From owner-freebsd-net@freebsd.org Tue Oct 13 08:58:42 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 9943B43AC5F; Tue, 13 Oct 2020 08:58:42 +0000 (UTC) (envelope-from emz@norma.perm.ru) Received: from elf.hq.norma.perm.ru (mail.norma.perm.ru [128.127.146.8]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "mail.norma.perm.ru", Issuer "Let's Encrypt Authority X3" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4C9Twt1FWDz4RvQ; Tue, 13 Oct 2020 08:58:37 +0000 (UTC) (envelope-from emz@norma.perm.ru) Received: from bsdrookie.norma.com. (net147.234.188-221.ertelecom.ru [188.234.147.221] (may be forged)) by elf.hq.norma.perm.ru (8.15.2/8.15.2) with ESMTPS id 09D8x7qV014013 (version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NO); Tue, 13 Oct 2020 13:59:08 +0500 (+05) (envelope-from emz@norma.perm.ru) To: freebsd-net@freebsd.org Cc: freebsd-stable From: "Eugene M. Zheganin" Subject: pf and hnX interfaces Message-ID: <7166d87e-7547-6be8-42a7-b0957ca4f543@norma.perm.ru> Date: Tue, 13 Oct 2020 13:58:22 +0500 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:68.0) Gecko/20100101 Thunderbird/68.8.0 MIME-Version: 1.0 Content-Type: text/plain; charset=koi8-r; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-Rspamd-Server: elf.hq.norma.perm.ru X-Rspamd-Queue-Id: 4C9Twt1FWDz4RvQ X-Spamd-Bar: ++++++ Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=pass (policy=none) header.from=perm.ru; spf=pass (mx1.freebsd.org: domain of emz@norma.perm.ru designates 128.127.146.8 as permitted sender) smtp.mailfrom=emz@norma.perm.ru X-Spamd-Result: default: False [6.13 / 15.00]; MID_RHS_MATCH_FROM(0.00)[]; ARC_NA(0.00)[]; RECEIVED_SPAMHAUS_PBL(0.00)[188.234.147.221:received]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; R_SPF_ALLOW(0.00)[+a]; MIME_GOOD(-0.10)[text/plain]; HFILTER_HELO_IP_A(1.00)[elf.hq.norma.perm.ru]; HFILTER_HELO_NORES_A_OR_MX(0.30)[elf.hq.norma.perm.ru]; NEURAL_SPAM_MEDIUM(1.01)[1.005]; BAD_REP_POLICIES(0.10)[]; RBL_VIRUSFREE_BOTNET(2.00)[128.127.146.8:from]; NEURAL_SPAM_SHORT(0.81)[0.811]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(0.00)[perm.ru,none]; NEURAL_SPAM_LONG(1.01)[1.010]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:57401, ipnet:128.127.146.0/24, country:RU]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-net,freebsd-stable]; RCVD_COUNT_TWO(0.00)[2] X-Spam: Yes X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Oct 2020 08:58:42 -0000 Hello, I'm running a FreeBSD 12.1 server as a VM under Hyper-V. And although this letter will make an impression of another lame post blaming FreeBSD for all of the issues while the author should blame himselm, I'm atm out of another explanation. The thing is: I'm getting loads of sendmail errors like: ===Cut=== Oct 13 13:49:33 gw1 sm-mta[95760]: 09D8mN2P092173: SYSERR(root): putbody: write error: Permission denied Oct 13 13:49:33 gw1 sm-mta[95760]: 09D8mN2P092173: SYSERR(root): timeout writing message to .mail.protection.outlook.com.: Permission denied ===Cut=== The relay address is just random. The thing is, I can successfully connect to it via telnet. Even send some commands. But when this is done by senamil - and when it's actually sending messages, I get random errors. Firstly I was blaming myself and trying to get the rule that actually blocks something. I ended up having none of the block rules without log clause, and in the same time tcpdump -netti pflog0 shows no droppen packets, but sendmail still eventually complains. If it matters, I have relatively high rps on this interface, about 25 Kpps. I've also found several posting mentionsing that hnX is badly handling the TSO and LRO mode, so I switched it off. No luck however, with vlanhwtag and vlanmtu, which for some reason just cannot be switched off. the if_hn also lacks a man page for some reason, so it's unclear how to tweak it right. And the most mysterious partš - when I switch the pf off, the errors stops to appear. This would clearly mean that pf blocks some packets, but then again, this way the pflog0 would show them up, right (and yes - it's "UP" )? Is there some issue with pf and hn interfaces that I'm unaware about? Are these symptoms of a bug ? Thanks. Eugene.