From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:56:38 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id F15CE16A4CF; Thu, 16 Sep 2004 03:56:38 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 45542 invoked by uid 1005); 14 Nov 2003 10:11:25 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 45539 invoked from network); 14 Nov 2003 10:11:24 -0000 Received: from moutng.kundenserver.de (212.227.126.186) by pd95307cb.dip.t-dialin.net with SMTP; 14 Nov 2003 10:11:24 -0000 Received: from [212.227.126.152] (helo=mxng01.kundenserver.de) by moutng0.kundenserver.de with esmtp (Exim 3.35 #1) id 1AKasG-00020j-00 for max@vampire.homelinux.org; Fri, 14 Nov 2003 11:08:20 +0100 Received: from [211.218.149.125] (helo=ns.kt-is.co.kr) by mxng01.kundenserver.de with esmtp (Exim 3.35 #1) id 1AKas4-0005P3-00 for max@love2party.net; Fri, 14 Nov 2003 11:08:09 +0100 Received: from michelle.kt-is.co.kr ([211.55.51.210]) (authenticated bits=128) by ns.kt-is.co.kr (8.12.10/8.12.10) with ESMTP id hAEA52Ah065378 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Fri, 14 Nov 2003 19:05:02 +0900 (KST) Received: from michelle.kt-is.co.kr (localhost.kt-is.co.kr [127.0.0.1]) by michelle.kt-is.co.kr (8.12.9/8.12.9) with ESMTP id hAEA75WV032834 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 14 Nov 2003 19:07:05 +0900 (KST) (envelope-from yongari@kt-is.co.kr) Received: (from yongari@localhost) by michelle.kt-is.co.kr (8.12.9/8.12.9/Submit) id hAEA74Vm032833; Fri, 14 Nov 2003 19:07:04 +0900 (KST) (envelope-from yongari@kt-is.co.kr) From: Pyun YongHyeon To: pf4freebsd@freelists.org Message-ID: <20031114100704.GB32359@kt-is.co.kr> References: <3FB2ACA6.7030302@kasimir.com> <20031112220709.GO17343@insomnia.benzedrine.cx> <3FB2B203.1030704@kasimir.com> <3FB2B5AB.50601@kasimir.com> <20031113163911.GR17343@insomnia.benzedrine.cx> <3FB3EBBA.5070405@kasimir.com> <20031114092424.GA32359@kt-is.co.kr> <20031114093317.GB20224@insomnia.benzedrine.cx> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20031114093317.GB20224@insomnia.benzedrine.cx> User-Agent: Mutt/1.4.1i X-Filter-Version: 1.11a (ns.kt-is.co.kr) X-Provags-Forward: ad1e83286d02b5e55817d47b0d69ba84 X-UID: 335 X-Length: 3646 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:59:49 +0000 Subject: Re: [pf4freebsd] Re: nfsd send error 1 probably caused by pf ? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: yongari@kt-is.co.kr List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:56:39 -0000 X-Original-Date: Fri, 14 Nov 2003 19:07:04 +0900 X-List-Received-Date: Thu, 16 Sep 2004 03:56:39 -0000 On Fri, Nov 14, 2003 at 10:33:17AM +0100, Daniel Hartmeier wrote: > On Fri, Nov 14, 2003 at 06:24:24PM +0900, Pyun YongHyeon wrote: > > > It seems that your problem is reproducable on my SMP machine. > > I used a single rule 'pass out on xl0 keep state'. > > However, I can't see 'nfsd send error' message. nfs client > > works well even though pf still outputs 'BAD state' message. > > Are you running nfsd on the pf machine? If pf is blocking outgoing Yes. > packets due to state mismatches (BAD state messages), and the process > trying to send the blocked packets is running on the pf box, it gets a > an error code from the stack. If nfsd is reporting those errors, that > would imply you'd have to run nfsd on the pf box (not the nfs client). > If the theory is correct up to this point, that is ;) > Yes. Florian C. Smeets reported a error message "nfsd send error 1" error code 1 is EPERM and this might come from pf's blocking. At present, I think, actual cause may be in somewhere in H/W checksum offload routine in FreeBSD pf. I need more investigation. Thanks for your comment. > Daniel > Regards, Pyun YongHyeon -- Pyun YongHyeon