From owner-freebsd-pf@FreeBSD.ORG Sun Feb 5 17:21:34 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9C88D16A420; Sun, 5 Feb 2006 17:21:34 +0000 (GMT) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.188]) by mx1.FreeBSD.org (Postfix) with ESMTP id 005A143D49; Sun, 5 Feb 2006 17:21:33 +0000 (GMT) (envelope-from max@love2party.net) Received: from [84.163.254.207] (helo=amd64.laiers.local) by mrelayeu.kundenserver.de (node=mrelayeu0) with ESMTP (Nemesis), id 0MKwh2-1F5nZs1UhT-0000ba; Sun, 05 Feb 2006 18:21:32 +0100 From: Max Laier Organization: FreeBSD To: freebsd-pf@freebsd.org Date: Sun, 5 Feb 2006 18:22:52 +0100 User-Agent: KMail/1.9.1 References: <200602051717.k15HHW6D056625@repoman.freebsd.org> In-Reply-To: <200602051717.k15HHW6D056625@repoman.freebsd.org> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart2349539.PVx1Va4J3y"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200602051823.00673.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de login:61c499deaeeba3ba5be80f48ecc83056 Cc: cvs-src@freebsd.org, src-committers@freebsd.org, cvs-all@freebsd.org Subject: Re: cvs commit: src/sys/modules Makefile src/sys/modules/pf Makefile src/sys/modules/pflog Makefile src/sys/contrib/pf/net if_pflog.c if_pflog.h pf_ioctl.c X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Feb 2006 17:21:34 -0000 --nextPart2349539.PVx1Va4J3y Content-Type: text/plain; charset="iso-8859-6" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Sunday 05 February 2006 18:17, Max Laier wrote: > mlaier 2006-02-05 17:17:32 UTC > > FreeBSD src repository > > Modified files: > sys/modules Makefile > sys/modules/pf Makefile > sys/contrib/pf/net if_pflog.c if_pflog.h pf_ioctl.c > Added files: > sys/modules/pflog Makefile > Log: > Make pflog a seperate module. As a result pflog_packet() becomes a > function pointer that is declared in pf_ioctl.c There is a potential performance hit in this. I wasn't able to measure it= =20 however. If it does show in your environment, please let me know and we ca= n=20 think about a special kernel option that brings back the old behavior if=20 pflog is compiled into the kernel. This is supposed to go into 6.1, so please test it now. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart2349539.PVx1Va4J3y Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQBD5jR0XyyEoT62BG0RApsiAJ0SPRDxNL5Vv8QJ/EV4F4T4EpRpUACfXTdV iT2q4UZt49ArDqxB2NZ3/ww= =akiU -----END PGP SIGNATURE----- --nextPart2349539.PVx1Va4J3y-- From owner-freebsd-pf@FreeBSD.ORG Mon Feb 6 11:02:20 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D22D616A420 for ; Mon, 6 Feb 2006 11:02:20 +0000 (GMT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9E51C43D49 for ; Mon, 6 Feb 2006 11:02:20 +0000 (GMT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (peter@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k16B2KKE081804 for ; Mon, 6 Feb 2006 11:02:20 GMT (envelope-from owner-bugmaster@freebsd.org) Received: (from peter@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k16B2Jis081798 for freebsd-pf@freebsd.org; Mon, 6 Feb 2006 11:02:19 GMT (envelope-from owner-bugmaster@freebsd.org) Date: Mon, 6 Feb 2006 11:02:19 GMT Message-Id: <200602061102.k16B2Jis081798@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: peter set sender to owner-bugmaster@freebsd.org using -f From: FreeBSD bugmaster To: freebsd-pf@FreeBSD.org Cc: Subject: Current problem reports assigned to you X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Feb 2006 11:02:21 -0000 Current FreeBSD problem reports Critical problems Serious problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2005/06/15] kern/82271 pf [pf] cbq scheduler cause bad latency f [2005/07/31] kern/84370 pf [modules] Unload pf.ko cause page fault f [2005/09/13] kern/86072 pf [pf] Packet Filter rule not working prope 3 problems total. Non-critical problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2005/05/15] conf/81042 pf [pf] [patch] /etc/pf.os doesn't match Fre o [2005/12/09] kern/90148 pf [pf] pf_enable="YES" -> Fatal trap 12: pa 2 problems total. From owner-freebsd-pf@FreeBSD.ORG Tue Feb 7 18:58:43 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E766F16A420 for ; Tue, 7 Feb 2006 18:58:43 +0000 (GMT) (envelope-from bill.marquette@gmail.com) Received: from xproxy.gmail.com (xproxy.gmail.com [66.249.82.195]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7796843D53 for ; Tue, 7 Feb 2006 18:58:43 +0000 (GMT) (envelope-from bill.marquette@gmail.com) Received: by xproxy.gmail.com with SMTP id s9so997600wxc for ; Tue, 07 Feb 2006 10:58:42 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=auJef+sBEfJBALw+b+jkcoJ8QsDumgsgF+eCFLUMLBqBlcWZCxY0QqWAY8hXbwv082fwERFjb15KpYtB06y92h0zHh0HREpzVceWk9XAcFNHJvtc2BtHwOARieG5HEKm/gLKAgFkzhKnrdE9BBT3fUHGI25LHlZM7BSiPGPqCyo= Received: by 10.70.31.8 with SMTP id e8mr8302483wxe; Tue, 07 Feb 2006 10:58:42 -0800 (PST) Received: by 10.70.89.8 with HTTP; Tue, 7 Feb 2006 10:58:42 -0800 (PST) Message-ID: <55e8a96c0602071058h721bdeeag3b3da67ddc04bf3d@mail.gmail.com> Date: Tue, 7 Feb 2006 12:58:42 -0600 From: Bill Marquette To: freebsd-pf@freebsd.org In-Reply-To: <200602061102.k16B2Jis081798@freefall.freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <200602061102.k16B2Jis081798@freefall.freebsd.org> Subject: Re: Current problem reports assigned to you X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Feb 2006 18:58:44 -0000 On 2/6/06, FreeBSD bugmaster wrote: > Current FreeBSD problem reports > Critical problems > Serious problems > > S Submitted Tracker Resp. Description > -------------------------------------------------------------------------= ------ > o [2005/06/15] kern/82271 pf [pf] cbq scheduler cause bad laten= cy Hmmm, we're seeing this in pfSense on both the cbq and hfsc schedulers. I'm glad I saw this come through, I've spent a fair amount of time trying to figure out what was wrong. CBQ in RELENG_6 is still doing what this PR suggests using the pfSense shaper setup (we've disabled it for now). HFSC appears to work for a while (at least I see no bad latencies immediately after load), but it eventually (in some cases immediately) also tends to cause massive latencies (completely idle connection showing 700ms pings w/ altq and 30ms pings w/out). It can be challenging to duplicate this with setups going from working to broken to working. --Bill From owner-freebsd-pf@FreeBSD.ORG Thu Feb 9 00:27:13 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F2B7E16A420 for ; Thu, 9 Feb 2006 00:27:12 +0000 (GMT) (envelope-from bill.marquette@gmail.com) Received: from xproxy.gmail.com (xproxy.gmail.com [66.249.82.207]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0C80543D49 for ; Thu, 9 Feb 2006 00:27:11 +0000 (GMT) (envelope-from bill.marquette@gmail.com) Received: by xproxy.gmail.com with SMTP id s9so17770wxc for ; Wed, 08 Feb 2006 16:27:11 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=jaHVyIJf0JGVL+3z2p0dMWHzXemeeuokXn4qxrMAoxsxdptx4ZnelDuE7VN5J3n77d3ttTNowgkwP03AO022ixdRYiXEvxMuxVPD4Cv8ZsIcERb1pDNMpqO6QLNPuqDsZm7xYLQix4V4qfi5sMAyKYAamrz8O+8RWYWdMsla9IY= Received: by 10.70.89.12 with SMTP id m12mr340094wxb; Wed, 08 Feb 2006 16:27:11 -0800 (PST) Received: by 10.70.89.8 with HTTP; Wed, 8 Feb 2006 16:27:10 -0800 (PST) Message-ID: <55e8a96c0602081627s2446e537mac2c1c2c1444162a@mail.gmail.com> Date: Wed, 8 Feb 2006 18:27:10 -0600 From: Bill Marquette To: Andrew Atrens In-Reply-To: <43EA3DD4.2070704@nortel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <43EA3DD4.2070704@nortel.com> Cc: pf@benzedrine.cx, freebsd-pf@freebsd.org Subject: Re: some (hopefully basic) altq questions ... X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Feb 2006 00:27:13 -0000 Redirecting to pf@benzedrine.cx and freebsd-pf@freebsd.org as slightly more appropriate lists than misc@ On 2/8/06, Andrew Atrens wrote: > Here's what I have today, that looks to be working well - > > > altq on $ext_if cbq bandwidth 100Mb queue { output_ext } > queue output_ext bandwidth 850Kb cbq { std_ext, known_ext, torrent_ext, = tcp_ack_ext } > queue std_ext bandwidth 75% priority 1 cbq(default red) qlimit 100 > queue torrent_ext bandwidth 75% priority 1 cbq(red) qlimit 1 > queue known_ext bandwidth 90% priority 3 cbq(borrow) qlimit 100 > queue tcp_ack_ext bandwidth 10% priority 7 cbq(borrow) qlimit 100 That parses???? It shouldn't! # pfctl -nf /tmp/foo pfctl: the sum of the child bandwidth higher than parent "output_ext" pfctl: the sum of the child bandwidth higher than parent "output_ext" pfctl: the sum of the child bandwidth higher than parent "output_ext" pfctl: queue bandwidth must be larger than 123.77Kb cbq: queue tcp_ack_ext is too slow! # cat /tmp/foo altq on lo0 cbq bandwidth 100Mb queue { output_ext } queue output_ext bandwidth 850Kb cbq { std_ext, known_ext, torrent_ext, tcp_ack_ext } queue std_ext bandwidth 75% priority 1 cbq(default red) qlimit 100 queue torrent_ext bandwidth 75% priority 1 cbq(red) qlimit 1 queue known_ext bandwidth 90% priority 3 cbq(borrow) qlimit 100 queue tcp_ack_ext bandwidth 10% priority 7 cbq(borrow) qlimit 100 That's from a early January OpenBSD 3.8 snapshot, FYI. > Notice the percentages don't add up ? > > I *thought* I should be doing something like - > > altq on $ext_if cbq bandwidth 100Mb queue { output_ext } > queue output_ext bandwidth 850Kb cbq { std_ext, known_ext, torrent_ext, = tcp_ack_ext } > queue std_ext bandwidth 5% priority 1 cbq(default red borrow) qlimit= 100 > queue torrent_ext bandwidth 5% priority 1 cbq(red borrow) qlimit 1 > queue known_ext bandwidth 80% priority 3 cbq(borrow) qlimit 100 > queue tcp_ack_ext bandwidth 10% priority 7 cbq(borrow) qlimit 100 That's the correct syntax if I grok the man pages correctly myself. > But with this config torrent uploads *crawl*, at most using 6 or 7 % of t= he available > bandwidth - lots of dropped packets are preventing tcp from ramping up th= e connection > speed, this regardless of whether or not the bw is being used by the othe= r queues. This sounds suspiciously like kern/82271 (http://www.freebsd.org/cgi/query-pr.cgi?pr=3D82271) which I'm seeing problems with too. We just noticed however that we were compiling an SMP kernel and weren't using option ALTQ_NOPCC which the man page says is required although I'm not sure it is (unless you're on a multi-proc alpha - see below) as that option is only referenced twice in altq_subr.c. Once do set machclk_usepcc to 0 (which SMP will do also) and once if it's running on an alpha and ALTQ_NOPCC isn't defined. My next step is to take one of our broken rule files and validate it on an openbsd box to see if it works the same there. --Bill $ grep -A4 -B2 ALTQ_NOPCC * altq_subr.c- else altq_subr.c- tbr_timer =3D 0; /* don't need tbr_timer anymore *= / altq_subr.c:#if defined(__alpha__) && !defined(ALTQ_NOPCC) altq_subr.c- { altq_subr.c- /* altq_subr.c- * XXX read out the machine dependent clock once a second altq_subr.c- * to detect counter wrap-around. -- altq_subr.c- } altq_subr.c- } altq_subr.c:#endif /* __alpha__ && !ALTQ_NOPCC */ altq_subr.c-} altq_subr.c- altq_subr.c-/* altq_subr.c- * get token bucket regulator profile -- altq_subr.c- machclk_usepcc =3D 1; altq_subr.c- altq_subr.c:#if (!defined(__i386__) && !defined(__alpha__)) || defined(ALTQ_NOPCC) altq_subr.c- machclk_usepcc =3D 0; altq_subr.c-#endif altq_subr.c-#if defined(__FreeBSD__) && defined(SMP) altq_subr.c- machclk_usepcc =3D 0; From owner-freebsd-pf@FreeBSD.ORG Thu Feb 9 05:44:09 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DD82B16A420 for ; Thu, 9 Feb 2006 05:44:09 +0000 (GMT) (envelope-from atrens@nortel.com) Received: from zcars04f.nortel.com (zcars04f.nortel.com [47.129.242.57]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0D6FD43D55 for ; Thu, 9 Feb 2006 05:44:08 +0000 (GMT) (envelope-from atrens@nortel.com) Received: from zcarhxm2.corp.nortel.com (zcarhxm2.corp.nortel.com [47.129.230.99]) by zcars04f.nortel.com (Switch-2.2.6/Switch-2.2.0) with ESMTP id k195hsB16409; Thu, 9 Feb 2006 00:43:54 -0500 (EST) Received: from [10.0.3.250] ([47.128.22.25] RDNS failed) by zcarhxm2.corp.nortel.com with Microsoft SMTPSVC(6.0.3790.211); Thu, 9 Feb 2006 00:43:24 -0500 Message-ID: <43EAD661.8070203@nortel.com> Date: Thu, 09 Feb 2006 00:42:57 -0500 From: "Andrew Atrens" User-Agent: Mozilla Thunderbird 1.0.7 (X11/20051129) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Bill Marquette , freebsd-pf@freebsd.org, pf@benzedrine.cx References: <43EA3DD4.2070704@nortel.com> <55e8a96c0602081627s2446e537mac2c1c2c1444162a@mail.gmail.com> In-Reply-To: <55e8a96c0602081627s2446e537mac2c1c2c1444162a@mail.gmail.com> X-Enigmail-Version: 0.93.0.0 OpenPGP: id=A09D78CC; url= Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 09 Feb 2006 05:43:24.0336 (UTC) FILETIME=[BE29AB00:01C62D3B] Cc: Subject: Re: some (hopefully basic) altq questions ... X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Feb 2006 05:44:10 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Bill Marquette wrote: > Redirecting to pf@benzedrine.cx and freebsd-pf@freebsd.org as slightly > more appropriate lists than misc@ > > On 2/8/06, Andrew Atrens wrote: > >>Here's what I have today, that looks to be working well - >> >> >>altq on $ext_if cbq bandwidth 100Mb queue { output_ext } >>queue output_ext bandwidth 850Kb cbq { std_ext, known_ext, torrent_ext, tcp_ack_ext } >>queue std_ext bandwidth 75% priority 1 cbq(default red) qlimit 100 >>queue torrent_ext bandwidth 75% priority 1 cbq(red) qlimit 1 >>queue known_ext bandwidth 90% priority 3 cbq(borrow) qlimit 100 >>queue tcp_ack_ext bandwidth 10% priority 7 cbq(borrow) qlimit 100 > > > That parses???? It shouldn't! It does on FreeBSD/DragonFly... Here's the output of pftop - QUEUE BANDW SCH PRI PKTS BYTES DROP_P DROP_B QLEN BORRO SUSPE P/S B/S root_sis0 100M cbq 0 33669K 3172M 0 0 0 0 0 70 43K output_ext 850K cbq 0 0 0 0 0 0 0 0 0 std_ext 637K cbq 4585421 2142M 0 0 0 0 37200 7 5K torrent_ext 637K cbq 27013K 680853K 4892332 2782866K 0 0 960K 60 37K known_ext 765K cbq 3 2208318 370475K 0 0 0 4930 2554 2 231 tcp_ack_ext 85K cbq 7 22124 3491277 0 0 0 9 0 0 0 root_ath0 20M cbq 0 30474K 2653M 0 0 0 0 0 55 30K std_int 17M cbq 7490316 145327K 0 0 0 10 0 16 6K mail_int 17M cbq 2 147814 107723K 0 0 0 0 0 0 0 http_int 17M cbq 4 1813838 1763M 0 0 0 27250 0 0 0 ssh_bulk_int 3M cbq 4 93721 20410K 0 0 0 0 0 0 0 tcp_ack_int 1M cbq 7 102611 21585K 0 0 0 67 0 0.2 70 torrent_int 10M cbq 0 21052K 617201K 0 0 0 458 0 38 24K > > # pfctl -nf /tmp/foo > pfctl: the sum of the child bandwidth higher than parent "output_ext" > pfctl: the sum of the child bandwidth higher than parent "output_ext" > pfctl: the sum of the child bandwidth higher than parent "output_ext" > pfctl: queue bandwidth must be larger than 123.77Kb > cbq: queue tcp_ack_ext is too slow! > # cat /tmp/foo > altq on lo0 cbq bandwidth 100Mb queue { output_ext } > queue output_ext bandwidth 850Kb cbq { std_ext, known_ext, > torrent_ext, tcp_ack_ext } > queue std_ext bandwidth 75% priority 1 cbq(default red) qlimit 100 > queue torrent_ext bandwidth 75% priority 1 cbq(red) qlimit 1 > queue known_ext bandwidth 90% priority 3 cbq(borrow) qlimit 100 > queue tcp_ack_ext bandwidth 10% priority 7 cbq(borrow) qlimit 100 > > That's from a early January OpenBSD 3.8 snapshot, FYI. > > >>Notice the percentages don't add up ? >> >>I *thought* I should be doing something like - >> >>altq on $ext_if cbq bandwidth 100Mb queue { output_ext } >>queue output_ext bandwidth 850Kb cbq { std_ext, known_ext, torrent_ext, tcp_ack_ext } >>queue std_ext bandwidth 5% priority 1 cbq(default red borrow) qlimit 100 >>queue torrent_ext bandwidth 5% priority 1 cbq(red borrow) qlimit 1 >>queue known_ext bandwidth 80% priority 3 cbq(borrow) qlimit 100 >>queue tcp_ack_ext bandwidth 10% priority 7 cbq(borrow) qlimit 100 > > > That's the correct syntax if I grok the man pages correctly myself. > > >>But with this config torrent uploads *crawl*, at most using 6 or 7 % of the available >>bandwidth - lots of dropped packets are preventing tcp from ramping up the connection >>speed, this regardless of whether or not the bw is being used by the other queues. > > > This sounds suspiciously like kern/82271 > (http://www.freebsd.org/cgi/query-pr.cgi?pr=82271) which I'm seeing > problems with too. We just noticed however that we were compiling an > SMP kernel and weren't using option ALTQ_NOPCC which the man page says > is required although I'm not sure it is (unless you're on a multi-proc > alpha - see below) as that option is only referenced twice in > altq_subr.c. Once do set machclk_usepcc to 0 (which SMP will do also) > and once if it's running on an alpha and ALTQ_NOPCC isn't defined. I'm running on a Geode processor. Maybe the pcc is horked on that processor ? > > My next step is to take one of our broken rule files and validate it > on an openbsd box to see if it works the same there. Hmm. > > --Bill > > $ grep -A4 -B2 ALTQ_NOPCC * > altq_subr.c- else > altq_subr.c- tbr_timer = 0; /* don't need tbr_timer anymore */ > altq_subr.c:#if defined(__alpha__) && !defined(ALTQ_NOPCC) > altq_subr.c- { > altq_subr.c- /* > altq_subr.c- * XXX read out the machine dependent clock > once a second > altq_subr.c- * to detect counter wrap-around. > -- > altq_subr.c- } > altq_subr.c- } > altq_subr.c:#endif /* __alpha__ && !ALTQ_NOPCC */ > altq_subr.c-} > altq_subr.c- > altq_subr.c-/* > altq_subr.c- * get token bucket regulator profile > -- > altq_subr.c- machclk_usepcc = 1; > altq_subr.c- > altq_subr.c:#if (!defined(__i386__) && !defined(__alpha__)) || > defined(ALTQ_NOPCC) > altq_subr.c- machclk_usepcc = 0; > altq_subr.c-#endif > altq_subr.c-#if defined(__FreeBSD__) && defined(SMP) > altq_subr.c- machclk_usepcc = 0; > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFD6tZd8It2CaCdeMwRAtluAJ0TknJPfHtPqyKX8Rw3cyft32L3BgCgikiO 9cLbWn96jt0BkTXpMKCJMJ4= =QXwN -----END PGP SIGNATURE----- From owner-freebsd-pf@FreeBSD.ORG Fri Feb 10 14:14:50 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 747A616A420 for ; Fri, 10 Feb 2006 14:14:50 +0000 (GMT) (envelope-from tiagocruz@forumgdh.net) Received: from gdhs.guiadohardware.net (gdhs.guiadohardware.net [64.246.6.25]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0D66643D49 for ; Fri, 10 Feb 2006 14:14:49 +0000 (GMT) (envelope-from tiagocruz@forumgdh.net) Received: (qmail 18308 invoked by uid 15); 10 Feb 2006 14:14:47 -0000 Received: from unknown (HELO tuxkiller.matter.b4br.net) (tiagocruz@forumgdh.net@200.152.202.10) by 0 with SMTP; 10 Feb 2006 14:14:47 -0000 From: Tiago Cruz To: freebsd-pf@freebsd.org Content-Type: text/plain Date: Fri, 10 Feb 2006 12:14:47 -0200 Message-Id: <1139580887.23052.1.camel@localhost.localdomain> Mime-Version: 1.0 X-Mailer: Evolution 2.2.3 Content-Transfer-Encoding: 7bit Subject: Remap local addresses? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Feb 2006 14:14:50 -0000 Hello from all! I need to do this rule in my FreeBSD 6.0 running PF: iptables -t nat -A PREROUTING -d 192.168.0.0/24 -j NETMAP --to 192.168.1.0/24 My objective is this: "Does anybody know how to remap local addresses, if I want to connect two networks with an overlap in the private address range?" Thank you! -- Tiago Cruz http://linuxrapido.org Linux User #282636 "The box said: Requires MS Windows or better, so I installed Linux" From owner-freebsd-pf@FreeBSD.ORG Fri Feb 10 16:11:09 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6D39516A420 for ; Fri, 10 Feb 2006 16:11:09 +0000 (GMT) (envelope-from leccine@gmail.com) Received: from uproxy.gmail.com (uproxy.gmail.com [66.249.92.193]) by mx1.FreeBSD.org (Postfix) with ESMTP id C76F943D46 for ; Fri, 10 Feb 2006 16:11:08 +0000 (GMT) (envelope-from leccine@gmail.com) Received: by uproxy.gmail.com with SMTP id m2so449965ugc for ; Fri, 10 Feb 2006 08:11:07 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:user-agent:x-accept-language:mime-version:to:subject:content-type:content-transfer-encoding; b=J4UXEM5Cq7wMQo2pnNgRDlEbZO1tVHcO9Cfwa7zSh4/SmWq8o68FXtQ/ZVC5+exKoZuAPpYkAgYqauXDR8FU8CJYRLlz0eGo50RSihQpQBno4wUqT2tEUmhBus6AsU3R4bBFgfWUJqxmZOJirVLa2JC7UAYMfA6I7Qax7XfusqI= Received: by 10.49.10.14 with SMTP id n14mr2919776nfi; Fri, 10 Feb 2006 08:11:06 -0800 (PST) Received: from ?192.168.0.2? ( [80.99.15.9]) by mx.gmail.com with ESMTP id l38sm1244284nfc.2006.02.10.08.11.05; Fri, 10 Feb 2006 08:11:06 -0800 (PST) Message-ID: <43ECBB14.5070303@gmail.com> Date: Fri, 10 Feb 2006 17:11:00 +0100 From: =?ISO-8859-2?Q?Szuk=E1cs_Istv=E1n?= User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; hu-HU; rv:1.7.12) Gecko/20050915 Mnenhy/0.7.3.0 X-Accept-Language: hu MIME-Version: 1.0 To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=ISO-8859-2; format=flowed Content-Transfer-Encoding: 7bit Subject: intresting error(bug?) X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Feb 2006 16:11:09 -0000 i have a freebsd 5.4 server ifconfig fxp0: flags=8843 mtu 1500 options=8 inet 195.xxx.157.214 netmask 0xffffffe0 broadcast 195.228.157.223 inet6 fe80::211:11ff:fe56:ec80%fxp0 prefixlen 64 scopeid 0x1 inet6 3ffe:401c:430::1 prefixlen 64 ether 00:11:11:56:ec:80 media: Ethernet autoselect (100baseTX ) status: active nat on $ext_if from 127.1.0.0/16 to any -> ($ext_if) i just realised that in my jail every second connection is working. i check the pfctl -ss self tcp 127.1.0.1:53321 -> 10.0.0.4:61360 -> 195.228.157.253:6667 SYN_SENT:CLOSED wtf?? why 10.0.0.4? The last week we tested some vpn-s here and then i use this ip temporary for testing, after i delete it ifconfig fxp0 add -alias 10.0.0.4 0xffffff00 but the pf use it for NAT like it is still exists there i changed my rules nat on $ext_if from 127.1.0.0/16 to any -> 195.xxx.157.214 now it is working but my question is why pf still use this ip even it is no more exists there (i reloaded the ruleset and flushed the state table before) (sorry for my english) From owner-freebsd-pf@FreeBSD.ORG Sat Feb 11 21:48:22 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9167416A422 for ; Sat, 11 Feb 2006 21:48:22 +0000 (GMT) (envelope-from patrik@astrom.net) Received: from hera.corecomp.se (hera.corecomp.se [213.131.156.102]) by mx1.FreeBSD.org (Postfix) with SMTP id D2C6E43D49 for ; Sat, 11 Feb 2006 21:48:20 +0000 (GMT) (envelope-from patrik@astrom.net) Received: (qmail 32850 invoked by uid 0); 11 Feb 2006 21:48:14 -0000 Received: from 127.0.0.1 by hera.corecomp.se (envelope-from , uid 0) with qmail-scanner-1.25 (clamdscan: 0.81/690. spamassassin: 2.64. Clear:RC:1(127.0.0.1):. Processed in 0.031698 secs); 11 Feb 2006 21:48:14 -0000 Received: from localhost.corecomp.se (HELO localhost) (127.0.0.1) by localhost.corecomp.se with SMTP; 11 Feb 2006 21:48:14 -0000 Date: Sat, 11 Feb 2006 22:48:14 +0100 (CET) From: =?ISO-8859-1?Q?Patrik_=C5str=F6m?= To: freebsd-pf@freebsd.org Message-ID: <20060211223658.L86585@hera.corecomp.se> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: Time/Timer based rules wit PF ? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Feb 2006 21:48:22 -0000 Hi all, I have a FBSD 6.0R Firewall running PF, I would like to have a setup that allows my kids to have say 90 minutes of Internet time per day. My thought was that I could put there IP addresses in a table efter say 90 minute. It there away for me to keep track of how long they have been out on external addresses ?, I would also like them to be able to "save" time so if they spend say 45 minutes in the morning they could use the rest later the same day ! Is there away with PF or with PF + 3rd party applications that would allow me to do this ?. Most gratefull for any hints or suggestions . Regards Patrik Astrom Stockholm, Sweden From owner-freebsd-pf@FreeBSD.ORG Sat Feb 11 22:17:10 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 958DD16A420 for ; Sat, 11 Feb 2006 22:17:10 +0000 (GMT) (envelope-from mvetsalo@sevcable.net) Received: from relay1.sevcable.net (relay1.sevcable.net [193.58.251.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id A41F743D46 for ; Sat, 11 Feb 2006 22:17:08 +0000 (GMT) (envelope-from mvetsalo@sevcable.net) Received: from [172.24.3.246] ([172.24.3.246]) by ns.sevcable.net (8.11.6/8.11.6) with ESMTP id k1BMH5H04491; Sun, 12 Feb 2006 00:17:05 +0200 From: Maxim Vetsalo To: freebsd-pf@freebsd.org Date: Sun, 12 Feb 2006 00:17:22 +0200 User-Agent: KMail/1.8.1 References: <20060211223658.L86585@hera.corecomp.se> In-Reply-To: <20060211223658.L86585@hera.corecomp.se> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Message-Id: <200602120017.22763.mvetsalo@sevcable.net> X-Virus-Scanned: ClamAV version 0.86.2, clamav-milter version 0.86 on ns.sevcable.net X-Virus-Status: Clean Cc: Subject: Re: Time/Timer based rules wit PF ? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: mvetsalo@sevcable.net List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Feb 2006 22:17:10 -0000 Hello! I think, you need to set up some "logon" service, which will allow you to=20 determine connection time.=20 When kid want to use Internet, he (she) connect to logon server, which will= =20 serve as router. You can use some kind of VPN server for it. Then, you need= =20 to set up connection time control and use it to disconnect kid form logon=20 server and close Internet access after 90 minutes of active connection. Cheers, Maxim. =20 On Saturday 11 February 2006 23:48, Patrik =C5str=F6m wrote: > Hi all, > > I have a FBSD 6.0R Firewall running PF, I would like to have a setup that > allows my kids to have say 90 minutes of Internet time per day. My thought > was that I could put there IP addresses in a table efter say 90 minute. > > It there away for me to keep track of how long they have been out on > external addresses ?, I would also like them to be able to "save" time so > if they spend say 45 minutes in the morning they could use the rest > later the same day ! > > Is there away with PF or with PF + 3rd party applications that would allow > me to do this ?. > > Most gratefull for any hints or suggestions . > > Regards > Patrik Astrom > Stockholm, Sweden > > > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org"