From owner-freebsd-pf@FreeBSD.ORG Mon Feb 15 21:11:45 2010 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7309F106566B; Mon, 15 Feb 2010 21:11:45 +0000 (UTC) (envelope-from Albert.Shih@obspm.fr) Received: from smtp-int-m.obspm.fr (smtp-int-m.obspm.fr [145.238.187.15]) by mx1.freebsd.org (Postfix) with ESMTP id 0EDB88FC08; Mon, 15 Feb 2010 21:11:44 +0000 (UTC) Received: from obspm.fr (pcjas.obspm.fr [145.238.184.233]) by smtp-int-m.obspm.fr (8.14.3/8.14.3/SIO Observatoire de Paris - 07/2009) with ESMTP id o1FLBfMo009454 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Mon, 15 Feb 2010 22:11:43 +0100 Date: Mon, 15 Feb 2010 22:11:41 +0100 From: Albert Shih To: freebsd-net@freebsd.org, freebsd-pf@freebsd.org Message-ID: <20100215211141.GK96648@obspm.fr> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.5.20 (2009-06-14) X-Miltered: at smtp-int-m.obspm.fr with ID 4B79B88D.000 by Joe's j-chkmail (http : // j-chkmail dot ensmp dot fr)! X-j-chkmail-Enveloppe: 4B79B88D.000/145.238.184.233/pcjas.obspm.fr/obspm.fr/ X-j-chkmail-Score: MSGID : 4B79B88D.000 on smtp-int-m.obspm.fr : j-chkmail score : . : R=. U=. O=. B=0.010 -> S=0.010 X-j-chkmail-Status: Ham Cc: Subject: Possible bug in TSO or in pf on bce X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Feb 2010 21:11:45 -0000 Hi all, I'm not a tcp/ip guru, so I don't known if it's a bug or not. The situation is little complexe, so I'm going to explain that. I've one server with tree interfaces two bce and one bge. All test is on two bce. This server running FreeBSD-7.2-p6 and have lot of jail (but the problem is the same for one jail, so I assume I've just one jail). The bce0 and bce1 are in different vlan. The jail is on bce1 (meaning the jail IP is on the bce1 subnet). The default gateway is on bce0 So to make all traffic of the jail pass only throught bce1 and not using bce0 I'm using pf with something like pass out route-to (bce1 bce1_subnet_gw) from jail_IP to ! bce1_subnet keep state pass in on bce1 reply-to (bce1 bce1_subnet_gw) from ! bce1_subnet to jail_IP keep state if I do that all traffic pass through the right interface (bce1), but...the bandwith drop to ~60kb/s (on gigabit interface). So I find the problem is with TSO, if I deactivated the TSO the bandwith is return to normal. I don't knwon if it's a bug in PF (the problem is same if I use scrub or not) or in the TSO support of bce. I can run some few tests if someone like to debug, but because the server is in production I cannot make lot of test. Regards. JAS -- Albert SHIH SIO batiment 15 Observatoire de Paris Meudon 5 Place Jules Janssen 92195 Meudon Cedex Téléphone : 01 45 07 76 26/06 86 69 95 71 Heure local/Local time: Lun 15 fév 2010 22:10:52 CET