From owner-freebsd-pf@FreeBSD.ORG Mon Jun 25 11:07:25 2012 Return-Path: Delivered-To: freebsd-pf@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9FA69106566B for ; Mon, 25 Jun 2012 11:07:25 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 891728FC14 for ; Mon, 25 Jun 2012 11:07:25 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q5PB7PDL078416 for ; Mon, 25 Jun 2012 11:07:25 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q5PB7O7A078414 for freebsd-pf@FreeBSD.org; Mon, 25 Jun 2012 11:07:24 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 25 Jun 2012 11:07:24 GMT Message-Id: <201206251107.q5PB7O7A078414@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-pf@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-pf@FreeBSD.org X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Jun 2012 11:07:25 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/168952 pf [pf] direction scrub rules don't work o kern/168200 pf [pf] pf crashes when receiving packets from an address o kern/168190 pf [pf] panic when using pf and route-to (maybe: bad frag s kern/167057 pf [pf] PF firewall version 4.5 in FreeBSD 9.0 & 8.2 nolo o kern/166336 pf [pf] kern.securelevel 3 +pf reload o kern/165315 pf [pf] States never cleared in PF with DEVICE_POLLING o kern/164402 pf [pf] pf crashes with a particular set of rules when fi o kern/164271 pf [pf] not working pf nat on FreeBSD 9.0 [regression] o kern/163208 pf [pf] PF state key linking mismatch o kern/160370 pf [pf] Incorrect pfctl check of pf.conf o kern/155736 pf [pf] [altq] borrow from parent queue does not work wit o kern/153307 pf [pf] Bug with PF firewall o kern/148290 pf [pf] "sticky-address" option of Packet Filter (PF) blo o kern/148260 pf [pf] [patch] pf rdr incompatible with dummynet o kern/147789 pf [pf] Firewall PF no longer drops connections by sendin o kern/143543 pf [pf] [panic] PF route-to causes kernel panic o bin/143504 pf [patch] outgoing states are not killed by authpf(8) o conf/142961 pf [pf] No way to adjust pidfile in pflogd o conf/142817 pf [patch] etc/rc.d/pf: silence pfctl o kern/141905 pf [pf] [panic] pf kernel panic on 7.2-RELEASE with empty o kern/140697 pf [pf] pf behaviour changes - must be documented o kern/137982 pf [pf] when pf can hit state limits, random IP failures o kern/136781 pf [pf] Packets appear to drop with pf scrub and if_bridg o kern/135948 pf [pf] [gre] pf not natting gre protocol o kern/135162 pf [pfsync] pfsync(4) not usable with GENERIC kernel o kern/134996 pf [pf] Anchor tables not included when pfctl(8) is run w o kern/133732 pf [pf] max-src-conn issue o kern/132769 pf [pf] [lor] 2 LOR's with pf task mtx / ifnet and rtent f kern/132176 pf [pf] pf stalls connection when using route-to [regress o conf/130381 pf [rc.d] [pf] [ip6] ipv6 not fully configured when pf st o kern/129861 pf [pf] [patch] Argument names reversed in pf_table.c:_co o kern/127920 pf [pf] ipv6 and synproxy don't play well together o conf/127814 pf [pf] The flush in pf_reload in /etc/rc.d/pf does not w o kern/127439 pf [pf] deadlock in pf o kern/127121 pf [pf] [patch] pf incorrect log priority o kern/127042 pf [pf] [patch] pf recursion panic if interface group is o kern/125467 pf [pf] pf keep state bug while handling sessions between s kern/124933 pf [pf] [ip6] pf does not support (drops) IPv6 fragmented o kern/124364 pf [pf] [panic] Kernel panic with pf + bridge o kern/122773 pf [pf] pf doesn't log uid or pid when configured to o kern/122014 pf [pf] [panic] FreeBSD 6.2 panic in pf o kern/120281 pf [pf] [request] lost returning packets to PF for a rdr o kern/120057 pf [pf] [patch] Allow proper settings of ALTQ_HFSC. The c o bin/118355 pf [pf] [patch] pfctl(8) help message options order false o kern/114567 pf [pf] [lor] pf_ioctl.c + if.c s conf/110838 pf [pf] tagged parameter on nat not working on FreeBSD 5. o kern/103283 pf pfsync fails to sucessfully transfer some sessions o kern/103281 pf pfsync reports bulk update failures o kern/93825 pf [pf] pf reply-to doesn't work o sparc/93530 pf [pf] Incorrect checksums when using pf's route-to on s o kern/92949 pf [pf] PF + ALTQ problems with latency o bin/86635 pf [patch] pfctl(8): allow new page character (^L) in pf. o kern/82271 pf [pf] cbq scheduler cause bad latency 53 problems total. From owner-freebsd-pf@FreeBSD.ORG Thu Jun 28 12:35:51 2012 Return-Path: Delivered-To: pf@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E5FD21065672 for ; Thu, 28 Jun 2012 12:35:51 +0000 (UTC) (envelope-from glebius@FreeBSD.org) Received: from cell.glebius.int.ru (glebius.int.ru [81.19.64.117]) by mx1.freebsd.org (Postfix) with ESMTP id 6CEFF8FC0A for ; Thu, 28 Jun 2012 12:35:51 +0000 (UTC) Received: from cell.glebius.int.ru (localhost [127.0.0.1]) by cell.glebius.int.ru (8.14.5/8.14.5) with ESMTP id q5SCZo7t097752 for ; Thu, 28 Jun 2012 16:35:50 +0400 (MSK) (envelope-from glebius@FreeBSD.org) Received: (from glebius@localhost) by cell.glebius.int.ru (8.14.5/8.14.5/Submit) id q5SCZoWZ097751 for pf@freebsd.org; Thu, 28 Jun 2012 16:35:50 +0400 (MSK) (envelope-from glebius@FreeBSD.org) X-Authentication-Warning: cell.glebius.int.ru: glebius set sender to glebius@FreeBSD.org using -f Date: Thu, 28 Jun 2012 16:35:50 +0400 From: Gleb Smirnoff To: pf@FreeBSD.org Message-ID: <20120628123550.GF21957@FreeBSD.org> References: <20120608061737.GA28197@glebius.int.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <20120608061737.GA28197@glebius.int.ru> User-Agent: Mutt/1.5.21 (2010-09-15) Cc: Subject: Re: [CFT] SMP-friendly pf X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Jun 2012 12:35:52 -0000 Hello, again. On Fri, Jun 08, 2012 at 10:17:37AM +0400, Gleb Smirnoff wrote: T> Three and a half months ago I've started on a project "SMP-friendly pf", T> which recently have entered alpha stage. As you see from the subject of this T> mail, this is call for testing. I'm bit disappointed that my announce get so little response. Anyway, here are some results from running in production. This time on a busy router, that got a noticable load during busiest hours. It has complex ruleset with almost 400 rules, 21 vlan(4) interfaces running on top of lagg(4) and serves about 30 subnets of different size. Some subnets are behind NAT, and some or simple routed. The router usually got somewhere between 20k to 60k states and 120k pf searches per second, with peaks up to 140k searches. It has 4 cores and runs igb(4) NICs. After migrating to experimental pf branch on, the CPU load during busiest hours has dropped significantly: http://people.freebsd.org/~glebius/pflock/pflock-migration.png A more recent pic (taken right now): http://people.freebsd.org/~glebius/pflock/pflock-migration2.png Each high peak is a working day (in Russia in June we have had a 6 day week followed by 3 day week). The thin red peak is buildworld+buildkernel, and after it the box was rebooted and since runs with SMP-friendly pf. As you may notice, after migration the working day peaks are much lower than before. Traffic volume is the same, I've checked this :) I hope these results would encourage someone to participate in early testing. :) -- Totus tuus, Glebius. From owner-freebsd-pf@FreeBSD.ORG Thu Jun 28 15:14:59 2012 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 16D04106566B for ; Thu, 28 Jun 2012 15:14:59 +0000 (UTC) (envelope-from mehmasarja@gmail.com) Received: from mail-pb0-f54.google.com (mail-pb0-f54.google.com [209.85.160.54]) by mx1.freebsd.org (Postfix) with ESMTP id DB84D8FC19 for ; Thu, 28 Jun 2012 15:14:58 +0000 (UTC) Received: by pbbro2 with SMTP id ro2so3486044pbb.13 for ; Thu, 28 Jun 2012 08:14:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=+hNZrymMsCn7cbENNjKJ3TjZ7mqY11IZQvTyj1f51bg=; b=G3ygRJPx2sI9850d4jC0jhkFmM8PBXIaAzydHtuF98X5V+nvzqwTYjQUWjaIaMyw8Q WiMuldR7HWUa6AVXxafsBRl4ZP1RAHLQtrMKkwcSFrBGCOaNSMUZkGM2IPmzLNMlTlRY mKtjouU7q4B2gm7Gaa7/jHK4qSoQoOsVygx+dLE1b5e2pUAa/tozvkBjAaZEE28BlI5o DrBmDjDZFN3XbdK/w5HwJCs8jUNHuxoAo3oTe2ZATSxunPHVXbCUQBApYv/wjkEidrl1 EJlKFQEAHiqfB09CfkXeVDjaYnp7SAFNw8ba2LVOhlopKiM5l98p0l08Ha10SC0JhuX+ qGgA== Received: by 10.68.217.166 with SMTP id oz6mr8197446pbc.136.1340896498734; Thu, 28 Jun 2012 08:14:58 -0700 (PDT) Received: from [192.168.100.195] (71-84-7-219.dhcp.trlk.ca.charter.com. [71.84.7.219]) by mx.google.com with ESMTPS id iu6sm2376071pbc.35.2012.06.28.08.14.56 (version=SSLv3 cipher=OTHER); Thu, 28 Jun 2012 08:14:57 -0700 (PDT) Message-ID: <4FEC74F0.1070106@gmail.com> Date: Thu, 28 Jun 2012 08:14:56 -0700 From: Mehma Sarja User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:12.0) Gecko/20120428 Thunderbird/12.0.1 MIME-Version: 1.0 To: freebsd-pf@freebsd.org References: <20120608061737.GA28197@glebius.int.ru> <20120628123550.GF21957@FreeBSD.org> In-Reply-To: <20120628123550.GF21957@FreeBSD.org> Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [CFT] SMP-friendly pf X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Jun 2012 15:14:59 -0000 On 6/28/12 5:35 AM, Gleb Smirnoff wrote: > http://people.freebsd.org/~glebius/pflock/pflock-migration.png > > A more recent pic (taken right now): > > http://people.freebsd.org/~glebius/pflock/pflock-migration2.png > That is a significant cpu useage difference. I am guessing most people don't need to deal with the loads you do and hence the lack of interest. Mehma From owner-freebsd-pf@FreeBSD.ORG Fri Jun 29 12:11:57 2012 Return-Path: Delivered-To: freebsd-pf@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DC14C10656A8; Fri, 29 Jun 2012 12:11:57 +0000 (UTC) (envelope-from glebius@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id AF47C8FC18; Fri, 29 Jun 2012 12:11:57 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q5TCBvO2067984; Fri, 29 Jun 2012 12:11:57 GMT (envelope-from glebius@freefall.freebsd.org) Received: (from glebius@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q5TCBvZe067980; Fri, 29 Jun 2012 12:11:57 GMT (envelope-from glebius) Date: Fri, 29 Jun 2012 12:11:57 GMT Message-Id: <201206291211.q5TCBvZe067980@freefall.freebsd.org> To: hugo@barafranca.com, glebius@FreeBSD.org, freebsd-pf@FreeBSD.org From: glebius@FreeBSD.org Cc: Subject: Re: kern/168200: [pf] pf crashes when receiving packets from an address in a table X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Jun 2012 12:11:58 -0000 Synopsis: [pf] pf crashes when receiving packets from an address in a table State-Changed-From-To: open->closed State-Changed-By: glebius State-Changed-When: Fri Jun 29 12:11:37 UTC 2012 State-Changed-Why: Fixed in head & stable/9. http://www.freebsd.org/cgi/query-pr.cgi?pr=168200 From owner-freebsd-pf@FreeBSD.ORG Fri Jun 29 12:20:13 2012 Return-Path: Delivered-To: freebsd-pf@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 23ACA1065670 for ; Fri, 29 Jun 2012 12:20:13 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 0E5948FC08 for ; Fri, 29 Jun 2012 12:20:13 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q5TCKCWu069996 for ; Fri, 29 Jun 2012 12:20:12 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q5TCKCTO069995; Fri, 29 Jun 2012 12:20:12 GMT (envelope-from gnats) Date: Fri, 29 Jun 2012 12:20:12 GMT Message-Id: <201206291220.q5TCKCTO069995@freefall.freebsd.org> To: freebsd-pf@FreeBSD.org From: dfilter@FreeBSD.ORG (dfilter service) Cc: Subject: Re: kern/168200: commit references a PR X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: dfilter service List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Jun 2012 12:20:13 -0000 The following reply was made to PR kern/168200; it has been noted by GNATS. From: dfilter@FreeBSD.ORG (dfilter service) To: bug-followup@FreeBSD.org Cc: Subject: Re: kern/168200: commit references a PR Date: Fri, 29 Jun 2012 12:11:53 +0000 (UTC) Author: glebius Date: Fri Jun 29 12:11:31 2012 New Revision: 237776 URL: http://svn.freebsd.org/changeset/base/237776 Log: Merge r236364 from head by eri@: Correct table counter functionality to not panic. This was caused by not proper initialization of necessary parameters. PR: 168200 Reviewed by: bz@, glebius@ MFC after: 1 week Modified: stable/9/sys/contrib/pf/net/pf_ioctl.c stable/9/sys/contrib/pf/net/pf_table.c stable/9/sys/contrib/pf/net/pfvar.h Directory Properties: stable/9/sys/ (props changed) stable/9/sys/contrib/pf/ (props changed) Modified: stable/9/sys/contrib/pf/net/pf_ioctl.c ============================================================================== --- stable/9/sys/contrib/pf/net/pf_ioctl.c Fri Jun 29 12:08:26 2012 (r237775) +++ stable/9/sys/contrib/pf/net/pf_ioctl.c Fri Jun 29 12:11:31 2012 (r237776) @@ -298,7 +298,7 @@ init_zone_var(void) V_pf_altq_pl = V_pf_pooladdr_pl = NULL; V_pf_frent_pl = V_pf_frag_pl = V_pf_cache_pl = V_pf_cent_pl = NULL; V_pf_state_scrub_pl = NULL; - V_pfr_ktable_pl = V_pfr_kentry_pl = NULL; + V_pfr_ktable_pl = V_pfr_kentry_pl = V_pfr_kcounters_pl = NULL; } void @@ -317,6 +317,7 @@ cleanup_pf_zone(void) UMA_DESTROY(V_pf_cent_pl); UMA_DESTROY(V_pfr_ktable_pl); UMA_DESTROY(V_pfr_kentry_pl); + UMA_DESTROY(V_pfr_kcounters_pl); UMA_DESTROY(V_pf_state_scrub_pl); UMA_DESTROY(V_pfi_addr_pl); } @@ -337,6 +338,7 @@ pfattach(void) UMA_CREATE(V_pf_pooladdr_pl, struct pf_pooladdr, "pfpooladdrpl"); UMA_CREATE(V_pfr_ktable_pl, struct pfr_ktable, "pfrktable"); UMA_CREATE(V_pfr_kentry_pl, struct pfr_kentry, "pfrkentry"); + UMA_CREATE(V_pfr_kcounters_pl, struct pfr_kcounters, "pfrkcounters"); UMA_CREATE(V_pf_frent_pl, struct pf_frent, "pffrent"); UMA_CREATE(V_pf_frag_pl, struct pf_fragment, "pffrag"); UMA_CREATE(V_pf_cache_pl, struct pf_fragment, "pffrcache"); Modified: stable/9/sys/contrib/pf/net/pf_table.c ============================================================================== --- stable/9/sys/contrib/pf/net/pf_table.c Fri Jun 29 12:08:26 2012 (r237775) +++ stable/9/sys/contrib/pf/net/pf_table.c Fri Jun 29 12:11:31 2012 (r237776) @@ -179,7 +179,6 @@ struct pfr_walktree { VNET_DEFINE(uma_zone_t, pfr_ktable_pl); VNET_DEFINE(uma_zone_t, pfr_kentry_pl); VNET_DEFINE(uma_zone_t, pfr_kcounters_pl); -#define V_pfr_kcounters_pl VNET(pfr_kcounters_pl) VNET_DEFINE(struct sockaddr_in, pfr_sin); #define V_pfr_sin VNET(pfr_sin) VNET_DEFINE(struct sockaddr_in6, pfr_sin6); Modified: stable/9/sys/contrib/pf/net/pfvar.h ============================================================================== --- stable/9/sys/contrib/pf/net/pfvar.h Fri Jun 29 12:08:26 2012 (r237775) +++ stable/9/sys/contrib/pf/net/pfvar.h Fri Jun 29 12:11:31 2012 (r237776) @@ -1868,6 +1868,8 @@ VNET_DECLARE(uma_zone_t, pfr_ktable_pl #define V_pfr_ktable_pl VNET(pfr_ktable_pl) VNET_DECLARE(uma_zone_t, pfr_kentry_pl); #define V_pfr_kentry_pl VNET(pfr_kentry_pl) +VNET_DECLARE(uma_zone_t, pfr_kcounters_pl); +#define V_pfr_kcounters_pl VNET(pfr_kcounters_pl) VNET_DECLARE(uma_zone_t, pf_cache_pl); #define V_pf_cache_pl VNET(pf_cache_pl) VNET_DECLARE(uma_zone_t, pf_cent_pl); _______________________________________________ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"