Re: Network severely unstable 10.0-PRERELEASE
Gleb == Gleb Smirnoff gleb...@freebsd.org writes: B Have been running this without the rule change, to see if it B doesn't introduce any adverse effects. So far so good. When I'm B back from holiday (this Saturday), I'll enable the bad keyword. Gleb Good! Waiting for your feedback. Thanks! Hi Glebius, No problems so far, have been running this for a few days. Please commit! -- All the best, Berend de Boer pgp04_gHjzOV8.pgp Description: OpenPGP Digital Signature
Re: Network severely unstable 10.0-PRERELEASE
Gleb == Gleb Smirnoff gleb...@freebsd.org writes: Gleb Can you please try attached patch? I hope it'll fix the Gleb panic. Have been running this without the rule change, to see if it doesn't introduce any adverse effects. So far so good. When I'm back from holiday (this Saturday), I'll enable the bad keyword. Gleb No idea on how good will your rule work, however. I have no idea either! A bit harder to test, the goal was to make games/voip udp work a bit better without having to allocate ports. I think I could just write: nat on egress from any to any - (egress) round-robin sticky-address instead of what I have now: nat pass on egress proto udp from any port $voip_ports to any - (egress) static-port nat pass on egress from any to any - (egress) sticky-address -- All the best, Berend de Boer pgpKtvmdA5uZp.pgp Description: OpenPGP Digital Signature
Re: Network severely unstable 10.0-PRERELEASE
On Thu, Jan 02, 2014 at 08:16:21AM +1300, Berend de Boer wrote: B Gleb Can you please try attached patch? I hope it'll fix the B Gleb panic. B B Have been running this without the rule change, to see if it doesn't B introduce any adverse effects. So far so good. When I'm back from B holiday (this Saturday), I'll enable the bad keyword. Good! Waiting for your feedback. Thanks! -- Totus tuus, Glebius. ___ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to freebsd-pf-unsubscr...@freebsd.org
Re: Network severely unstable 10.0-PRERELEASE
Berend, On Mon, Dec 30, 2013 at 03:48:07PM +1300, Berend de Boer wrote: B Gleb == Gleb Smirnoff gleb...@freebsd.org writes: B B Gleb Can you share a vmcore from paniced FreeBSD 10 system and B Gleb kernel binary? B B My kernel config attached, freshly compiled from 10-STABLE, svn B revision 260055. Can you please try attached patch? I hope it'll fix the panic. No idea on how good will your rule work, however. -- Totus tuus, Glebius. Index: sys/netpfil/pf/pf_lb.c === --- sys/netpfil/pf/pf_lb.c (revision 260055) +++ sys/netpfil/pf/pf_lb.c (working copy) @@ -663,6 +663,7 @@ notrans: uma_zfree(V_pf_state_key_z, *nkp); uma_zfree(V_pf_state_key_z, *skp); *skp = *nkp = NULL; + *sn = NULL; return (NULL); } ___ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to freebsd-pf-unsubscr...@freebsd.org
Re: Network severely unstable 10.0-PRERELEASE
Gleb == Gleb Smirnoff gleb...@freebsd.org writes: Gleb Can you share a vmcore from paniced FreeBSD 10 system and Gleb kernel binary? My kernel config attached, freshly compiled from 10-STABLE, svn revision 260055. BMACH Description: Binary data The kernel + vmcore are at http://www.berenddeboer.net/tmp/ -- All the best, Berend de Boer ___ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to freebsd-pf-unsubscr...@freebsd.org
Re: Network severely unstable 10.0-PRERELEASE
On Thu, Dec 26, 2013 at 08:32:53AM +1300, Berend de Boer wrote: B Gleb Does the system panic the same way as described in B Gleb misc/182141) on 10.0? B B Indeed, no change. Purely a kernel issue. Repeatable since FreeBSD B 9.x, across 10.x, across 32-bit and 64-bit. B B There's a related issue: B B http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/182557 B B Let me know if you need anything else from me. B B I've just grabbed the latest FreeBSD 10 sources, and recompiling now. B B Next Monday I'm able to enable the bug triggering keyword again (not B now, all the family is here and wants a stable network :-) ). What is the bug triggering keyword? Can you please provide a minimal configuration that reproduced the bug? -- Totus tuus, Glebius. ___ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to freebsd-pf-unsubscr...@freebsd.org
Re: Network severely unstable 10.0-PRERELEASE
On Thu, Dec 26, 2013 at 02:17:38PM +0400, Gleb Smirnoff wrote: T On Thu, Dec 26, 2013 at 08:32:53AM +1300, Berend de Boer wrote: T B Gleb Does the system panic the same way as described in T B Gleb misc/182141) on 10.0? T B T B Indeed, no change. Purely a kernel issue. Repeatable since FreeBSD T B 9.x, across 10.x, across 32-bit and 64-bit. T B T B There's a related issue: T B T B http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/182557 T B T B Let me know if you need anything else from me. T B T B I've just grabbed the latest FreeBSD 10 sources, and recompiling now. T B T B Next Monday I'm able to enable the bug triggering keyword again (not T B now, all the family is here and wants a stable network :-) ). T T What is the bug triggering keyword? Can you please provide a minimal T configuration that reproduced the bug? Already see it in the kern/182557. Thanks! -- Totus tuus, Glebius. ___ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to freebsd-pf-unsubscr...@freebsd.org
Re: Network severely unstable 10.0-PRERELEASE
Gleb == Gleb Smirnoff gleb...@freebsd.org writes: Gleb Can you share a vmcore from paniced FreeBSD 10 system and Gleb kernel binary? Yes, what kernel options do I need to compile in to get you this? -- All the best, Berend de Boer pgpSf32MU4UVc.pgp Description: OpenPGP Digital Signature
Re: Network severely unstable 10.0-PRERELEASE
On Fri, Dec 27, 2013 at 01:55:31PM +1300, Berend de Boer wrote: B Gleb == Gleb Smirnoff gleb...@freebsd.org writes: B B Gleb Can you share a vmcore from paniced FreeBSD 10 system and B Gleb kernel binary? B B Yes, what kernel options do I need to compile in to get you this? http://www.freebsd.org/doc/en/books/developers-handbook/kerneldebug.html#kerneldebug-obtain -- Totus tuus, Glebius. ___ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to freebsd-pf-unsubscr...@freebsd.org
Re: Network severely unstable 10.0-PRERELEASE
On Mon, Dec 23, 2013 at 07:56:02AM +1300, Berend de Boer wrote: B pf has not worked well for me after version 8. Certain rules crash the B kernel B (http://www.freebsd.org/cgi/query-pr.cgi?pr=misc/182141). Avoiding B these rules gave me something that at least kept the system alive on a B 10-CURRENT. Does the system panic the same way as described in misc/182141) on 10.0? If it does, I'm willing to debug that. -- Totus tuus, Glebius. ___ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to freebsd-pf-unsubscr...@freebsd.org
Re: Network severely unstable 10.0-PRERELEASE
Gleb == Gleb Smirnoff gleb...@freebsd.org writes: Gleb Does the system panic the same way as described in Gleb misc/182141) on 10.0? Indeed, no change. Purely a kernel issue. Repeatable since FreeBSD 9.x, across 10.x, across 32-bit and 64-bit. There's a related issue: http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/182557 Let me know if you need anything else from me. I've just grabbed the latest FreeBSD 10 sources, and recompiling now. Next Monday I'm able to enable the bug triggering keyword again (not now, all the family is here and wants a stable network :-) ). -- All the best, Berend de Boer pgpTT6u1uWLXZ.pgp Description: OpenPGP Digital Signature
Network severely unstable 10.0-PRERELEASE
Hi All, pf has not worked well for me after version 8. Certain rules crash the kernel (http://www.freebsd.org/cgi/query-pr.cgi?pr=misc/182141). Avoiding these rules gave me something that at least kept the system alive on a 10-CURRENT. But since the RC versions my system stays up for only a few days, before I need a reboot as network connectivity gets reset. It's the modem (pppoe), every few minutes all tcp (?) connections get dropped somehow. A reboot fixes it for a week or so. I have no clue how to debug this. But I'm getting pretty scared of pf, and going back to ipfw might seem best. What are people's thoughts on pf in FreeBSD, does it have a future? Are there people working on pf? Should I simply forget about it, and go back to ipfw? -- All the best, Berend de Boer pgpvyg0FPu0g2.pgp Description: OpenPGP Digital Signature
Re: Network severely unstable 10.0-PRERELEASE
--- Original message --- From: Berend de Boer ber...@pobox.com Date: 22 December 2013, 20:56:35 Hi All, pf has not worked well for me after version 8. Certain rules crash the kernel (http://www.freebsd.org/cgi/query-pr.cgi?pr=misc/182141). Avoiding these rules gave me something that at least kept the system alive on a 10-CURRENT. But since the RC versions my system stays up for only a few days, before I need a reboot as network connectivity gets reset. It's the modem (pppoe), every few minutes all tcp (?) connections get dropped somehow. A reboot fixes it for a week or so. I have no clue how to debug this. But I'm getting pretty scared of pf, and going back to ipfw might seem best. What are people's thoughts on pf in FreeBSD, does it have a future? Are there people working on pf? Should I simply forget about it, and go back to ipfw? It's just my IMHO and experience. Pf in 10 is good, especially in performance context (thx glebius@) but, unfortunately, yes you should forgot about pf if you are planning to use not only firewalling but shaper/prioritization too due to poor performance/flexibility of ALTQ, especially in case of complex network topologies. Or you can use OpenBSD with new prio queueing mechanism Cheers, w ___ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to freebsd-pf-unsubscr...@freebsd.org
