From owner-freebsd-pf@FreeBSD.ORG Fri Nov 19 15:32:45 2010 Return-Path: Delivered-To: freebsd-pf@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 99E08106566C for ; Fri, 19 Nov 2010 15:32:45 +0000 (UTC) (envelope-from Holger.Rauch@empic.de) Received: from zaphod.cra.heitec.net (zaphod.cra.heitec.net [93.93.254.227]) by mx1.freebsd.org (Postfix) with SMTP id 09A908FC24 for ; Fri, 19 Nov 2010 15:32:44 +0000 (UTC) Received: from MX2.heitec.net ([10.65.102.32]) by eSafe SMTP Relay 1290092420; Fri, 19 Nov 2010 16:21:34 +0100 Received: from MX1.heitec.net ([fe80::7cee:e37c:f13b:cff3]) by MX2.heitec.net ([fe80::e514:6b3f:2ac5:2381%18]) with mapi; Fri, 19 Nov 2010 16:21:34 +0100 From: Holger Rauch To: "freebsd-pf@FreeBSD.org" Thread-Topic: PF from OpenBSD 4.5 available as patch for 8.1-STABLE? Thread-Index: AcuH/XK1GdbXuzyMRZOt4+P/vO3hvw== Date: Fri, 19 Nov 2010 15:21:33 +0000 Message-ID: <1989F0C06F24544989EB233736143E7C01F7A6CC@MX1.heitec.net> Accept-Language: en-US, de-DE Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-ESAFE-STATUS: [esafe] Mail clean X-ESAFE-DETAILS: [esafe] Cc: Subject: PF from OpenBSD 4.5 available as patch for 8.1-STABLE? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Nov 2010 15:32:45 -0000 Hi, is there such a patch? The reason why I ask for it is: I'm currently experiencing saturated network interfaces when using gigabi= t networking in conjunction with certain Linux driver<->NIC combos for Br= oadcom chips against the PF version shipped with FreeBSD 8.1 stable runni= ng on a HP ProLiant DL 180 G5 server. The problem only occurs with high throughputs (at least 30 MBytes/sec) ca= used by scp/rsync. Up to now, I've come accross this issue with Broadcom Corporation NetLink BCM5787M Gigabit Ethernet PCI Express (rev = 02) (tg3 driver in Linux) and Broadcom Corporation NetXtreme II BCM5709 Gigabit Ethernet (rev 20) (bnx2 driver in Linux; this is used in various HP ProLiant servers) But it doesn't occur with Intel chips and also not with this chip Broadcom Corporation NetXtreme BCM5764M Gigabit Ethernet PCIe (rev 10) (tg3 driver in Linux). With those NICs I can transfer 50-60 MBytes/sec vi= a scp/rsync without any problem. I've also tried different Linux kernel versions (2.6.26 and 2.6.32). Didn= 't make a difference. On FreeBSD systems, I get around 22 MByte/sec when transferring files via= scp. Furthermore, changing the PF rules from "modulate state" to "keep s= tate" has also had a positive impact. I now workarounded the problem by c= hanging all scp based cron jobs to rsync using ssh in conjunction with rs= ync's --bwlimit option. Thanks in advance & kind regards, Holger THE standard software for Aviation Authorities *************************************************************************= ********************* IMPORTANT NOTICE / WICHTIGER HINWEIS This communication contains information which is confidential and may als= o be privileged. It is for the=20 exclusive use of the intended recipient(s). If you are not the intended r= ecipient(s) please note that any=20 distribution, copying or use of this communication or the information in = it is strictly prohibited. If you have=20 received this communication in error please notify us immediately by emai= l or by telephone and then delete=20 this email and any copies of it. Diese E-Mail koennte vertrauliche und/oder rechtlich geschuetzte Informat= ionen enthalten. Wenn Sie nicht=20 der richtige Adressat sind oder diese E-Mail irrtuemlich erhalten haben, = informieren Sie bitte sofort den=20 Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die= unbefugte Weitergabe dieser=20 Mail sind nicht gestattet. *************************************************************************= *********************