From owner-freebsd-pf@FreeBSD.ORG Mon Sep 27 09:27:31 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D919B16A4CE for ; Mon, 27 Sep 2004 09:27:31 +0000 (GMT) Received: from imo-d02.mx.aol.com (imo-d02.mx.aol.com [205.188.157.34]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6F89C43D45 for ; Mon, 27 Sep 2004 09:27:31 +0000 (GMT) (envelope-from AndygreenNet@netscape.net) Received: from AndygreenNet@netscape.net by imo-d02.mx.aol.com (mail_out_v37_r3.7.) id n.c7.daa6119 (16240) for ; Mon, 27 Sep 2004 05:27:24 -0400 (EDT) Received: from netscape.net (mow-d16.webmail.aol.com [205.188.139.132]) by air-in03.mx.aol.com (v101_r1.4) with ESMTP id MAILININ34-3f704157dcfc1fc; Mon, 27 Sep 2004 05:27:24 -0400 Date: Mon, 27 Sep 2004 05:27:24 -0400 From: AndygreenNet@netscape.net To: freebsd-pf@freebsd.org MIME-Version: 1.0 Message-ID: <177F7114.0512876E.0C457E44@netscape.net> X-Mailer: Atlas Mailer 2.0 X-AOL-IP: 62.33.196.200 X-AOL-Language: english Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Subject: Re: Can't access rsh listen on lo0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Sep 2004 09:27:32 -0000 Hi, everybody! On 26.09.2004 Max Laier max@love2party.net wrote: Max Laier> On Saturday 25 September 2004 06:08, Max Laier> AndygreenNet@netscape.net wrote: >> Hello freebsd-pf, >> >> Help me please. >> >> I have: >> FreeBSD 5_2_1 >> pf-freebsd-2.03 Max Laier> First of all ... to *everybody*: If you want a Max Laier> production use box with pf - Max Laier> please move to a 5.3-BETA installation and get Max Laier> pf out of the box. If you are Max Laier> worried with stability set debug.mpsafenet=0 Max Laier> (PREEMPTION and ULE are off by Max Laier> default). You won't regret it! >> I'm tried to access rsh listen on lo0. >> Connection interrupts with messages: >> rsh: Connection timeout; >> or >> rsh: Connection reset by peer. Max Laier> That is a fairly complicated ruleset you have Max Laier> there, I have some troubles Max Laier> reading it. But you might want to try the following: >> My pf.conf. >> >> # Macros: define common values, so they can be referenced and changed >> easily. ext_if="{ vlan1, fxp2 }" # replace with actual external >> interface name i.e., dc0 >> int_if="fxp0" # replace with actual internal interface name i.e., >> dc1 ext_bridge_if="{ vlan0, vlan2, vlan3 }" Max Laier> unfiltered="{ lo0 }" >> int_bridge_if="{ xl0, vlan4, vlan5 }" >> internal_net_TTK="62.33.196.128/25" >> internal_net_RT_COMM="213.59.235.120/29" >> external_addr_TTK="62.33.196.254" >> external_addr_RT_COMM="213.59.128.130" >> restricted_ports="{ 135, 136, 137, 138, 139, 445 }" >> allow_tcp_ports="{ ftp, ftp-data, ssh, smtp, domain, http, pop3, ntp, imap, >> https, snpp, > 1023}" >> allow_udp_ports="{ domain, > 1023}" >> ARP_in="inet proto { tcp, udp } from any port uarps to any port > 1023" >> ARP_out="inet proto { tcp, udp } from any port > 1023 to any port uarps" >> >> # Options: tune the behavior of pf, default values are given. >> set timeout { interval 10, frag 30 } >> set timeout { tcp.first 120, tcp.opening 30, tcp.established 86400 } >> set timeout { tcp.closing 900, tcp.finwait 45, tcp.closed 90 } >> set timeout { udp.first 60, udp.single 30, udp.multiple 60 } >> set timeout { icmp.first 20, icmp.error 10 } >> set timeout { other.first 60, other.single 30, other.multiple 60 } >> set timeout { adaptive.start 0, adaptive.end 0 } >> set limit { states 10000, frags 5000 } >> set loginterface none >> set optimization normal >> set block-policy drop >> set require-order yes >> set fingerprints "/usr/local/etc/pf.os" >> >> # Normalization: reassemble fragments and resolve or reduce traffic >> ambiguities. scrub in all >> >> # spamd-setup puts addresses to be redirected into table . >> table persist >> no rdr on lo0 from any to any >> rdr inet proto tcp from to any port smtp -> 127.0.0.1 port 8025 >> Max Laier> #Allow loopback and friends Max Laier> pass quick on $unfiltered >> # Filtering: external interfaces >> block in log quick on $ext_if inet proto { tcp, udp } from any to any port >> $restricted_ports >> pass in on $ext_if inet proto icmp from any to any icmp-type { 0, 8 } >> pass in quick on $ext_if inet proto tcp from any to any port >> $allow_tcp_ports pass in quick on $ext_if inet proto udp from any port >> $allow_udp_ports to any port $allow_udp_ports >> pass out on $ext_if inet proto icmp from any to any icmp-type { 0, 8 } >> pass out quick on $ext_if inet proto tcp from any port $allow_tcp_ports to >> any pass out quick on $ext_if inet proto udp from any port $allow_udp_ports >> to any port $allow_udp_ports >> >> # Filtering: external bridge interfaces >> block in log quick on $ext_bridge_if inet proto { tcp, udp } from any to >> any port $restricted_ports >> pass in quick on $ext_bridge_if $ARP_in >> pass in on $ext_bridge_if inet proto icmp from any to any icmp-type { 0, 8 >> } pass in quick on $ext_bridge_if inet proto { tcp, udp } from any to any >> pass out quick on $ext_bridge_if $ARP_out >> pass out on $ext_bridge_if inet proto icmp from any to any icmp-type { 0, 8 >> } pass out quick on $ext_bridge_if inet proto { tcp, udp } from any to any >> >> # Filtering internal interfaces with keep state, logging blocked packets. >> block in log on $int_if all >> pass in quick on $int_if $ARP_out keep state >> pass in quick on $int_if inet proto icmp all icmp-type { 0, 8 } keep state >> pass in quick on $int_if inet proto tcp from { $internal_net_TTK, >> $internal_net_RT_COMM } port $allow_tcp_ports to any keep st >> ate >> pass in quick on $int_if inet proto udp from { $internal_net_TTK, >> $internal_net_RT_COMM } port $allow_udp_ports to any port $a >> llow_udp_ports keep state >> >> # Filtering internal bridge interfaces with keep state, logging blocked >> packets. block in log on $int_bridge_if all >> pass in quick on $int_bridge_if $ARP_out keep state >> pass in quick on $int_bridge_if inet proto icmp all icmp-type { 0, 8 } keep >> state pass in quick on $int_bridge_if inet proto { tcp, udp } from any to >> any keep state >> >> Where I was mistaken. Max Laier> Not sure ... $pfctl -vsr and pflog0 may tell you. First of all, thanks! I'm create cf.conf with two rules: pass in all pass out all %sudo pftop pfTop: Up Rule 1-2/2, View: label, Cache: 10000 19:06:27 RULE LABEL PKTS BYTES STATES MAX ACTION DIR LOG Q IF PR K 0 757 114280 0 Pass In 1 181 475711 0 Pass Out And then: %sudo rsh -l root show ip accounting rcmd: localhost: Operation timed out %sudo pftcpdump -i pflog0 'host localhost' pftcpdump: WARNING: pflog0: no IPv4 address assigned pftcpdump: listening on pflog0 19:00:17.129118 localhost.shell > localhost.950: . ack 1303722277 win 43008 (DF) 19:00:17.232252 localhost.shell > localhost.950: . ack 30 win 42979 (DF) 19:00:17.232435 localhost.shell > localhost.950: . ack 30 win 42980 (DF) 19:00:17.232518 localhost.shell > localhost.950: . ack 30 win 42981 (DF) 19:00:17.232589 localhost.shell > localhost.950: . ack 30 win 42982 (DF) 19:00:17.232661 localhost.shell > localhost.950: . ack 30 win 42983 (DF) 19:00:17.232736 localhost.shell > localhost.950: . ack 30 win 42984 (DF) 19:00:17.232810 localhost.shell > localhost.950: . ack 30 win 42985 (DF) 19:00:17.232880 localhost.shell > localhost.950: . ack 30 win 42986 (DF) 19:00:17.232951 localhost.shell > localhost.950: . ack 30 win 42987 (DF) 19:00:17.233049 localhost.shell > localhost.950: . ack 30 win 42988 (DF) 19:00:17.233259 localhost.shell > localhost.950: . ack 30 win 42989 (DF) 19:00:17.233334 localhost.shell > localhost.950: . ack 30 win 42990 (DF) 19:00:17.233407 localhost.shell > localhost.950: . ack 30 win 42991 (DF) 19:00:17.233478 localhost.shell > localhost.950: . ack 30 win 42992 (DF) 19:00:17.233549 localhost.shell > localhost.950: . ack 30 win 42993 (DF) 19:00:17.233621 localhost.shell > localhost.950: . ack 30 win 42994 (DF) 19:00:17.233693 localhost.shell > localhost.950: . ack 30 win 42995 (DF) 19:00:17.233765 localhost.shell > localhost.950: . ack 30 win 42996 (DF) 19:00:17.233836 localhost.shell > localhost.950: . ack 30 win 42997 (DF) 19:00:17.233907 localhost.shell > localhost.950: . ack 30 win 42998 (DF) 19:00:17.233979 localhost.shell > localhost.950: . ack 30 win 42999 (DF) 19:00:17.234075 localhost.shell > localhost.950: . ack 30 win 43000 (DF) 19:00:17.234260 localhost.shell > localhost.950: . ack 30 win 43001 (DF) 19:00:17.234337 localhost.shell > localhost.950: . ack 30 win 43002 (DF) 19:00:17.234408 localhost.shell > localhost.950: . ack 30 win 43003 (DF) 19:00:17.234479 localhost.shell > localhost.950: . ack 30 win 43004 (DF) 19:00:17.234551 localhost.shell > localhost.950: . ack 30 win 43005 (DF) 19:00:17.234622 localhost.shell > localhost.950: . ack 30 win 43006 (DF) 19:00:17.234694 localhost.shell > localhost.950: . ack 30 win 43007 (DF) 19:00:17.234767 localhost.shell > localhost.950: . ack 30 win 43008 (DF) 19:00:17.234846 localhost.shell > localhost.950: P 0:1(1) ack 30 win 43008 (DF) 19:00:17.293052 localhost.shell > localhost.950: P 0:4097(4097) ack 30 win 43008 (DF) 19:00:17.332208 localhost.shell > localhost.950: P 0:4097(4097) ack 30 win 43008 (DF) 19:00:17.350636 localhost.shell > localhost.950: P 0:8193(8193) ack 30 win 43008 (DF) 19:00:17.406621 localhost.shell > localhost.950: P 0:12289(12289) ack 30 win 43008 (DF) 19:00:17.437219 localhost.shell > localhost.950: P 0:12289(12289) ack 30 win 43008 (DF) 19:00:17.438332 localhost.shell > localhost.950: P 0:12289(12289) ack 30 win 43008 (DF) 19:00:17.463725 localhost.shell > localhost.950: . 0:14336(14336) ack 30 win 43008 (DF) 19:00:17.521835 localhost.shell > localhost.950: . 0:14336(14336) ack 30 win 43008 (DF) 19:00:17.577827 localhost.shell > localhost.950: . 0:14336(14336) ack 30 win 43008 (DF) 19:00:17.634399 localhost.shell > localhost.950: . 0:14336(14336) ack 30 win 43008 (DF) 19:00:17.643171 localhost.shell > localhost.950: . 0:14336(14336) ack 30 win 43008 (DF) 19:00:17.650303 localhost.shell > localhost.950: . 0:14336(14336) ack 30 win 43008 (DF) 19:00:17.691123 localhost.shell > localhost.950: . 0:14336(14336) ack 30 win 43008 (DF) 19:00:17.747135 localhost.shell > localhost.950: . 0:14336(14336) ack 30 win 43008 (DF) 19:00:17.803602 localhost.shell > localhost.950: . 0:14336(14336) ack 30 win 43008 (DF) 19:00:17.855176 localhost.shell > localhost.950: . 0:14336(14336) ack 30 win 43008 (DF) 19:00:17.874296 localhost.shell > localhost.950: . 0:14336(14336) ack 30 win 43008 (DF) 19:00:18.079055 localhost.shell > localhost.950: . 0:14336(14336) ack 30 win 43008 (DF) 19:00:18.122157 localhost.shell > localhost.950: . 0:14336(14336) ack 30 win 43008 (DF) 19:00:18.327024 localhost.shell > localhost.950: . 0:14336(14336) ack 30 win 43008 (DF) 19:00:18.418158 localhost.shell > localhost.950: . 0:14336(14336) ack 30 win 43008 (DF) 19:00:18.622972 localhost.shell > localhost.950: . 0:14336(14336) ack 30 win 43008 (DF) 19:00:18.810154 localhost.shell > localhost.950: . 0:14336(14336) ack 30 win 43008 (DF) 19:00:19.014923 localhost.shell > localhost.950: . 0:14336(14336) ack 30 win 43008 (DF) 19:00:19.393998 localhost.shell > localhost.950: . 0:14336(14336) ack 30 win 43008 (DF) 19:00:19.598834 localhost.shell > localhost.950: . 0:14336(14336) ack 30 win 43008 (DF) 19:00:20.361905 localhost.shell > localhost.950: . 0:14336(14336) ack 30 win 43008 (DF) 19:00:20.566681 localhost.shell > localhost.950: . 0:14336(14336) ack 30 win 43008 (DF) 19:00:22.097648 localhost.shell > localhost.950: . 0:14336(14336) ack 30 win 43008 (DF) 19:00:22.302391 localhost.shell > localhost.950: . 0:14336(14336) ack 30 win 43008 (DF) 19:00:23.833353 localhost.shell > localhost.950: . 0:14336(14336) ack 30 win 43008 (DF) 19:00:24.038109 localhost.shell > localhost.950: . 0:14336(14336) ack 30 win 43008 (DF) 19:00:25.569065 localhost.shell > localhost.950: . 0:14336(14336) ack 30 win 43008 (DF) 19:00:25.773815 localhost.shell > localhost.950: . 0:14336(14336) ack 30 win 43008 (DF) What it is? Why? _____________________________________ Best regards, Andrew Kochetkoff mailto:andrews@mtelecom.chita.ru __________________________________________________________________ Switch to Netscape Internet Service. As low as $9.95 a month -- Sign up today at http://isp.netscape.com/register Netscape. Just the Net You Need. New! Netscape Toolbar for Internet Explorer Search from anywhere on the Web and block those annoying pop-ups. Download now at http://channels.netscape.com/ns/search/install.jsp From owner-freebsd-pf@FreeBSD.ORG Mon Sep 27 09:35:31 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B500816A4CE for ; Mon, 27 Sep 2004 09:35:31 +0000 (GMT) Received: from imo-d01.mx.aol.com (imo-d01.mx.aol.com [205.188.157.33]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3F85B43D2D for ; Mon, 27 Sep 2004 09:35:31 +0000 (GMT) (envelope-from AndygreenNet@netscape.net) Received: from AndygreenNet@netscape.net by imo-d01.mx.aol.com (mail_out_v37_r3.7.) id n.b.e6f4090 (16239) for ; Mon, 27 Sep 2004 05:35:25 -0400 (EDT) Received: from netscape.net (mow-d18.webmail.aol.com [205.188.139.134]) by air-in03.mx.aol.com (v101_r1.4) with ESMTP id MAILININ33-3f6f4157dedd237; Mon, 27 Sep 2004 05:35:25 -0400 Date: Mon, 27 Sep 2004 05:35:25 -0400 From: AndygreenNet@netscape.net To: freebsd-pf@freebsd.org MIME-Version: 1.0 Message-ID: <050DEA7A.794C4F13.0C457E44@netscape.net> X-Mailer: Atlas Mailer 2.0 X-AOL-IP: 62.33.196.200 X-AOL-Language: english Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Subject: Re: Can't access rsh listen on lo0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Sep 2004 09:35:31 -0000 Sorry! >> I'm create cf.conf with two rules: >> pass in all >> pass out all Read like: >> I'm create pf.conf with two rules: >> pass in all >> pass out all __________________________________________________________________ Switch to Netscape Internet Service. As low as $9.95 a month -- Sign up today at http://isp.netscape.com/register Netscape. Just the Net You Need. New! Netscape Toolbar for Internet Explorer Search from anywhere on the Web and block those annoying pop-ups. Download now at http://channels.netscape.com/ns/search/install.jsp From owner-freebsd-pf@FreeBSD.ORG Tue Sep 28 18:01:16 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5D6AA16A4CE; Tue, 28 Sep 2004 18:01:16 +0000 (GMT) Received: from mail.evip.pl (mail.evip.com.pl [212.244.157.179]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3ACD843D39; Tue, 28 Sep 2004 18:01:15 +0000 (GMT) (envelope-from w@evip.pl) Received: from drwebc by mail.evip.pl with drweb-scanned (Exim 4.22) id 1CCMHd-0003AU-3X; Tue, 28 Sep 2004 20:01:01 +0200 Received: from w by mail.evip.pl with local (Exim 4.22) id 1CCMHd-0003AO-0G; Tue, 28 Sep 2004 20:01:01 +0200 Date: Tue, 28 Sep 2004 20:01:00 +0200 From: Wiktor Niesiobedzki To: "Christian S.J. Peron" Message-ID: <20040928180100.GE1760@mail.evip.pl> References: <20040924223754.GA86799@freefall.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040924223754.GA86799@freefall.freebsd.org> User-Agent: Mutt/1.5.6i cc: hackers@freebsd.org cc: ipfw@freebsd.org cc: freebsd-pf@freebsd.org Subject: Re: fixes for ipfw and pf lock ordering issues X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Sep 2004 18:01:16 -0000 On Fri, Sep 24, 2004 at 10:37:54PM +0000, Christian S.J. Peron wrote: > Good day folks, we need some beta testers > Hi, as an author of LOR reports I feel obliged to test this patch. I was running it for a 2 days and intended to report, that for me everything works ok, when an panic occured. Regretably, I do not have actual panic message, but the trace looks as follows: pf_socket_lookup(cbb24958,cbb2495c,2,cbb24a0c,c15275a0) at pf_socket_lookup+0x22 pf_test_tcp(cbb249c0,cbb249bc,2,c14d6200,c139e500) at pf_test_tcp+0x648 pf_test(2,c14b8014,cbb24aa8,c15275a0,c15661c0) at pf_test+0x53d pf_check_out(0,cbb24aa8,c14b8014,2,c15275a0) at pf_check_out+0x6d pfil_run_hooks(c066da00,cbb24b1c,c14b8014,2,c15275a0) at pfil_run_hooks+0xeb ip_output(c139e500,0,cbb24ae8,0,0) at ip_output+0x630 tcp_twrespond(c18709a0,10,c0607304,69c,1) at tcp_twrespond+0x1ed tcp_twstart(c186b380,0,c0606ba2,96f,0) at tcp_twstart+0x1d3 tcp_input(c139d800,14,c14b8014,1,0) at tcp_input+0x2c39 ip_input(c139d800,0,c06053ae,e7,c066d098) at ip_input+0x5b0 netisr_processqueue(c066d098,c0642940,1,c05fb4da,c10d62c0) at netisr_processqueu e+0x8e swi_net(0,0,c05f9b18,269,0) at swi_net+0xe9 ithread_loop(c10de480,cbb24d48,c05f990f,31f,1000000) at ithread_loop+0x172 fork_exit(c04a6520,c10de480,cbb24d48) at fork_exit+0xc6 fork_trampoline() at fork_trampoline+0x8 --- trap 0x1, eip = 0, esp = 0xcbb24d7c, ebp = 0 --- db> db> show locks exclusive sleep mutex inp (tcpinp) r = 0 (0xc1527630) locked @ /usr/src/sys/neti net/tcp_input.c:737 exclusive sleep mutex tcp r = 0 (0xc066de6c) locked @ /usr/src/sys/netinet/tcp_i nput.c:611 db> (gdb) l *pf_socket_lookup+0x22 0xc043a2d2 is in pf_socket_lookup (/usr/src/sys/contrib/pf/net/pf.c:2414). 2409 #endif 2410 struct inpcb *inp; 2411 2412 #ifdef __FreeBSD__ 2413 if (inp_arg != NULL) { 2414 *uid = inp_arg->inp_socket->so_cred->cr_uid; 2415 *gid = inp_arg->inp_socket->so_cred->cr_groups[0]; 2416 return (1); 2417 } 2418 #endif (gdb) l *pf_test_tcp+0x648 0xc043aef8 is in pf_test_tcp (/usr/src/sys/contrib/pf/net/pf.c:2781). 2776 r = TAILQ_NEXT(r, entries); 2777 else if (r->rule_flag & PFRULE_FRAGMENT) 2778 r = TAILQ_NEXT(r, entries); 2779 else if ((r->flagset & th->th_flags) != r->flags) 2780 r = TAILQ_NEXT(r, entries); 2781 else if (r->uid.op && (lookup != -1 || (lookup = 2782 #ifdef __FreeBSD__ 2783 pf_socket_lookup(&uid, &gid, direction, pd, inp), 1)) && 2784 #else 2785 pf_socket_lookup(&uid, &gid, direction, pd), 1)) && If there is anything more I may provide, please tell me. I can't get my kernel dumps on, although I have KDB_UNATTENDED option in kernel, it gaves me prompt on panics, and when I call panic from debugger I get hangs :S If you know any other way to get the panic message, I'd appreciate. My comments for the patch alone: Before the patch, I got the LOR's and rather rare panics due to this problem. They were happening mainly when changing PF rules, sometimes on shutdown. After the patch, I do not have any LOR messages, I tried to load PF rules in a loop for a few minutes. After that I just left the system for it own, while there was some activity on network (and particularly on rules with uid matching). Till today I was quite happy with that. If there is anything I can debug more, to help you solve the problem, please ask. Cheers, Wiktor Niesiobedzki PS. Just for the record - I tired it only with PF. I'm also planning to give it a shot with my old IPFW rules. From owner-freebsd-pf@FreeBSD.ORG Tue Sep 28 20:59:21 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 68A6D16A4CE; Tue, 28 Sep 2004 20:59:21 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3F63643D45; Tue, 28 Sep 2004 20:59:21 +0000 (GMT) (envelope-from csjp@freebsd.org) Received: from freefall.freebsd.org (csjp@localhost [127.0.0.1]) i8SKxLQO001543; Tue, 28 Sep 2004 20:59:21 GMT (envelope-from csjp@freebsd.org) Received: (from csjp@localhost) by freefall.freebsd.org (8.12.11/8.12.11/Submit) id i8SKxKbW001542; Tue, 28 Sep 2004 20:59:20 GMT (envelope-from csjp@freebsd.org) X-Authentication-Warning: freefall.freebsd.org: csjp set sender to csjp@freebsd.org using -f Date: Tue, 28 Sep 2004 20:59:20 +0000 From: "Christian S.J. Peron" To: Wiktor Niesiobedzki Message-ID: <20040928205920.GA1459@freefall.freebsd.org> References: <20040924223754.GA86799@freefall.freebsd.org> <20040928180100.GE1760@mail.evip.pl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040928180100.GE1760@mail.evip.pl> User-Agent: Mutt/1.4.1i cc: hackers@freebsd.org cc: ipfw@freebsd.org cc: freebsd-pf@freebsd.org Subject: Re: fixes for ipfw and pf lock ordering issues X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Sep 2004 20:59:21 -0000 On 28 Sep 2004 Wiktor Niesiobedzki wrote: > pf_socket_lookup(cbb24958,cbb2495c,2,cbb24a0c,c15275a0) at > pf_socket_lookup+0x22 > pf_test_tcp(cbb249c0,cbb249bc,2,c14d6200,c139e500) at pf_test_tcp+0x648 > pf_test(2,c14b8014,cbb24aa8,c15275a0,c15661c0) at pf_test+0x53d > pf_check_out(0,cbb24aa8,c14b8014,2,c15275a0) at pf_check_out+0x6d > pfil_run_hooks(c066da00,cbb24b1c,c14b8014,2,c15275a0) at pfil_run_hooks+0xeb > ip_output(c139e500,0,cbb24ae8,0,0) at ip_output+0x630 > tcp_twrespond(c18709a0,10,c0607304,69c,1) at tcp_twrespond+0x1ed > tcp_twstart(c186b380,0,c0606ba2,96f,0) at tcp_twstart+0x1d3 > tcp_input(c139d800,14,c14b8014,1,0) at tcp_input+0x2c39 > ip_input(c139d800,0,c06053ae,e7,c066d098) at ip_input+0x5b0 > netisr_processqueue(c066d098,c0642940,1,c05fb4da,c10d62c0) at > netisr_processqueu > e+0x8e > swi_net(0,0,c05f9b18,269,0) at swi_net+0xe9 > ithread_loop(c10de480,cbb24d48,c05f990f,31f,1000000) at ithread_loop+0x172 > fork_exit(c04a6520,c10de480,cbb24d48) at fork_exit+0xc6 > fork_trampoline() at fork_trampoline+0x8 > --- trap 0x1, eip = 0, esp = 0xcbb24d7c, ebp = 0 --- > db> > > db> show locks > exclusive sleep mutex inp (tcpinp) r = 0 (0xc1527630) locked @ > /usr/src/sys/neti > net/tcp_input.c:737 > exclusive sleep mutex tcp r = 0 (0xc066de6c) locked @ > /usr/src/sys/netinet/tcp_i > nput.c:611 > db> > > (gdb) l *pf_socket_lookup+0x22 > 0xc043a2d2 is in pf_socket_lookup (/usr/src/sys/contrib/pf/net/pf.c:2414). > 2409 #endif > 2410 struct inpcb *inp; > 2411 > 2412 #ifdef __FreeBSD__ > 2413 if (inp_arg != NULL) { > 2414 *uid = inp_arg->inp_socket->so_cred->cr_uid; > 2415 *gid = inp_arg->inp_socket->so_cred->cr_groups[0]; > 2416 return (1); > 2417 } > 2418 #endif > Looks like it could be a bad pointer dereference, have you recompiled your kernel and the pf/ipfw modules? If not, please try recompiling your kernel. otherwise I will keep hunting for potentially bad pointers being passed to the pfil hooks -- Christian S.J. Peron csjp@FreeBSD.ORG FreeBSD Committer From owner-freebsd-pf@FreeBSD.ORG Wed Sep 29 00:56:15 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7807C16A4CE; Wed, 29 Sep 2004 00:56:15 +0000 (GMT) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.187]) by mx1.FreeBSD.org (Postfix) with ESMTP id D8ABA43D39; Wed, 29 Sep 2004 00:56:14 +0000 (GMT) (envelope-from max@love2party.net) Received: from [212.227.126.205] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1CCSlN-0002vk-00; Wed, 29 Sep 2004 02:56:09 +0200 Received: from [217.83.9.48] (helo=donor.laier.local) by mrelayng.kundenserver.de with asmtp (TLSv1:RC4-MD5:128) (Exim 3.35 #1) id 1CCSlM-0007Nd-00; Wed, 29 Sep 2004 02:56:08 +0200 From: Max Laier To: Wiktor Niesiobedzki Date: Wed, 29 Sep 2004 02:55:09 +0200 User-Agent: KMail/1.7 References: <20040924223754.GA86799@freefall.freebsd.org> <20040928180100.GE1760@mail.evip.pl> In-Reply-To: <20040928180100.GE1760@mail.evip.pl> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart7562195.AI5OhU5A9J"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200409290255.22309.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:61c499deaeeba3ba5be80f48ecc83056 cc: ipfw@freebsd.org cc: hackers@freebsd.org cc: "Christian S.J. Peron" cc: freebsd-pf@freebsd.org Subject: Re: fixes for ipfw and pf lock ordering issues X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Sep 2004 00:56:15 -0000 --nextPart7562195.AI5OhU5A9J Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Tuesday 28 September 2004 20:01, Wiktor Niesiobedzki wrote: > On Fri, Sep 24, 2004 at 10:37:54PM +0000, Christian S.J. Peron wrote: > > Good day folks, we need some beta testers > > Hi, as an author of LOR reports I feel obliged to test this patch. I was > running it for a 2 days and intended to report, that for me everything > works ok, when an panic occured. Regretably, I do not have actual panic > message, but the trace looks as follows: > pf_socket_lookup(cbb24958,cbb2495c,2,cbb24a0c,c15275a0) at > pf_socket_lookup+0x22 > pf_test_tcp(cbb249c0,cbb249bc,2,c14d6200,c139e500) at pf_test_tcp+0x648 > pf_test(2,c14b8014,cbb24aa8,c15275a0,c15661c0) at pf_test+0x53d > pf_check_out(0,cbb24aa8,c14b8014,2,c15275a0) at pf_check_out+0x6d > pfil_run_hooks(c066da00,cbb24b1c,c14b8014,2,c15275a0) at > pfil_run_hooks+0xeb ip_output(c139e500,0,cbb24ae8,0,0) at ip_output+0x630 > tcp_twrespond(c18709a0,10,c0607304,69c,1) at tcp_twrespond+0x1ed > tcp_twstart(c186b380,0,c0606ba2,96f,0) at tcp_twstart+0x1d3 > tcp_input(c139d800,14,c14b8014,1,0) at tcp_input+0x2c39 > ip_input(c139d800,0,c06053ae,e7,c066d098) at ip_input+0x5b0 > netisr_processqueue(c066d098,c0642940,1,c05fb4da,c10d62c0) at > netisr_processqueu > e+0x8e > swi_net(0,0,c05f9b18,269,0) at swi_net+0xe9 > ithread_loop(c10de480,cbb24d48,c05f990f,31f,1000000) at ithread_loop+0x172 > fork_exit(c04a6520,c10de480,cbb24d48) at fork_exit+0xc6 > fork_trampoline() at fork_trampoline+0x8 > --- trap 0x1, eip =3D 0, esp =3D 0xcbb24d7c, ebp =3D 0 --- > db> > > db> show locks > exclusive sleep mutex inp (tcpinp) r =3D 0 (0xc1527630) locked @ > /usr/src/sys/neti > net/tcp_input.c:737 > exclusive sleep mutex tcp r =3D 0 (0xc066de6c) locked @ > /usr/src/sys/netinet/tcp_i > nput.c:611 > db> > > (gdb) l *pf_socket_lookup+0x22 > 0xc043a2d2 is in pf_socket_lookup (/usr/src/sys/contrib/pf/net/pf.c:2414). > 2409 #endif > 2410 struct inpcb *inp; > 2411 > 2412 #ifdef __FreeBSD__ > 2413 if (inp_arg !=3D NULL) { > 2414 *uid =3D inp_arg->inp_socket->so_cred->cr_uid; > 2415 *gid =3D inp_arg->inp_socket->so_cred->cr_groups[= 0]; > 2416 return (1); > 2417 } > 2418 #endif This should read: > *uid =3D UID_MAX; > *gid =3D GID_MAX; > #ifdef __FreeBSD__ > if (inp_arg !=3D NULL) { > if (inp_arg->inp_socket) { > *uid =3D inp_arg->inp_socket->so_cred->cr_uid; > *gid =3D inp_arg->inp_socket->so_cred->cr_groups[= 0]; > return (1); > } else > return (0); > } > #endif now. Thanks for testing, I will post an updated patch the other day. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart7562195.AI5OhU5A9J Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQBBWgf6XyyEoT62BG0RAgx5AJ9/RQ971H3oQ18mYgo19wD/XBXiIACeMqsD JSk9Pz90fJXmrHlvsBlyNgE= =Fs+l -----END PGP SIGNATURE----- --nextPart7562195.AI5OhU5A9J-- From owner-freebsd-pf@FreeBSD.ORG Thu Sep 30 14:43:44 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 009C116A4CE for ; Thu, 30 Sep 2004 14:43:44 +0000 (GMT) Received: from mproxy.gmail.com (rproxy.gmail.com [64.233.170.202]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9324E43D3F for ; Thu, 30 Sep 2004 14:43:43 +0000 (GMT) (envelope-from brent.bolin@gmail.com) Received: by mproxy.gmail.com with SMTP id 79so3548676rnk for ; Thu, 30 Sep 2004 07:43:42 -0700 (PDT) Received: by 10.38.163.7 with SMTP id l7mr2312657rne; Thu, 30 Sep 2004 07:43:40 -0700 (PDT) Received: by 10.38.14.50 with HTTP; Thu, 30 Sep 2004 07:43:39 -0700 (PDT) Message-ID: <787dcac2040930074323551b47@mail.gmail.com> Date: Thu, 30 Sep 2004 09:43:39 -0500 From: BB To: freebsd-pf@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Are these the only kernel options I need to enable altq on FreeBSD 5.2.1 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: BB List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Sep 2004 14:43:44 -0000 options ALTQ options ALTQ_CBQ # Class Bases Queueing options ALTQ_RED # Random Early Drop options ALTQ_RIO # RED In/Out options ALTQ_HFSC # Hierarchical Packet Scheduler options ALTQ_CDNR # Traffic conditioner options ALTQ_PRIQ # Prioirity Queueing btb From owner-freebsd-pf@FreeBSD.ORG Fri Oct 1 02:26:52 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 672CC16A4CE for ; Fri, 1 Oct 2004 02:26:52 +0000 (GMT) Received: from ns.kt-is.co.kr (ns.kt-is.co.kr [211.218.149.125]) by mx1.FreeBSD.org (Postfix) with ESMTP id B8EB943D55 for ; Fri, 1 Oct 2004 02:26:51 +0000 (GMT) (envelope-from yongari@kt-is.co.kr) Received: from michelle.kt-is.co.kr (ns2.kt-is.co.kr [220.76.118.193]) (authenticated bits=128) by ns.kt-is.co.kr (8.12.10/8.12.10) with ESMTP id i912QZAh084440 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Fri, 1 Oct 2004 11:26:35 +0900 (KST) Received: from michelle.kt-is.co.kr (localhost.kt-is.co.kr [127.0.0.1]) by michelle.kt-is.co.kr (8.12.10/8.12.10) with ESMTP id i912QeRt004499 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 1 Oct 2004 11:26:40 +0900 (KST) (envelope-from yongari@kt-is.co.kr) Received: (from yongari@localhost) by michelle.kt-is.co.kr (8.12.10/8.12.10/Submit) id i912Qd4c004498; Fri, 1 Oct 2004 11:26:39 +0900 (KST) (envelope-from yongari@kt-is.co.kr) Date: Fri, 1 Oct 2004 11:26:39 +0900 From: Pyun YongHyeon To: BB Message-ID: <20041001022639.GA4440@kt-is.co.kr> References: <787dcac2040930074323551b47@mail.gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <787dcac2040930074323551b47@mail.gmail.com> User-Agent: Mutt/1.4.1i X-Filter-Version: 1.11a (ns.kt-is.co.kr) cc: freebsd-pf@freebsd.org Subject: Re: Are these the only kernel options I need to enable altq on FreeBSD 5.2.1 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: yongari@kt-is.co.kr List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Oct 2004 02:26:52 -0000 On Thu, Sep 30, 2004 at 09:43:39AM -0500, BB wrote: > options ALTQ > options ALTQ_CBQ # Class Bases Queueing > options ALTQ_RED # Random Early Drop > options ALTQ_RIO # RED In/Out > options ALTQ_HFSC # Hierarchical Packet Scheduler > options ALTQ_CDNR # Traffic conditioner > options ALTQ_PRIQ # Prioirity Queueing > Since pf is the only consumer of ALTQ in FreeBSD, you need pf related options too. However I'd like to recommend 5.3BETA6 which is more stable than that of seperate altq patch set in addition to bug fixes and more altq-aware network drivers. Regards, Pyun YongHyeon -- Pyun YongHyeon From owner-freebsd-pf@FreeBSD.ORG Fri Oct 1 02:47:05 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4BA5A16A4CE for ; Fri, 1 Oct 2004 02:47:05 +0000 (GMT) Received: from ns.kt-is.co.kr (ns.kt-is.co.kr [211.218.149.125]) by mx1.FreeBSD.org (Postfix) with ESMTP id BF78C43D31 for ; Fri, 1 Oct 2004 02:47:04 +0000 (GMT) (envelope-from yongari@kt-is.co.kr) Received: from michelle.kt-is.co.kr (ns2.kt-is.co.kr [220.76.118.193]) (authenticated bits=128) by ns.kt-is.co.kr (8.12.10/8.12.10) with ESMTP id i912kfAh085780 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Fri, 1 Oct 2004 11:46:41 +0900 (KST) Received: from michelle.kt-is.co.kr (localhost.kt-is.co.kr [127.0.0.1]) by michelle.kt-is.co.kr (8.12.10/8.12.10) with ESMTP id i912kkRt004575 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 1 Oct 2004 11:46:47 +0900 (KST) (envelope-from yongari@kt-is.co.kr) Received: (from yongari@localhost) by michelle.kt-is.co.kr (8.12.10/8.12.10/Submit) id i912kk7W004574; Fri, 1 Oct 2004 11:46:46 +0900 (KST) (envelope-from yongari@kt-is.co.kr) Date: Fri, 1 Oct 2004 11:46:46 +0900 From: Pyun YongHyeon To: sam Message-ID: <20041001024646.GB4440@kt-is.co.kr> References: <787dcac2040930074323551b47@mail.gmail.com> <20041001022639.GA4440@kt-is.co.kr> <415CC2AE.6040002@authtec.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <415CC2AE.6040002@authtec.net> User-Agent: Mutt/1.4.1i X-Filter-Version: 1.11a (ns.kt-is.co.kr) cc: freebsd-pf@freebsd.org Subject: Re: Are these the only kernel options I need to enable altq on FreeBSD 5.2.1 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: yongari@kt-is.co.kr List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Oct 2004 02:47:05 -0000 On Fri, Oct 01, 2004 at 10:36:30AM +0800, sam wrote: > Pyun YongHyeon wrote: > > >On Thu, Sep 30, 2004 at 09:43:39AM -0500, BB wrote: > >> options ALTQ > >> options ALTQ_CBQ # Class Bases Queueing > >> options ALTQ_RED # Random Early Drop > >> options ALTQ_RIO # RED In/Out > >> options ALTQ_HFSC # Hierarchical Packet Scheduler > >> options ALTQ_CDNR # Traffic conditioner > >> options ALTQ_PRIQ # Prioirity Queueing > >> > > > >Since pf is the only consumer of ALTQ in FreeBSD, you need pf > >related options too. However I'd like to recommend 5.3BETA6 which > >is more stable than that of seperate altq patch set in addition > >to bug fixes and more altq-aware network drivers. > > > > > > You mean there are two different patches for ALTQ in FreeBSD now? No. In 5.2.1, users had to use ALTQ patch set from rofug.ro. > The patch I used is : > http://people.freebsd.org/~mlaier/CARP/ > The URL you mentationed has no relation with ALTQ. It's for CARP. Regards, Pyun YongHyeon -- Pyun YongHyeon From owner-freebsd-pf@FreeBSD.ORG Fri Oct 1 14:26:09 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3C3ED16A4D0 for ; Fri, 1 Oct 2004 14:26:09 +0000 (GMT) Received: from mproxy.gmail.com (rproxy.gmail.com [64.233.170.206]) by mx1.FreeBSD.org (Postfix) with ESMTP id E905043D4C for ; Fri, 1 Oct 2004 14:26:08 +0000 (GMT) (envelope-from brent.bolin@gmail.com) Received: by mproxy.gmail.com with SMTP id 79so3647235rnk for ; Fri, 01 Oct 2004 07:26:08 -0700 (PDT) Received: by 10.38.73.46 with SMTP id v46mr2441861rna; Fri, 01 Oct 2004 07:26:06 -0700 (PDT) Received: by 10.38.14.50 with HTTP; Fri, 1 Oct 2004 07:25:58 -0700 (PDT) Message-ID: <787dcac2041001072539de04a3@mail.gmail.com> Date: Fri, 1 Oct 2004 09:25:58 -0500 From: BB To: freebsd-pf@freebsd.org In-Reply-To: <20041001024646.GB4440@kt-is.co.kr> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit References: <787dcac2040930074323551b47@mail.gmail.com> <20041001022639.GA4440@kt-is.co.kr> <415CC2AE.6040002@authtec.net> <20041001024646.GB4440@kt-is.co.kr> Subject: Re: Are these the only kernel options I need to enable altq on FreeBSD 5.2.1 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: BB List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Oct 2004 14:26:09 -0000 Thanks for your reply. I'm a little confused. Some time ago I downloaded the kernel altq patch and attempted to install it. Had some kernel panics and didn't pursue it. Are you saying 5.2.x does not have the kernel code for altq. It dos not appear to ? Are you saying the up and coming 5.3 Release or Beta versions have the kernel code ? I assume your kernel must be compiled with the options below - > > options ALTQ > > options ALTQ_CBQ # Class Bases Queueing > > options ALTQ_RED # Random Early Drop > > options ALTQ_RIO # RED In/Out > > options ALTQ_HFSC # Hierarchical Packet Scheduler > > options ALTQ_CDNR # Traffic conditioner > > options ALTQ_PRIQ # Prioirity Queueing Thanks btb On Fri, 1 Oct 2004 11:46:46 +0900, Pyun YongHyeon wrote: > > > On Fri, Oct 01, 2004 at 10:36:30AM +0800, sam wrote: > > Pyun YongHyeon wrote: > > > > >On Thu, Sep 30, 2004 at 09:43:39AM -0500, BB wrote: > > >> options ALTQ > > >> options ALTQ_CBQ # Class Bases Queueing > > >> options ALTQ_RED # Random Early Drop > > >> options ALTQ_RIO # RED In/Out > > >> options ALTQ_HFSC # Hierarchical Packet Scheduler > > >> options ALTQ_CDNR # Traffic conditioner > > >> options ALTQ_PRIQ # Prioirity Queueing > > >> > > > > > >Since pf is the only consumer of ALTQ in FreeBSD, you need pf > > >related options too. However I'd like to recommend 5.3BETA6 which > > >is more stable than that of seperate altq patch set in addition > > >to bug fixes and more altq-aware network drivers. > > > > > > > > > > You mean there are two different patches for ALTQ in FreeBSD now? > > No. In 5.2.1, users had to use ALTQ patch set from rofug.ro. > > > The patch I used is : > > http://people.freebsd.org/~mlaier/CARP/ > > > > The URL you mentationed has no relation with ALTQ. It's for CARP. > > > > Regards, > Pyun YongHyeon > -- > Pyun YongHyeon > From owner-freebsd-pf@FreeBSD.ORG Fri Oct 1 19:14:36 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D032516A4CE for ; Fri, 1 Oct 2004 19:14:36 +0000 (GMT) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.176]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6870D43D58 for ; Fri, 1 Oct 2004 19:14:36 +0000 (GMT) (envelope-from max@love2party.net) Received: from [212.227.126.206] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1CDSrT-0006Cj-00; Fri, 01 Oct 2004 21:14:35 +0200 Received: from [217.227.144.56] (helo=donor.laier.local) by mrelayng.kundenserver.de with asmtp (TLSv1:RC4-MD5:128) (Exim 3.35 #1) id 1CDSrT-0001GT-00; Fri, 01 Oct 2004 21:14:35 +0200 From: Max Laier To: freebsd-pf@freebsd.org, BB Date: Fri, 1 Oct 2004 21:13:47 +0200 User-Agent: KMail/1.7 References: <787dcac2040930074323551b47@mail.gmail.com> <20041001024646.GB4440@kt-is.co.kr> <787dcac2041001072539de04a3@mail.gmail.com> In-Reply-To: <787dcac2041001072539de04a3@mail.gmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1813347.ediolUOjk0"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200410012113.54986.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:61c499deaeeba3ba5be80f48ecc83056 Subject: Re: Are these the only kernel options I need to enable altq on FreeBSD 5.2.1 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Oct 2004 19:14:37 -0000 --nextPart1813347.ediolUOjk0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Friday 01 October 2004 16:25, BB wrote: > Thanks for your reply. > > I'm a little confused. Some time ago I downloaded the kernel altq > patch and attempted to install it. Had some kernel panics and didn't > pursue it. > > Are you saying 5.2.x does not have the kernel code for altq. It dos > not appear to ? > > Are you saying the up and coming 5.3 Release or Beta versions have the > kernel code ? ALTQ support was added June 13th 2004. It will be part of the 5.3 Release. > I assume your kernel must be compiled with the options below - > > > > options ALTQ > > > options ALTQ_CBQ # Class Bases Queueing > > > options ALTQ_RED # Random Early Drop > > > options ALTQ_RIO # RED In/Out > > > options ALTQ_HFSC # Hierarchical Packet Scheduler > > > options ALTQ_CDNR # Traffic conditioner > > > options ALTQ_PRIQ # Prioirity Queueing Yes, depending on your needs of course. For SMP builds you will also need=20 "options ALTQ_NOPCC". > Thanks > > btb > > On Fri, 1 Oct 2004 11:46:46 +0900, Pyun YongHyeon =20 wrote: > > On Fri, Oct 01, 2004 at 10:36:30AM +0800, sam wrote: > > > Pyun YongHyeon wrote: > > > >On Thu, Sep 30, 2004 at 09:43:39AM -0500, BB wrote: > > > >> options ALTQ > > > >> options ALTQ_CBQ # Class Bases Queueing > > > >> options ALTQ_RED # Random Early Drop > > > >> options ALTQ_RIO # RED In/Out > > > >> options ALTQ_HFSC # Hierarchical Packet Scheduler > > > >> options ALTQ_CDNR # Traffic conditioner > > > >> options ALTQ_PRIQ # Prioirity Queueing > > > > > > > >Since pf is the only consumer of ALTQ in FreeBSD, you need pf > > > >related options too. However I'd like to recommend 5.3BETA6 which > > > >is more stable than that of seperate altq patch set in addition > > > >to bug fixes and more altq-aware network drivers. > > > > > > You mean there are two different patches for ALTQ in FreeBSD now? > > > > No. In 5.2.1, users had to use ALTQ patch set from rofug.ro. > > > > > The patch I used is : > > > http://people.freebsd.org/~mlaier/CARP/ > > > > The URL you mentationed has no relation with ALTQ. It's for CARP. > > > > > > > > Regards, > > Pyun YongHyeon > > -- > > Pyun YongHyeon > > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart1813347.ediolUOjk0 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQBBXaxyXyyEoT62BG0RApYCAJ9ExJdr6GuD+zH3bLSyg2Z15tJkhwCfbzVf r7L5z/CLlL7pytlptqaTd+o= =m9An -----END PGP SIGNATURE----- --nextPart1813347.ediolUOjk0--