strange "throttling" issue with pf on xDSL connection
Patrick Proniewski
patpro at patpro.net
Tue Aug 14 19:23:43 UTC 2007
Hi all,
On 02 août 2007, at 08:24, Daniel Hartmeier wrote:
> On Wed, Aug 01, 2007 at 05:42:19PM +0200, Patrick Proniewski wrote:
>
>> While playing around with systat I've discovered that the transfer
>> rate can be as low as 20 KB/s and as high as 850 KB/s on a single
>> download from http://test-debit.free.fr, but the mean value will
>> always be around 120-150 KB/s when pf is active. From one sample to
>> another (every second), the transfer rate is very erratic.
>> If I disable pf on ext_if (set skip on $ext_if), the transfer rate
>> reaches quickly 850 KB/s and is almost stable. It decreases to
>> 400-450 KB/s for 1 or 2 seconds, 3 or 4 times per minute.
>
> Enable pf debug logging (pfctl -xm), note output of pfctl -si,
> reproduce
> the problem. Then run pfctl -si again. See /var/log/messages for lines
> from pf. Post all three outputs ;)
logging and other forensic methods were of no help here, but I've
made several tests, commenting and un-commenting pf rules. I've found
the guilty piece of rule.
my pf.conf used to have this rule:
pass out on $ext_if proto tcp all modulate state flags S/SA
I've changed options to:
pass out on $ext_if proto tcp all flags S/SA keep state
then my bandwidth is no longer throttled !
Looks like the servers/networks I'm connected to do not like
"modulate state".
regards,
pat
More information about the freebsd-pf
mailing list