'4.2-current macppc (install42.iso Sept 16th) pf altq'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openbsd-bugs
Subject:    4.2-current macppc (install42.iso Sept 16th) pf altq
From:       "Andrew Klaus" <andrewklaus () gmail ! com>
Date:       2007-09-23 4:28:27
Message-ID: 32e63b220709222128j1cf4edebvfe27a12a7502b765 () mail ! gmail ! com
[Download RAW message or body]

Hey guys. Came across a problem on my macppc that should be brought up..

I installed from the install42.iso (created on September 16th), with no
changes to kernel config (excluding cachepct = 45). Hope it's enough info,
as I know mac systems are pretty standard across the board when it comes to
the parts they use.

Platform: Mac Mini 1.5ghz G4 (cpu0 at mainbus0: 7447A (Revision 0x105): 1499
MHz: 512KB L2 cache)  <output taken from my 4.1 install>
                gem0 at pci2 dev 15 function 0 "Apple Uni-N2 GMAC" rev 0x80:
irq 41, address 00:14:51:2d:79:4c


Seems that the altq doesn't work at all when trying to setup on a vlan (did
not try on the REAL interface, as this was not an option), getting the
following: Segmentation fault (core dumped)

Commenting out every rule that adds to the queue, it loads fine. I left the
Setup of the queue uncommented, and didn't cause the Segfault.

I rolled-back to 4.1-release and everything works perfectly. My apologies
that I wasn't able to grab more output from my original -current install,
but figured It was worth bringing up anyways..

If you need any more info, let me know!

Here's my config:
---------- pf.conf:

ext_if="vlan2"
int_if="vlan3"

#host macros

#Servers (10.0.3.1-10.0.3.9)
aria="10.0.3.1"
xenm="10.0.3.2"
pndr="10.0.3.3"
trnt="10.0.3.3"
wifi="10.0.3.4"
voip="10.0.3.9"

#Desktops (10.0.3.10+)
aplt="10.0.3.10"
trnt2="10.0.3.10"

# Server Ports
tcp_aria="{22,23,80,113,123}" # 113=ident
udp_aria="{123,4569}" # 4569=IAX
tcp_pndr="{2112,55000:56000}"
udp_pndr="{ }"

all_trnt2="{54935}"             #Torrent Ports
all_trnt="{55000:55200}"

# Desktop Ports
tcp_aplt="{ }"
udp_aplt="{ }"

### For Queue ###
admin_ports="{ 22,23 }"
web_ports="{ 25, 53, 80, 110, 143, 1863, 5222, 443, 6667 }"
#5222,443=googletalk
upload_ports="{ 20, 21, 2112, 54935, 54999 >< 55201 }"

#tunnel protocols
tun_protos="{gre,ipencap,encap,esp}"

#tables (use instead of defining ip's in macro)
table <non_route> const         { 10/8, 172.16/12, 192.168/16, 169.254/16 }
table <bgp> persist
unfiltered="{bridge, lo, vlan3}"

#### OPTIONS ####

set ruleset-optimization profile
set optimization conservative
set timeout { adaptive.start 8000, adaptive.end 9999 }


#scrubbing & pf options
scrub on $ext_if no-df reassemble tcp
scrub out on $ext_if random-id

scrub on gif max-mss 1360 #useful for tunnel

## Out ##

## hfsc ##
altq on $ext_if hfsc bandwidth 800Kb queue out_q
queue out_q hfsc priority 5 bandwidth 800Kb { tcp_q, admin_o, default_o,
web_o, upload_o, tunnel_o }
        queue tcp_q hfsc (realtime 50Kb, upperlimit 100Kb) bandwidth 100Kb
priority 7
        queue admin_o hfsc(realtime 30Kb, upperlimit 750Kb) bandwidth 62Kb
priority 6
        queue default_o hfsc(default, realtime 256Kb, upperlimit 750Kb)
bandwidth 438Kb priority 5
        queue web_o hfsc(realtime 128Kb, upperlimit 600Kb) bandwidth 24Kb
priority 4
        queue upload_o hfsc(red, realtime 16Kb, upperlimit 750Kb) bandwidth
14Kb priority 3
#        queue tunnel_o hfsc(realtime 100Kb, upperlimit 600Kb) bandwidth
100Kb priority 2


#### rdr and NAT ####
# no nat on tunnels #
no nat on $int_if inet from 10/8 to 10/8
no rdr on $int_if inet from 10/8 to 10/8

# no nat for everything #
no nat from 10/8 to 10/8
no rdr from 10/8 to 10/8

# Squid #
rdr on $int_if inet proto tcp from 10/8 to any port www -> lo0 port 3128
#rdr on $int_if inet proto tcp from 10/8 to any port www -> 10.0.3.161 port
3128

## FTP-Proxy ##
nat-anchor "ftp-proxy/*"
rdr-anchor "ftp-proxy/*"

## NAT ##
nat on $ext_if inet from 10/8 to any -> $ext_if

### Service RDRs ###
#rdr on $ext_if proto tcp from any to $ext_if port 81 -> lo0 port 80
rdr on $ext_if proto tcp from any to $ext_if port $tcp_pndr -> $pndr
#rdr on $ext_if proto udp from any to $ext_if port $udp_pndr -> $pndr

rdr on $ext_if proto {tcp,udp} from any to $ext_if port $all_trnt -> $trnt
rdr on $ext_if proto {tcp,udp} from any to $ext_if port $all_trnt2 -> $trnt2

#rdr on $ext_if proto tcp to port $tcp_aplt -> $aplt
#rdr on $ext_if proto udp to port $udp_aplt -> $aplt

#### Filtering Rules ####

## Uncomment For Testing ##
#pass in quick all
#pass out quick all

# For Local Testing Network ##
#pass quick on $unfiltered

## Block it all ##
block log all

pass on $unfiltered

# ftp-proxy #
anchor "ftp-proxy/*"
pass out proto tcp from $ext_if to any port 21 keep state
pass in on $int_if inet proto tcp from any to any port 21 keep state
pass out on em0 inet proto tcp from any to any keep state
pass out on em0 proto icmp from any to any


# Squid #
pass in on $int_if inet proto tcp from any to 127.0.0.1 port 3128 keep state
pass out on $ext_if inet proto tcp from any to any port www keep state

#### Out Rules ####
pass in on $int_if proto tcp from $pndr to any port {0:79,81:442,444:65535}
tag TRNT_OUT modulate state
pass in on $int_if proto udp from $pndr to any port {0:79,81:442,444:65535}
tag TRNT_OUT keep state

pass out log (to pflog2) on $ext_if proto tcp all modulate state queue
(default_o, tcp_q)
pass out log (to pflog2) on $ext_if proto udp all keep state queue default_o
pass out log (to pflog2) on $ext_if proto icmp all keep state queue
default_o
pass out log (to pflog1) on $ext_if proto tcp from any port $admin_ports
keep state queue (admin_o, tcp_q)
pass out log (to pflog1) on $ext_if proto tcp from any port $upload_ports to
any keep state queue upload_o
pass out log (to pflog1) on $ext_if proto tcp from any port $web_ports keep
state queue (web_o, tcp_q)

pass out log (to pflog1) on $ext_if proto tcp to any modulate state tagged
TRNT_OUT queue upload_o
pass out log (to pflog1) on $ext_if proto udp to any keep state tagged
TRNT_OUT queue upload_o

## Services ##
pass in  on $ext_if proto { tcp, udp } from any to any port $web_ports keep
state queue web_o
pass in  on $ext_if proto { tcp, udp } from any to any port $admin_ports
keep state queue admin_o
pass in log (to pflog1) on $ext_if proto tcp from any to any port
$upload_ports keep state queue upload_o
pass in log (to pflog2) on $ext_if proto icmp from any to any keep state
queue default_o

pass in on $ext_if proto tcp to port $tcp_aria keep state
pass in on $ext_if proto udp to port $udp_aria keep state

pass in on $ext_if proto tcp to $pndr port $tcp_pndr keep state queue
upload_o
#pass in on $ext_if proto udp to $pndr port $udp_pndr keep state

pass in on $ext_if proto tcp to $trnt port $all_trnt keep state queue
upload_o
pass in on $ext_if proto tcp to $trnt port $all_trnt2 keep state queue
upload_o

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic