From owner-freebsd-pf@FreeBSD.ORG Tue Aug 31 23:25:18 2010 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3C5A410656A5 for ; Tue, 31 Aug 2010 23:25:18 +0000 (UTC) (envelope-from kevin.way@gmail.com) Received: from mail-vw0-f54.google.com (mail-vw0-f54.google.com [209.85.212.54]) by mx1.freebsd.org (Postfix) with ESMTP id DE6098FC15 for ; Tue, 31 Aug 2010 23:25:17 +0000 (UTC) Received: by vws7 with SMTP id 7so6952123vws.13 for ; Tue, 31 Aug 2010 16:25:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:content-type:subject :date:message-id:to:mime-version:x-mailer; bh=SpFZIQshmH6i57PjJmeVrTR2eDSCXyrKrW7vO8s11Ak=; b=xP5ZGw35OJW78sBv3SLzbrrszNaZxmJwomopKq7yIjciDEgt5VUhLRSpdH/PBB3K40 KV38ubSKAdURWvJBxXxJZEYn2SWgXBQszii/xRFoLBdD+alafE9qgduQ2AqaFihJxGlN XEaHG6pXKh5dLA/HlQsQSrh+wGLm72RvvJpcU= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:content-type:subject:date:message-id:to:mime-version:x-mailer; b=q7L5HfR/tGBSmd6iRhbg4vqpuelDtfIhhv8fvev/uOpzyLuB7Hy6ksK8/2sdjyg878 IT767AQvc8e+o3dMyIC9Ij89tqemWmL2ZtafIRU1l+JyymI4iJb47Bfv/WUM8uXk8lo1 +bsoX8NIJAXJkkVNRQRB1bJT4xnD8uWdQEggs= Received: by 10.220.122.87 with SMTP id k23mr3726085vcr.14.1283295481022; Tue, 31 Aug 2010 15:58:01 -0700 (PDT) Received: from [10.0.1.99] (c-69-141-57-107.hsd1.pa.comcast.net [69.141.57.107]) by mx.google.com with ESMTPS id m31sm3154671vcf.37.2010.08.31.15.57.59 (version=TLSv1/SSLv3 cipher=RC4-MD5); Tue, 31 Aug 2010 15:58:00 -0700 (PDT) From: Kevin Way Date: Tue, 31 Aug 2010 18:57:58 -0400 Message-Id: To: freebsd-pf@freebsd.org Mime-Version: 1.0 (Apple Message framework v1081) X-Mailer: Apple Mail (2.1081) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Performance problem w/pf using reply-to on FreeBSD 8.1 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Aug 2010 23:25:18 -0000 After upgrading to 8.1, I'm having a severe performance problem, that's = throttling connections down to about 5kb/sec. The same configuration = works flawlessly on 8.0. The rest of the ruleset works fine, our = problem is just with this one line. (uname -a) FreeBSD 8.1-RELEASE FreeBSD 8.1-RELEASE #0: Mon Jul 19 02:36:49 UTC 2010 root@mason.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64 (pf.conf) jailhost_if=3D"vlan34" jailhost_gateway=3D"10.11.34.1" jailhost_network=3D"10.11.34.0/24" pass in quick on $jailhost_if reply-to ($jailhost_if $jailhost_gateway) = \ from !$jailhost_network to $jailhost_network keep state label = "Jailhost inbound" (what happens almost instantly after a connection is initiated) # pfctl -vvsl | grep "Jailhost inbound" Jailhost inbound 35734 269954511 408697347239 134975646 10797967079 = 134978865 397899380160 Any help would be greatly appreciated. Regards, Kevin Way=