Date: Tue, 03 Dec 2013 19:54:08 +0200 From: Vladimir Sharun <atz@ukr.net> To: Gleb Smirnoff <glebius@freebsd.org> Cc: freebsd-current Current <freebsd-current@freebsd.org> Subject: Re[2]: pf reply-to malfunction after r258468 (seems r258479) Message-ID: <1386093248.507170714.54to5ae0@frv45.ukr.net> In-Reply-To: <20131203115859.GU48919@FreeBSD.org> References: <1386064346.472994192.rxxiq2ll@frv45.ukr.net> <20131203115859.GU48919@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Dear Gleb, Unfortunately can't boot both revisions kernel, it hangs on "trying to mount root from ssdzfs"Â (which is my zfs root). Vladimir, On Tue, Dec 03, 2013 at 11:52:26AM +0200, Vladimir Sharun wrote: V> I have a test setup with direct internet connection Reail_IP_A and netgraph tunnel with Real_IP_B. V> I have used a reply-to pf ruleset to sent all the traffic back via tunnel, if V> it came via tunnel: V> V> pass in quick on $tunnel_if reply-to ($tunnel_if 10.1.0.1) \ V> proto tcp from any to Real_IP_B port 443 V> V> And it works at least in r258468. After harware change/reboot yesterday I got strange performance V> via netgraph tunnel. Investigation shows clear: this is not tunnel itself, because endpoint can V> saturate wire speed, but when we run routable schema we got very low throughput. Deeper analyzing V> shows packet duplication from reply-to, looks like that: V> 09:36:59.576405 IP Real_IP_B.443 > Testbed.43775: Flags [.], seq 523587:525035, ack 850, win 1040, options [nop,nop,TS val 3415853201 ecr 44833816], length 1448 V> 09:36:59.576413 IP Real_IP_B.443 > Testbed.43775: Flags [.], seq 523587:525035, ack 850, win 1040, options [nop,nop,TS val 3415853201 ecr 44833816], length 1448 V> 09:36:59.577583 IP Testbed.43775 > Real_IP_B.443: Flags [.], ack 525035, win 1018, options [nop,nop,TS val 44834046 ecr 3415853201], length 0 V> 09:36:59.577713 IP Testbed.43775 > Real_IP_B.443: Flags [.], ack 525035, win 1040, options [nop,nop,TS val 44834046 ecr 3415853201], length 0 I doubt that r258479 can cause a regression in reply-to. Can you please test r258478 and r258479 and confirm or decline that? -- Totus tuus, Glebius. From owner-freebsd-current@FreeBSD.ORG Tue Dec 3 18:40:38 2013 Return-Path: <owner-freebsd-current@FreeBSD.ORG> Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id EF08DF73 for <freebsd-current@freebsd.org>; Tue, 3 Dec 2013 18:40:38 +0000 (UTC) Received: from cell.glebius.int.ru (glebius.int.ru [81.19.69.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 6553B18A5 for <freebsd-current@freebsd.org>; Tue, 3 Dec 2013 18:40:37 +0000 (UTC) Received: from cell.glebius.int.ru (localhost [127.0.0.1]) by cell.glebius.int.ru (8.14.7/8.14.7) with ESMTP id rB3IE0r5064408 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 3 Dec 2013 22:14:00 +0400 (MSK) (envelope-from glebius@FreeBSD.org) Received: (from glebius@localhost) by cell.glebius.int.ru (8.14.7/8.14.7/Submit) id rB3IE01n064407; Tue, 3 Dec 2013 22:14:00 +0400 (MSK) (envelope-from glebius@FreeBSD.org) X-Authentication-Warning: cell.glebius.int.ru: glebius set sender to glebius@FreeBSD.org using -f Date: Tue, 3 Dec 2013 22:14:00 +0400 From: Gleb Smirnoff <glebius@FreeBSD.org> To: Vladimir Sharun <atz@ukr.net> Subject: Re: pf reply-to malfunction after r258468 (seems r258479) Message-ID: <20131203181400.GA48919@glebius.int.ru> References: <1386064346.472994192.rxxiq2ll@frv45.ukr.net> <20131203115859.GU48919@FreeBSD.org> <1386093248.507170714.54to5ae0@frv45.ukr.net> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <1386093248.507170714.54to5ae0@frv45.ukr.net> User-Agent: Mutt/1.5.22 (2013-10-16) Cc: freebsd-current Current <freebsd-current@freebsd.org> X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Discussions about the use of FreeBSD-current <freebsd-current.freebsd.org> List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-current>, <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current/>; List-Post: <mailto:freebsd-current@freebsd.org> List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help> List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, <mailto:freebsd-current-request@freebsd.org?subject=subscribe> X-List-Received-Date: Tue, 03 Dec 2013 18:40:39 -0000 On Tue, Dec 03, 2013 at 07:54:08PM +0200, Vladimir Sharun wrote: V> Dear Gleb, V> Unfortunately can't boot both revisions kernel, it hangs on "trying to mount root from ssdzfs" (which is my zfs root). V> Vladimir, You can run the kernel that boots, but update only sys/netpfil/pf directory to suspected revision(s), if you think this is related to changes in pf. -- Totus tuus, Glebius.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1386093248.507170714.54to5ae0>