From owner-freebsd-net@FreeBSD.ORG Tue Feb 1 01:33:29 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6ACC416A4CF; Tue, 1 Feb 2005 01:33:29 +0000 (GMT) Received: from postfix4-1.free.fr (postfix4-1.free.fr [213.228.0.62]) by mx1.FreeBSD.org (Postfix) with ESMTP id 274F743D55; Tue, 1 Feb 2005 01:33:29 +0000 (GMT) (envelope-from tataz@tataz.chchile.org) Received: from tatooine.tataz.chchile.org (vol75-8-82-233-239-98.fbx.proxad.net [82.233.239.98]) by postfix4-1.free.fr (Postfix) with ESMTP id 8F96128B10F; Tue, 1 Feb 2005 02:33:27 +0100 (CET) Received: by tatooine.tataz.chchile.org (Postfix, from userid 1000) id EEDFF407C; Tue, 1 Feb 2005 02:33:10 +0100 (CET) Date: Tue, 1 Feb 2005 02:33:10 +0100 From: Jeremie Le Hen To: freebsd-net@freebsd.org Message-ID: <20050201013310.GI60177@obiwan.tataz.chchile.org> References: <20050128110731.GU59685@obiwan.tataz.chchile.org> <20050130144006.GA58883@obiwan.tataz.chchile.org> <20050201002034.GF60177@obiwan.tataz.chchile.org> <20050201010512.GH60177@obiwan.tataz.chchile.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050201010512.GH60177@obiwan.tataz.chchile.org> User-Agent: Mutt/1.5.6i cc: darrenr@FreeBSD.org Subject: Re: DUMMYNET broken on 4.11 (was: dummynet and vr(4)/egress broken in 4.11 ?) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Feb 2005 01:33:29 -0000 On Tue, Feb 01, 2005 at 02:05:12AM +0100, Jeremie Le Hen wrote: > On Tue, Feb 01, 2005 at 01:20:34AM +0100, Jeremie Le Hen wrote: > > > I'll give a try to a 4.10 kernel ASAP. > > > > I compiled the lastest kernel from RELENG_4_10 CVS branch and DUMMYNET > > pipes works well. I am able to use one pipe on my external interface > > egress without breaking TCP streams. > > > > I'm now recompiling the lastest kernel from the RELENG_4 branch to test > > the same configuration but I'm pretty sure it won't work. > > > > Any ideas of what could break this ? > > I run the lastest 4.11 kernel and using exactly the same configuration > breaks my TCP streams coming from my internal network. As I said, I took the lastest kernel from RELENG_4. DUMMYNET pipes will break any TCP stream coming from my internal network (which are thus NATed by IPFilter), but not the ones originated from the router itself. I checked the differences between RELENG_4_10 and RELENG_4 : o netinet/ nothing relevant o net/ nothing relevant o contrib/ipfilter/ could be the point given that IPFilter was updated from 3.4.31 to 3.4.35 and problems occur only when packets are NATed So I did: %%% # cd /sys/contrib/ipfilter # cvs up -r RELENG_4_10 -dP # config; make depend; make; make install ... %%% And it works ! So changes in IPFilter between 4.10 and 4.11 obviously broke DUMMYNET pipes (see my^H^Hthe entire thread for more details). Good night. Best regards, -- Jeremie Le Hen jeremie@le-hen.org