq bandwidth 100% queue {normal, web, mail} # queue normal bandwidth 99% qlimit 100 cbq(default) # queue web bandwidth 100Kb qlimit 100 cbq # queue mail bandwidth 250Kb qlimit 100 cbq ############ Filtering: Last Rule Matches #pass log proto tcp from any to any port 80 queue web=20 #pass log proto tcp from any to any port 25 queue mail=20 -- Doug > On 16 October 2017, at 05:55, Rolf Dahmen = wrote: >=20 > Hi all, >=20 > I=C2=B4m Rolf Dahmen working as CTO for a german Wifi Service = Provider. We do have a certain issue that we are not able to configure = QoS to prioritize queues on FreeBSD using pf with altq. My SysOps = engineers are stuck in getting it done, so I`m looking forward to get a = resolution or any consults onboarded. >=20 > We have successfully recompiled the kernel to use pf with altq. >=20 > We have configured 5 new queues "allowed, specialip, terminals, = freeunlimited, free" to pass the incoming traffic to prioritize the = flow. The issue is that always the defined default queue is used but = never the user queues. >=20 > I do think that our pf.conf is not complete: >=20 > (pf.conf) > altq on igb0 priq queue {allowed, specialip, terminals, freeunlimited, = free} > queue free priority 5 priq(red) > queue freeunlimited priority 4 priq(red) > queue terminals priority 3 priq(red) > queue specialip priority 2 priq(red) > queue allowed priority 1 priq(default red) >=20 >=20 > Gru=C3=9F, >=20 > Rolf Dahmen > Chief Technology Officer (CTO) >=20 > [cid:image001.jpg@01D168B7.D9C957D0] >=20 > T: +49 (0)241 980 986 68 > M: +49 (0)151 617 196 23 > Fax: +49 (0)241 980 986 90 >=20 > Web: www.m3connect.de > E-Mail: r.dahmen@m3connect.de >=20 > m3connect GmbH | Friedlandstr.18 | 52064 Aachen | DE/Germany | = Amtsgericht Aachen | HRB 8773 | USt.- ID: DE219 664 658 | = Gesch=C3=A4ftsf=C3=BChrer/CEO: Emilio Dragas, Markus Schindler >=20 >=20 >=20 > _______________________________________________ > freebsd-pf@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" From owner-freebsd-pf@freebsd.org Mon Oct 16 16:38:20 2017 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3FE2FE3EB3E for ; Mon, 16 Oct 2017 16:38:20 +0000 (UTC) (envelope-from R.Dahmen@m3connect.de) Received: from mailout-f4.arcor-ip.de (mailout-f4.arcor-ip.de [145.253.3.219]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E09B72C0E for ; Mon, 16 Oct 2017 16:38:19 +0000 (UTC) (envelope-from R.Dahmen@m3connect.de) Received: from MX01.scientific.de (unknown [88.79.237.78]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailout-f4.arcor-ip.de (Arcor-IP) with ESMTPS id 254B428C5B3D; Mon, 16 Oct 2017 18:31:47 +0200 (CEST) Received: from MX01.scientific.de ([::1]) by MX01.scientific.de ([::1]) with mapi id 14.03.0361.001; Mon, 16 Oct 2017 18:32:21 +0200 From: Rolf Dahmen To: Doug Hardie CC: "freebsd-pf@freebsd.org" Subject: AW: Issue using altq_priq unter FreeBSD 11.1 - help needed Thread-Topic: Issue using altq_priq unter FreeBSD 11.1 - help needed Thread-Index: AdNGfTkcET+ejV+PRBaL9i1p4eqGCAABIuqAAAZT5dA= Date: Mon, 16 Oct 2017 16:32:19 +0000 Message-ID: <201C56274507CA41A05709BADF3703F3761F88@MX01.scientific.de> References: <201C56274507CA41A05709BADF3703F3761C03@MX01.scientific.de> <088C50D8-0533-4969-939B-62A174598A4B@mail.sermon-archive.info> In-Reply-To: <088C50D8-0533-4969-939B-62A174598A4B@mail.sermon-archive.info> Accept-Language: de-DE, en-US Content-Language: de-DE X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [192.168.13.85] Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Oct 2017 16:38:20 -0000 VGh4LCBEb3VnDQoNClVuZGVyc3Rvb2QuIFdlIG5lZWQgdG8gZGVmaW5lIHNvbWUgInBhc3MiIGNv bW1hbmRzIHRvIG1hcCB0aGUgdHJhZmZpYyB0byBkZWRpY2F0ZWQgcXVldWVzLiBXZcK0dmUgc3R1 ZGllZCB0aGUgInBmIG1hbnVhbCIgYW5kIGFyZSBub3QgcXVpdGUgc3VyZSBob3cgdGhlIHBhc3Mg YWN0aW9ucyBzaG91bGQgbG9vayBsaWtlLiANCg0KV2UgaGF2ZSBhbHJlYWR5IGNvbmZpZ3VyZWQg dGhlIGJlbG93IGxpc3RlZCB0YWJsZXMgaW4gImlwZncucnVsZXMiLiANCg0KcGFzcyBpbiBxdWlj ayBvbiBpZ2IwIGZyb20gdF9hbGxvd2VkIHRvIHF1ZXVlIGFsbG93ZWQNCnBhc3MgaW4gcXVpY2sg b24gaWdiMCBmcm9tIHRfc3BlY2lhbGlwIHRvIHF1ZXVlIHNwZWNpYWxpcA0KcGFzcyBpbiBxdWlj ayBvbiBpZ2IwIGZyb20gdF90ZXJtaW5hbHMgdG8gcXVldWUgdGVybWluYWxzDQpwYXNzIGluIHF1 aWNrIG9uIGlnYjAgZnJvbSB0X2ZyZWV1bmxpbWl0ZWQgdG8gcXVldWUgZnJlZXVubGltaXRlZA0K cGFzcyBpbiBxdWljayBvbiBpZ2IwIGZyb20gdF9mcmVlIHRvIHF1ZXVlIGZyZWUNCg0KQW55IGlk ZWEgd2hhdCB3ZSBoYXZlIG1pc3NlZD8gDQoNCi0tLS0tVXJzcHLDvG5nbGljaGUgTmFjaHJpY2h0 LS0tLS0NClZvbjogRG91ZyBIYXJkaWUgW21haWx0bzpiYzk3OUBsYWZuLm9yZ10gDQpHZXNlbmRl dDogTW9udGFnLCAxNi4gT2t0b2JlciAyMDE3IDE3OjIyDQpBbjogUm9sZiBEYWhtZW4gPFIuRGFo bWVuQG0zY29ubmVjdC5kZT4NCkNjOiBmcmVlYnNkLXBmQGZyZWVic2Qub3JnDQpCZXRyZWZmOiBS ZTogSXNzdWUgdXNpbmcgYWx0cV9wcmlxIHVudGVyIEZyZWVCU0QgMTEuMSAtIGhlbHAgbmVlZGVk DQoNCllvdSBhcmUgbWlzc2luZyB0aGUgZmlsdGVyaW5nIGNvbW1hbmRzIHRvIHRlbGwgcGYgd2hp Y2ggdHJhZmZpYyBnb2VzIGluIHdoaWNoIHF1ZXVlLiAgSGVyZSBpcyBhbiBleGFtcGxlIHVzaW5n IGJhbmR3aWR0aCBxdWV1ZXMgdGhhdCBJIHVzZWQgdG8gdXNlLiAgVGhleSBhcmUgYWxsIGNvbW1l bnRlZCBvdXQgbm93IHNpbmNlIEkgZG9uJ3QgbmVlZCB0aGVtIGFueW1vcmUsIGJ1dCBrZXB0IHRo ZW0gYXJvdW5kIGp1c3QgaW4gY2FzZS4gIFRoaXMgY29uZmlndXJhdGlvbiByZXN0cmljdGVkIHRo ZSBiYW5kd2lkdGggZm9yIHdlYiBhbmQgbWFpbC4gIElmIEkgcmVtZW1iZXIgY29ycmVjdGx5LCBJ IGJ1aWx0IHRoaXMgZnJvbSAiVGhlIEJvb2sgb2YgUEYiIHdoaWNoIEkgYmVsaWV2ZSBpcyBhdmFp bGFibGUgb24gdGhlIHdlYiBub3cuDQoNCg0KIyMjIyMjIyMjIyMjIFF1ZXVlaW5nOiAgcnVsZS1i YXNlZCBiYW5kd2lkdGggY29udHJvbC4NCiNhbHRxIG9uICRleHRfaWYgY2JxIGJhbmR3aWR0aCAx MDAlIHF1ZXVlIHtub3JtYWwsIHdlYiwgbWFpbH0NCiMgICAgICAgcXVldWUgbm9ybWFsIGJhbmR3 aWR0aCA5OSUgcWxpbWl0IDEwMCBjYnEoZGVmYXVsdCkNCiMgICAgICAgcXVldWUgd2ViIGJhbmR3 aWR0aCAxMDBLYiBxbGltaXQgMTAwIGNicQ0KIyAgICAgICBxdWV1ZSBtYWlsIGJhbmR3aWR0aCAy NTBLYiBxbGltaXQgMTAwIGNicQ0KDQojIyMjIyMjIyMjIyMgRmlsdGVyaW5nOiAgTGFzdCBSdWxl IE1hdGNoZXMgI3Bhc3MgbG9nIHByb3RvIHRjcCBmcm9tIGFueSB0byBhbnkgcG9ydCA4MCBxdWV1 ZSB3ZWIgI3Bhc3MgbG9nIHByb3RvIHRjcCBmcm9tIGFueSB0byBhbnkgcG9ydCAyNSBxdWV1ZSBt YWlsIA0KDQotLSBEb3VnDQoNCj4gT24gMTYgT2N0b2JlciAyMDE3LCBhdCAwNTo1NSwgUm9sZiBE YWhtZW4gPFIuRGFobWVuQG0zY29ubmVjdC5kZT4gd3JvdGU6DQo+IA0KPiBIaSBhbGwsDQo+IA0K PiBJwrRtIFJvbGYgRGFobWVuIHdvcmtpbmcgYXMgQ1RPIGZvciBhIGdlcm1hbiBXaWZpIFNlcnZp Y2UgUHJvdmlkZXIuIFdlIGRvIGhhdmUgYSBjZXJ0YWluIGlzc3VlIHRoYXQgd2UgYXJlIG5vdCBh YmxlIHRvIGNvbmZpZ3VyZSBRb1MgdG8gcHJpb3JpdGl6ZSBxdWV1ZXMgb24gRnJlZUJTRCB1c2lu ZyBwZiB3aXRoIGFsdHEuIE15IFN5c09wcyBlbmdpbmVlcnMgYXJlIHN0dWNrIGluIGdldHRpbmcg aXQgZG9uZSwgc28gSWBtIGxvb2tpbmcgZm9yd2FyZCB0byBnZXQgYSByZXNvbHV0aW9uIG9yIGFu eSBjb25zdWx0cyBvbmJvYXJkZWQuDQo+IA0KPiBXZSBoYXZlIHN1Y2Nlc3NmdWxseSByZWNvbXBp bGVkIHRoZSBrZXJuZWwgdG8gdXNlIHBmIHdpdGggYWx0cS4NCj4gDQo+IFdlIGhhdmUgY29uZmln dXJlZCA1IG5ldyBxdWV1ZXMgImFsbG93ZWQsIHNwZWNpYWxpcCwgdGVybWluYWxzLCBmcmVldW5s aW1pdGVkLCBmcmVlIiB0byBwYXNzIHRoZSBpbmNvbWluZyB0cmFmZmljIHRvIHByaW9yaXRpemUg dGhlIGZsb3cuIFRoZSBpc3N1ZSBpcyB0aGF0IGFsd2F5cyB0aGUgZGVmaW5lZCBkZWZhdWx0IHF1 ZXVlIGlzIHVzZWQgYnV0IG5ldmVyIHRoZSB1c2VyIHF1ZXVlcy4NCj4gDQo+IEkgZG8gdGhpbmsg dGhhdCBvdXIgcGYuY29uZiBpcyBub3QgY29tcGxldGU6DQo+IA0KPiAgICAgICAocGYuY29uZikN Cj4gYWx0cSBvbiBpZ2IwIHByaXEgcXVldWUge2FsbG93ZWQsIHNwZWNpYWxpcCwgdGVybWluYWxz LCBmcmVldW5saW1pdGVkLCANCj4gZnJlZX0gcXVldWUgZnJlZSBwcmlvcml0eSA1IHByaXEocmVk KSBxdWV1ZSBmcmVldW5saW1pdGVkIHByaW9yaXR5IDQgDQo+IHByaXEocmVkKSBxdWV1ZSB0ZXJt aW5hbHMgcHJpb3JpdHkgMyBwcmlxKHJlZCkgcXVldWUgc3BlY2lhbGlwIA0KPiBwcmlvcml0eSAy IHByaXEocmVkKSBxdWV1ZSBhbGxvd2VkIHByaW9yaXR5IDEgcHJpcShkZWZhdWx0IHJlZCkNCj4g DQo+IA0KPiBHcnXDnywNCj4gDQo+IFJvbGYgRGFobWVuDQo+IENoaWVmIFRlY2hub2xvZ3kgT2Zm aWNlciAoQ1RPKQ0KPiANCj4gW2NpZDppbWFnZTAwMS5qcGdAMDFEMTY4QjcuRDlDOTU3RDBdDQo+ IA0KPiBUOiAgICAgICAgICAgICArNDkgKDApMjQxIDk4MCA5ODYgNjgNCj4gTTogICAgICAgICAg ICArNDkgKDApMTUxIDYxNyAxOTYgMjMNCj4gRmF4OiAgICAgICAgICs0OSAoMCkyNDEgOTgwIDk4 NiA5MA0KPiANCj4gV2ViOiAgICAgICAgd3d3Lm0zY29ubmVjdC5kZTxodHRwOi8vd3d3Lm0zY29u bmVjdC5kZS8+DQo+IEUtTWFpbDogICAgIHIuZGFobWVuQG0zY29ubmVjdC5kZTxtYWlsdG86ci5k YWhtZW5AbTNjb25uZWN0LmRlPg0KPiANCj4gbTNjb25uZWN0IEdtYkggfCBGcmllZGxhbmRzdHIu MTggfCA1MjA2NCBBYWNoZW4gfCBERS9HZXJtYW55IHwgDQo+IEFtdHNnZXJpY2h0IEFhY2hlbiB8 IEhSQiA4NzczIHwgVVN0Li0gSUQ6IERFMjE5IDY2NCA2NTggfCANCj4gR2VzY2jDpGZ0c2bDvGhy ZXIvQ0VPOiBFbWlsaW8gRHJhZ2FzLCBNYXJrdXMgU2NoaW5kbGVyDQo+IA0KPiANCj4gDQo+IF9f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fDQo+IGZyZWVic2Qt cGZAZnJlZWJzZC5vcmcgbWFpbGluZyBsaXN0DQo+IGh0dHBzOi8vbGlzdHMuZnJlZWJzZC5vcmcv bWFpbG1hbi9saXN0aW5mby9mcmVlYnNkLXBmDQo+IFRvIHVuc3Vic2NyaWJlLCBzZW5kIGFueSBt YWlsIHRvICJmcmVlYnNkLXBmLXVuc3Vic2NyaWJlQGZyZWVic2Qub3JnIg0KDQo= From owner-freebsd-pf@freebsd.org Mon Oct 16 19:38:44 2017 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4254FE430F4 for ; Mon, 16 Oct 2017 19:38:44 +0000 (UTC) (envelope-from ian.freislich@capeaugusta.com) Received: from mail-qt0-x236.google.com (mail-qt0-x236.google.com [IPv6:2607:f8b0:400d:c0d::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id F24B869DD3 for ; Mon, 16 Oct 2017 19:38:43 +0000 (UTC) (envelope-from ian.freislich@capeaugusta.com) Received: by mail-qt0-x236.google.com with SMTP id f8so34163862qta.5 for ; Mon, 16 Oct 2017 12:38:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=capeaugusta-com.20150623.gappssmtp.com; s=20150623; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding:content-language; bh=w9dCbNktwDlHh1P8tpdEgv89twFtc659PiI84xnQjQE=; b=t2m6l3L0z6eAPJXenhxliwVrvCzKXQDstfd0rPbwPGcF9ir9Qi0vfjAxpBdkiEQImo DYDbjaS5d90ZX2M6qhoZC4hLULjhf27tyO12sh1U+qvDox3xKPoBmCu3m4SzplWLbZWA 3P+CzVtY7u9LVRFn9Xirr0zRzEAAexUzsnLbIhLDzEeV04JYGR9HPX7C9i5SBVPRS+Na khxiWOv6hjAxn+EyESrkivqp5ZBUyjuBlX9VaLFduTE1D9Ez/W+IdP4WRXWhEb9MseNp QzC7yY22EgX5+s0g1czNPw2/dxEgEvqYBiiWFm/4ZzWXxQXzba0O+1zwHnpopgRU0kBy TxZQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=w9dCbNktwDlHh1P8tpdEgv89twFtc659PiI84xnQjQE=; b=NltfDC6e07AQBALIPdNsH0z664M+xqkEoSbyhxlWCTgQjUU24fzW/+a2aaEHowVdrF nYCe5CW6q6YH8H081zrFwLZrCoAMFdaWbFAiwYn2QUlCezGZ22xR0T3u0zmnkdsadeZi fdEsF6Tsp9uesCSKNzIkYRjzJqwWB3+6ryZPRyD2KtyFG+q9OWfn58iRK9mlr0eyhxNT JAiz1Eq2GgOlbQoAQxlL9Q/Q+jYjXM3RjHQ0x6e/9bWHp3vTTEEPv+0knlQpSVXQcvfe i189p3e5Oi2IE46pv+XwIYkIc64bAOXuUxtNzZ9GI8clgraaDlNFM8DjZHilmIymrBVO ra3w== X-Gm-Message-State: AMCzsaU8pBh+P9Z4Am0NOEoDTHFcA9jZFrQdlMBie0UXsGp4s83SKQcO rTweGN5AR4xd8YchJGFKhvA+gB7KPbc6EnQy6M/XcBGkhEJD183VBXS6t/Bs/S9hzE+xdX9Oghj mm6YToVO0FxN1GKgcgk05eRldd8LR4Y4FnGxJI+IrsyWtYYTjyQYS4+tHC7XymdZayvM54HyiUu dpuD43 X-Google-Smtp-Source: ABhQp+RikcQAtY5/WLYyK9olf49/Z7H2nxJ30ixPxvrDptEB5oom80fglYzzZ7y+8n353ML6IJ+1Ug== X-Received: by 10.129.103.193 with SMTP id b184mr1119970ywc.364.1508182722378; Mon, 16 Oct 2017 12:38:42 -0700 (PDT) Received: from zen.clue.co.za (c-73-217-184-74.hsd1.ga.comcast.net. [73.217.184.74]) by smtp.gmail.com with ESMTPSA id e14sm4034898ywe.1.2017.10.16.12.38.41 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 16 Oct 2017 12:38:41 -0700 (PDT) Subject: Re: AW: Issue using altq_priq unter FreeBSD 11.1 - help needed To: Rolf Dahmen , Doug Hardie Cc: "freebsd-pf@freebsd.org" References: <201C56274507CA41A05709BADF3703F3761C03@MX01.scientific.de> <088C50D8-0533-4969-939B-62A174598A4B@mail.sermon-archive.info> <201C56274507CA41A05709BADF3703F3761F88@MX01.scientific.de> From: Ian FREISLICH Message-ID: <5819a74f-cc43-8947-24a2-c3ef99825990@capeaugusta.com> Date: Mon, 16 Oct 2017 15:38:41 -0400 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 In-Reply-To: <201C56274507CA41A05709BADF3703F3761F88@MX01.scientific.de> Content-Type: text/plain; charset="UTF-8"; format=flowed Content-Transfer-Encoding: quoted-printable Content-Language: en-US X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Oct 2017 19:38:44 -0000 On 10/16/17 12:32, Rolf Dahmen wrote: > Thx, Doug > > Understood. We need to define some "pass" commands to map the traffic to = dedicated queues. We=C2=B4ve studied the "pf manual" and are not quite sure= how the pass actions should look like. > > We have already configured the below listed tables in "ipfw.rules". > > pass in quick on igb0 from t_allowed to queue allowed pass in quick on igb0 from t_allowed to any queue allowed > pass in quick on igb0 from t_specialip to queue specialip > pass in quick on igb0 from t_terminals to queue terminals > pass in quick on igb0 from t_freeunlimited to queue freeunlimited > pass in quick on igb0 from t_free to queue free > > Any idea what we have missed? > > -----Urspr=C3=BCngliche Nachricht----- > Von: Doug Hardie [mailto:bc979@lafn.org] > Gesendet: Montag, 16. Oktober 2017 17:22 > An: Rolf Dahmen > Cc: freebsd-pf@freebsd.org > Betreff: Re: Issue using altq_priq unter FreeBSD 11.1 - help needed > > You are missing the filtering commands to tell pf which traffic goes in w= hich queue. Here is an example using bandwidth queues that I used to use. = They are all commented out now since I don't need them anymore, but kept t= hem around just in case. This configuration restricted the bandwidth for w= eb and mail. If I remember correctly, I built this from "The Book of PF" w= hich I believe is available on the web now. > > > ############ Queueing: rule-based bandwidth control. > #altq on $ext_if cbq bandwidth 100% queue {normal, web, mail} > # queue normal bandwidth 99% qlimit 100 cbq(default) > # queue web bandwidth 100Kb qlimit 100 cbq > # queue mail bandwidth 250Kb qlimit 100 cbq > > ############ Filtering: Last Rule Matches #pass log proto tcp from any t= o any port 80 queue web #pass log proto tcp from any to any port 25 queue m= ail > > -- Doug > >> On 16 October 2017, at 05:55, Rolf Dahmen wrote: >> >> Hi all, >> >> I=C2=B4m Rolf Dahmen working as CTO for a german Wifi Service Provider. = We do have a certain issue that we are not able to configure QoS to priorit= ize queues on FreeBSD using pf with altq. My SysOps engineers are stuck in = getting it done, so I`m looking forward to get a resolution or any consults= onboarded. >> >> We have successfully recompiled the kernel to use pf with altq. >> >> We have configured 5 new queues "allowed, specialip, terminals, freeunli= mited, free" to pass the incoming traffic to prioritize the flow. The issue= is that always the defined default queue is used but never the user queues= . >> >> I do think that our pf.conf is not complete: >> >> (pf.conf) >> altq on igb0 priq queue {allowed, specialip, terminals, freeunlimited, >> free} queue free priority 5 priq(red) queue freeunlimited priority 4 >> priq(red) queue terminals priority 3 priq(red) queue specialip >> priority 2 priq(red) queue allowed priority 1 priq(default red) >> >> >> Gru=C3=9F, >> >> Rolf Dahmen >> Chief Technology Officer (CTO) >> >> [cid:image001.jpg@01D168B7.D9C957D0] >> >> T: +49 (0)241 980 986 68 >> M: +49 (0)151 617 196 23 >> Fax: +49 (0)241 980 986 90 >> >> Web: www.m3connect.de >> E-Mail: r.dahmen@m3connect.de >> >> m3connect GmbH | Friedlandstr.18 | 52064 Aachen | DE/Germany | >> Amtsgericht Aachen | HRB 8773 | USt.- ID: DE219 664 658 | >> Gesch=C3=A4ftsf=C3=BChrer/CEO: Emilio Dragas, Markus Schindler >> >> >> >> _______________________________________________ >> freebsd-pf@freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-pf >> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > _______________________________________________ > freebsd-pf@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" --=20 =20 Cape Augusta Digital Properties, LLC a Cape Augusta Company *Breach of confidentiality & accidental breach of confidentiality * This email and any files transmitted with it are confidential and intended= =20 solely for the use of the individual or entity to whom they are addressed.= =20 If you have received this email in error please notify the system manager.= =20 This message contains confidential information and is intended only for the= =20 individual named. If you are not the named addressee you should not=20 disseminate, distribute or copy this e-mail. Please notify the sender=20 immediately by e-mail if you have received this e-mail by mistake and=20 delete this e-mail from your system. If you are not the intended recipient= =20 you are notified that disclosing, copying, distributing or taking any=20 action in reliance on the contents of this information is strictly=20 prohibited. From owner-freebsd-pf@freebsd.org Tue Oct 17 07:03:26 2017 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id BF3D6E2FA74 for ; Tue, 17 Oct 2017 07:03:26 +0000 (UTC) (envelope-from R.Dahmen@m3connect.de) Received: from mailout-f6.arcor-ip.de (mailout-f6.arcor-ip.de [145.253.3.208]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 6AE9E21A6 for ; Tue, 17 Oct 2017 07:03:26 +0000 (UTC) (envelope-from R.Dahmen@m3connect.de) Received: from MX01.scientific.de (unknown [88.79.237.78]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailout-f6.arcor-ip.de (Arcor-IP) with ESMTPS id DBC0828C03D; Tue, 17 Oct 2017 08:56:14 +0200 (CEST) Received: from MX01.scientific.de ([::1]) by MX01.scientific.de ([::1]) with mapi id 14.03.0361.001; Tue, 17 Oct 2017 08:56:48 +0200 From: Rolf Dahmen To: Ian FREISLICH , Doug Hardie CC: "freebsd-pf@freebsd.org" Subject: AW: AW: Issue using altq_priq unter FreeBSD 11.1 - help needed Thread-Topic: AW: Issue using altq_priq unter FreeBSD 11.1 - help needed Thread-Index: AdNGfTkcET+ejV+PRBaL9i1p4eqGCAABIuqAAAZT5dAAAqGygAAb3EQA Date: Tue, 17 Oct 2017 06:56:48 +0000 Message-ID: <201C56274507CA41A05709BADF3703F37634DC@MX01.scientific.de> References: <201C56274507CA41A05709BADF3703F3761C03@MX01.scientific.de> <088C50D8-0533-4969-939B-62A174598A4B@mail.sermon-archive.info> <201C56274507CA41A05709BADF3703F3761F88@MX01.scientific.de> <5819a74f-cc43-8947-24a2-c3ef99825990@capeaugusta.com> In-Reply-To: <5819a74f-cc43-8947-24a2-c3ef99825990@capeaugusta.com> Accept-Language: de-DE, en-US Content-Language: de-DE X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [62.112.80.37] Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Oct 2017 07:03:26 -0000 VGh4LCBJYW4gJiBEb3VnLiBXZSBhcmUgZ29pbmcgdG8gdHJ5IGl0Lg0KDQotLS0tLVVyc3Byw7xu Z2xpY2hlIE5hY2hyaWNodC0tLS0tDQpWb246IElhbiBGUkVJU0xJQ0ggW21haWx0bzppYW4uZnJl aXNsaWNoQGNhcGVhdWd1c3RhLmNvbV0gDQpHZXNlbmRldDogTW9udGFnLCAxNi4gT2t0b2JlciAy MDE3IDIxOjM5DQpBbjogUm9sZiBEYWhtZW4gPFIuRGFobWVuQG0zY29ubmVjdC5kZT47IERvdWcg SGFyZGllIDxiYzk3OUBsYWZuLm9yZz4NCkNjOiBmcmVlYnNkLXBmQGZyZWVic2Qub3JnDQpCZXRy ZWZmOiBSZTogQVc6IElzc3VlIHVzaW5nIGFsdHFfcHJpcSB1bnRlciBGcmVlQlNEIDExLjEgLSBo ZWxwIG5lZWRlZA0KDQpPbiAxMC8xNi8xNyAxMjozMiwgUm9sZiBEYWhtZW4gd3JvdGU6DQo+IFRo eCwgRG91Zw0KPg0KPiBVbmRlcnN0b29kLiBXZSBuZWVkIHRvIGRlZmluZSBzb21lICJwYXNzIiBj b21tYW5kcyB0byBtYXAgdGhlIHRyYWZmaWMgdG8gZGVkaWNhdGVkIHF1ZXVlcy4gV2XCtHZlIHN0 dWRpZWQgdGhlICJwZiBtYW51YWwiIGFuZCBhcmUgbm90IHF1aXRlIHN1cmUgaG93IHRoZSBwYXNz IGFjdGlvbnMgc2hvdWxkIGxvb2sgbGlrZS4NCj4NCj4gV2UgaGF2ZSBhbHJlYWR5IGNvbmZpZ3Vy ZWQgdGhlIGJlbG93IGxpc3RlZCB0YWJsZXMgaW4gImlwZncucnVsZXMiLg0KPg0KPiBwYXNzIGlu IHF1aWNrIG9uIGlnYjAgZnJvbSB0X2FsbG93ZWQgdG8gcXVldWUgYWxsb3dlZA0KDQpwYXNzIGlu IHF1aWNrIG9uIGlnYjAgZnJvbSB0X2FsbG93ZWQgdG8gYW55IHF1ZXVlIGFsbG93ZWQNCg0KPiBw YXNzIGluIHF1aWNrIG9uIGlnYjAgZnJvbSB0X3NwZWNpYWxpcCB0byBxdWV1ZSBzcGVjaWFsaXAg cGFzcyBpbiANCj4gcXVpY2sgb24gaWdiMCBmcm9tIHRfdGVybWluYWxzIHRvIHF1ZXVlIHRlcm1p bmFscyBwYXNzIGluIHF1aWNrIG9uIA0KPiBpZ2IwIGZyb20gdF9mcmVldW5saW1pdGVkIHRvIHF1 ZXVlIGZyZWV1bmxpbWl0ZWQgcGFzcyBpbiBxdWljayBvbiBpZ2IwIA0KPiBmcm9tIHRfZnJlZSB0 byBxdWV1ZSBmcmVlDQo+DQo+IEFueSBpZGVhIHdoYXQgd2UgaGF2ZSBtaXNzZWQ/DQo+DQo+IC0t LS0tVXJzcHLDvG5nbGljaGUgTmFjaHJpY2h0LS0tLS0NCj4gVm9uOiBEb3VnIEhhcmRpZSBbbWFp bHRvOmJjOTc5QGxhZm4ub3JnXQ0KPiBHZXNlbmRldDogTW9udGFnLCAxNi4gT2t0b2JlciAyMDE3 IDE3OjIyDQo+IEFuOiBSb2xmIERhaG1lbiA8Ui5EYWhtZW5AbTNjb25uZWN0LmRlPg0KPiBDYzog ZnJlZWJzZC1wZkBmcmVlYnNkLm9yZw0KPiBCZXRyZWZmOiBSZTogSXNzdWUgdXNpbmcgYWx0cV9w cmlxIHVudGVyIEZyZWVCU0QgMTEuMSAtIGhlbHAgbmVlZGVkDQo+DQo+IFlvdSBhcmUgbWlzc2lu ZyB0aGUgZmlsdGVyaW5nIGNvbW1hbmRzIHRvIHRlbGwgcGYgd2hpY2ggdHJhZmZpYyBnb2VzIGlu IHdoaWNoIHF1ZXVlLiAgSGVyZSBpcyBhbiBleGFtcGxlIHVzaW5nIGJhbmR3aWR0aCBxdWV1ZXMg dGhhdCBJIHVzZWQgdG8gdXNlLiAgVGhleSBhcmUgYWxsIGNvbW1lbnRlZCBvdXQgbm93IHNpbmNl IEkgZG9uJ3QgbmVlZCB0aGVtIGFueW1vcmUsIGJ1dCBrZXB0IHRoZW0gYXJvdW5kIGp1c3QgaW4g Y2FzZS4gIFRoaXMgY29uZmlndXJhdGlvbiByZXN0cmljdGVkIHRoZSBiYW5kd2lkdGggZm9yIHdl YiBhbmQgbWFpbC4gIElmIEkgcmVtZW1iZXIgY29ycmVjdGx5LCBJIGJ1aWx0IHRoaXMgZnJvbSAi VGhlIEJvb2sgb2YgUEYiIHdoaWNoIEkgYmVsaWV2ZSBpcyBhdmFpbGFibGUgb24gdGhlIHdlYiBu b3cuDQo+DQo+DQo+ICMjIyMjIyMjIyMjIyBRdWV1ZWluZzogIHJ1bGUtYmFzZWQgYmFuZHdpZHRo IGNvbnRyb2wuDQo+ICNhbHRxIG9uICRleHRfaWYgY2JxIGJhbmR3aWR0aCAxMDAlIHF1ZXVlIHtu b3JtYWwsIHdlYiwgbWFpbH0NCj4gIyAgICAgICBxdWV1ZSBub3JtYWwgYmFuZHdpZHRoIDk5JSBx bGltaXQgMTAwIGNicShkZWZhdWx0KQ0KPiAjICAgICAgIHF1ZXVlIHdlYiBiYW5kd2lkdGggMTAw S2IgcWxpbWl0IDEwMCBjYnENCj4gIyAgICAgICBxdWV1ZSBtYWlsIGJhbmR3aWR0aCAyNTBLYiBx bGltaXQgMTAwIGNicQ0KPg0KPiAjIyMjIyMjIyMjIyMgRmlsdGVyaW5nOiAgTGFzdCBSdWxlIE1h dGNoZXMgI3Bhc3MgbG9nIHByb3RvIHRjcCBmcm9tIA0KPiBhbnkgdG8gYW55IHBvcnQgODAgcXVl dWUgd2ViICNwYXNzIGxvZyBwcm90byB0Y3AgZnJvbSBhbnkgdG8gYW55IHBvcnQgDQo+IDI1IHF1 ZXVlIG1haWwNCj4NCj4gLS0gRG91Zw0KPg0KPj4gT24gMTYgT2N0b2JlciAyMDE3LCBhdCAwNTo1 NSwgUm9sZiBEYWhtZW4gPFIuRGFobWVuQG0zY29ubmVjdC5kZT4gd3JvdGU6DQo+Pg0KPj4gSGkg YWxsLA0KPj4NCj4+IEnCtG0gUm9sZiBEYWhtZW4gd29ya2luZyBhcyBDVE8gZm9yIGEgZ2VybWFu IFdpZmkgU2VydmljZSBQcm92aWRlci4gV2UgZG8gaGF2ZSBhIGNlcnRhaW4gaXNzdWUgdGhhdCB3 ZSBhcmUgbm90IGFibGUgdG8gY29uZmlndXJlIFFvUyB0byBwcmlvcml0aXplIHF1ZXVlcyBvbiBG cmVlQlNEIHVzaW5nIHBmIHdpdGggYWx0cS4gTXkgU3lzT3BzIGVuZ2luZWVycyBhcmUgc3R1Y2sg aW4gZ2V0dGluZyBpdCBkb25lLCBzbyBJYG0gbG9va2luZyBmb3J3YXJkIHRvIGdldCBhIHJlc29s dXRpb24gb3IgYW55IGNvbnN1bHRzIG9uYm9hcmRlZC4NCj4+DQo+PiBXZSBoYXZlIHN1Y2Nlc3Nm dWxseSByZWNvbXBpbGVkIHRoZSBrZXJuZWwgdG8gdXNlIHBmIHdpdGggYWx0cS4NCj4+DQo+PiBX ZSBoYXZlIGNvbmZpZ3VyZWQgNSBuZXcgcXVldWVzICJhbGxvd2VkLCBzcGVjaWFsaXAsIHRlcm1p bmFscywgZnJlZXVubGltaXRlZCwgZnJlZSIgdG8gcGFzcyB0aGUgaW5jb21pbmcgdHJhZmZpYyB0 byBwcmlvcml0aXplIHRoZSBmbG93LiBUaGUgaXNzdWUgaXMgdGhhdCBhbHdheXMgdGhlIGRlZmlu ZWQgZGVmYXVsdCBxdWV1ZSBpcyB1c2VkIGJ1dCBuZXZlciB0aGUgdXNlciBxdWV1ZXMuDQo+Pg0K Pj4gSSBkbyB0aGluayB0aGF0IG91ciBwZi5jb25mIGlzIG5vdCBjb21wbGV0ZToNCj4+DQo+PiAg ICAgICAgKHBmLmNvbmYpDQo+PiBhbHRxIG9uIGlnYjAgcHJpcSBxdWV1ZSB7YWxsb3dlZCwgc3Bl Y2lhbGlwLCB0ZXJtaW5hbHMsIA0KPj4gZnJlZXVubGltaXRlZCwgZnJlZX0gcXVldWUgZnJlZSBw cmlvcml0eSA1IHByaXEocmVkKSBxdWV1ZSANCj4+IGZyZWV1bmxpbWl0ZWQgcHJpb3JpdHkgNA0K Pj4gcHJpcShyZWQpIHF1ZXVlIHRlcm1pbmFscyBwcmlvcml0eSAzIHByaXEocmVkKSBxdWV1ZSBz cGVjaWFsaXAgDQo+PiBwcmlvcml0eSAyIHByaXEocmVkKSBxdWV1ZSBhbGxvd2VkIHByaW9yaXR5 IDEgcHJpcShkZWZhdWx0IHJlZCkNCj4+DQo+Pg0KPj4gR3J1w58sDQo+Pg0KPj4gUm9sZiBEYWht ZW4NCj4+IENoaWVmIFRlY2hub2xvZ3kgT2ZmaWNlciAoQ1RPKQ0KPj4NCj4+IFtjaWQ6aW1hZ2Uw MDEuanBnQDAxRDE2OEI3LkQ5Qzk1N0QwXQ0KPj4NCj4+IFQ6ICAgICAgICAgICAgICs0OSAoMCky NDEgOTgwIDk4NiA2OA0KPj4gTTogICAgICAgICAgICArNDkgKDApMTUxIDYxNyAxOTYgMjMNCj4+ IEZheDogICAgICAgICArNDkgKDApMjQxIDk4MCA5ODYgOTANCj4+DQo+PiBXZWI6ICAgICAgICB3 d3cubTNjb25uZWN0LmRlPGh0dHA6Ly93d3cubTNjb25uZWN0LmRlLz4NCj4+IEUtTWFpbDogICAg IHIuZGFobWVuQG0zY29ubmVjdC5kZTxtYWlsdG86ci5kYWhtZW5AbTNjb25uZWN0LmRlPg0KPj4N Cj4+IG0zY29ubmVjdCBHbWJIIHwgRnJpZWRsYW5kc3RyLjE4IHwgNTIwNjQgQWFjaGVuIHwgREUv R2VybWFueSB8IA0KPj4gQW10c2dlcmljaHQgQWFjaGVuIHwgSFJCIDg3NzMgfCBVU3QuLSBJRDog REUyMTkgNjY0IDY1OCB8DQo+PiBHZXNjaMOkZnRzZsO8aHJlci9DRU86IEVtaWxpbyBEcmFnYXMs IE1hcmt1cyBTY2hpbmRsZXINCj4+DQo+Pg0KPj4NCj4+IF9fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fDQo+PiBmcmVlYnNkLXBmQGZyZWVic2Qub3JnIG1haWxp bmcgbGlzdA0KPj4gaHR0cHM6Ly9saXN0cy5mcmVlYnNkLm9yZy9tYWlsbWFuL2xpc3RpbmZvL2Zy ZWVic2QtcGYNCj4+IFRvIHVuc3Vic2NyaWJlLCBzZW5kIGFueSBtYWlsIHRvICJmcmVlYnNkLXBm LXVuc3Vic2NyaWJlQGZyZWVic2Qub3JnIg0KPiBfX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fXw0KPiBmcmVlYnNkLXBmQGZyZWVic2Qub3JnIG1haWxpbmcgbGlz dA0KPiBodHRwczovL2xpc3RzLmZyZWVic2Qub3JnL21haWxtYW4vbGlzdGluZm8vZnJlZWJzZC1w Zg0KPiBUbyB1bnN1YnNjcmliZSwgc2VuZCBhbnkgbWFpbCB0byAiZnJlZWJzZC1wZi11bnN1YnNj cmliZUBmcmVlYnNkLm9yZyINCg0KDQotLSANCiANCg0KQ2FwZSBBdWd1c3RhIERpZ2l0YWwgUHJv cGVydGllcywgTExDIGEgQ2FwZSBBdWd1c3RhIENvbXBhbnkNCg0KKkJyZWFjaCBvZiBjb25maWRl bnRpYWxpdHkgJiBhY2NpZGVudGFsIGJyZWFjaCBvZiBjb25maWRlbnRpYWxpdHkgKg0KDQpUaGlz IGVtYWlsIGFuZCBhbnkgZmlsZXMgdHJhbnNtaXR0ZWQgd2l0aCBpdCBhcmUgY29uZmlkZW50aWFs IGFuZCBpbnRlbmRlZCBzb2xlbHkgZm9yIHRoZSB1c2Ugb2YgdGhlIGluZGl2aWR1YWwgb3IgZW50 aXR5IHRvIHdob20gdGhleSBhcmUgYWRkcmVzc2VkLiANCklmIHlvdSBoYXZlIHJlY2VpdmVkIHRo aXMgZW1haWwgaW4gZXJyb3IgcGxlYXNlIG5vdGlmeSB0aGUgc3lzdGVtIG1hbmFnZXIuIA0KVGhp cyBtZXNzYWdlIGNvbnRhaW5zIGNvbmZpZGVudGlhbCBpbmZvcm1hdGlvbiBhbmQgaXMgaW50ZW5k ZWQgb25seSBmb3IgdGhlIGluZGl2aWR1YWwgbmFtZWQuIElmIHlvdSBhcmUgbm90IHRoZSBuYW1l ZCBhZGRyZXNzZWUgeW91IHNob3VsZCBub3QgZGlzc2VtaW5hdGUsIGRpc3RyaWJ1dGUgb3IgY29w eSB0aGlzIGUtbWFpbC4gUGxlYXNlIG5vdGlmeSB0aGUgc2VuZGVyIGltbWVkaWF0ZWx5IGJ5IGUt bWFpbCBpZiB5b3UgaGF2ZSByZWNlaXZlZCB0aGlzIGUtbWFpbCBieSBtaXN0YWtlIGFuZCBkZWxl dGUgdGhpcyBlLW1haWwgZnJvbSB5b3VyIHN5c3RlbS4gSWYgeW91IGFyZSBub3QgdGhlIGludGVu ZGVkIHJlY2lwaWVudCB5b3UgYXJlIG5vdGlmaWVkIHRoYXQgZGlzY2xvc2luZywgY29weWluZywg ZGlzdHJpYnV0aW5nIG9yIHRha2luZyBhbnkgYWN0aW9uIGluIHJlbGlhbmNlIG9uIHRoZSBjb250 ZW50cyBvZiB0aGlzIGluZm9ybWF0aW9uIGlzIHN0cmljdGx5IHByb2hpYml0ZWQuDQoNCg0K From owner-freebsd-pf@freebsd.org Wed Oct 18 21:16:40 2017 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 802C4E44157 for ; Wed, 18 Oct 2017 21:16:40 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 6E8356A728 for ; Wed, 18 Oct 2017 21:16:40 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id v9ILGepe039135 for ; Wed, 18 Oct 2017 21:16:40 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-pf@FreeBSD.org Subject: [Bug 223093] /dev/pf locks disrupt other pf-dependent services (ftp-proxy, tftp-proxy, relayd, pfctl, etc) Date: Wed, 18 Oct 2017 21:16:40 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bin X-Bugzilla-Version: 10.4-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: linimon@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: assigned_to Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Oct 2017 21:16:40 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D223093 Mark Linimon changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|freebsd-bugs@FreeBSD.org |freebsd-pf@FreeBSD.org --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-pf@freebsd.org Wed Oct 18 23:58:34 2017 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5CF31E473FE for ; Wed, 18 Oct 2017 23:58:34 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 483CC6F1F3 for ; Wed, 18 Oct 2017 23:58:34 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id v9INwYAB002632 for ; Wed, 18 Oct 2017 23:58:34 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-pf@FreeBSD.org Subject: [Bug 223093] /dev/pf locks disrupt other pf-dependent services (ftp-proxy, tftp-proxy, relayd, pfctl, etc) Date: Wed, 18 Oct 2017 23:58:34 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bin X-Bugzilla-Version: 10.4-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: eri@freebsd.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Oct 2017 23:58:34 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D223093 Ermal Lu=C3=83=C2=A7i changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |eri@freebsd.org --- Comment #1 from Ermal Lu=C3=83=C2=A7i --- Are you reporting the issue for the pf utilities or pf itself? --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-pf@freebsd.org Thu Oct 19 01:57:05 2017 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 73411E49E26 for ; Thu, 19 Oct 2017 01:57:05 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 5A001729C0 for ; Thu, 19 Oct 2017 01:57:05 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id v9J1v5RN080603 for ; Thu, 19 Oct 2017 01:57:05 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-pf@FreeBSD.org Subject: [Bug 223093] /dev/pf locks disrupt other pf-dependent services (ftp-proxy, tftp-proxy, relayd, pfctl, etc) Date: Thu, 19 Oct 2017 01:57:05 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bin X-Bugzilla-Version: 10.4-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: jjasen@gmail.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Oct 2017 01:57:05 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D223093 --- Comment #2 from jjasen@gmail.com --- I'd speculate the issue is with /dev/pf itself, which would be pf. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-pf@freebsd.org Thu Oct 19 06:30:33 2017 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3CE68E2DE63 for ; Thu, 19 Oct 2017 06:30:33 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 267A481146 for ; Thu, 19 Oct 2017 06:30:33 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id v9J6UVGS087002 for ; Thu, 19 Oct 2017 06:30:33 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-pf@FreeBSD.org Subject: [Bug 222126] pf is not clearing expired states Date: Thu, 19 Oct 2017 06:30:31 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: hlh@restart.be X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Oct 2017 06:30:33 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D222126 --- Comment #35 from hlh@restart.be --- (In reply to hlh from comment #33) The problem crops up again. Here is the end of the output of your dtrace script when the states are no = more expired: [root@norquay log]# tail pf.dtrace2.log-after 3 9078 none:expired_states i 19947 maxentry 327 0 3 9077 thread:wakeup=20 3 9078 none:expired_states i 20274 maxentry 327 0 0 9077 thread:wakeup=20 0 9078 none:expired_states i 20601 maxentry 327 0 0 9077 thread:wakeup=20 0 9078 none:expired_states i 20928 maxentry 327 0 0 9077 thread:wakeup=20 0 9078 none:expired_states i 21255 maxentry 327 0 The dtrace script give no more output. Then I stop the dtrace and save the previous trace. I restart a new dtrace which output nothing until I run: echo "set timeout interval 5" | pfctl -mf - echo "set timeout interval 5" | pfctl -mf - nohup service pf restart The first lines of the dtrace are: [root@norquay log]# head pf.dtrace2.log-after=20 CPU ID FUNCTION:NAME 0 9077 thread:wakeup=20 0 9078 none:expired_states i 23544 maxentry 655 0 1 9077 thread:wakeup=20 1 9078 none:expired_states i 24199 maxentry 655 0 1 9077 thread:wakeup=20 1 9078 none:expired_states i 24854 maxentry 655 0 1 9077 thread:wakeup=20 1 9078 none:expired_states i 25509 maxentry 655 0 1 9077 thread:wakeup --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-pf@freebsd.org Thu Oct 19 08:14:40 2017 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 05FFEE32CA4 for ; Thu, 19 Oct 2017 08:14:40 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E929B197 for ; Thu, 19 Oct 2017 08:14:39 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id v9J8EdK7014698 for ; Thu, 19 Oct 2017 08:14:39 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-pf@FreeBSD.org Subject: [Bug 222126] pf is not clearing expired states Date: Thu, 19 Oct 2017 08:14:40 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: hlh@restart.be X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Oct 2017 08:14:40 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D222126 --- Comment #36 from hlh@restart.be --- I notice that when I do: echo "set timeout interval 10" | pfctl -mf - while pf is running without problem, then no more state are created. I must run `nohup service pf restart`to restore a functional system. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-pf@freebsd.org Thu Oct 19 22:50:20 2017 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A56A0E49446 for ; Thu, 19 Oct 2017 22:50:20 +0000 (UTC) (envelope-from dave@horsfall.org) Received: from viclamta29p.bpe.bigpond.com (viclamta29p.bpe.bigpond.com [203.38.21.93]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "", Issuer "Openwave Messaging Inc." (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 9DE6D83DF0 for ; Thu, 19 Oct 2017 22:50:17 +0000 (UTC) (envelope-from dave@horsfall.org) Received: from smtp.telstra.com ([10.10.26.4]) by viclafep31p-svc.bpe.nexus.telstra.com.au with ESMTP id <20171019221522.HPVM23752.viclafep31p-svc.bpe.nexus.telstra.com.au@smtp.telstra.com> for ; Fri, 20 Oct 2017 09:15:22 +1100 X-RG-Spam: Unknown X-Junkmail-Premium-Raw: score=7/83, refid=2.7.2:2017.10.19.215117:17:7.944, ip=, rules=__HAS_FROM, __TO_MALFORMED_2, __TO_NAME, __TO_NAME_DIFF_FROM_ACC, __HAS_MSGID, __SANE_MSGID, __USER_AGENT, __MIME_VERSION, __CT, __CT_TEXT_PLAIN, __NO_HTML_TAG_RAW, BODY_SIZE_1300_1399, BODYTEXTP_SIZE_3000_LESS, __MIME_TEXT_P1, __MIME_TEXT_ONLY, HTML_00_01, HTML_00_10, BODY_SIZE_5000_LESS, __TO_REAL_NAMES, NO_URI_FOUND, NO_CTA_URI_FOUND, BODY_SIZE_2000_LESS, __MIME_TEXT_P, NO_URI_HTTPS, BODY_SIZE_7000_LESS Received: from aneurin.horsfall.org (110.141.193.233) by smtp.telstra.com (9.0.019.16-1) id 59D6807E0212964E for freebsd-pf@freebsd.org; Fri, 20 Oct 2017 09:15:20 +1100 Received: from localhost (dave@localhost) by aneurin.horsfall.org (8.15.2/8.15.2) with ESMTP id v9JMF5co098740 for ; Fri, 20 Oct 2017 09:15:19 +1100 (EST) (envelope-from dave@horsfall.org) Date: Fri, 20 Oct 2017 09:15:05 +1100 (EST) From: Dave Horsfall To: FreeBSD PF List Subject: Had to allow localhost->localhost on FB 10.4 Message-ID: User-Agent: Alpine 2.21 (BSF 202 2017-01-01) X-GPG-Public-Key: http://www.horsfall.org/gpgkey.pub X-GPG-Fingerprint: 05B4 FFBC 0218 B438 66E0 587B EF46 7357 EF5E F58B X-Home-Page: http://www.horsfall.org/ X-Witty-Saying: "chmod 666 the_mode_of_the_beast" MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset=US-ASCII X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Oct 2017 22:50:20 -0000 Just upgraded to FreeBSD 10.4 (and NTP stopped working, but that's a separate issue), and found that my pf log was flooded with things like: 00:03:25.172691 IP localhost.56537 > localhost.domain: 33908+[|domain] 00:03:30.650949 IP localhost.51150 > localhost.domain: 13457+[|domain] 00:03:35.669987 IP localhost.47363 > localhost.domain: 7594+[|domain] 00:03:54.528312 IP localhost.18250 > localhost.domain: 96+[|domain] 00:03:59.830324 IP localhost.15552 > localhost.domain: 45957+[|domain] 00:04:04.845808 IP localhost.47042 > localhost.domain: 24817+[|domain] 00:04:10.689009 IP localhost.30385 > localhost.domain: 28807+[|domain] 00:04:12.398079 IP localhost.37872 > localhost.domain: 56445+[|domain] 00:04:16.474337 IP localhost.48196 > localhost.domain: 9865+[|domain] 00:04:17.943754 IP localhost.10177 > localhost.domain: 38494+[|domain] 00:04:22.132642 IP localhost.23265 > localhost.biff: UDP, length 15 I was forced to add the following entry in pf.conf until I could investigate this further: # Stuffed if I know why localhost/UDP is now blocked by default... pass in quick from localhost to localhost Anyone else noticed this? -- Dave Horsfall DTM (VK2KFU) "Those who don't understand security will suffer." From owner-freebsd-pf@freebsd.org Fri Oct 20 04:43:57 2017 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0F8C4E4F9B0 for ; Fri, 20 Oct 2017 04:43:57 +0000 (UTC) (envelope-from maximos@als.nnov.ru) Received: from mx.als.nnov.ru (mx.als.nnov.ru [95.79.102.161]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id C68F467998 for ; Fri, 20 Oct 2017 04:43:56 +0000 (UTC) (envelope-from maximos@als.nnov.ru) Received: from [10.4.1.100] by mx.als.nnov.ru with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.87 (FreeBSD)) (envelope-from ) id 1e5Ohk-0008a8-ME for freebsd-pf@freebsd.org; Fri, 20 Oct 2017 07:14:40 +0300 Subject: Re: Had to allow localhost->localhost on FB 10.4 To: freebsd-pf@freebsd.org References: From: Max Message-ID: <5046b895-a40b-c092-b74f-adc0b0e54b7a@als.nnov.ru> Date: Fri, 20 Oct 2017 07:14:40 +0300 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: ru X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Oct 2017 04:43:57 -0000 set skip on lo (or  set skip on lo0) 20.10.2017 1:15, Dave Horsfall пишет: > Just upgraded to FreeBSD 10.4 (and NTP stopped working, but that's a > separate issue), and found that my pf log was flooded with things like: > >     00:03:25.172691 IP localhost.56537 > localhost.domain: > 33908+[|domain] >     00:03:30.650949 IP localhost.51150 > localhost.domain: > 13457+[|domain] >     00:03:35.669987 IP localhost.47363 > localhost.domain: 7594+[|domain] >     00:03:54.528312 IP localhost.18250 > localhost.domain: 96+[|domain] >     00:03:59.830324 IP localhost.15552 > localhost.domain: > 45957+[|domain] >     00:04:04.845808 IP localhost.47042 > localhost.domain: > 24817+[|domain] >     00:04:10.689009 IP localhost.30385 > localhost.domain: > 28807+[|domain] >     00:04:12.398079 IP localhost.37872 > localhost.domain: > 56445+[|domain] >     00:04:16.474337 IP localhost.48196 > localhost.domain: 9865+[|domain] >     00:04:17.943754 IP localhost.10177 > localhost.domain: > 38494+[|domain] >     00:04:22.132642 IP localhost.23265 > localhost.biff: UDP, length 15 > > I was forced to add the following entry in pf.conf until I could > investigate > this further: > >     # Stuffed if I know why localhost/UDP is now blocked by default... >     pass in quick from localhost to localhost > > Anyone else noticed this? > From owner-freebsd-pf@freebsd.org Fri Oct 20 04:48:34 2017 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 67D4DE4FA29 for ; Fri, 20 Oct 2017 04:48:34 +0000 (UTC) (envelope-from robing@transip.nl) Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-he1eur01on0095.outbound.protection.outlook.com [104.47.0.95]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "Microsoft IT SSL SHA2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 8F75767A19 for ; Fri, 20 Oct 2017 04:48:32 +0000 (UTC) (envelope-from robing@transip.nl) Received: from AM4PR0202MB2867.eurprd02.prod.outlook.com (10.171.82.139) by AM4PR0202MB2865.eurprd02.prod.outlook.com (10.171.82.137) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.77.7; Fri, 20 Oct 2017 04:48:30 +0000 Received: from AM4PR0202MB2867.eurprd02.prod.outlook.com ([fe80::f18c:d295:9efd:673d]) by AM4PR0202MB2867.eurprd02.prod.outlook.com ([fe80::f18c:d295:9efd:673d%17]) with mapi id 15.20.0077.023; Fri, 20 Oct 2017 04:48:30 +0000 From: Robin Geuze To: Dave Horsfall CC: FreeBSD PF List Subject: Re: Had to allow localhost->localhost on FB 10.4 Thread-Topic: Had to allow localhost->localhost on FB 10.4 Thread-Index: AQHTSV6sHqwd4Errk0SIjjcKgTheAA== Date: Fri, 20 Oct 2017 04:48:29 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [84.106.74.188] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; AM4PR0202MB2865; 6:3I3C1Ut0xuSLeV3pu21wOKX0n3pAnn3lM4D2y8eSXz+LUhR7hT+9i3F6l66xCz9ZnAZLDAxvgWAcxOyM/5hSH8Yo2L4JqryyStRDYm4b3qR5AAKE2yo3UscDWR1qB4O/1HZ9H60qpXTXaaFXY5RxCuGEMpQByRbdUmUIkq4H748VAK9+fXjBhr08lH1qyP1HOau6iizWug0sCqbY2aGw7dlBPa+AqCQfQ+jC/kmIWoD9RUOKBbyVWZ9d/NwSLRUI2v0dYNQrK9T8kgCvTYK3xZkVlc2HEmP7nJB9RgLKXWtmuV+u36KCeqEYaL8prUx0wwlCY1cROz2DWR55bLoLAg==; 5:FKnRXv8sEn2WtJXcdumPbbc78bbDNS/o7mxV/ren6W0ndhAhODmjDUG8vcIAi5PJyBczfy8d1ru3dScf/skAq7qAWD2zZkjN6xz2UbxiTM2OyJwrY6V5OBin44str/qOyEWWmI4/G+LoSoXWiB/juw==; 24:IQbzzlYB4c7abli7mZaZtQPYvqrGjoa9zlJANUPVt8PxebvYCik9HDmLq74mlspZJc2G/BQYc29ODF9+WID8sKGAlciF8zUNYYJmKiLLNu8=; 7:vhYT6Plu3xT3Q2Z49eT39imR1M+/tQUUakE1LAqHT5+tl2yXFkPiP/3hzZOujL6WX+CPmryisUOcc+sQmG8Ao5yJR2bHXna6/rL1ryaRh0eZKjSk5NQefJFCUp0djd8yL/SI1XG1ZUALcLH1rBgOU/WqUfJRY5PozrG/FBUu5o8+rCa1qpCqTmC7t99sl8HPMykM1W6ggrTXI8BM581+gkSPRThruxI0BVgcfg3fM0I= x-ms-exchange-antispam-srfa-diagnostics: SSOS; x-ms-office365-filtering-correlation-id: 145d01cb-a944-46f1-f3f1-08d51775cf5d x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(4534020)(4602075)(4603075)(4627075)(201702281549075)(2017052603229); SRVR:AM4PR0202MB2865; x-ms-traffictypediagnostic: AM4PR0202MB2865: x-exchange-antispam-report-test: UriScan:(192374486261705)(265634631926514)(75325880899374); x-microsoft-antispam-prvs: x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(10201501046)(93006095)(93001095)(3002001)(3231020)(100000703101)(100105400095)(6041248)(20161123564025)(20161123558100)(20161123560025)(20161123562025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(2016111802025)(20161123555025)(6072148)(6043046)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:AM4PR0202MB2865; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:AM4PR0202MB2865; x-forefront-prvs: 0466CA5A45 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39830400002)(346002)(376002)(24454002)(189002)(199003)(14454004)(316002)(6246003)(478600001)(966005)(2900100001)(97736004)(8676002)(86362001)(31686004)(81166006)(5250100002)(229853002)(189998001)(53546010)(81156014)(31696002)(25786009)(66066001)(8936002)(68736007)(33646002)(99286003)(102836003)(3846002)(53936002)(6116002)(74482002)(5660300001)(606006)(4326008)(6486002)(101416001)(6506006)(6436002)(305945005)(54896002)(2906002)(54356999)(7736002)(6916009)(6512007)(50986999)(105586002)(3660700001)(6306002)(3280700002)(106356001)(9686003)(236005); DIR:OUT; SFP:1102; SCL:1; SRVR:AM4PR0202MB2865; H:AM4PR0202MB2867.eurprd02.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; received-spf: None (protection.outlook.com: transip.nl does not designate permitted sender hosts) spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM MIME-Version: 1.0 X-OriginatorOrg: transip.nl X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Oct 2017 04:48:29.9509 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: a4e75c98-a80e-4605-9b02-f5c4db1859b9 X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0202MB2865 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Oct 2017 04:48:34 -0000 SGF2ZSB5b3UgZG9uZSAic2V0IHNraXAgb24gbG8wIiBpbiB5b3VyIHBmLmNvbmY/IFRoYXQgc2hv dWxkIG1ha2UgaXQgaWdub3JlIHRoYXQgaW50ZXJmYWNlIGFsdG9nZXRoZXIuDQoNCk9uIE9jdCAy MCwgMjAxNyAwMDo1MCwgRGF2ZSBIb3JzZmFsbCA8ZGF2ZUBob3JzZmFsbC5vcmc+IHdyb3RlOg0K SnVzdCB1cGdyYWRlZCB0byBGcmVlQlNEIDEwLjQgKGFuZCBOVFAgc3RvcHBlZCB3b3JraW5nLCBi dXQgdGhhdCdzIGENCnNlcGFyYXRlIGlzc3VlKSwgYW5kIGZvdW5kIHRoYXQgbXkgcGYgbG9nIHdh cyBmbG9vZGVkIHdpdGggdGhpbmdzIGxpa2U6DQoNCiAgICAgMDA6MDM6MjUuMTcyNjkxIElQIGxv Y2FsaG9zdC41NjUzNyA+IGxvY2FsaG9zdC5kb21haW46IDMzOTA4K1t8ZG9tYWluXQ0KICAgICAw MDowMzozMC42NTA5NDkgSVAgbG9jYWxob3N0LjUxMTUwID4gbG9jYWxob3N0LmRvbWFpbjogMTM0 NTcrW3xkb21haW5dDQogICAgIDAwOjAzOjM1LjY2OTk4NyBJUCBsb2NhbGhvc3QuNDczNjMgPiBs b2NhbGhvc3QuZG9tYWluOiA3NTk0K1t8ZG9tYWluXQ0KICAgICAwMDowMzo1NC41MjgzMTIgSVAg bG9jYWxob3N0LjE4MjUwID4gbG9jYWxob3N0LmRvbWFpbjogOTYrW3xkb21haW5dDQogICAgIDAw OjAzOjU5LjgzMDMyNCBJUCBsb2NhbGhvc3QuMTU1NTIgPiBsb2NhbGhvc3QuZG9tYWluOiA0NTk1 NytbfGRvbWFpbl0NCiAgICAgMDA6MDQ6MDQuODQ1ODA4IElQIGxvY2FsaG9zdC40NzA0MiA+IGxv Y2FsaG9zdC5kb21haW46IDI0ODE3K1t8ZG9tYWluXQ0KICAgICAwMDowNDoxMC42ODkwMDkgSVAg bG9jYWxob3N0LjMwMzg1ID4gbG9jYWxob3N0LmRvbWFpbjogMjg4MDcrW3xkb21haW5dDQogICAg IDAwOjA0OjEyLjM5ODA3OSBJUCBsb2NhbGhvc3QuMzc4NzIgPiBsb2NhbGhvc3QuZG9tYWluOiA1 NjQ0NStbfGRvbWFpbl0NCiAgICAgMDA6MDQ6MTYuNDc0MzM3IElQIGxvY2FsaG9zdC40ODE5NiA+ IGxvY2FsaG9zdC5kb21haW46IDk4NjUrW3xkb21haW5dDQogICAgIDAwOjA0OjE3Ljk0Mzc1NCBJ UCBsb2NhbGhvc3QuMTAxNzcgPiBsb2NhbGhvc3QuZG9tYWluOiAzODQ5NCtbfGRvbWFpbl0NCiAg ICAgMDA6MDQ6MjIuMTMyNjQyIElQIGxvY2FsaG9zdC4yMzI2NSA+IGxvY2FsaG9zdC5iaWZmOiBV RFAsIGxlbmd0aCAxNQ0KDQpJIHdhcyBmb3JjZWQgdG8gYWRkIHRoZSBmb2xsb3dpbmcgZW50cnkg aW4gcGYuY29uZiB1bnRpbCBJIGNvdWxkIGludmVzdGlnYXRlDQp0aGlzIGZ1cnRoZXI6DQoNCiAg ICAgIyBTdHVmZmVkIGlmIEkga25vdyB3aHkgbG9jYWxob3N0L1VEUCBpcyBub3cgYmxvY2tlZCBi eSBkZWZhdWx0Li4uDQogICAgIHBhc3MgaW4gcXVpY2sgZnJvbSBsb2NhbGhvc3QgdG8gbG9jYWxo b3N0DQoNCkFueW9uZSBlbHNlIG5vdGljZWQgdGhpcz8NCg0KLS0NCkRhdmUgSG9yc2ZhbGwgRFRN IChWSzJLRlUpICAiVGhvc2Ugd2hvIGRvbid0IHVuZGVyc3RhbmQgc2VjdXJpdHkgd2lsbCBzdWZm ZXIuIg0KX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18NCmZy ZWVic2QtcGZAZnJlZWJzZC5vcmcgbWFpbGluZyBsaXN0DQpodHRwczovL2xpc3RzLmZyZWVic2Qu b3JnL21haWxtYW4vbGlzdGluZm8vZnJlZWJzZC1wZg0KVG8gdW5zdWJzY3JpYmUsIHNlbmQgYW55 IG1haWwgdG8gImZyZWVic2QtcGYtdW5zdWJzY3JpYmVAZnJlZWJzZC5vcmciDQoNCg== From owner-freebsd-pf@freebsd.org Sat Oct 21 11:29:41 2017 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7DDA7E53C72 for ; Sat, 21 Oct 2017 11:29:41 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 6C37E80E10 for ; Sat, 21 Oct 2017 11:29:41 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id v9LBTe82083042 for ; Sat, 21 Oct 2017 11:29:41 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-pf@FreeBSD.org Subject: [Bug 223093] /dev/pf locks disrupt other pf-dependent services (ftp-proxy, tftp-proxy, relayd, pfctl, etc) Date: Sat, 21 Oct 2017 11:29:41 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bin X-Bugzilla-Version: 10.4-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: kp@freebsd.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Oct 2017 11:29:41 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D223093 Kristof Provost changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |kp@freebsd.org --- Comment #3 from Kristof Provost --- (In reply to jjasen from comment #2) The changes these tools make are transactional: they first DIOCXBEGIN and e= nd with DIOCXCOMMIT. If a different tool tries to start a transaction (i.e. do DIOCXBEGIN) it will get EBUSY. It's up to the tool to restart a bit later. --=20 You are receiving this mail because: You are the assignee for the bug.=