This is why I wont be reporting any more bugs.
-
Should have grabbed some more popcorn I guess…
@chrcoluk: Things like the traffic shaping wizard have been used by tens of thousands of users. Don't you think someone would have noticed before you that "rules created by traffic shaper wizard dont do anything"? It's not exactly a fringe use case when you look at the traffic shaping subforum.
Why's this thread even in this section? Cannot see any mention of 2.4 in either of your "bug" reports.
-
TREY GOWDY: PIN DROP SPEECH
https://www.youtube.com/watch?v=N0dCTvX0wzsYou can watch the whole thing or go right to this time mark for some really good points re: communication and persuasion.
https://youtu.be/N0dCTvX0wzs?t=384"You also need a very effective manner or method of communication. In other words you need to learn how to persuade."
"You want to persuade, change people's minds to come around to your of thinking on whatever issue it is?"
"I will tell you what doesn't work. Insulting people."
"Insulting people does not work if your objective is to persuade.""When I see a bumper sticker that says 'Don't blame me, I didn't vote for the idiot.' Do you think that is persuasive?"
"You know what happens when you're insulted? You become even more dogmatic in holding your incorrect belief than you were before you were insulted. So if your goal is to persuade you shouldn't be insulting people."
From a constructive confrontation course the point that struck me most was to focus on the issue/problem and not the people/person.
i.e. Leave the person's knowledge out of it. Don't attack them, belittle them etc.examples:
"If you knew what you were doing then we wouldn't be having this problem in the first place."
"If you would do what you were … then ..."Instead address the issue. You may think the issue is their lack of knowledge etc. And that may very well may be the ultimate source of the issue it is not the issue at hand and is better dealt with elsewhere and perhaps by others and by other means.
If you what to help someone solve a problem. Great. But condescension, belittlement and personal attack is of little help to anyone. Unless it is therapeutic to feel better about oneself. Even that would be questionable compared to benefit of other therapies.
If you really want to feel good about yourself. Help someone you think is an idiot while genuinely abstaining from any criticism, condescension, belittlement, personal attack, product/services attacks, insults (personal or otherwise), etc.
It's kind of like the proverb; "It is more blessed to give than to receive."
Be gracious in giving (helping others) rather than condescending, insulting, belittling, etc.
It is much more fulfilling.
-
Ok regarding the issue in question (bug report), I did some more testing after I received some support.
I have now found a pattern.
I mentioned earlier that the traffic was been matched as the counters went up, well yes but it turns out its only matching the connection setup (initial syn).
I have written a ton of notes but it would be a very big post so will try to summarise.
I wiped the traffic shaper config clean and ran the wizard again, I selected dedicated link, additional to the previous options I set I set http traffic to low priority as http is really easy to test and also that steam downloads are port 80 not the ports used in the wizard.
I observed by watching the queue screen there was a very small amount of qACK traffic but qOthersLow and QothersHigh both remained at a big fat zero.
I went back to the rules page and noticed the counter for the rules only incremented a small amount at the start of a connection but never increased for more traffic, e.g. a http download would increase the counter at the start of the download, but no more during the download. This I believe it is just recognising the initial syn packets and not the data packets afterwards.
I then went to the rule and highlighted LAN so both WAN and LAN are selected. This causes a small amount of traffic to appear in the qOthersLow for http but it is very tiny, not even 1 kbyte/sec, it shows using bytes/sec.
I switched back to default WAN only selected and changed the rule to pass.
Suddenly qOthersLow full of activity during a http download and in addition the packets counter for the rulle accumulated 'during' the download rapidly, suggesting its working (but of course with the security issue as a floating rule).
I then moved the pass rule to a LAN rule away from floating and it carries on working correctly but without the security issue. This behaviour is the same for my generic ack rule also.
I have tried to prove my previous results wrong, as I am the sort of person who will hold their hand up if proven wrong even if embarrassing but I cannot replicate what should be the correct behaviour on my setup. It is matching syn packets it seems but thats it, nothing else when the rule is a 'match' rule.
I need to test UDP dns, which I will test by running a dns benchmark app as I want to confirm if UDP is having the same issues as I know for sure on TCP.
Also this was posted in this section because I am running the 2.4 beta code not 2.2 stable.
-
I wiped the traffic shaper config clean and ran the wizard again, I selected dedicated link
You should have selected Multiple Lan/Wan.
I'd really like to help you out but I think I'm done here. All these posts, all this heat, and yet you have not posted a single thing that anyone requested. No floating rules, no shaper config, nothing. Considering how you seem to want to get this working, I find it baffling that you consistently post nothing for anyone to help you other than your descriptions of what you think you've done. It works for everyone els ein the expected way.
-
@KOM:
I wiped the traffic shaper config clean and ran the wizard again, I selected dedicated link
You should have selected Multiple Lan/Wan.
I'd really like to help you out but I think I'm done here. All these posts, all this heat, and yet you have not posted a single thing that anyone requested. No floating rules, no shaper config, nothing. Considering how you seem to want to get this working, I find it baffling that you consistently post nothing for anyone to help you other than your descriptions of what you think you've done. It works for everyone els ein the expected way.
That is what I selected the first time when I made the bug report, the issue you have is you are still approaching this as a operator error issue, you simply refuse to accept anything else, until you change that line of thinking you will not manage to make any progress on this issue.
Also noone asked me to do do anything apart from one guy who asked for the screenshots which I am posting in a matter of minutes from now, I know you are really hoping to see something that looks like I fiddled with something that must be to blame.
-
Ok here is the results using the dnsbench GRC application which I used to flood my router with outbound dns connections, the results were not the same as TCP tests.
1 - With the default rules created by the wizard it doesnt work but in addition unlike the other match rules there is 0 matches tallied on the rule.
2 - changing to pass whilst still a floating rule is the same result as #1.
3 - Having it as a pass rule on the outbound LAN interface (not floating) it correctly matches the packets and I see dns traffic in qOthersHigh queue. -
attaching floating rules pictures, I have explained already what is there, but for those who want to visualise here it is.
-
the issue you have is you are still approaching this as a operator error issue
Again, it works for everyone else, so yes we're assuming it's PEBKAC.
you simply refuse to accept anything else, until you change that line of thinking you will not manage to make any progress on this issue.
Since you consistently refuse to provide any details whatsoever, we have nothing else to go on, do we? You're saying that even though others (including myself) have it working but you don't we should assume it's a bug? Here's a thought: everyone in here is telling you you're wrong but you stubbornly refuse to listen and instead want to argue with the devs and old-timers. Maybe you're the one in need of a change in thinking?
Also noone asked me to do do anything apart from one guy who asked for the screenshots
I'm pretty sure I've asked at least once before.
I know you are really hoping to see something that looks like I fiddled with something that must be to blame.
You're making this personal for no good reason. I was hoping we could fix your problem so you would stop moaning about it but like I said I'm done. I'm sure someone else here can look at your diagrams.
-
You havent been constructive in any of your posts in this thread. I have obviously personally ruled out operator error by repeating the procedure probably a dozen times now, its not my fault you wont accept that. You said you staying out of the thread which is probably the best post you made in here, of course if you want to offer constructive input go ahead, but first step back take a breather.
I have never said this doesnt work on any pfsense routers. You seem to think something either must be broken on every usage case, or working in every usage case, nothing in between, except the real world doesnt work like that, bugs can surface themselves in mysterious ways. Not to mention that you saying "everyone" has told me that I am wrong in that there is a malfunctioning code problem (or documentation issue). As that is also not the case.
I have spent 100s of hours in my job when having to track down bugs that may only affect sub 1% of people. I didnt reject reports because "it works for most people".
-
A few observations-
- I don't think trying to continue troubleshooting in a thread that was started to comment on the bug reporting process is going to be productive for you. Perhaps continue on a previous thread, or start a clean one.
- Most of the people here are just other users trying to help out, so don't get so offended is someone is short with you. If you are paying me $100 an hour to troubleshoot your problem, I promise I will be very polite and professional. For free help, take what you want and ignore the rest.
- Skill level varies widely, so there is naturally skepticism. I have tried to reason with people who claimed to have years of network experience, but acted like twelve year old kids.
- Document your case, and ignore those who you feel are not constructive. Getting in feuds is not going to help you solve your problem.
I'll stop there. Good luck on your issue. Personally, I find the shaper complex enough that I don't try to give others advice on it.
-
Fair points dotdash.
I will take your advice and start a new thread on the issue alone and we can see if a resolution is found.
-
thread for the issue is here if anyone wants to participate on the problem at hand (not for discussion of the bug report issue.)
https://forum.pfsense.org/index.php?topic=123757.new#new
-
I have had a lot of help from this forum, but mostly best answers given by peoples who develop or support this project.
I have reported issues also onto redmine and it was fully working for me, until one day I have received this crap as an answer https://redmine.pfsense.org/issues/6836
This is unacceptable, IMHO. -
So right now you have started no less than 3 threads about the same thing.
- this
- https://forum.pfsense.org/index.php?topic=123757.0
- https://forum.pfsense.org/index.php?topic=123654.0
No idea how this helps to solve any of your problems. :(
-
"Be gracious in giving (helping others) rather than condescending, insulting, belittling, etc."
Not to point out the obvious here NOYB, but all the words of be nice seems a bit odd coming from someone with -109 Karma points.. When you only have 118 on the + side to counter those.. Clearly you pissed of some people with your honey vs vinger posts ;) hehehe
Just saying ;) hehehe
BTW: Dok is one of the nicest most helpful people on this board, and he knows his SHIT!! That is for sure - sorry but if he says something is BS, and calls you on it.. I would bet my left nut he is right on point.. Also just saying ;)
-
John he must really know his stuff, as he said I have not provided information he needs, yet somehow managed to determine what I said was the word you used.
Unless I have misunderstood you, you have them decided to agree with him based on his reputation alone.
He is welcome to do any of the following which he has not done.
Provide documentation that is not sourced from pfSense or from openbsd post 4.5 that explains what he says.
Provide me a step by step diagnostics route to follow to prove or disprove a theory.All he has done is basically try to discredit me personally, thats pretty much what every one of his posts has been about. He also hasnt said who he was in the bug report ticket, but given only one person not called jim responded to that ticket, I think I can guess who he was, the guy who pretty much decided that because it works for him that alone must mean its not what I said it is.
So that to me actually makes me disrepect him, because he comes across as someone who thinks he is above others (note how he talks down to me as if he is some expert and I am someone who is not understanding whats going on) and because I called out his bad language on the bug report he is now just concentrating on me but not on the issue I raised.
Obviously people develop trust with each other and friendships and so forth, he is a senior member of this community and naturally those who have been here a while will just accept his opinion. I already know this "technical problem" will get nowhere, I will just use the traffic shaper with the LAN configured rules which are working 100% and others on here will just continue to conclude that I must have fiddled with something, or "somehow" broke it myself and that the code base remains 100% rock solid.
Of course this issue is not the only one that will fall into a back hole. There is the repeated unbound problems that were reported first in 2015 from what my search finds, and have yet to be actioned upon.
I also reported a bug with pfblockerng to bbcan17, instead of calling my report bollocks, he is a friendly guy who has said he will be doing testing using the proposed fix I offered. That is a the response of a mature friendly developer. Its not a competition to try and score points of each other, but a community where we work together to solve problems including problems that are undesirable behaviour.
To come back to this quote
""Be gracious in giving (helping others) rather than condescending, insulting, belittling, etc.""
Are you saying NOYB has not been like that to myself on this thread and on the ticket?
Please explain how calling a bug report bollocks and deciding from the off that the bug is invalid is not insulting and belittling?
-
All he has done is basically try to discredit me personally, thats pretty much what every one of his posts has been about. He also hasnt said who he was in the bug report ticket, but given only one person not called jim responded to that ticket, I think I can guess who he was, the guy who pretty much decided that because it works for him that alone must mean its not what I said it is.
Hey dude, that was me. And no, I actually suggested to move your issues to the forum, where they belong. Alas, that was completely unproductive. Perhaps you need some tinfoil supply?
And unfortunately, the suggestion by one of the pfSense devs to stop digging security holes into your firewall did not have any better effect either, as you clearly still insist on producing exact same nonsense that you filed as a security bug originally, and even suggesting that as a solution.
From Kill Bill with love. :P
-
Making pass rules on the LAN section is not a security hole as all outbound traffic is already allowed by a default rule created by pfsense.
All those rules do is also move the traffic to specific ALTQ qeues.
Lets face it mud sticks, and I have upset enough senior members of this forum that I will now only be slammed for what I do.
e.g. it was suggested I make a new thread to invite suggestions, so far none of you have replied to that thread and even someone slammed me for making that new thread.
No senior members have actually suggested anything, but actually instead concentrated on telling me to "not" do stuff.If you do not want people posting what they believe to be bugs on the bug report site, then you need to lock out the bug report site to approved people only. The reason you dont want me posting there is because you want a sort of triage to occur on the forum first, so basically every problem is determined to be an end user problem by default unless decided otherwise.
The following are all facts which has produced hurt, but none have really been disproved.
Openbsd documention up to 4.5 and older states to use pass rules to send traffic to queues.
FreeBSD documentation states the same.
pfSense documention states to use floating match rules, however I have not been able to verify the author of that documention and who wrote them.My own experience which I have lost count now of how many times I have said it proves on my own specific setup/configuration the match rules created by the traffic wizard simply do not work as intended. After pointing this out a few excuses have flown my way such as "I dont understand what they supposed to do", "I have done something wrong". Very vague excuses but no proper diagnostics.
Even now the post you just made. It is concentrating on what you think I shouldnt do but no actual ideas from yourself as to why its not working. You have no idea, all you seem intent on doing now is basically getting me off the forum.
So to sum up.
you have still not said what a "real bug" is. Is it not a real bug until you or jim can produce it? My altq interface bug report was rejected but then when jim reproduced it is now suddenly valid, umm ok.
You told me to post it on here which I now have done, but still some days later, you have not offered anything constructive, instead you continue on a slander campaign as proved by your above posts again just concentrating on discrediting me as an idiot.
You try to mock me for creating apparent security holes yet I am not the one who has created a default behaviour for the dns resolver to listen on the internet interface.Finally you label my final comment here https://redmine.pfsense.org/issues/7104#note-9 as nonsense without explaining why you believe it to be nonsense.
How old are you 12? I mean you seem to have just proved my point, I said there is a complete lack of respect given to me on the bug ticket, by calling my report bollocks without any kind of investigation and then you done the exact same thing again, you called a proper diagnostics procedure I carried out as "nonsense", please explain yourself, or is that beneath your station?
Remember this forum is here for all the public to see, and pfsense are selling hardware and other services in a professional environment and the sort of replies here are doing the brand no favours.
-
No senior members have actually suggested anything, but actually instead concentrated on telling me to "not" do stuff.
Perhaps because everyone is either fed up by your moaning, or just cannot be bothered to follow your 3 different threads about the same, with chaotic pieces of info posted here or there or elsewhere.
Finally you label my final comment here https://redmine.pfsense.org/issues/7104#note-9 as nonsense without explaining why you believe it to be nonsense.
Actually no, I originally labeled is a "load of bollocks". And posted a screenshot reasoning why.
Have better things to do with my time, outta here.
-
So you are hanging onto the fact it works for you, and that reason alone that everything I said is nonsense/bollocks.
Is that what you really trying to say and consider adequate diagnostics?
I do agree this whole thing has been a waste of time, I have spent far too much time on this subject, especially as I already have a working solution in place.
