From owner-freebsd-pf@FreeBSD.ORG Sun Nov 14 03:53:52 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F32B616A4D0 for ; Sun, 14 Nov 2004 03:53:51 +0000 (GMT) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.176]) by mx1.FreeBSD.org (Postfix) with ESMTP id 517D543D49 for ; Sun, 14 Nov 2004 03:53:51 +0000 (GMT) (envelope-from max@love2party.net) Received: from [212.227.126.207] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1CTBSX-0008Ah-00; Sun, 14 Nov 2004 04:53:49 +0100 Received: from [217.227.156.235] (helo=donor.laier.local) by mrelayng.kundenserver.de with asmtp (TLSv1:RC4-MD5:128) (Exim 3.35 #1) id 1CTBSX-0004Oz-00; Sun, 14 Nov 2004 04:53:49 +0100 From: Max Laier To: freebsd-pf@freebsd.org Date: Sun, 14 Nov 2004 04:53:57 +0100 User-Agent: KMail/1.7.1 References: <000301c4c9c3$8e9c9a50$320a0a0a@uranus> In-Reply-To: <000301c4c9c3$8e9c9a50$320a0a0a@uranus> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart4402261.pMUyUfQ44X"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200411140454.04402.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:61c499deaeeba3ba5be80f48ecc83056 cc: Shane James Subject: Re: FreeBSD ALTQ + PF Problem X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Nov 2004 03:53:52 -0000 --nextPart4402261.pMUyUfQ44X Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Saturday 13 November 2004 21:58, Shane James wrote: > Hey guys, > > I'm having a problem with pf + altq on FreeBSD 5.2.1 (FreeBSD > uplink-rtr-jhb.virtek.co.za 5.2.1-RELEASE-p11 FreeBSD 5.2.1-RELEASE-p11 #= 1: > Sat Nov 13 15:59:38 SAST 2004 > root@uplink-rtr-jhb.virtek.co.za:/usr/src/sys.altq/i386/compile/UPLINK > i386) > > The Traffic I assign to queue's does not get limited according to the > specific limit, it only get's limited by the global bandwidth limited > assign to the specific NIC. > e.g. I assign traffic to a queue(argon_d) which is limited to 128Kb... but > it performs at 256Kb which is what the NIC is set to. therefore not being > assigned to it's designated queue. is it at all possible that this is a > problem perhaps with my Network cards... if not... any suggestions? > > pf.conf > > altq on $uplink_if bandwidth 256Kb hfsc queue { dflt_u, argon_u } > queue argon_u hfsc(realtime 64Kb upperlimit 64Kb) > queue dflt_u hfsc(default upperlimit 128Kb) > > altq on $hosting_if bandwidth 256Kb hfsc queue { dflt_d, argon_d } > queue argon_d hfsc(realtime 64Kb upperlimit 64Kb) > queue dflt_d hfsc(default upperlimit 128Kb) > > #assign argon traffic > pass out on $uplink_if from 196.23.168.137 to any keep state queue argon_u > pass out on $hosting_if from any to 196.23.168.137 keep state queue argon= _d I assume that is not your *complete* ruleset?!? Can everybody please post=20 complete rulesets when asking for help? It is okay to emphasize the parts=20 that you think are important as it will help to understand the problem, but= =20 giving advice or debugging it impossible without the complete ruleset. Other than that, what does "$pfctl -vvsq" tell you? Does it show that traff= ic=20 is being assigned to the small queue at all? =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart4402261.pMUyUfQ44X Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQBBltbcXyyEoT62BG0RAiX1AJ0d6yJH3PSdwhGrv2ehJpNiPi0/2ACeOK1C HPcfgHkKEp1ekfwVRPpF3Kc= =K1CS -----END PGP SIGNATURE----- --nextPart4402261.pMUyUfQ44X-- From owner-freebsd-pf@FreeBSD.ORG Sun Nov 14 14:01:01 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7726716A4CE for ; Sun, 14 Nov 2004 14:01:01 +0000 (GMT) Received: from web88005.mail.re2.yahoo.com (web88005.mail.re2.yahoo.com [206.190.37.192]) by mx1.FreeBSD.org (Postfix) with SMTP id DC5CE43D2D for ; Sun, 14 Nov 2004 14:01:00 +0000 (GMT) (envelope-from rviau75@rogers.com) Message-ID: <20041114140100.68479.qmail@web88005.mail.re2.yahoo.com> Received: from [64.229.219.151] by web88005.mail.re2.yahoo.com via HTTP; Sun, 14 Nov 2004 09:01:00 EST Date: Sun, 14 Nov 2004 09:01:00 -0500 (EST) From: Robert Viau To: yongari@kt-is.co.kr In-Reply-To: <20041113035433.GA2853@kt-is.co.kr> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Content-Filtered-By: Mailman/MimeDel 2.1.1 cc: freebsd-pf@freebsd.org Subject: Re: pfctl: DIOCGIFSPEED: Invalid argument X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: rviau75@rogers.com List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Nov 2004 14:01:01 -0000 pflog0 shows up when you build with "device pflog". I just built with options pf, so there is a /dev/pf, and everything was working but altq. The reason altq wasn't working is because despite the man page implying you can do it the way I did, it actually has to be "altq on [interface] priq ...", not just "altq priq ...". It might work the other way with CBQ, I'm not sure. Thanks, Rob Pyun YongHyeon wrote: On Fri, Nov 12, 2004 at 08:21:06AM -0500, Robert Viau wrote: > Having some trouble with altq, here is all the > information that should be required: > > su-2.05b# uname -a > FreeBSD 5.3-RELEASE FreeBSD > 5.3-RELEASE #5: Thu Nov 11 16:23:28 EST 2004 > :/usr/obj/usr/src/sys/BEASTKERN i386 > > su-2.05b# grep queue /etc/pf.conf | grep -v ^# > altq priq queue { interactive, www } > queue interactive priority 15 > queue www priority 14 > > su-2.05b# pfctl -n -f /etc/pf.conf > pfctl: DIOCGIFSPEED: Invalid argument > su-2.05b# > > I can't figure out for the life of me what the problem > is. I'm not using the queues at all yet (commented > all that out to troubleshoot) so it doesn't look like > it's due to an unsupported interface type or anything, > but just in case, here are the interfaces on the box: > > su-2.05b# ifconfig -l > ath0 bge0 bge1 em0 lo0 tun0 lo1 > This may be stupid question. Did you compiled in pf or load pf module? ifconfig(8) didn't show pflog0 interface which should be listed if pf was available. > > Any thoughts? > -- Regards, Pyun YongHyeon http://www.kr.freebsd.org/~yongari | yongari@freebsd.org --------------------------------- Post your free ad now! Yahoo! Canada Personals From owner-freebsd-pf@FreeBSD.ORG Sun Nov 14 16:27:58 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E173A16A4CE for ; Sun, 14 Nov 2004 16:27:57 +0000 (GMT) Received: from ctb-mesg4.saix.net (ctb-mesg4.saix.net [196.25.240.76]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9136443D5C for ; Sun, 14 Nov 2004 16:27:56 +0000 (GMT) (envelope-from shane@virtek.co.za) Received: from uranus (tbnb-46-49.telkomadsl.co.za [165.165.46.49]) by ctb-mesg4.saix.net (Postfix) with SMTP id 966F4B0C6; Sun, 14 Nov 2004 18:27:52 +0200 (SAST) Message-ID: <004301c4ca66$d46b4010$320a0a0a@uranus> From: "Shane James" To: "Max Laier" , References: <000301c4c9c3$8e9c9a50$320a0a0a@uranus> <200411140454.04402.max@love2party.net> Date: Sun, 14 Nov 2004 18:27:25 +0200 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Subject: Re: FreeBSD ALTQ + PF Problem X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Nov 2004 16:27:58 -0000 Sorry about that one, here is my current rule set.. it's small as I'm just trying to get it to work, for now. Macros uplink_if="sis0" # External Interface hosting_if="rl0" # Internal Interface access_if="rl1" # Access Network # Options: tune the behavior of pf, default values are given. set timeout { interval 10, frag 30 } set timeout { tcp.first 120, tcp.opening 30, tcp.established 86400 } set timeout { tcp.closing 900, tcp.finwait 45, tcp.closed 90 } set timeout { udp.first 60, udp.single 30, udp.multiple 60 } set timeout { icmp.first 20, icmp.error 10 } set timeout { other.first 60, other.single 30, other.multiple 60 } set timeout { adaptive.start 0, adaptive.end 0 } set limit { states 10000, frags 5000 } set loginterface none set optimization normal set block-policy drop set require-order yes #set fingerprints "/etc/pf.os" # Normalization scrub in all # ALTQ altq on $uplink_if bandwidth 10Mb hfsc queue { dflt_u, argon_u } queue argon_u bandwidth 32Kb hfsc(realtime 64Kb upperlimit 64Kb) queue dflt_u hfsc(default upperlimit 128Kb) altq on $hosting_if bandwidth 10Mb hfsc queue { dflt_d, argon_d } queue argon_d bandwidth 32Kb hfsc(realtime 64Kb upperlimit 64Kb) queue dflt_d hfsc(default upperlimit 128Kb) # argon.virtek.co.za pass out on $uplink_if from 196.23.168.137 to any keep state queue argon_u pass out on $hosting_if from any to 196.23.168.137 keep state queue argon_d block in on $uplink_if proto tcp from any to 196.23.168.137 port 22 On Saturday 13 November 2004 21:58, Shane James wrote: > Hey guys, > > I'm having a problem with pf + altq on FreeBSD 5.2.1 (FreeBSD > uplink-rtr-jhb.virtek.co.za 5.2.1-RELEASE-p11 FreeBSD 5.2.1-RELEASE-p11 > #1: > Sat Nov 13 15:59:38 SAST 2004 > root@uplink-rtr-jhb.virtek.co.za:/usr/src/sys.altq/i386/compile/UPLINK > i386) > > The Traffic I assign to queue's does not get limited according to the > specific limit, it only get's limited by the global bandwidth limited > assign to the specific NIC. > e.g. I assign traffic to a queue(argon_d) which is limited to 128Kb... but > it performs at 256Kb which is what the NIC is set to. therefore not being > assigned to it's designated queue. is it at all possible that this is a > problem perhaps with my Network cards... if not... any suggestions? > > pf.conf > > altq on $uplink_if bandwidth 256Kb hfsc queue { dflt_u, argon_u } > queue argon_u hfsc(realtime 64Kb upperlimit 64Kb) > queue dflt_u hfsc(default upperlimit 128Kb) > > altq on $hosting_if bandwidth 256Kb hfsc queue { dflt_d, argon_d } > queue argon_d hfsc(realtime 64Kb upperlimit 64Kb) > queue dflt_d hfsc(default upperlimit 128Kb) > > #assign argon traffic > pass out on $uplink_if from 196.23.168.137 to any keep state queue argon_u > pass out on $hosting_if from any to 196.23.168.137 keep state queue > argon_d I assume that is not your *complete* ruleset?!? Can everybody please post complete rulesets when asking for help? It is okay to emphasize the parts that you think are important as it will help to understand the problem, but giving advice or debugging it impossible without the complete ruleset. Other than that, what does "$pfctl -vvsq" tell you? Does it show that traffic is being assigned to the small queue at all? -- /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News From owner-freebsd-pf@FreeBSD.ORG Sun Nov 14 16:33:27 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1337B16A4CE for ; Sun, 14 Nov 2004 16:33:27 +0000 (GMT) Received: from ctb-mesg1.saix.net (ctb-mesg1.saix.net [196.25.240.73]) by mx1.FreeBSD.org (Postfix) with ESMTP id 28EDF43D31 for ; Sun, 14 Nov 2004 16:33:26 +0000 (GMT) (envelope-from shane@virtek.co.za) Received: from uranus (tbnb-46-49.telkomadsl.co.za [165.165.46.49]) by ctb-mesg1.saix.net (Postfix) with SMTP id DCEB36030; Sun, 14 Nov 2004 18:33:21 +0200 (SAST) Message-ID: <008b01c4ca67$98851fc0$320a0a0a@uranus> From: "Shane James" To: "Max Laier" , Date: Sun, 14 Nov 2004 18:32:54 +0200 MIME-Version: 1.0 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: Re: FreeBSD ALTQ + PF Problem X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Nov 2004 16:33:27 -0000 Sorry about that one, here is my current rule set.. it's small as I'm = just=20 trying to get it to work, for now. It seems the traffic is being = assigned to the que, it's just not limiting it correctly Here's what it looks like after I do a 'pfctl -vvsq' queue argon_u bandwidth 10Mb hfsc( realtime 64Kb upperlimit 64Kb )=20 [ pkts: 4 bytes: 676 dropped pkts: 0 bytes: = 0 ] [ qlength: 0/ 50 ] queue argon_d bandwidth 10Mb hfsc( realtime 64Kb upperlimit 64Kb )=20 [ pkts: 5 bytes: 613 dropped pkts: 0 bytes: = 0 ] [ qlength: 0/ 50 ] Macros uplink_if=3D"sis0" # External Interface hosting_if=3D"rl0" # Internal Interface access_if=3D"rl1" # Access Network # Options: tune the behavior of pf, default values are given. set timeout { interval 10, frag 30 } set timeout { tcp.first 120, tcp.opening 30, tcp.established 86400 } set timeout { tcp.closing 900, tcp.finwait 45, tcp.closed 90 } set timeout { udp.first 60, udp.single 30, udp.multiple 60 } set timeout { icmp.first 20, icmp.error 10 } set timeout { other.first 60, other.single 30, other.multiple 60 } set timeout { adaptive.start 0, adaptive.end 0 } set limit { states 10000, frags 5000 } set loginterface none set optimization normal set block-policy drop set require-order yes #set fingerprints "/etc/pf.os" # Normalization scrub in all # ALTQ altq on $uplink_if bandwidth 10Mb hfsc queue { dflt_u, argon_u } queue argon_u hfsc(realtime 64Kb upperlimit 64Kb) queue dflt_u hfsc(default upperlimit 128Kb) altq on $hosting_if bandwidth 10Mb hfsc queue { dflt_d, argon_d } queue argon_d hfsc(realtime 64Kb upperlimit 64Kb) queue dflt_d hfsc(default upperlimit 128Kb) # argon.virtek.co.za pass out on $uplink_if from 196.23.168.137 to any keep state queue = argon_u pass out on $hosting_if from any to 196.23.168.137 keep state queue = argon_d block in on $uplink_if proto tcp from any to 196.23.168.137 port 22 On Saturday 13 November 2004 21:58, Shane James wrote: > Hey guys, > > I'm having a problem with pf + altq on FreeBSD 5.2.1 (FreeBSD > uplink-rtr-jhb.virtek.co.za 5.2.1-RELEASE-p11 FreeBSD = 5.2.1-RELEASE-p11=20 > #1: > Sat Nov 13 15:59:38 SAST 2004 > root@uplink-rtr-jhb.virtek.co.za:/usr/src/sys.altq/i386/compile/UPLINK > i386) > > The Traffic I assign to queue's does not get limited according to the > specific limit, it only get's limited by the global bandwidth limited > assign to the specific NIC. > e.g. I assign traffic to a queue(argon_d) which is limited to 128Kb... = but > it performs at 256Kb which is what the NIC is set to. therefore not = being > assigned to it's designated queue. is it at all possible that this is = a > problem perhaps with my Network cards... if not... any suggestions? > > pf.conf > > altq on $uplink_if bandwidth 256Kb hfsc queue { dflt_u, argon_u } > queue argon_u hfsc(realtime 64Kb upperlimit 64Kb) > queue dflt_u hfsc(default upperlimit 128Kb) > > altq on $hosting_if bandwidth 256Kb hfsc queue { dflt_d, argon_d } > queue argon_d hfsc(realtime 64Kb upperlimit 64Kb) > queue dflt_d hfsc(default upperlimit 128Kb) > > #assign argon traffic > pass out on $uplink_if from 196.23.168.137 to any keep state queue = argon_u > pass out on $hosting_if from any to 196.23.168.137 keep state queue=20 > argon_d I assume that is not your *complete* ruleset?!? Can everybody please = post complete rulesets when asking for help? It is okay to emphasize the = parts that you think are important as it will help to understand the problem, = but giving advice or debugging it impossible without the complete ruleset. Other than that, what does "$pfctl -vvsq" tell you? Does it show that=20 traffic is being assigned to the small queue at all? --=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News From owner-freebsd-pf@FreeBSD.ORG Sun Nov 14 16:35:37 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C68FC16A4CE for ; Sun, 14 Nov 2004 16:35:37 +0000 (GMT) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.183]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3200A43D48 for ; Sun, 14 Nov 2004 16:35:37 +0000 (GMT) (envelope-from max@love2party.net) Received: from [212.227.126.208] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1CTNLi-0000r4-00; Sun, 14 Nov 2004 17:35:34 +0100 Received: from [217.227.156.235] (helo=donor.laier.local) by mrelayng.kundenserver.de with asmtp (TLSv1:RC4-MD5:128) (Exim 3.35 #1) id 1CTNLh-0003O0-00; Sun, 14 Nov 2004 17:35:34 +0100 From: Max Laier To: freebsd-pf@freebsd.org, rviau75@rogers.com Date: Sun, 14 Nov 2004 17:35:43 +0100 User-Agent: KMail/1.7.1 References: <20041114140100.68479.qmail@web88005.mail.re2.yahoo.com> In-Reply-To: <20041114140100.68479.qmail@web88005.mail.re2.yahoo.com> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart3585357.qtueCg1Ui2"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200411141735.51345.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:61c499deaeeba3ba5be80f48ecc83056 Subject: Re: pfctl: DIOCGIFSPEED: Invalid argument X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Nov 2004 16:35:37 -0000 --nextPart3585357.qtueCg1Ui2 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Sunday 14 November 2004 15:01, Robert Viau wrote: > pflog0 shows up when you build with "device pflog". I just built with > options pf, so there is a /dev/pf, and everything was working but altq. > > The reason altq wasn't working is because despite the man page implying y= ou > can do it the way I did, it actually has to be "altq on [interface] priq > ...", not just "altq priq ...". The manpage doesn't tell otherwise: > altq-rule =3D "altq on" interface-name queueopts-list > "queue" subqueue You might confuse it with the filter-rules where you really have: > pf-rule =3D action [ ( "in" | "out" ) ] > [ "log" | "log-all" ] [ "quick" ] > [ "on" ifspec ] [ route ] [ af ] [ protospec ] > hosts [ filteropt-list ] =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart3585357.qtueCg1Ui2 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQBBl4lnXyyEoT62BG0RAjGdAJ4+Sr/h6wfsJJDF6tRj9FTelvs3jQCePExT 9Tl7rtU8eewSDl2+BI9w/3g= =q326 -----END PGP SIGNATURE----- --nextPart3585357.qtueCg1Ui2-- From owner-freebsd-pf@FreeBSD.ORG Sun Nov 14 16:53:11 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E919516A4CE for ; Sun, 14 Nov 2004 16:53:11 +0000 (GMT) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.184]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6A6EB43D39 for ; Sun, 14 Nov 2004 16:53:11 +0000 (GMT) (envelope-from max@love2party.net) Received: from [212.227.126.162] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1CTNcY-0007Zy-00; Sun, 14 Nov 2004 17:52:58 +0100 Received: from [217.227.156.235] (helo=donor.laier.local) by mrelayng.kundenserver.de with asmtp (TLSv1:RC4-MD5:128) (Exim 3.35 #1) id 1CTNcX-0001Xm-00; Sun, 14 Nov 2004 17:52:58 +0100 From: Max Laier To: "Shane James" Date: Sun, 14 Nov 2004 17:53:08 +0100 User-Agent: KMail/1.7.1 References: <008b01c4ca67$98851fc0$320a0a0a@uranus> In-Reply-To: <008b01c4ca67$98851fc0$320a0a0a@uranus> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart8092381.HcTstlFhYk"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200411141753.15325.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:61c499deaeeba3ba5be80f48ecc83056 cc: freebsd-pf@freebsd.org Subject: Re: FreeBSD ALTQ + PF Problem X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Nov 2004 16:53:12 -0000 --nextPart8092381.HcTstlFhYk Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Sunday 14 November 2004 17:32, Shane James wrote: > Sorry about that one, here is my current rule set.. it's small as I'm just > trying to get it to work, for now. It seems the traffic is being assigned > to the que, it's just not limiting it correctly > > Here's what it looks like after I do a 'pfctl -vvsq' > > queue argon_u bandwidth 10Mb hfsc( realtime 64Kb upperlimit 64Kb ) > [ pkts: 4 bytes: 676 dropped pkts: 0 bytes: = 0 > ] [ qlength: 0/ 50 ] > > queue argon_d bandwidth 10Mb hfsc( realtime 64Kb upperlimit 64Kb ) > [ pkts: 5 bytes: 613 dropped pkts: 0 bytes: = 0 > ] [ qlength: 0/ 50 ] > Again. This is *not* the complete output. Moreover, I find it hard to belie= ve=20 that you can reliablely measure 64Kbit with only 600 bytes of traffic. Plea= se=20 post the complete statistics after some time of really bursting the queues.= =20 If you keep -vvsq running you will also see how much throughput really is=20 happening. Please include this as well. Can you also specify how you measure how much bandwidth you really have? > Macros > uplink_if=3D"sis0" # External Interface > hosting_if=3D"rl0" # Internal Interface > access_if=3D"rl1" # Access Network > > # Options: tune the behavior of pf, default values are given. > set timeout { interval 10, frag 30 } > set timeout { tcp.first 120, tcp.opening 30, tcp.established 86400 } > set timeout { tcp.closing 900, tcp.finwait 45, tcp.closed 90 } > set timeout { udp.first 60, udp.single 30, udp.multiple 60 } > set timeout { icmp.first 20, icmp.error 10 } > set timeout { other.first 60, other.single 30, other.multiple 60 } > set timeout { adaptive.start 0, adaptive.end 0 } > set limit { states 10000, frags 5000 } > set loginterface none > set optimization normal > set block-policy drop > set require-order yes > #set fingerprints "/etc/pf.os" > > # Normalization > scrub in all > > # ALTQ > altq on $uplink_if bandwidth 10Mb hfsc queue { dflt_u, argon_u } > queue argon_u hfsc(realtime 64Kb upperlimit 64Kb) > queue dflt_u hfsc(default upperlimit 128Kb) > > altq on $hosting_if bandwidth 10Mb hfsc queue { dflt_d, argon_d } > queue argon_d hfsc(realtime 64Kb upperlimit 64Kb) > queue dflt_d hfsc(default upperlimit 128Kb) > > # argon.virtek.co.za > pass out on $uplink_if from 196.23.168.137 to any keep state queue argon_u > pass out on $hosting_if from any to 196.23.168.137 keep state queue argon= _d > block in on $uplink_if proto tcp from any to 196.23.168.137 port 22 > > On Saturday 13 November 2004 21:58, Shane James wrote: > > Hey guys, > > > > I'm having a problem with pf + altq on FreeBSD 5.2.1 (FreeBSD > > uplink-rtr-jhb.virtek.co.za 5.2.1-RELEASE-p11 FreeBSD 5.2.1-RELEASE-p11 > > #1: > > Sat Nov 13 15:59:38 SAST 2004 > > root@uplink-rtr-jhb.virtek.co.za:/usr/src/sys.altq/i386/compile/UPLINK > > i386) > > > > The Traffic I assign to queue's does not get limited according to the > > specific limit, it only get's limited by the global bandwidth limited > > assign to the specific NIC. > > e.g. I assign traffic to a queue(argon_d) which is limited to 128Kb... > > but it performs at 256Kb which is what the NIC is set to. therefore not > > being assigned to it's designated queue. is it at all possible that this > > is a problem perhaps with my Network cards... if not... any suggestions? > > > > pf.conf > > > > altq on $uplink_if bandwidth 256Kb hfsc queue { dflt_u, argon_u } > > queue argon_u hfsc(realtime 64Kb upperlimit 64Kb) > > queue dflt_u hfsc(default upperlimit 128Kb) > > > > altq on $hosting_if bandwidth 256Kb hfsc queue { dflt_d, argon_d } > > queue argon_d hfsc(realtime 64Kb upperlimit 64Kb) > > queue dflt_d hfsc(default upperlimit 128Kb) > > > > #assign argon traffic > > pass out on $uplink_if from 196.23.168.137 to any keep state queue > > argon_u pass out on $hosting_if from any to 196.23.168.137 keep state > > queue argon_d > > I assume that is not your *complete* ruleset?!? Can everybody please post > complete rulesets when asking for help? It is okay to emphasize the parts > that you think are important as it will help to understand the problem, b= ut > giving advice or debugging it impossible without the complete ruleset. > > Other than that, what does "$pfctl -vvsq" tell you? Does it show that > traffic > is being assigned to the small queue at all? =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart8092381.HcTstlFhYk Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQBBl417XyyEoT62BG0RAuyfAJ9kVVbeMR+WnPu90eonhk+jqzFRwgCfWoWo gSSsQ0yC66KPmMbzb5C7J0g= =GmFP -----END PGP SIGNATURE----- --nextPart8092381.HcTstlFhYk-- From owner-freebsd-pf@FreeBSD.ORG Mon Nov 15 11:04:03 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4113116A4CE for ; Mon, 15 Nov 2004 11:04:03 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1E04043D53 for ; Mon, 15 Nov 2004 11:04:03 +0000 (GMT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (peter@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.11/8.12.11) with ESMTP id iAFB43Jx076358 for ; Mon, 15 Nov 2004 11:04:03 GMT (envelope-from owner-bugmaster@freebsd.org) Received: (from peter@localhost) by freefall.freebsd.org (8.12.11/8.12.11/Submit) id iAFB42o8076352 for pf@freebsd.org; Mon, 15 Nov 2004 11:04:02 GMT (envelope-from owner-bugmaster@freebsd.org) Date: Mon, 15 Nov 2004 11:04:02 GMT Message-Id: <200411151104.iAFB42o8076352@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: peter set sender to owner-bugmaster@freebsd.org using -f From: FreeBSD bugmaster To: pf@FreeBSD.org Subject: Current problem reports assigned to you X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Nov 2004 11:04:03 -0000 Current FreeBSD problem reports Critical problems Serious problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- p [2004/10/08] kern/72444 pf PF can't properly detect interface after 1 problem total. Non-critical problems From owner-freebsd-pf@FreeBSD.ORG Mon Nov 15 14:49:53 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 009A616A4CE for ; Mon, 15 Nov 2004 14:49:53 +0000 (GMT) Received: from web88007.mail.re2.yahoo.com (web88007.mail.re2.yahoo.com [206.190.37.194]) by mx1.FreeBSD.org (Postfix) with SMTP id 5F46B43D2D for ; Mon, 15 Nov 2004 14:49:52 +0000 (GMT) (envelope-from rviau75@rogers.com) Message-ID: <20041115144951.90733.qmail@web88007.mail.re2.yahoo.com> Received: from [66.203.207.7] by web88007.mail.re2.yahoo.com via HTTP; Mon, 15 Nov 2004 09:49:51 EST Date: Mon, 15 Nov 2004 09:49:51 -0500 (EST) From: Robert Viau To: Max Laier , freebsd-pf@freebsd.org In-Reply-To: <200411141735.51345.max@love2party.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: Re: pfctl: DIOCGIFSPEED: Invalid argument X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: rviau75@rogers.com List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Nov 2004 14:49:53 -0000 The manpage I'm looking at in 5.3-RELEASE does tell otherwise: on Specifies the interface the queue operates on. If not given, it operates on all matching interfaces. "If not given ...", to me implies it is not required. --- Max Laier wrote: > On Sunday 14 November 2004 15:01, Robert Viau wrote: > > pflog0 shows up when you build with "device > pflog". I just built with > > options pf, so there is a /dev/pf, and everything > was working but altq. > > > > The reason altq wasn't working is because despite > the man page implying you > > can do it the way I did, it actually has to be > "altq on [interface] priq > > ...", not just "altq priq ...". > > The manpage doesn't tell otherwise: > > altq-rule = "altq on" interface-name > queueopts-list > > "queue" subqueue > > You might confuse it with the filter-rules where you > really have: > > pf-rule = action [ ( "in" | "out" ) ] > > [ "log" | "log-all" ] [ > "quick" ] > > [ "on" ifspec ] [ route ] [ > af ] [ protospec ] > > hosts [ filteropt-list ] > > -- > /"\ Best regards, | > mlaier@freebsd.org > \ / Max Laier | ICQ > #67774661 > X http://pf4freebsd.love2party.net/ | > mlaier@EFnet > / \ ASCII Ribbon Campaign | Against > HTML Mail and News > > ATTACHMENT part 2 application/pgp-signature ______________________________________________________________________ Post your free ad now! http://personals.yahoo.ca From owner-freebsd-pf@FreeBSD.ORG Tue Nov 16 12:08:11 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1AE0416A4CE for ; Tue, 16 Nov 2004 12:08:11 +0000 (GMT) Received: from pinco.pl (gw-z-futuro.pinco.pl [62.233.197.58]) by mx1.FreeBSD.org (Postfix) with SMTP id 0597E43D4C for ; Tue, 16 Nov 2004 12:08:10 +0000 (GMT) (envelope-from mocart@pinco.pl) Received: (qmail 46422 invoked by uid 1001); 16 Nov 2004 12:08:22 -0000 Date: Tue, 16 Nov 2004 13:08:22 +0100 From: =?iso-8859-2?Q?=A3ukasz?= Dudek To: Max Laier Message-ID: <20041116120822.GC15288@dorbja.pinco.pl> References: <20041108143059.GA54873@dorbja.pinco.pl> <200411081621.46313.max@love2party.net> <20041109131334.GA63180@dorbja.pinco.pl> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20041109131334.GA63180@dorbja.pinco.pl> Organization: Nigdy nie =?iso-8859-2?Q?spe=B3nione?= sny. User-Agent: Mutt/1.5.6i cc: freebsd-pf@freebsd.org Subject: Re: pf multipath nat X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Nov 2004 12:08:11 -0000 Dnia Wto, Lis 09, 2004 o godzinie 02:13:34 +0100, Łukasz Dudek napisał(a): > Dnia Pon, Lis 08, 2004 o godzinie 04:21:39 +0100, Max Laier napisał(a): > > On Monday 08 November 2004 15:30, Łukasz Dudek wrote: > > > i've tried to configure multipath nat using RELENG_5 box > > > (when it was current and now when it became stable) > > > this is full ruleset > > > # Macros: define common values, so they can be referenced and changed easily. > ext_if="fxp0" > ext_if2="fxp2" > int_if="fxp1" # replace with actual internal interface name i.e., dc1 > internal_net="192.168.0.1/23" > external_addr="10.53.28.234" > gateway="10.53.28.233" > gateway2="10.10.8.1" > > scrub in all > > nat on $ext_if from $internal_net to any -> ($ext_if) > nat on $ext_if2 from $internal_net to any -> ($ext_if2) > > rdr on $ext_if proto { tcp, udp } from any to $external_addr/32 port 1100 -> 192.168.0.2 port 1100 > rdr on $ext_if proto { tcp, udp } from any to $external_addr/32 port 1101 -> 192.168.0.2 port 1101 > rdr on $ext_if proto { tcp, udp } from any to $external_addr/32 port 4664 -> 192.168.0.2 port 4664 > rdr on $ext_if proto { tcp, udp } from any to $external_addr/32 port 4666 -> 192.168.0.4 port 4666 > rdr on $ext_if proto { tcp, udp } from any to $external_addr/32 port 4670 -> 192.168.1.4 port 4670 > > rdr on $int_if proto tcp from any to any port ftp -> 127.0.0.1 port 8021 > > no rdr on { lo0, lo1 } from any to any > > pass in all > pass out all > > block in all > > pass in on $ext_if inet proto tcp from any to $ext_if user proxy keep state > pass in on $ext_if2 inet proto tcp from any to $ext_if2 user proxy keep state > > pass in on $ext_if proto tcp from any to $ext_if port 22 keep state > pass in on $ext_if proto tcp from any to $ext_if port 25 keep state > pass in on $ext_if proto tcp from any to $ext_if port 80 keep state > pass in on $ext_if proto tcp from any to $ext_if port 110 keep state > pass in on $ext_if proto tcp from any to $ext_if port 443 keep state > pass in on $ext_if proto tcp from any to $ext_if port 465 keep state > pass in on $ext_if proto tcp from any to $ext_if port 995 keep state > > pass in on $ext_if proto udp from any to $ext_if port 53 keep state > > pass out on $ext_if proto { tcp, udp, icmp } all keep state > pass out on $ext_if2 proto { tcp, udp, icmp } all keep state > > > pass in quick on $int_if proto udp from $internal_net to 192.168.0.1 port 53 keep state > > pass in on $int_if proto { tcp, udp, icmp } all keep state > pass out on $int_if proto { tcp, udp, icmp } all keep state > > pass in on lo0 proto { tcp, udp, icmp } all keep state > pass out on lo0 proto { tcp, udp, icmp } all keep state > > pass in on $int_if \ > route-to { ( $ext_if $gateway), ( $ext_if2 $gateway2 ) } round-robin \ > from $internal_net to any keep state > > pass out on $ext_if2 route-to ($ext_if $gateway) from $ext_if to any > pass out on $ext_if route-to ($ext_if2 $gateway2) from $ext_if2 to any > > > > > > > Are you *sure* that you had debug.mpsafenet=0 in the end? You know that it is > > only changeable during the loader and *not* in the live system? > > > > yes i'm sure /boot/loader.conf is a place where i keep such tunables. > can i provide any more information or is there anything anything i can do to help resolv this issue, have anyone been able to reproduce this behaviour, i would really like to utilize second link using freebsd box moving every service from free to open will be performance lost and services, network downtime. this box without configuring second link is 100% stable Regards, Lukasz Dudek From owner-freebsd-pf@FreeBSD.ORG Wed Nov 17 17:53:06 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9AF1916A4CE for ; Wed, 17 Nov 2004 17:53:06 +0000 (GMT) Received: from smtp.vtx.ch (smtp.vtx.ch [212.147.0.55]) by mx1.FreeBSD.org (Postfix) with ESMTP id EDE2443D31 for ; Wed, 17 Nov 2004 17:53:05 +0000 (GMT) (envelope-from johan@terrettaz.ch) Received: from golum (gve-gix-adsl-dynip-148-061.vtx.ch [83.228.148.61]) by smtp.vtx.ch (VTX Services SA) with SMTP id 8833CFC68 for ; Wed, 17 Nov 2004 18:53:02 +0100 (CET) Message-ID: <001901c4ccce$4cdae640$3201a8c0@golum> From: "Johan Tornay" To: Date: Wed, 17 Nov 2004 18:53:09 +0100 MIME-Version: 1.0 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: pfctl : /dev/fd/7: No such file or directory X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Nov 2004 17:53:06 -0000 I configure pf and spamd with grey listing on freebsd 5.3 and i have a problem with pfctl : pfctl : /dev/fd/7: No such file or directory I have build a new kernel with support for packet filter : device pf device pflog device pfsync options ALTQ options ALTQ_CBQ options ALTQ_RED options ALTQ_RIO options ALTQ_HFSC options ALTQ_CDNR options ALTQ_PRIQ #options ALTQ_DEBUG starting pf by /etc/rc.conf: pf_enable=3D"YES" pf_logd=3D"YES" pf_conf=3D"/le/chemin/ou/se/trouve/pf.conf" installation of spamd by the port tree /usr/ports/mail/spamd i start the spamd daemon with parameter ?g for using grey listing and = after 4 or 5 seconds appear the error message Can you help my for this error ? thanks for the answer Johan Tornay From owner-freebsd-pf@FreeBSD.ORG Wed Nov 17 17:56:10 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1B3DB16A4CE for ; Wed, 17 Nov 2004 17:56:10 +0000 (GMT) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.189]) by mx1.FreeBSD.org (Postfix) with ESMTP id A3B8C43D39 for ; Wed, 17 Nov 2004 17:56:09 +0000 (GMT) (envelope-from max@love2party.net) Received: from [212.227.126.160] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1CUU2K-0004a1-00; Wed, 17 Nov 2004 18:56:08 +0100 Received: from [217.83.7.105] (helo=donor.laier.local) by mrelayng.kundenserver.de with asmtp (TLSv1:RC4-MD5:128) (Exim 3.35 #1) id 1CUU2J-0004d9-00; Wed, 17 Nov 2004 18:56:08 +0100 From: Max Laier To: freebsd-pf@freebsd.org Date: Wed, 17 Nov 2004 18:56:18 +0100 User-Agent: KMail/1.7.1 References: <001901c4ccce$4cdae640$3201a8c0@golum> In-Reply-To: <001901c4ccce$4cdae640$3201a8c0@golum> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1959212.S0HnIaD1lL"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200411171856.28248.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:61c499deaeeba3ba5be80f48ecc83056 cc: Johan Tornay Subject: Re: pfctl : /dev/fd/7: No such file or directory X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Nov 2004 17:56:10 -0000 --nextPart1959212.S0HnIaD1lL Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Wednesday 17 November 2004 18:53, Johan Tornay wrote: > I configure pf and spamd with grey listing on freebsd 5.3 and i have a > problem with pfctl : > > pfctl : /dev/fd/7: No such file or directory You have to mount a fdescfs(5) filesystem in order to get this working. > I have build a new kernel with support for packet filter : > device pf > device pflog > device pfsync > options ALTQ > options ALTQ_CBQ > options ALTQ_RED > options ALTQ_RIO > options ALTQ_HFSC > options ALTQ_CDNR > options ALTQ_PRIQ > #options ALTQ_DEBUG > > starting pf by /etc/rc.conf: > pf_enable=3D"YES" > pf_logd=3D"YES" > pf_conf=3D"/le/chemin/ou/se/trouve/pf.conf" > > installation of spamd by the port tree /usr/ports/mail/spamd > > i start the spamd daemon with parameter ?g for using grey listing and aft= er > 4 or 5 seconds appear the error message > > Can you help my for this error ? > > thanks for the answer =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart1959212.S0HnIaD1lL Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQBBm5DMXyyEoT62BG0RAhQ3AJ9z4G59+uXtDu2ctIopI2hkva6eHgCfQQWS 6coW0LAOPSHy/5Y1XY8GgIE= =mOdR -----END PGP SIGNATURE----- --nextPart1959212.S0HnIaD1lL-- From owner-freebsd-pf@FreeBSD.ORG Wed Nov 17 18:06:09 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BA37F16A4CE for ; Wed, 17 Nov 2004 18:06:09 +0000 (GMT) Received: from mail.secureworks.net (mail.secureworks.net [209.101.212.155]) by mx1.FreeBSD.org (Postfix) with SMTP id 2F23143D31 for ; Wed, 17 Nov 2004 18:06:09 +0000 (GMT) (envelope-from mdg@secureworks.net) Received: (qmail 11764 invoked from network); 17 Nov 2004 18:06:06 -0000 Received: from unknown (HELO HOST-192-168-8-243.internal.secureworks.net) (63.239.86.253) by mail.secureworks.net with SMTP; 17 Nov 2004 18:06:06 -0000 Date: Wed, 17 Nov 2004 13:06:05 -0500 (EST) From: Matthew George X-X-Sender: mdg@localhost To: freebsd-pf@freebsd.org Message-ID: <20041117125515.O693@localhost> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: carp observations X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Nov 2004 18:06:09 -0000 a couple of things I've noticed playing with carp ... 1) carp0 can't be destroyed, but there's no problem with carp[>0] mdg# ifconfig carp0 192.168.3.0/24 mdg# ifconfig carp0 destroy ifconfig: SIOCIFDESTROY: Invalid argument mdg# ifconfig carp1 create mdg# ifconfig carp1 destroy [carp1 gone] 2) here I'm trying to setup carp for a network that isn't assigned to any of my interfaces mdg# ifconfig carp0 192.168.7.0/24 ifconfig: ioctl (SIOCAIFADDR): Can't assign requested address somewhat expected, so I assign an address to dc3 and try again: mdg# ifconfig dc3 192.168.7.1/24 mdg# ifconfig carp0 192.168.7.0/24 ifconfig: ioctl (SIOCAIFADDR): Can't assign requested address interestingly enough, the same does not apply to a new carp interface. once it sees I've assigned the address to dc3, it stops complaining. mdg# ifconfig dc3 delete mdg# ifconfig carp1 create mdg# ifconfig carp1 inet 192.168.7.0/24 ifconfig: ioctl (SIOCAIFADDR): Can't assign requested address mdg# ifconfig dc3 192.168.7.1/24 mdg# ifconfig carp1 inet 192.168.7.0/24 [created no problem] so carp1 will work properly, but carp0 still won't: mdg# ifconfig carp1 delete mdg# ifconfig carp0 192.168.7.0/24 ifconfig: ioctl (SIOCAIFADDR): Can't assign requested address I find that carp0 will be fine after a reboot as long as the ethernet interface is configured before the carp interface, but a reboot does seem to be necessary to recover. -- Matthew George SecureWorks Technical Operations From owner-freebsd-pf@FreeBSD.ORG Wed Nov 17 21:54:59 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 61F2516A4CE for ; Wed, 17 Nov 2004 21:54:59 +0000 (GMT) Received: from mail.secureworks.net (mail.secureworks.net [209.101.212.155]) by mx1.FreeBSD.org (Postfix) with SMTP id 813D743D58 for ; Wed, 17 Nov 2004 21:54:58 +0000 (GMT) (envelope-from mdg@secureworks.net) Received: (qmail 41024 invoked from network); 17 Nov 2004 21:54:56 -0000 Received: from unknown (HELO HOST-192-168-8-243.internal.secureworks.net) (63.239.86.253) by mail.secureworks.net with SMTP; 17 Nov 2004 21:54:56 -0000 Date: Wed, 17 Nov 2004 16:54:52 -0500 (EST) From: Matthew George X-X-Sender: mdg@localhost To: freebsd-pf@freebsd.org Message-ID: <20041117164521.P818@localhost> MIME-Version: 1.0 Content-Type: MULTIPART/MIXED; BOUNDARY="0-1132633073-1100728010=:818" Content-ID: <20041117164704.Q818@localhost> Subject: please test: ifstated(8) patches X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Nov 2004 21:54:59 -0000 This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. Send mail to mime@docserver.cac.washington.edu for more info. --0-1132633073-1100728010=:818 Content-Type: TEXT/PLAIN; CHARSET=US-ASCII Content-ID: <20041117164704.M818@localhost> I've gone and ported OpenBSD's ifstated(8) to FreeBSD. The attached ifstated.patch will apply against src/usr.sbin/ifstated/* from OpenBSD's cvs, and compiles cleanly against RELENG_5_3. The ifstated.conf.patch is basically the same as OpenBSD's, except for a ping command line option. The config file has a comment in it noting that net.inet.carp.preempt must be set to '1' in order for it to work. I performed my testing with it set to '0', and it seemed to be fine for me. The config script calls ifconfig on carp interfaces for its actions, but that's the only requirement for carp ... it should work fine for non-carp kernels with the proper config script. -- Matthew George SecureWorks Technical Operations 404.327.6339 --0-1132633073-1100728010=:818 Content-Type: TEXT/PLAIN; CHARSET=US-ASCII; NAME="ifstated.conf.patch" Content-Transfer-Encoding: BASE64 Content-ID: <20041117164650.C818@localhost> Content-Description: Content-Disposition: ATTACHMENT; FILENAME="ifstated.conf.patch" LS0tIC4uL2lmc3RhdGVkLm9yaWcvaWZzdGF0ZWQuY29uZglXZWQgTm92IDE3 IDE2OjM0OjE0IDIwMDQNCisrKyBpZnN0YXRlZC5jb25mCVdlZCBOb3YgMTcg MTU6NTA6MjUgMjAwNA0KQEAgLTcsNyArNyw3IEBADQogIyBuZXQuaW5ldC5j YXJwLnByZWVtcHQgbXVzdCBiZSBlbmFibGVkIChzZXQgdG8gMSkgZm9yIHRo aXMgdG8gd29yayBjb3JyZWN0bHkuDQogDQogIyBVbmNvbW1lbnQgb25lIG9m IHRoZSBmb2xsb3dpbmcgbGluZXMgdG8gZm9yY2UgcHJpbWFyeS9iYWNrdXAg c3RhdHVzLg0KLSMgaW5pdC1zdGF0ZSBwcmltYXJ5DQoraW5pdC1zdGF0ZSBw cmltYXJ5DQogIyBpbml0LXN0YXRlIGJhY2t1cA0KIA0KIGNhcnBfdXAgPSAi KChjYXJwMCBsaW5rIHVwKSBhbmQgKGNhcnAxIGxpbmsgdXApKSINCkBAIC0x OCwxMiArMTgsMTIgQEANCiAjIFRoZSAibmV0IiBhZGRyZXNzZXMgYXJlIG90 aGVyIGFkZHJlc3NlcyB3aGljaCBjYW4gYmUgdXNlZCB0byBkZXRlcm1pbmUN CiAjIHdoZXRoZXIgd2UgaGF2ZSBjb25uZWN0aXZpdHkuIE1ha2Ugc3VyZSB0 aGUgaG9zdHMgYXJlIGFsd2F5cyB1cCwgb3INCiAjIHRlc3QgbXVsdGlwbGUg aXAncywgJ29yJy1pbmcgdGhlIHRlc3RzLg0KLW5ldCA9ICcoICJwaW5nIC1x IC1jIDEgLXcgMSAxOTIuMTY4LjYuOCA+IC9kZXYvbnVsbCIgZXZlcnkgMTAg YW5kIFwNCi0gICAgInBpbmcgLXEgLWMgMSAtdyAxIDE5Mi4xNjguMy44ID4g L2Rldi9udWxsIiBldmVyeSAxMCknDQorbmV0ID0gJyggInBpbmcgLXEgLWMg MSAtdCAxIDE5Mi4xNjguNi44ID4gL2Rldi9udWxsIiBldmVyeSAxMCBhbmQg XA0KKyAgICAicGluZyAtcSAtYyAxIC10IDEgMTkyLjE2OC4zLjggPiAvZGV2 L251bGwiIGV2ZXJ5IDEwKScNCiANCiAjIFRoZSBwZWVyIGFkZHJlc3NlcyBi ZWxvdyBhcmUgdGhlIHJlYWwgaXAgYWRkcmVzc2VzIG9mIHRoZSBPVEhFUiBm aXJld2FsbA0KLXBlZXIgPSAnKCAicGluZyAtcSAtYyAxIC13IDEgMTkyLjE2 OC42LjcgPiAvZGV2L251bGwiIGV2ZXJ5IDEwIGFuZCBcDQotICAgICJwaW5n IC1xIC1jIDEgLXcgMSAxOTIuMTY4LjMuNyA+IC9kZXYvbnVsbCIgZXZlcnkg MTApJw0KK3BlZXIgPSAnKCAicGluZyAtcSAtYyAxIC10IDEgMTkyLjE2OC42 LjcgPiAvZGV2L251bGwiIGV2ZXJ5IDEwIGFuZCBcDQorICAgICJwaW5nIC1x IC1jIDEgLXQgMSAxOTIuMTY4LjMuNyA+IC9kZXYvbnVsbCIgZXZlcnkgMTAp Jw0KIA0KIHN0YXRlIGF1dG8gew0KIAlpZiAkY2FycF91cCB7DQo= --0-1132633073-1100728010=:818 Content-Type: TEXT/PLAIN; CHARSET=US-ASCII; NAME="ifstated.patch" Content-Transfer-Encoding: BASE64 Content-ID: <20041117164650.H818@localhost> Content-Description: Content-Disposition: ATTACHMENT; FILENAME="ifstated.patch" ZGlmZiAtdSAuLi9pZnN0YXRlZC5vcmlnL01ha2VmaWxlIC4vTWFrZWZpbGUN Ci0tLSAuLi9pZnN0YXRlZC5vcmlnL01ha2VmaWxlCVdlZCBOb3YgMTcgMTY6 MTU6MzcgMjAwNA0KKysrIC4vTWFrZWZpbGUJV2VkIE5vdiAxNyAxNjoxMjow NiAyMDA0DQpAQCAtNyw2ICs3LDUgQEANCiBDTEZBR1MrPSAtV21pc3Npbmct ZGVjbGFyYXRpb25zIC1XcmVkdW5kYW50LWRlY2xzDQogQ0ZMQUdTKz0gLVdz aGFkb3cgLVdwb2ludGVyLWFyaXRoIC1XY2FzdC1xdWFsDQogTUFOPSBpZnN0 YXRlZC44DQotTERBREQrPS1sdXRpbCAtbGV2ZW50DQogDQogLmluY2x1ZGUg PGJzZC5wcm9nLm1rPg0KZGlmZiAtdSAuLi9pZnN0YXRlZC5vcmlnL2lmc3Rh dGVkLmMgLi9pZnN0YXRlZC5jDQotLS0gLi4vaWZzdGF0ZWQub3JpZy9pZnN0 YXRlZC5jCVdlZCBOb3YgMTcgMTY6MTY6MTEgMjAwNA0KKysrIC4vaWZzdGF0 ZWQuYwlXZWQgTm92IDE3IDE2OjI2OjM0IDIwMDQNCkBAIC0yMywxMiArMjMs MTUgQEANCiAgKi8NCiANCiAjaW5jbHVkZSA8c3lzL3R5cGVzLmg+DQorI2lu Y2x1ZGUgPHN5cy9ldmVudC5oPg0KICNpbmNsdWRlIDxzeXMvdGltZS5oPg0K ICNpbmNsdWRlIDxzeXMvaW9jdGwuaD4NCiAjaW5jbHVkZSA8c3lzL3NvY2tl dC5oPg0KICNpbmNsdWRlIDxzeXMvd2FpdC5oPg0KKyNpbmNsdWRlIDxzeXMv c3lzY3RsLmg+DQogDQogI2luY2x1ZGUgPG5ldC9pZi5oPg0KKyNpbmNsdWRl IDxuZXQvaWZfbWliLmg+DQogI2luY2x1ZGUgPG5ldC9yb3V0ZS5oPg0KICNp bmNsdWRlIDxuZXRpbmV0L2luLmg+DQogDQpAQCAtMzgsOCArNDEsNiBAQA0K ICNpbmNsdWRlIDxmY250bC5oPg0KICNpbmNsdWRlIDxzaWduYWwuaD4NCiAj aW5jbHVkZSA8ZXJyLmg+DQotI2luY2x1ZGUgPGV2ZW50Lmg+DQotI2luY2x1 ZGUgPHV0aWwuaD4NCiAjaW5jbHVkZSA8dW5pc3RkLmg+DQogI2luY2x1ZGUg PHN5c2xvZy5oPg0KICNpbmNsdWRlIDxzdGRhcmcuaD4NCkBAIC01MiwxNSAr NTMsMTUgQEANCiBpbnQJIG9wdHMgPSAwOw0KIGludAkgb3B0X2RlYnVnID0g MDsNCiBpbnQJIG9wdF9pbmhpYml0ID0gMDsNCi1jaGFyCSpjb25maWdmaWxl ID0gIi9ldGMvaWZzdGF0ZWQuY29uZiI7DQotc3RydWN0IGV2ZW50CXJ0X21z Z19ldiwgc2lnaHVwX2V2LCBzdGFydHVwX2V2LCBzaWdjaGxkX2V2Ow0KK2No YXIJKmNvbmZpZ2ZpbGUgPSAiL3Vzci9sb2NhbC9ldGMvaWZzdGF0ZWQuY29u ZiI7DQoraW50ICAgICAga3E7DQorc3RydWN0IGtldmVudCAgIGtldjsNCiAN Ci12b2lkCXN0YXJ0dXBfaGFuZGxlcihpbnQsIHNob3J0LCB2b2lkICopOw0K LXZvaWQJc2lnaHVwX2hhbmRsZXIoaW50LCBzaG9ydCwgdm9pZCAqKTsNCit2 b2lkCXN0YXJ0dXBfaGFuZGxlcih2b2lkKTsNCit2b2lkCXNpZ2h1cF9oYW5k bGVyKHZvaWQpOw0KIGludAlsb2FkX2NvbmZpZyh2b2lkKTsNCiB2b2lkCXNp Z2NobGRfaGFuZGxlcihpbnQsIHNob3J0LCB2b2lkICopOw0KLXZvaWQJcnRf bXNnX2hhbmRsZXIoaW50LCBzaG9ydCwgdm9pZCAqKTsNCi12b2lkCWV4dGVy bmFsX2hhbmRsZXIoaW50LCBzaG9ydCwgdm9pZCAqKTsNCit2b2lkCXJ0X21z Z19oYW5kbGVyKGludCBmZCk7DQogdm9pZAlleHRlcm5hbF9hc3luY19leGVj KHN0cnVjdCBpZnNkX2V4dGVybmFsICopOw0KIHZvaWQJY2hlY2tfZXh0ZXJu YWxfc3RhdHVzKHN0cnVjdCBpZnNkX3N0YXRlICopOw0KIHZvaWQJZXh0ZXJu YWxfZXZ0aW1lcl9zZXR1cChzdHJ1Y3QgaWZzZF9zdGF0ZSAqLCBpbnQpOw0K QEAgLTc2LDYgKzc3LDggQEANCiB2b2lkCXJlbW92ZV9leHByZXNzaW9uKHN0 cnVjdCBpZnNkX2V4cHJlc3Npb24gKiwgc3RydWN0IGlmc2Rfc3RhdGUgKik7 DQogdm9pZAlsb2dfaW5pdChpbnQpOw0KIHZvaWQJbG9naXQoaW50IGxldmVs LCBjb25zdCBjaGFyICpmbXQsIC4uLik7DQoraW50ICAgICBnZXRfaWZjb3Vu dCh2b2lkKTsNCitpbnQgICAgIGdldF9pZm1pYl9nZW5lcmFsKGludCwgc3Ry dWN0IGlmbWliZGF0YSAqKTsNCiANCiB2b2lkDQogdXNhZ2Uodm9pZCkNCkBA IC05MCw3ICs5Myw3IEBADQogaW50DQogbWFpbihpbnQgYXJnYywgY2hhciAq YXJndltdKQ0KIHsNCi0Jc3RydWN0IHRpbWV2YWwgdHY7DQorCXN0cnVjdCB0 aW1lc3BlYyB0czsNCiAJaW50IGNoOw0KIA0KIAl3aGlsZSAoKGNoID0gZ2V0 b3B0KGFyZ2MsIGFyZ3YsICJkRDpmOmhuaXYiKSkgIT0gLTEpIHsNCkBAIC0x MzcsMjYgKzE0MCw1NCBAQA0KIAkJc2V0cHJvY3RpdGxlKE5VTEwpOw0KIAl9 DQogDQotCWV2ZW50X2luaXQoKTsNCisJa3EgPSBrcXVldWUoKTsNCisNCiAJ bG9nX2luaXQob3B0X2RlYnVnKTsNCiANCi0Jc2lnbmFsX3NldCgmc2lnY2hs ZF9ldiwgU0lHQ0hMRCwgc2lnY2hsZF9oYW5kbGVyLCAmc2lnY2hsZF9ldik7 DQotCXNpZ25hbF9hZGQoJnNpZ2NobGRfZXYsIE5VTEwpOw0KKwl0cy50dl9z ZWMgPSAwOw0KKwl0cy50dl9uc2VjID0gMDsNCisNCisJRVZfU0VUKCZrZXYs IFNJR0NITEQsIEVWRklMVF9TSUdOQUwsIEVWX0FERCwgMCwgMCwgKHZvaWQg KilzaWdjaGxkX2hhbmRsZXIpOw0KKwlrZXZlbnQoa3EsICZrZXYsIDEsIE5V TEwsIDAsICZ0cyk7DQogDQogCS8qIExvYWRpbmcgdGhlIGNvbmZpZyBuZWVk cyB0byBoYXBwZW4gaW4gdGhlIGV2ZW50IGxvb3AgKi8NCi0JdHYudHZfdXNl YyA9IDA7DQotCXR2LnR2X3NlYyA9IDA7DQotCWV2dGltZXJfc2V0KCZzdGFy dHVwX2V2LCBzdGFydHVwX2hhbmRsZXIsICZzdGFydHVwX2V2KTsNCi0JZXZ0 aW1lcl9hZGQoJnN0YXJ0dXBfZXYsICZ0dik7DQogDQotCWV2ZW50X2xvb3Ao MCk7DQorCUVWX1NFVCgma2V2LCBJRlNEX0VWVElNRVJfU1RBUlRVUCwgRVZG SUxUX1RJTUVSLCBFVl9BRER8RVZfT05FU0hPVCwgMCwgMCwgKHZvaWQgKilz dGFydHVwX2hhbmRsZXIpOw0KKwlrZXZlbnQoa3EsICZrZXYsIDEsIE5VTEws IDAsICZ0cyk7DQorDQorCS8qIGV2ZW50IGxvb3AgKi8NCisJZm9yKDs7KQ0K KwkgIHsNCisJICAgIC8qIHdhaXQgaW5kZWZpbml0ZWx5IGZvciBhbiBldmVu dCAqLw0KKwkgICAga2V2ZW50KGtxLCBOVUxMLCAwLCAma2V2LCAxLCBOVUxM KTsNCisNCisJICAgIHZvaWQgKCpoYW5kbGVyKSh2b2lkKTsNCisJICAgIHZv aWQgKCpydF9oYW5kbGVyKShpbnQpOw0KKwkgICAgaWYgKGtldi5maWx0ZXIg PT0gRVZGSUxUX1JFQUQpDQorCSAgICAgIHsNCisJCXJ0X2hhbmRsZXIgPSBr ZXYudWRhdGE7DQorCQlydF9oYW5kbGVyKGtldi5pZGVudCk7DQorCSAgICAg IH0NCisJICAgIGVsc2UgaWYgKChrZXYuZmlsdGVyID09IEVWRklMVF9USU1F UikgJiYgKGtldi5pZGVudCA9PSBJRlNEX0VWVElNRVJfRVhURVJOQUwpKQ0K KwkgICAgICB7DQorCQlleHRlcm5hbF9hc3luY19leGVjKChzdHJ1Y3QgaWZz ZF9leHRlcm5hbCAqKWtldi51ZGF0YSk7DQorCSAgICAgIH0NCisJICAgIGVs c2UNCisJICAgICAgew0KKwkJaGFuZGxlciA9IGtldi51ZGF0YTsNCisJCWhh bmRsZXIoKTsNCisJICAgICAgfQ0KKwkgIH0NCisNCisJLyogTk9UUkVBQ0hF RCAqLw0KIAlleGl0KDApOw0KIH0NCiANCiB2b2lkDQotc3RhcnR1cF9oYW5k bGVyKGludCBmZCwgc2hvcnQgZXZlbnQsIHZvaWQgKmFyZykNCitzdGFydHVw X2hhbmRsZXIoKQ0KIHsNCiAJaW50IHJ0X2ZkOw0KKwlzdHJ1Y3QgdGltZXNw ZWMgdHM7DQogDQogCWlmIChsb2FkX2NvbmZpZygpICE9IDApIHsNCiAJCWxv Z2l0KElGU0RfTE9HX05PUk1BTCwgInVuYWJsZSB0byBsb2FkIGNvbmZpZyIp Ow0KQEAgLTE2NiwxOCArMTk3LDIwIEBADQogCWlmICgocnRfZmQgPSBzb2Nr ZXQoUEZfUk9VVEUsIFNPQ0tfUkFXLCAwKSkgPCAwKQ0KIAkJZXJyKDEsICJu byByb3V0aW5nIHNvY2tldCIpOw0KIA0KLQlldmVudF9zZXQoJnJ0X21zZ19l diwgcnRfZmQsIEVWX1JFQUR8RVZfUEVSU0lTVCwNCi0JICAgIHJ0X21zZ19o YW5kbGVyLCAmcnRfbXNnX2V2KTsNCi0JZXZlbnRfYWRkKCZydF9tc2dfZXYs IE5VTEwpOw0KKwl0cy50dl9zZWMgPSAwOw0KKwl0cy50dl9uc2VjID0gMDsN CiANCi0Jc2lnbmFsX3NldCgmc2lnaHVwX2V2LCBTSUdIVVAsIHNpZ2h1cF9o YW5kbGVyLCAmc2lnaHVwX2V2KTsNCi0Jc2lnbmFsX2FkZCgmc2lnaHVwX2V2 LCBOVUxMKTsNCisJRVZfU0VUKCZrZXYsIHJ0X2ZkLCBFVkZJTFRfUkVBRCwg RVZfQURELCAwLCAwLCAodm9pZCAqKXJ0X21zZ19oYW5kbGVyKTsNCisJa2V2 ZW50KGtxLCAma2V2LCAxLCBOVUxMLCAwLCAmdHMpOw0KKw0KKwlFVl9TRVQo JmtldiwgU0lHSFVQLCBFVkZJTFRfU0lHTkFMLCBFVl9BREQsIDAsIDAsICh2 b2lkICopc2lnaHVwX2hhbmRsZXIpOw0KKwlrZXZlbnQoa3EsICZrZXYsIDEs IE5VTEwsIDAsICZ0cyk7DQogDQogCWxvZ2l0KElGU0RfTE9HX05PUk1BTCwg InN0YXJ0ZWQiKTsNCiB9DQogDQogdm9pZA0KLXNpZ2h1cF9oYW5kbGVyKGlu dCBmZCwgc2hvcnQgZXZlbnQsIHZvaWQgKmFyZykNCitzaWdodXBfaGFuZGxl cigpDQogew0KIAlsb2dpdChJRlNEX0xPR19OT1JNQUwsICJyZWxvYWRpbmcg Y29uZmlnIik7DQogCWlmIChsb2FkX2NvbmZpZygpICE9IDApDQpAQCAtMjA4 LDcgKzI0MSw3IEBADQogfQ0KIA0KIHZvaWQNCi1ydF9tc2dfaGFuZGxlcihp bnQgZmQsIHNob3J0IGV2ZW50LCB2b2lkICphcmcpDQorcnRfbXNnX2hhbmRs ZXIoaW50IGZkKQ0KIHsNCiAJY2hhciBtc2dbMjA0OF07DQogCXN0cnVjdCBy dF9tc2doZHIgKnJ0bSA9IChzdHJ1Y3QgcnRfbXNnaGRyICopJm1zZzsNCkBA IC0yNDYsMjIgKzI3OSw2IEBADQogfQ0KIA0KIHZvaWQNCi1leHRlcm5hbF9o YW5kbGVyKGludCBmZCwgc2hvcnQgZXZlbnQsIHZvaWQgKmFyZykNCi17DQot CXN0cnVjdCBpZnNkX2V4dGVybmFsICpleHRlcm5hbCA9IChzdHJ1Y3QgaWZz ZF9leHRlcm5hbCAqKWFyZzsNCi0Jc3RydWN0IHRpbWV2YWwgdHY7DQotDQot CS8qIHJlLXNjaGVkdWxlICovDQotCXR2LnR2X3VzZWMgPSAwOw0KLQl0di50 dl9zZWMgPSBleHRlcm5hbC0+ZnJlcXVlbmN5Ow0KLQlldnRpbWVyX3NldCgm ZXh0ZXJuYWwtPmV2LCBleHRlcm5hbF9oYW5kbGVyLCBleHRlcm5hbCk7DQot CWV2dGltZXJfYWRkKCZleHRlcm5hbC0+ZXYsICZ0dik7DQotDQotCS8qIGV4 ZWN1dGUgKi8NCi0JZXh0ZXJuYWxfYXN5bmNfZXhlYyhleHRlcm5hbCk7DQot fQ0KLQ0KLXZvaWQNCiBleHRlcm5hbF9hc3luY19leGVjKHN0cnVjdCBpZnNk X2V4dGVybmFsICpleHRlcm5hbCkNCiB7DQogCWNoYXIgKmFyZ3BbXSA9IHsi c2giLCAiLWMiLCBOVUxMLCBOVUxMfTsNCkBAIC0zNTUsMjMgKzM3MiwyNSBA QA0KIGV4dGVybmFsX2V2dGltZXJfc2V0dXAoc3RydWN0IGlmc2Rfc3RhdGUg KnN0YXRlLCBpbnQgYWN0aW9uKQ0KIHsNCiAJc3RydWN0IGlmc2RfZXh0ZXJu YWwgKmV4dGVybmFsOw0KKwlzdHJ1Y3QgdGltZXNwZWMgdHM7DQorCWludCBm cmVxOw0KKwkNCisJdHMudHZfbnNlYyA9IDA7DQorCXRzLnR2X3NlYyA9IDA7 DQogDQogCWlmIChzdGF0ZSAhPSBOVUxMKSB7DQogCQlzd2l0Y2ggKGFjdGlv bikgew0KIAkJY2FzZSBJRlNEX0VWVElNRVJfQUREOg0KIAkJCVRBSUxRX0ZP UkVBQ0goZXh0ZXJuYWwsDQogCQkJICAgICZzdGF0ZS0+ZXh0ZXJuYWxfdGVz dHMsIGVudHJpZXMpIHsNCi0JCQkJc3RydWN0IHRpbWV2YWwgdHY7DQotDQor CQ0KIAkJCQkvKiBydW4gaXQgb25jZSByaWdodCBhd2F5ICovDQogCQkJCWV4 dGVybmFsX2FzeW5jX2V4ZWMoZXh0ZXJuYWwpOw0KIA0KIAkJCQkvKiBzY2hl ZHVsZSBpdCBmb3IgbGF0ZXIgKi8NCi0JCQkJdHYudHZfdXNlYyA9IDA7DQot CQkJCXR2LnR2X3NlYyA9IGV4dGVybmFsLT5mcmVxdWVuY3k7DQotCQkJCWV2 dGltZXJfc2V0KCZleHRlcm5hbC0+ZXYsIGV4dGVybmFsX2hhbmRsZXIsDQot CQkJCSAgICBleHRlcm5hbCk7DQotCQkJCWV2dGltZXJfYWRkKCZleHRlcm5h bC0+ZXYsICZ0dik7DQorCQkJCWZyZXEgPSAoZXh0ZXJuYWwtPmZyZXF1ZW5j eSAqIDEwMDApOw0KKwkJCQlFVl9TRVQoJmtldiwgSUZTRF9FVlRJTUVSX0VY VEVSTkFMLCBFVkZJTFRfVElNRVIsIEVWX0FERCwgMCwgZnJlcSwgKHZvaWQg KilleHRlcm5hbCk7DQorCQkJCWtldmVudChrcSwgJmtldiwgMSwgTlVMTCwg MCwgJnRzKTsNCiAJCQl9DQogCQkJYnJlYWs7DQogCQljYXNlIElGU0RfRVZU SU1FUl9ERUw6DQpAQCAtMzgxLDcgKzQwMCw5IEBADQogCQkJCQlraWxsKGV4 dGVybmFsLT5waWQsIFNJR0tJTEwpOw0KIAkJCQkJZXh0ZXJuYWwtPnBpZCA9 IDA7DQogCQkJCX0NCi0JCQkJZXZ0aW1lcl9kZWwoJmV4dGVybmFsLT5ldik7 DQorCQkJCWZyZXEgPSAoZXh0ZXJuYWwtPmZyZXF1ZW5jeSAqIDEwMDApOw0K KwkJCQlFVl9TRVQoJmtldiwgSUZTRF9FVlRJTUVSX0VYVEVSTkFMLCBFVkZJ TFRfVElNRVIsIEVWX0RFTEVURSwgMCwgZnJlcSwgKHZvaWQgKilleHRlcm5h bCk7DQorCQkJCWtldmVudChrcSwgJmtldiwgMSwgTlVMTCwgMCwgJnRzKTsN CiAJCQl9DQogCQkJYnJlYWs7DQogCQl9DQpAQCAtNTA1LDcgKzUyNiw2IEBA DQogCQlsb2dpdChJRlNEX0xPR19OT1JNQUwsICJjaGFuZ2luZyBzdGF0ZSB0 byAlcyIsDQogCQkgICAgY29uZi0+bmV4dHN0YXRlLT5uYW1lKTsNCiAJCWlm IChjb25mLT5jdXJzdGF0ZSAhPSBOVUxMKSB7DQotCQkJZXZ0aW1lcl9kZWwo JmNvbmYtPmN1cnN0YXRlLT5ldik7DQogCQkJZXh0ZXJuYWxfZXZ0aW1lcl9z ZXR1cChjb25mLT5jdXJzdGF0ZSwNCiAJCQkgICAgSUZTRF9FVlRJTUVSX0RF TCk7DQogCQl9DQpAQCAtNTUxLDYgKzU3MSw0OCBAQA0KIAl9DQogfQ0KIA0K Kw0KK2ludA0KK2dldF9pZmNvdW50KHZvaWQpDQorew0KKyAgaW50IG5hbWVb NV0sIGNvdW50Ow0KKyAgc2l6ZV90IGxlbjsNCisgIA0KKyAgbmFtZVswXSA9 IENUTF9ORVQ7DQorICBuYW1lWzFdID0gUEZfTElOSzsNCisgIG5hbWVbMl0g PSBORVRMSU5LX0dFTkVSSUM7DQorICBuYW1lWzNdID0gSUZNSUJfU1lTVEVN Ow0KKyAgbmFtZVs0XSA9IElGTUlCX0lGQ09VTlQ7DQorDQorICBsZW4gPSBz aXplb2YoaW50KTsNCisNCisgIGlmIChzeXNjdGwobmFtZSwgNSwgJmNvdW50 LCAmbGVuLCBOVUxMLCAwKSAhPSAtMSkNCisgICAgcmV0dXJuKGNvdW50KTsN CisgIGVsc2UNCisgICAgcmV0dXJuKC0xKTsNCit9DQorDQorDQoraW50DQor Z2V0X2lmbWliX2dlbmVyYWwoaW50IHJvdywgc3RydWN0IGlmbWliZGF0YSAq aWZtZCkNCit7DQorICBpbnQgbmFtZVs2XTsNCisgIHNpemVfdCBsZW47DQor ICANCisgIG5hbWVbMF0gPSBDVExfTkVUOw0KKyAgbmFtZVsxXSA9IFBGX0xJ Tks7DQorICBuYW1lWzJdID0gTkVUTElOS19HRU5FUklDOw0KKyAgbmFtZVsz XSA9IElGTUlCX0lGREFUQTsNCisgIG5hbWVbNF0gPSByb3c7DQorICBuYW1l WzVdID0gSUZEQVRBX0dFTkVSQUw7DQorICANCisgIGxlbiA9IHNpemVvZigq aWZtZCk7DQorICANCisgIHJldHVybiBzeXNjdGwobmFtZSwgNiwgaWZtZCwg JmxlbiwgKHZvaWQgKikwLCAwKTsNCit9DQorDQorDQorDQogLyoNCiAgKiBG ZXRjaCB0aGUgY3VycmVudCBsaW5rIHN0YXRlcy4NCiAgKi8NCkBAIC01NjAs MjkgKzYyMiwzNCBAQA0KIAlzdHJ1Y3QgaWZhZGRycyAqaWZhcCwgKmlmYTsN CiAJY2hhciAqb25hbWUgPSBOVUxMOw0KIAlpbnQgc29jayA9IHNvY2tldChB Rl9JTkVULCBTT0NLX0RHUkFNLCAwKTsNCisJaW50IGlmY291bnQgPSBnZXRf aWZjb3VudCgpOw0KKwlpbnQgaTsNCiANCi0JaWYgKGdldGlmYWRkcnMoJmlm YXApICE9IDApDQorCWlmIChnZXRpZmFkZHJzKCZpZmFwKSAhPSAwIHx8IGlm Y291bnQgPT0gLTEpDQogCQllcnIoMSwgImdldGlmYWRkcnMiKTsNCiANCiAJ Zm9yIChpZmEgPSBpZmFwOyBpZmE7IGlmYSA9IGlmYS0+aWZhX25leHQpIHsN Ci0JCXN0cnVjdCBpZnJlcSBpZnI7DQotCQlzdHJ1Y3QgaWZfZGF0YSAgaWZy ZGF0Ow0KKwkgICAgICAgIHN0cnVjdCBpZm1pYmRhdGEgaWZtZDsNCisJCXN0 cnVjdCBpZl9kYXRhICBpZmRhdGE7DQogDQogCQlpZiAob25hbWUgJiYgIXN0 cmNtcChvbmFtZSwgaWZhLT5pZmFfbmFtZSkpDQogCQkJY29udGludWU7DQog CQlvbmFtZSA9IGlmYS0+aWZhX25hbWU7DQogDQotCQlzdHJsY3B5KGlmci5p ZnJfbmFtZSwgaWZhLT5pZmFfbmFtZSwgc2l6ZW9mKGlmci5pZnJfbmFtZSkp Ow0KLQkJaWZyLmlmcl9kYXRhID0gKGNhZGRyX3QpJmlmcmRhdDsNCi0NCi0J CWlmIChpb2N0bChzb2NrLCBTSU9DR0lGREFUQSwgKGNhZGRyX3QpJmlmcikg PT0gLTEpDQotCQkJY29udGludWU7DQorCQlmb3IgKGkgPSAxOyBpIDw9IGlm Y291bnQ7IGkrKykNCisJCSAgew0KKwkJICAgIGdldF9pZm1pYl9nZW5lcmFs KGksICZpZm1kKTsNCisJCSAgICBpZiAoISBzdHJjbXAoaWZtZC5pZm1kX25h bWUsIG9uYW1lKSkNCisJCSAgICAgIGJyZWFrOw0KKwkJICB9DQorCQkNCisJ CWlmZGF0YSA9IGlmbWQuaWZtZF9kYXRhOw0KIA0KIAkJc2Nhbl9pZnN0YXRl KGlmX25hbWV0b2luZGV4KGlmYS0+aWZhX25hbWUpLA0KLQkJICAgIGlmcmRh dC5pZmlfbGlua19zdGF0ZSwgJmNvbmYtPmFsd2F5cyk7DQorCQkgICAgaWZk YXRhLmlmaV9saW5rX3N0YXRlLCAmY29uZi0+YWx3YXlzKTsNCiAJCWlmIChj b25mLT5jdXJzdGF0ZSAhPSBOVUxMKQ0KIAkJCXNjYW5faWZzdGF0ZShpZl9u YW1ldG9pbmRleChpZmEtPmlmYV9uYW1lKSwNCi0JCQkgICAgaWZyZGF0Lmlm aV9saW5rX3N0YXRlLCBjb25mLT5jdXJzdGF0ZSk7DQorCQkJICAgIGlmZGF0 YS5pZmlfbGlua19zdGF0ZSwgY29uZi0+Y3Vyc3RhdGUpOw0KIAl9DQogCWZy ZWVpZmFkZHJzKGlmYXApOw0KIAljbG9zZShzb2NrKTsNCkBAIC02NjQsNyAr NzMxLDYgQEANCiAJCQlUQUlMUV9SRU1PVkUoJnN0YXRlLT5leHRlcm5hbF90 ZXN0cywNCiAJCQkgICAgZXhwcmVzc2lvbi0+dS5leHRlcm5hbCwgZW50cmll cyk7DQogCQkJZnJlZShleHByZXNzaW9uLT51LmV4dGVybmFsLT5jb21tYW5k KTsNCi0JCQlldmVudF9kZWwoJmV4cHJlc3Npb24tPnUuZXh0ZXJuYWwtPmV2 KTsNCiAJCQlmcmVlKGV4cHJlc3Npb24tPnUuZXh0ZXJuYWwpOw0KIAkJfQ0K IAkJYnJlYWs7DQpPbmx5IGluIC46IGlmc3RhdGVkLmNvbmYNCmRpZmYgLXUg Li4vaWZzdGF0ZWQub3JpZy9pZnN0YXRlZC5oIC4vaWZzdGF0ZWQuaA0KLS0t IC4uL2lmc3RhdGVkLm9yaWcvaWZzdGF0ZWQuaAlXZWQgTm92IDE3IDE2OjE2 OjMzIDIwMDQNCisrKyAuL2lmc3RhdGVkLmgJV2VkIE5vdiAxNyAxNjoxMToz NCAyMDA0DQpAQCAtNDcsNyArNDcsNyBAQA0KIA0KIHN0cnVjdCBpZnNkX2V4 dGVybmFsIHsNCiAJVEFJTFFfRU5UUlkoaWZzZF9leHRlcm5hbCkJIGVudHJp ZXM7DQotCXN0cnVjdCBldmVudAkJCSBldjsNCisJc3RydWN0IGtldmVudAkJ CSBrZXY7DQogCXN0cnVjdCBpZnNkX2V4cHJlc3Npb25fbGlzdAkgZXhwcmVz c2lvbnM7DQogCWNoYXIJCQkJKmNvbW1hbmQ7DQogCWludAkJCQkgcHJldnN0 YXR1czsNCkBAIC0xMDcsNyArMTA3LDcgQEANCiBUQUlMUV9IRUFEKGlmc2Rf ZXh0ZXJuYWxfbGlzdCwgaWZzZF9leHRlcm5hbCk7DQogDQogc3RydWN0IGlm c2Rfc3RhdGUgew0KLQlzdHJ1Y3QgZXZlbnQJCQkgZXY7DQorCXN0cnVjdCBr ZXZlbnQJCQkga2V2Ow0KIAlzdHJ1Y3QgaWZzZF9pZnN0YXRlX2xpc3QJIGlu dGVyZmFjZV9zdGF0ZXM7DQogCXN0cnVjdCBpZnNkX2V4dGVybmFsX2xpc3QJ IGV4dGVybmFsX3Rlc3RzOw0KIAlUQUlMUV9FTlRSWShpZnNkX3N0YXRlKQkJ IGVudHJpZXM7DQpAQCAtMTM4LDYgKzEzOCw3IEBADQogfTsNCiANCiBlbnVt CXsgSUZTRF9FVlRJTUVSX0FERCwgSUZTRF9FVlRJTUVSX0RFTCB9Ow0KK2Vu dW0gICAgeyBJRlNEX0VWVElNRVJfU1RBUlRVUCwgSUZTRF9FVlRJTUVSX0VY VEVSTkFMIH07DQogc3RydWN0IGlmc2RfY29uZmlnICpwYXJzZV9jb25maWco Y2hhciAqLCBpbnQpOw0KIGludAljbWRsaW5lX3N5bXNldChjaGFyICopOw0K IHZvaWQJY2xlYXJfY29uZmlnKHN0cnVjdCBpZnNkX2NvbmZpZyAqKTsNCk9u bHkgaW4gLjogaWZzdGF0ZWQucGF0Y2gNCmRpZmYgLXUgLi4vaWZzdGF0ZWQu b3JpZy9wYXJzZS55IC4vcGFyc2UueQ0KLS0tIC4uL2lmc3RhdGVkLm9yaWcv cGFyc2UueQlXZWQgTm92IDE3IDE2OjE3OjAyIDIwMDQNCisrKyAuL3BhcnNl LnkJVHVlIE5vdiAxNiAxODo1MTozMyAyMDA0DQpAQCAtMjQsNiArMjQsNyBA QA0KICNpbmNsdWRlIDxzeXMvdHlwZXMuaD4NCiAjaW5jbHVkZSA8c3lzL3Rp bWUuaD4NCiAjaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KKyNpbmNsdWRlIDxz eXMvbGltaXRzLmg+DQogI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCiAjaW5j bHVkZSA8YXJwYS9pbmV0Lmg+DQogI2luY2x1ZGUgPG5ldC9pZi5oPg0KQEAg LTM1LDcgKzM2LDcgQEANCiAjaW5jbHVkZSA8c3RkaW8uaD4NCiAjaW5jbHVk ZSA8c3RyaW5nLmg+DQogI2luY2x1ZGUgPHN5c2xvZy5oPg0KLSNpbmNsdWRl IDxldmVudC5oPg0KKyNpbmNsdWRlIDxzeXMvZXZlbnQuaD4NCiANCiAjaW5j bHVkZSAiaWZzdGF0ZWQuaCINCiANCg== --0-1132633073-1100728010=:818-- From owner-freebsd-pf@FreeBSD.ORG Thu Nov 18 01:00:02 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DD92916A4CE for ; Thu, 18 Nov 2004 01:00:02 +0000 (GMT) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.173]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7002243D39 for ; Thu, 18 Nov 2004 01:00:02 +0000 (GMT) (envelope-from max@love2party.net) Received: from [212.227.126.162] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1CUaeM-0008Mo-00; Thu, 18 Nov 2004 01:59:50 +0100 Received: from [217.83.7.105] (helo=donor.laier.local) by mrelayng.kundenserver.de with asmtp (TLSv1:RC4-MD5:128) (Exim 3.35 #1) id 1CUaeL-0002du-00; Thu, 18 Nov 2004 01:59:50 +0100 From: Max Laier To: Matthew George Date: Thu, 18 Nov 2004 02:00:03 +0100 User-Agent: KMail/1.7.1 References: <20041117164521.P818@localhost> In-Reply-To: <20041117164521.P818@localhost> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1820050.7iLRop8eyG"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200411180200.10755.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:61c499deaeeba3ba5be80f48ecc83056 cc: freebsd-pf@freebsd.org Subject: Re: please test: ifstated(8) patches X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Nov 2004 01:00:03 -0000 --nextPart1820050.7iLRop8eyG Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Wednesday 17 November 2004 22:54, Matthew George wrote: > I've gone and ported OpenBSD's ifstated(8) to FreeBSD. Nice! Good that you found the sysctl's to substitute the SIOCGIFDATA ioctl.= I=20 haven't yet had time to look at it, but that seems to close bin/73877 [1], = or=20 is there any functionality that you are missing? Doesn't look like it from= =20 your diff. > The attached ifstated.patch will apply against src/usr.sbin/ifstated/* > from OpenBSD's cvs, and compiles cleanly against RELENG_5_3. Very nice, would you mind to turn it into a proper port? Just drop me a=20 tarball if you don't have somewhere to host it. I don't know if ifstated=20 should go into the base-system. It looks like it should be able to run as a= =20 port just fine? > The ifstated.conf.patch is basically the same as OpenBSD's, except for a > ping command line option. The config file has a comment in it noting that > net.inet.carp.preempt must be set to '1' in order for it to work. I > performed my testing with it set to '0', and it seemed to be fine for me. Is there a problem with preempt in the patchset right now? > The config script calls ifconfig on carp interfaces for its actions, but > that's the only requirement for carp ... it should work fine for non-carp > kernels with the proper config script. Again, thanks a lot! Everybody, please help testing. [1] http://www.freebsd.org/cgi/query-pr.cgi?pr=3Dbin/73877 =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart1820050.7iLRop8eyG Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQBBm/QaXyyEoT62BG0RAjpWAJ49cWQ9ooqVbvzQRL2LolLiiFSc1ACeLihf S6s+aU2aWuk4vAyeO0QBw4Q= =8uXb -----END PGP SIGNATURE----- --nextPart1820050.7iLRop8eyG-- From owner-freebsd-pf@FreeBSD.ORG Thu Nov 18 01:06:31 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5E5BA16A4CE for ; Thu, 18 Nov 2004 01:06:31 +0000 (GMT) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.177]) by mx1.FreeBSD.org (Postfix) with ESMTP id E4E9843D49 for ; Thu, 18 Nov 2004 01:06:30 +0000 (GMT) (envelope-from max@love2party.net) Received: from [212.227.126.205] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1CUako-0006GD-00; Thu, 18 Nov 2004 02:06:30 +0100 Received: from [217.83.7.105] (helo=donor.laier.local) by mrelayng.kundenserver.de with asmtp (TLSv1:RC4-MD5:128) (Exim 3.35 #1) id 1CUakn-0008O0-00; Thu, 18 Nov 2004 02:06:30 +0100 From: Max Laier To: freebsd-pf@freebsd.org Date: Thu, 18 Nov 2004 02:06:49 +0100 User-Agent: KMail/1.7.1 References: <20041117125515.O693@localhost> In-Reply-To: <20041117125515.O693@localhost> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart5026856.xoVJoGibPO"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200411180206.51218.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:61c499deaeeba3ba5be80f48ecc83056 Subject: Re: carp observations X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Nov 2004 01:06:31 -0000 --nextPart5026856.xoVJoGibPO Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Wednesday 17 November 2004 19:06, Matthew George wrote: > a couple of things I've noticed playing with carp ... Thanks. I'll work through it over the weekend, I guess. > 1) carp0 can't be destroyed, but there's no problem with carp[>0] > > mdg# ifconfig carp0 192.168.3.0/24 > mdg# ifconfig carp0 destroy > ifconfig: SIOCIFDESTROY: Invalid argument > mdg# ifconfig carp1 create > mdg# ifconfig carp1 destroy > [carp1 gone] Okay, this is a oneliner in the CLONE macro: =2D-- /tmp/tmp.2611.0 Thu Nov 18 02:04:58 2004 +++ /home/mlaier/devel/p4/carp2/sys/netinet/ip_carp.c Thu Nov 18 02:04:53= =20 2004 @@ -205,7 +205,7 @@ #endif static LIST_HEAD(, carp_softc) carpif_list; =2DIFC_SIMPLE_DECLARE(carp, 1); +IFC_SIMPLE_DECLARE(carp, 0); static __inline u_int16_t carp_cksum(struct mbuf *m, int len) > 2) here I'm trying to setup carp for a network that isn't assigned to any > of my interfaces > > mdg# ifconfig carp0 192.168.7.0/24 > ifconfig: ioctl (SIOCAIFADDR): Can't assign requested address > > somewhat expected, so I assign an address to dc3 and try again: > > mdg# ifconfig dc3 192.168.7.1/24 > mdg# ifconfig carp0 192.168.7.0/24 > ifconfig: ioctl (SIOCAIFADDR): Can't assign requested address > > interestingly enough, the same does not apply to a new carp interface. > once it sees I've assigned the address to dc3, it stops complaining. > > mdg# ifconfig dc3 delete > mdg# ifconfig carp1 create > mdg# ifconfig carp1 inet 192.168.7.0/24 > ifconfig: ioctl (SIOCAIFADDR): Can't assign requested address > mdg# ifconfig dc3 192.168.7.1/24 > mdg# ifconfig carp1 inet 192.168.7.0/24 > [created no problem] > > so carp1 will work properly, but carp0 still won't: > > mdg# ifconfig carp1 delete > mdg# ifconfig carp0 192.168.7.0/24 > ifconfig: ioctl (SIOCAIFADDR): Can't assign requested address > > I find that carp0 will be fine after a reboot as long as the ethernet > interface is configured before the carp interface, but a reboot does seem > to be necessary to recover. Hmmm ... I seem to mess some state on this particular error return. I'll lo= ok=20 at it. Thank you very much, helpful report! =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart5026856.xoVJoGibPO Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQBBm/WrXyyEoT62BG0RAjXxAJ9x5u4iD3CPEl0R/yGd19QddaJDjACfQ5N8 nv8bZ9d00hPG6E/dSCx18lw= =4ECV -----END PGP SIGNATURE----- --nextPart5026856.xoVJoGibPO-- From owner-freebsd-pf@FreeBSD.ORG Thu Nov 18 07:02:58 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6984216A4CE for ; Thu, 18 Nov 2004 07:02:58 +0000 (GMT) Received: from filter1.netplus.ch (filter1.netplus.ch [213.221.128.251]) by mx1.FreeBSD.org (Postfix) with ESMTP id 29D9D43D45 for ; Thu, 18 Nov 2004 07:02:58 +0000 (GMT) (envelope-from johan@terrettaz.ch) Received: from localhost (filter1.netplus.ch [127.0.0.1]) by filter1.netplus.ch (Postfix) with ESMTP id 0EED61E401C for ; Thu, 18 Nov 2004 08:02:53 +0100 (CET) Received: from filter1.netplus.ch ([127.0.0.1]) by localhost (filter1.netplus.ch [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 01019-01 for ; Thu, 18 Nov 2004 08:02:51 +0100 (CET) Received: from mail.terrettaz.ch (unknown [213.221.157.125]) by filter1.netplus.ch (Postfix) with ESMTP for ; Thu, 18 Nov 2004 08:02:51 +0100 (CET) To: freebsd-pf@freebsd.org X-Mailer: Lotus Notes Release 5.0.10 March 22, 2002 Message-ID: From: johan@terrettaz.ch Date: Thu, 18 Nov 2004 08:08:56 +0100 X-MIMETrack: Serialize by Router on mail/terrettaz/ch(Release 5.0.10 |March 22, 2002) at 18.11.2004 08:08:57 MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-transfer-encoding: quoted-printable X-Virus-Scanned: by amavisd-new at siesa.ch Subject: pfctl : /dev/fd/7: No such file or directory X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Nov 2004 07:02:58 -0000 I configure pf and spamd with grey listing on freebsd 5.3 and i have a problem with pfctl : pfctl : /dev/fd/7: No such file or directory I have build a new kernel with support for packet filter : device pf device pflog device pfsync options ALTQ options ALTQ_CBQ options ALTQ_RED options ALTQ_RIO options ALTQ_HFSC options ALTQ_CDNR options ALTQ_PRIQ #options ALTQ_DEBUG starting pf by /etc/rc.conf: pf_enable=3D"YES" pf_logd=3D"YES" pf_conf=3D"/le/chemin/ou/se/trouve/pf.conf" installation of spamd by the port tree /usr/ports/mail/spamd i start the spamd daemon with parameter ?g for using grey listing and a= fter 4 or 5 seconds appear the error message Can you help my for this error ? thanks _________________ Johan Tornay johan@terrettaz.ch = From owner-freebsd-pf@FreeBSD.ORG Thu Nov 18 16:16:59 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7ACD916A4CE for ; Thu, 18 Nov 2004 16:16:59 +0000 (GMT) Received: from mail.secureworks.net (mail.secureworks.net [209.101.212.155]) by mx1.FreeBSD.org (Postfix) with SMTP id C19E743D49 for ; Thu, 18 Nov 2004 16:16:58 +0000 (GMT) (envelope-from mdg@secureworks.net) Received: (qmail 42514 invoked from network); 18 Nov 2004 16:16:57 -0000 Received: from unknown (HELO HOST-192-168-8-243.internal.secureworks.net) (63.239.86.253) by mail.secureworks.net with SMTP; 18 Nov 2004 16:16:57 -0000 Date: Thu, 18 Nov 2004 11:16:57 -0500 (EST) From: Matthew George X-X-Sender: mdg@localhost To: Max Laier In-Reply-To: <200411180200.10755.max@love2party.net> Message-ID: <20041118111240.M65727@localhost> References: <200411180200.10755.max@love2party.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-pf@freebsd.org Subject: Re: please test: ifstated(8) patches X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Nov 2004 16:16:59 -0000 On Wed, 17 Nov 2004, Max Laier wrote: > On Wednesday 17 November 2004 22:54, Matthew George wrote: > > I've gone and ported OpenBSD's ifstated(8) to FreeBSD. > > Nice! Good that you found the sysctl's to substitute the SIOCGIFDATA > ioctl. I > haven't yet had time to look at it, but that seems to close bin/73877 > [1], or > is there any functionality that you are missing? Doesn't look like it > from > your diff. looks good to me > > > The attached ifstated.patch will apply against src/usr.sbin/ifstated/* > > from OpenBSD's cvs, and compiles cleanly against RELENG_5_3. > > Very nice, would you mind to turn it into a proper port? Just drop me a > tarball if you don't have somewhere to host it. I don't know if ifstated > > should go into the base-system. It looks like it should be able to run > as a > port just fine? sure thing ... I'll wrap it up and PR it today or tomorrow > > > The ifstated.conf.patch is basically the same as OpenBSD's, except for > a > > ping command line option. The config file has a comment in it noting > that > > net.inet.carp.preempt must be set to '1' in order for it to work. I > > performed my testing with it set to '0', and it seemed to be fine for > me. > > Is there a problem with preempt in the patchset right now? I didn't test it, so I'm not sure. The comment was from OpenBSD ... > > > The config script calls ifconfig on carp interfaces for its actions, > but > > that's the only requirement for carp ... it should work fine for > non-carp > > kernels with the proper config script. > > Again, thanks a lot! > Everybody, please help testing. > > > [1] http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/73877 > > -- Matthew George SecureWorks Technical Operations 404.327.6339 From owner-freebsd-pf@FreeBSD.ORG Thu Nov 18 20:51:44 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DA79F16A4CE for ; Thu, 18 Nov 2004 20:51:44 +0000 (GMT) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.171]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6F8EF43D3F for ; Thu, 18 Nov 2004 20:51:44 +0000 (GMT) (envelope-from max@love2party.net) Received: from [212.227.126.160] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1CUtFZ-0005Js-00; Thu, 18 Nov 2004 21:51:29 +0100 Received: from [217.83.2.153] (helo=donor.laier.local) by mrelayng.kundenserver.de with asmtp (TLSv1:RC4-MD5:128) (Exim 3.35 #1) id 1CUtFZ-0006TH-00; Thu, 18 Nov 2004 21:51:29 +0100 From: Max Laier To: =?utf-8?q?=C5=81ukasz_Dudek?= Date: Thu, 18 Nov 2004 21:51:45 +0100 User-Agent: KMail/1.7.1 References: <20041108143059.GA54873@dorbja.pinco.pl> <20041109131334.GA63180@dorbja.pinco.pl> <20041116120822.GC15288@dorbja.pinco.pl> In-Reply-To: <20041116120822.GC15288@dorbja.pinco.pl> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1651166.U9ODEyRh8a"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200411182151.52707.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:61c499deaeeba3ba5be80f48ecc83056 cc: freebsd-pf@freebsd.org Subject: Re: pf multipath nat X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Nov 2004 20:51:45 -0000 --nextPart1651166.U9ODEyRh8a Content-Type: text/plain; charset="iso-8859-2" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Tuesday 16 November 2004 13:08, =A3ukasz Dudek wrote: > Dnia Wto, Lis 09, 2004 o godzinie 02:13:34 +0100, =A3ukasz Dudek napisa= =B3(a): > > Dnia Pon, Lis 08, 2004 o godzinie 04:21:39 +0100, Max Laier napisa=B3(a= ): > > > On Monday 08 November 2004 15:30, =A3ukasz Dudek wrote: > > > > i've tried to configure multipath nat using RELENG_5 box > > > > (when it was current and now when it became stable) > > this is full ruleset Okay sorry for the delay, but I was (and in fact still am) very busy with r= eal=20 life these days. Will hopefully resume to full working speed soon. Nontheless, I finally found some time to rig a test-setup for this ruleset= =20 with two Soekris boxes. Unfortunately I wasn't able to see any problem. No= =20 hang, no stalling, nothing! Can you please try to get more information abou= t=20 the problem in your setup? I need to know what kind of "hang" it is. Deadlock, lifelock, etc? Try to=20 break into the debugger via serial console or Crtl + ALt + Esc etc. I canno= t=20 reproduce it, sorry. Does anybody successfully run more than one uplink in this way? What hardwa= re=20 do you have? Same question to =A3ukasz, what kind of box is this? Are we looking at an S= MP=20 box? > can i provide any more information or is there anything anything i can > do to help resolv this issue, have anyone been able to reproduce this > behaviour, i would really like to utilize second link using freebsd box > moving every service from free to open will be performance lost and > services, network downtime. this box without configuring second link > is 100% stable I really need some definite description of the problem. "It seems to hang" = is=20 way too imprecise, sorry. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart1651166.U9ODEyRh8a Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQBBnQtoXyyEoT62BG0RAhsEAJ9mJKW5ufX0Q1U/m8SHfZMcuVOSugCdH1wJ rZA/7sKZ3jgTKlStAMbz/TY= =pPY8 -----END PGP SIGNATURE----- --nextPart1651166.U9ODEyRh8a-- From owner-freebsd-pf@FreeBSD.ORG Fri Nov 19 00:32:42 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 18CD616A4CE for ; Fri, 19 Nov 2004 00:32:42 +0000 (GMT) Received: from mail.secureworks.net (mail.secureworks.net [209.101.212.155]) by mx1.FreeBSD.org (Postfix) with SMTP id 8414543D1F for ; Fri, 19 Nov 2004 00:32:41 +0000 (GMT) (envelope-from mdg@secureworks.net) Received: (qmail 86520 invoked from network); 19 Nov 2004 00:32:41 -0000 Received: from unknown (HELO HOST-192-168-8-243.internal.secureworks.net) (209.101.212.253) by mail.secureworks.net with SMTP; 19 Nov 2004 00:32:41 -0000 Date: Thu, 18 Nov 2004 19:32:41 -0500 (EST) From: Matthew George X-X-Sender: mdg@localhost To: Max Laier In-Reply-To: <20041118111240.M65727@localhost> Message-ID: <20041118192532.V5105@localhost> References: <200411180200.10755.max@love2party.net> <20041118111240.M65727@localhost> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-pf@freebsd.org Subject: Re: please test: ifstated(8) patches X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Nov 2004 00:32:42 -0000 On Thu, 18 Nov 2004, Matthew George wrote: > On Wed, 17 Nov 2004, Max Laier wrote: > > > Very nice, would you mind to turn it into a proper port? Just drop me a > > tarball if you don't have somewhere to host it. I don't know if ifstated > > > > should go into the base-system. It looks like it should be able to run > > as a > > port just fine? > > sure thing ... I'll wrap it up and PR it today or tomorrow > submitted as ports/74096 -- Matthew George SecureWorks Technical Operations From owner-freebsd-pf@FreeBSD.ORG Sat Nov 20 01:49:51 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0639E16A4CE for ; Sat, 20 Nov 2004 01:49:51 +0000 (GMT) Received: from viharnik.xenya.net (viharnik.xenya.si [213.143.80.85]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4FE0F43D39 for ; Sat, 20 Nov 2004 01:49:50 +0000 (GMT) (envelope-from cuk@cuk.nu) Received: from localhost (tabla.xenya.si [213.143.80.70]) by viharnik.xenya.net (Postfix) with ESMTP id 981632357E for ; Sat, 20 Nov 2004 02:49:48 +0100 (CET) Received: from viharnik.xenya.net ([213.143.80.85]) by localhost (tabla.xenya.si [213.143.80.70]) (amavisd-new, port 10024) with ESMTP id 81510-10 for ; Sat, 20 Nov 2004 02:49:48 +0100 (CET) Received: from [192.168.6.60] (unknown [192.168.6.60]) by viharnik.xenya.net (Postfix) with ESMTP id D127E23564 for ; Sat, 20 Nov 2004 02:49:47 +0100 (CET) Message-ID: <419EA38B.4000907@cuk.nu> Date: Sat, 20 Nov 2004 02:53:15 +0100 From: Marko Cuk User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.3) Gecko/20040910 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Virus-Scanned: by amavisd-new at xenya.si Subject: pf multipath nat X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 20 Nov 2004 01:49:51 -0000 I have a question regarding this... What happen, if one of the uplinks goes down ? What does pf knows about states of interfaces and availiability ? I'd like to know also, how to configure FreeBSD, to send out packet with proper source IP and what is the default route in that case ? Can anyone speak a little about that ? Tnx, Marko Cuk On Tuesday 16 November 2004 13:08, Ɓukasz Dudek wrote: >/ Dnia Wto, Lis 09, 2004 o godzinie 02:13:34 +0100, Ɓukasz Dudek napisaƂ(a): />/ > Dnia Pon, Lis 08, 2004 o godzinie 04:21:39 +0100, Max Laier napisaƂ(a): />/ > > On Monday 08 November 2004 15:30, Ɓukasz Dudek wrote: />/ > > > i've tried to configure multipath nat using RELENG_5 box />/ > > > (when it was current and now when it became stable) />/ />/ this is full ruleset / Okay sorry for the delay, but I was (and in fact still am) very busy with real life these days. Will hopefully resume to full working speed soon. Nontheless, I finally found some time to rig a test-setup for this ruleset with two Soekris boxes. Unfortunately I wasn't able to see any problem. No hang, no stalling, nothing! Can you please try to get more information about the problem in your setup? I need to know what kind of "hang" it is. Deadlock, lifelock, etc? Try to break into the debugger via serial console or Crtl + ALt + Esc etc. I cannot reproduce it, sorry. Does anybody successfully run more than one uplink in this way? What hardware do you have? Same question to Ɓukasz, what kind of box is this? Are we looking at an SMP box? >/ can i provide any more information or is there anything anything i can />/ do to help resolv this issue, have anyone been able to reproduce this />/ behaviour, i would really like to utilize second link using freebsd box />/ moving every service from free to open will be performance lost and />/ services, network downtime. this box without configuring second link />/ is 100% stable / I really need some definite description of the problem. "It seems to hang" is way too imprecise, sorry.