From owner-freebsd-current@FreeBSD.ORG  Tue Dec  3 08:31:22 2013
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 7C6E61B1
 for <freebsd-current@freebsd.org>; Tue,  3 Dec 2013 08:31:22 +0000 (UTC)
Received: from frv199.fwdcdn.com (frv199.fwdcdn.com [212.42.77.199])
 (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 338D81F91
 for <freebsd-current@freebsd.org>; Tue,  3 Dec 2013 08:31:21 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ukr.net;
 s=ffe; 
 h=Content-Type:MIME-Version:Message-Id:To:Subject:From:Date;
 bh=eCs4Bqqlq4iVv5dAOX1nbMNFT1ecNguaVemhiXKf8YA=; 
 b=KzYu6qy/L/6hggQjBJ7OQlNpY+mKOD3MACjVqul/dWF1MZGSKT+efIppOo8dJ1vLWy1K8MESXVFIdjT3OZkOBQsztT6s4Ep6a/HOIqUEtgEDEC/b2aesEIxctmvVoyz5S8ZU/356Dnnym54UiQz8n9l8LeXKV670kSvizClnME8=;
Received: from [10.10.10.45] (helo=frv45.ukr.net)
 by frv199.fwdcdn.com with smtp ID 1VnlNv-000JJi-Qk
 for freebsd-current@freebsd.org; Tue, 03 Dec 2013 10:31:11 +0200
Date: Tue, 03 Dec 2013 10:31:11 +0200
From: Vladimir Sharun <atz@ukr.net>
Subject: pf reply-to malfunction after r258468 (seems r258479)
To: freebsd-current Current <freebsd-current@freebsd.org>
X-Mailer: mail.ukr.net 5.0
Message-Id: <1386059471.355638511.emzdei8w@frv45.ukr.net>
Received: from atz@ukr.net by frv45.ukr.net; Tue, 03 Dec 2013 10:31:11 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: binary
Content-Disposition: inline
X-Content-Filtered-By: Mailman/MimeDel 2.1.17
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
 <freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current/>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
 <mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Dec 2013 08:31:22 -0000

I have a test setup with direct internet connection Reail_IP_A and netgraph tunnel with Real_IP_B. I have used a reply-to pf ruleset to sent all the traffic back via tunnel, if it came via tunnel: pass in quick on $tunnel_if reply-to ($tunnel_if 10.1.0.1) \ proto tcp from any to Real_IP_B port 443 And it works at least in r258468. After harware change/reboot yesterday I got strange performance via netgraph tunnel. Investigation shows clear: this is not tunnel itself, because endpoint can saturate wire speed, but when we run routable schema we got very low throughput. Deeper analyzing shows packet duplication from reply-to, looks like that: 09:36:59.576405 IP Real_IP_B.443 > Testbed.43775: Flags [.], seq 523587:525035, ack 850, win 1040, options [nop,nop,TS val 3415853201 ecr 44833816], length 1448 09:36:59.576413 IP Real_IP_B.443 > Testbed.43775: Flags [.], seq 523587:525035, ack 850, win 1040, options [nop,nop,TS val 3415853201 ecr 44833816], length 1448 09:36:59.577583 IP Testbed.4
 3775 > Real_IP_B.443: Flags [.], ack 525035, win 1018, options [nop,nop,TS val 44834046 ecr 3415853201], length 0 09:36:59.577713 IP Testbed.43775 > Real_IP_B.443: Flags [.], ack 525035, win 1040, options [nop,nop,TS val 44834046 ecr 3415853201], length 0 
From owner-freebsd-current@FreeBSD.ORG  Tue Dec  3 10:31:03 2013
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id B3380FCD
 for <freebsd-current@freebsd.org>; Tue,  3 Dec 2013 10:31:03 +0000 (UTC)
Received: from frv189.fwdcdn.com (frv189.fwdcdn.com [212.42.77.189])
 (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 68CA21714
 for <freebsd-current@freebsd.org>; Tue,  3 Dec 2013 10:31:03 +0000 (UTC)
Received: from [10.10.1.29] (helo=frv197.fwdcdn.com)
 by frv189.fwdcdn.com with esmtp ID 1Vnmej-000M8o-RP
 for freebsd-current@freebsd.org; Tue, 03 Dec 2013 11:52:37 +0200
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ukr.net;
 s=ffe; 
 h=Content-Type:MIME-Version:Message-Id:To:Subject:From:Date;
 bh=M8C8GscTW8DjAiVS52mR8TTI1fEjaQlyi4f4W28JGeA=; 
 b=hoBVuMiAZELFAOzgI/vzJ4ZEfY8Sm1Y61UUEH1/lGbit7tUQ3sYxWkHl1r0ezJMjqcjYvQ9DPuG80FpPijiYjMJ8+8tjCClrF9P+frM3D3iIksPm6W68HjJZ1QyDkP3PNqtKBrckPvOWs/3Mmnv98qDrGHAfxAWLNxktxVULN2w=;
Received: from [10.10.10.45] (helo=frv45.ukr.net)
 by frv197.fwdcdn.com with smtp ID 1VnmeY-000BIJ-V7
 for freebsd-current@freebsd.org; Tue, 03 Dec 2013 11:52:26 +0200
Date: Tue, 03 Dec 2013 11:52:26 +0200
From: Vladimir Sharun <atz@ukr.net>
Subject: pf reply-to malfunction after r258468 (seems r258479)
To: freebsd-current Current <freebsd-current@freebsd.org>
X-Mailer: mail.ukr.net 5.0
Message-Id: <1386064346.472994192.rxxiq2ll@frv45.ukr.net>
Received: from atz@ukr.net by frv45.ukr.net; Tue, 03 Dec 2013 11:52:26 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: binary
Content-Disposition: inline
X-Content-Filtered-By: Mailman/MimeDel 2.1.17
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
 <freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current/>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
 <mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Dec 2013 10:31:03 -0000

I have a test setup with direct internet connection Reail_IP_A and netgraph tunnel with Real_IP_B. 
I have used a reply-to pf ruleset to sent all the traffic back via tunnel, if 
it came via tunnel: 

pass in quick on $tunnel_if reply-to ($tunnel_if 10.1.0.1) \ 
proto tcp from any to Real_IP_B port 443 

And it works at least in r258468. After harware change/reboot yesterday I got strange performance 
via netgraph tunnel. Investigation shows clear: this is not tunnel itself, because endpoint can 
saturate wire speed, but when we run routable schema we got very low throughput. Deeper analyzing 
shows packet duplication from reply-to, looks like that: 
09:36:59.576405 IP Real_IP_B.443 > Testbed.43775: Flags [.], seq 523587:525035, ack 850, win 1040, options [nop,nop,TS val 3415853201 ecr 44833816], length 1448 
09:36:59.576413 IP Real_IP_B.443 > Testbed.43775: Flags [.], seq 523587:525035, ack 850, win 1040, options [nop,nop,TS val 3415853201 ecr 44833816], length 1448 
09:36:59.577583 IP Testbed.43775 > Real_IP_B.443: Flags [.], ack 525035, win 1018, options [nop,nop,TS val 44834046 ecr 3415853201], length 0 
09:36:59.577713 IP Testbed.43775 > Real_IP_B.443: Flags [.], ack 525035, win 1040, options [nop,nop,TS val 44834046 ecr 3415853201], length 0