Date: Tue, 03 Dec 2013 14:09:14 +0200 From: Vladimir Sharun <atz@ukr.net> To: Gleb Smirnoff <glebius@freebsd.org> Cc: freebsd-current Current <freebsd-current@freebsd.org> Subject: Re[2]: pf reply-to malfunction after r258468 (seems r258479) Message-ID: <1386072554.761553777.docrlaks@frv45.ukr.net> In-Reply-To: <20131203115859.GU48919@FreeBSD.org> References: <1386064346.472994192.rxxiq2ll@frv45.ukr.net> <20131203115859.GU48919@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Dear Gleb, Is kernel rebuilding enuff ? Vladimir, On Tue, Dec 03, 2013 at 11:52:26AM +0200, Vladimir Sharun wrote: V> I have a test setup with direct internet connection Reail_IP_A and netgraph tunnel with Real_IP_B. V> I have used a reply-to pf ruleset to sent all the traffic back via tunnel, if V> it came via tunnel: V> V> pass in quick on $tunnel_if reply-to ($tunnel_if 10.1.0.1) \ V> proto tcp from any to Real_IP_B port 443 V> V> And it works at least in r258468. After harware change/reboot yesterday I got strange performance V> via netgraph tunnel. Investigation shows clear: this is not tunnel itself, because endpoint can V> saturate wire speed, but when we run routable schema we got very low throughput. Deeper analyzing V> shows packet duplication from reply-to, looks like that: V> 09:36:59.576405 IP Real_IP_B.443 > Testbed.43775: Flags [.], seq 523587:525035, ack 850, win 1040, options [nop,nop,TS val 3415853201 ecr 44833816], length 1448 V> 09:36:59.576413 IP Real_IP_B.443 > Testbed.43775: Flags [.], seq 523587:525035, ack 850, win 1040, options [nop,nop,TS val 3415853201 ecr 44833816], length 1448 V> 09:36:59.577583 IP Testbed.43775 > Real_IP_B.443: Flags [.], ack 525035, win 1018, options [nop,nop,TS val 44834046 ecr 3415853201], length 0 V> 09:36:59.577713 IP Testbed.43775 > Real_IP_B.443: Flags [.], ack 525035, win 1040, options [nop,nop,TS val 44834046 ecr 3415853201], length 0 I doubt that r258479 can cause a regression in reply-to. Can you please test r258478 and r258479 and confirm or decline that? -- Totus tuus, Glebius. _______________________________________________ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org" From owner-freebsd-current@FreeBSD.ORG Tue Dec 3 12:11:58 2013 Return-Path: <owner-freebsd-current@FreeBSD.ORG> Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 5CC97DE2 for <freebsd-current@freebsd.org>; Tue, 3 Dec 2013 12:11:58 +0000 (UTC) Received: from cell.glebius.int.ru (glebius.int.ru [81.19.69.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id BCB7D1E88 for <freebsd-current@freebsd.org>; Tue, 3 Dec 2013 12:11:57 +0000 (UTC) Received: from cell.glebius.int.ru (localhost [127.0.0.1]) by cell.glebius.int.ru (8.14.7/8.14.7) with ESMTP id rB3CBtLP062678 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 3 Dec 2013 16:11:55 +0400 (MSK) (envelope-from glebius@FreeBSD.org) Received: (from glebius@localhost) by cell.glebius.int.ru (8.14.7/8.14.7/Submit) id rB3CBtqs062677; Tue, 3 Dec 2013 16:11:55 +0400 (MSK) (envelope-from glebius@FreeBSD.org) X-Authentication-Warning: cell.glebius.int.ru: glebius set sender to glebius@FreeBSD.org using -f Date: Tue, 3 Dec 2013 16:11:55 +0400 From: Gleb Smirnoff <glebius@FreeBSD.org> To: Vladimir Sharun <atz@ukr.net> Subject: Re: pf reply-to malfunction after r258468 (seems r258479) Message-ID: <20131203121155.GV48919@glebius.int.ru> References: <1386064346.472994192.rxxiq2ll@frv45.ukr.net> <20131203115859.GU48919@FreeBSD.org> <1386072554.761553777.docrlaks@frv45.ukr.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1386072554.761553777.docrlaks@frv45.ukr.net> User-Agent: Mutt/1.5.22 (2013-10-16) Cc: freebsd-current Current <freebsd-current@freebsd.org> X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Discussions about the use of FreeBSD-current <freebsd-current.freebsd.org> List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-current>, <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current/>; List-Post: <mailto:freebsd-current@freebsd.org> List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help> List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, <mailto:freebsd-current-request@freebsd.org?subject=subscribe> X-List-Received-Date: Tue, 03 Dec 2013 12:11:58 -0000 On Tue, Dec 03, 2013 at 02:09:14PM +0200, Vladimir Sharun wrote: V> Dear Gleb, V> Is kernel rebuilding enuff ? Should be enough wrt pf(4), no API or ABI changes in it. -- Totus tuus, Glebius.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1386072554.761553777.docrlaks>