kern/132176: [pf] pf stalls connection when using route-to [regression]

Karsten Schmidt gugge at guggemand.dk
Wed May 27 19:07:48 UTC 2009 

Ermal Luçi skrev:
> On Tue, May 26, 2009 at 1:00 PM, Karsten Schmidt <gugge at guggemand.dk> wrote:
>   
>> The following reply was made to PR kern/132176; it has been noted by GNATS.
>>
>> From: Karsten Schmidt <gugge at guggemand.dk>
>> To: bug-followup at FreeBSD.org, link at ngc.net.ua
>> Cc:
>> Subject: Re: kern/132176: [pf] pf stalls connection when using route-to [regression]
>> Date: Tue, 26 May 2009 12:40:52 +0200
>>
>>  I have the same error on a 7.2 box with a bce device and vlans
>>
>>  #pf.conf
>>  # send all packets from x.x.x.128/26 to nonlocal addresses through x.x.x.129
>>  pass out quick route-to ( bce0.11 x.x.x.129 ) from x.x.x.128/26 to
>>  !x.x.x.128/26 no state
>>
>>  #default gateway
>>  91.208.16.1
>>
>>  #ifconfig
>>  bce0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
>>
>>  options=1bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4>
>>         ether 00:1f:29:06:85:28
>>         inet x.x.x.125 netmask 0xffffff80 broadcast x.x.x.127
>>         media: Ethernet autoselect (1000baseTX <full-duplex>)
>>         status: active
>>  bce0.11: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu
>>  1500
>>         options=3<RXCSUM,TXCSUM>
>>         ether 00:1f:29:06:85:28
>>         inet x.x.x.140 netmask 0xffffffc0 broadcast x.x.x.191
>>         media: Ethernet autoselect (1000baseTX <full-duplex>)
>>         status: active
>>         vlan: 11 parent interface: bce0
>>
>>  --
>>     
> Can you show your complete ruleset?
>
>   
After making a simple setup with no vlans, and only one ip on the bce0 
interface i tried a ruleset with only one rule.
#pass out route-to ( bce0 $defaultgate ) from $localip to any no state
Where $defaultgate is the gateway used without the rule too, and 
$localip is the only ip on the bce0 interface

This made scp transfers stall to a near halt too.

Trying different options it seems disabling TSO on bce0 works.
hw.bce.tso_enable=0 in loader.conf or simply ifconfig bce0 -tso makes 
the scp transfers run at full speed.

Checking with 7.1-RELEASE and 7.0-RELEASE-p4 its the same behavior, so i 
guess its not the samme error as kern/132176

-- 
Karsten

More information about the freebsd-pf mailing list