I have a test setup with direct internet connection Reail_IP_A and netgraph
tunnel with Real_IP_B. I have used a reply-to pf ruleset to sent all the
traffic back via tunnel, if it came via tunnel: pass in quick on $tunnel_if
reply-to ($tunnel_if 10.1.0.1) \ proto tcp from any to Real_IP_B port 443 And
it works at least in r258468. After harware change/reboot yesterday I got
strange performance via netgraph tunnel. Investigation shows clear: this is not
tunnel itself, because endpoint can saturate wire speed, but when we run
routable schema we got very low throughput. Deeper analyzing shows packet
duplication from reply-to, looks like that: 09:36:59.576405 IP Real_IP_B.443 >
Testbed.43775: Flags [.], seq 523587:525035, ack 850, win 1040, options
[nop,nop,TS val 3415853201 ecr 44833816], length 1448 09:36:59.576413 IP
Real_IP_B.443 > Testbed.43775: Flags [.], seq 523587:525035, ack 850, win 1040,
options [nop,nop,TS val 3415853201 ecr 44833816], length 1448 09:36:59.577583
IP Testbed.4
3775 > Real_IP_B.443: Flags [.], ack 525035, win 1018, options [nop,nop,TS val
44834046 ecr 3415853201], length 0 09:36:59.577713 IP Testbed.43775 >
Real_IP_B.443: Flags [.], ack 525035, win 1040, options [nop,nop,TS val
44834046 ecr 3415853201], length 0
_______________________________________________
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
