This is why I wont be reporting any more bugs.



  • pfSense is amazing software, but the attitude to bug reports I have made has been pretty shocking, there is "assumptions" been made that things are due to errors I must have made myself, and I have even been called a liar, I was asked to post bugs on the forum instead of the bug reporting platform (why have a bug reporting platform if you dont want it to be used for bugs I mean wtf?) so here it is for everyone to see, the responses to a detailed bug report.

    https://redmine.pfsense.org/issues/7104

    I even pointed out what official FreeBSD documentation says and it wasnt even addressed in the reply either.

    What kind of error could I make on the traffic shaper wizard that made pfsense write rules that are incorrect syntax?



  • https://doc.pfsense.org/index.php/Traffic_Shaping_Guide#Floating_Rules

    Did you clear states before testing the match rules?



  • yep.

    To be even more sure this was tested after reboot of the unit as well.



  • Hm, maybe you should post screenshots of your ruleset.
    What kind of traffic did you use to test the ruleset? I normally start with something simple like SSH sessions, those are easy to reproduce during testing.



  • SSH is what I tested with on my ack rule.

    For the wizard rules I tested with a steam download.

    I will post screenshots later today for you, I still have the wizard created rules but they are now disabled (so will show ghosted out).


  • Banned

    I have to agree with chrcoluk in the attitudes you get from some responders about problems on this forum. The lack of professionalism from them is annoying. If PFsense wasn't such a great product I would have bailed a long time ago.



  • there is "assumptions" been made that things are due to errors I must have made myself

    If I had a dollar for every person who stormed in here screaming about bugs that turned out to be either their own lack of understanding or user error, I could retire.

    and I have even been called a liar

    He didn't call you a liar, he said that something you said wasn't true.  To lie you must try to deceive, and nobody thinks you're trying to trick us.

    I was involved in that thread.  You showed up without a clue about what you're doing, and then turn around later saying that you disagree with the pfSense devs because they don't seem to understand ALTQ as well as you do after your 3 entire hours of research.  That level of arrogance stopped me from caring any further about your problem.  You have yet to provide anything whatsoever to help illustrate or debug your issue, including your floating rules and general shaper config.  Even your bug report has no info at all, and now you're arguing with the devs there.



  • As far as forum versus bug tracker… I personally prefer starting a discussion in a forum first, to determine if there is a bug or if it's just something I'm doing wrong. If it's determined that there is a bug, then creating a report in the bug tracker is justified. It keeps a lot of the simple determining if there's an issue out of the tracker. You can always link to a forum thread in the bug report.



  • @chrcoluk:

    pfSense is amazing software, but the attitude to bug reports I have made has been pretty shocking, there is "assumptions" been made that things are due to errors I must have made myself, and I have even been called a liar…

    I agree, you were treated appallingly. And even if it was not a "real bug", there's this thing called diplomacy.  There are a couple of posters in the forums who are prone to fly off the handle and treat people poorly.

    If I treated customers or my testers like that I'd be in line at the unemployment office.



  • I will just add here from my real life experience that I totally understand where they come from when they are short with people. This is not software your newbie to networking should be using, if your that new to networking you need to be using a consumer router. This is software for people who have a fairly good understanding of how things work on firewalls and routers. I can't tell you guys how many different forums i visit and have to answer questions like whats a vlan, or whats a static route, or someone who just got rid of their asus router complaining that their vpn doesnt work and with no information wonder why.. It takes a toll.

    While some people have been short with me, they have been very helpful, and you wont see many places where the guys who are developing the product are also very network aware and are willing to spend their time helping out the public.

    Personally instead of complaining about how short they get, you should be asking yourself why their getting so short, and if you posted any relevant data to help them figure out your problem..

    Just my 2cents…



  • KOM it was kill bill, and the post in question where he used the word "bollocks" to describe my report did specifically have the word liar.  Maybe I should have done a screencap because now his comments got toned down, its only my word.


  • Banned

    Please don't make excuses for rudeness. It has no place anywhere for any reason.



  • dcol exactly.



  • Think of kill bill as the Don Rickles of the forum.
    Might seem a bit harsh at first but he's always spot-on. When it comes to pfSense I'd trust him blind folded.


  • Banned

    Should have grabbed some more popcorn I guess…

    @chrcoluk: Things like the traffic shaping wizard have been used by tens of thousands of users. Don't you think someone would have noticed before you that "rules created by traffic shaper wizard dont do anything"? It's not exactly a fringe use case when you look at the traffic shaping subforum.

    Why's this thread even in this section? Cannot see any mention of 2.4 in either of your "bug" reports.



  • TREY GOWDY: PIN DROP SPEECH
    Youtube Video

    You can watch the whole thing or go right to this time mark for some really good points re: communication and persuasion.
    Youtube Video – [06:24..]

    "You also need a very effective manner or method of communication.  In other words you need to learn how to persuade."

    "You want to persuade, change people's minds to come around to your of thinking on whatever issue it is?"

    "I will tell you what doesn't work.  Insulting people."
    "Insulting people does not work if your objective is to persuade."

    "When I see a bumper sticker that says 'Don't blame me, I didn't vote for the idiot.'  Do you think that is persuasive?"

    "You know what happens when you're insulted?  You become even more dogmatic in holding your incorrect belief than you were before you were insulted.  So if your goal is to persuade you shouldn't be insulting people."

    From a constructive confrontation course the point that struck me most was to focus on the issue/problem and not the people/person.
    i.e. Leave the person's knowledge out of it.  Don't attack them, belittle them etc.

    examples:
    "If you knew what you were doing then we wouldn't be having this problem in the first place."
    "If you would do what you were … then ..."

    Instead address the issue.  You may think the issue is their lack of knowledge etc.  And that may very well may be the ultimate source of the issue it is not the issue at hand and is better dealt with elsewhere and perhaps by others and by other means.

    If you what to help someone solve a problem.  Great.  But condescension, belittlement and personal attack is of little help to anyone.  Unless it is therapeutic to feel better about oneself.  Even that would be questionable compared to benefit of other therapies.

    If you really want to feel good about yourself.  Help someone you think is an idiot while genuinely abstaining from any criticism, condescension, belittlement, personal attack, product/services attacks, insults (personal or otherwise), etc.

    It's kind of like the proverb; "It is more blessed to give than to receive."

    Be gracious in giving (helping others) rather than condescending, insulting, belittling, etc.

    It is much more fulfilling.



  • Ok regarding the issue in question (bug report), I did some more testing after I received some support.

    I have now found a pattern.

    I mentioned earlier that the traffic was been matched as the counters went up, well yes but it turns out its only matching the connection setup (initial syn).

    I have written a ton of notes but it would be a very big post so will try to summarise.

    I wiped the traffic shaper config clean and ran the wizard again, I selected dedicated link, additional to the previous options I set I set http traffic to low priority as http is really easy to test and also that steam downloads are port 80 not the ports used in the wizard.

    I observed by watching the queue screen there was a very small amount of qACK traffic but qOthersLow and QothersHigh both remained at a big fat zero.

    I went back to the rules page and noticed the counter for the rules only incremented a small amount at the start of a connection but never increased for more traffic, e.g. a http download would increase the counter at the start of the download, but no more during the download.  This I believe it is just recognising the initial syn packets and not the data packets afterwards.

    I then went to the rule and highlighted LAN so both WAN and LAN are selected.  This causes a small amount of traffic to appear in the qOthersLow for http but it is very tiny, not even 1 kbyte/sec, it shows using bytes/sec.

    I switched back to default WAN only selected and changed the rule to pass.

    Suddenly qOthersLow full of activity during a http download and in addition the packets counter for the rulle accumulated 'during' the download rapidly, suggesting its working (but of course with the security issue as a floating rule).

    I then moved the pass rule to a LAN rule away from floating and it carries on working correctly but without the security issue.  This behaviour is the same for my generic ack rule also.

    I have tried to prove my previous results wrong, as I am the sort of person who will hold their hand up if proven wrong even if embarrassing but I cannot replicate what should be the correct behaviour on my setup.  It is matching syn packets it seems but thats it, nothing else when the rule is a 'match' rule.

    I need to test UDP dns, which I will test by running a dns benchmark app as I want to confirm if UDP is having the same issues as I know for sure on TCP.

    Also this was posted in this section because I am running the 2.4 beta code not 2.2 stable.



  • I wiped the traffic shaper config clean and ran the wizard again, I selected dedicated link

    You should have selected Multiple Lan/Wan.

    I'd really like to help you out but I think I'm done here.  All these posts, all this heat, and yet you have not posted a single thing that anyone requested.  No floating rules, no shaper config, nothing.  Considering how you seem to want to get this working, I find it baffling that you consistently post nothing for anyone to help you other than your descriptions of what you think you've done.  It works for everyone els ein the expected way.



  • @KOM:

    I wiped the traffic shaper config clean and ran the wizard again, I selected dedicated link

    You should have selected Multiple Lan/Wan.

    I'd really like to help you out but I think I'm done here.  All these posts, all this heat, and yet you have not posted a single thing that anyone requested.  No floating rules, no shaper config, nothing.  Considering how you seem to want to get this working, I find it baffling that you consistently post nothing for anyone to help you other than your descriptions of what you think you've done.  It works for everyone els ein the expected way.

    That is what I selected the first time when I made the bug report, the issue you have is you are still approaching this as a operator error issue, you simply refuse to accept anything else, until you change that line of thinking you will not manage to make any progress on this issue.

    Also noone asked me to do do anything apart from one guy who asked for the screenshots which I am posting in a matter of minutes from now, I know you are really hoping to see something that looks like I fiddled with something that must be to blame.



  • Ok here is the results using the dnsbench GRC application which I used to flood my router with outbound dns connections, the results were not the same as TCP tests.

    1 - With the default rules created by the wizard it doesnt work but in addition unlike the other match rules there is 0 matches tallied on the rule.
    2 - changing to pass whilst still a floating rule is the same result as #1.
    3 - Having it as a pass rule on the outbound LAN interface (not floating) it correctly matches the packets and I see dns traffic in qOthersHigh queue.



  • attaching floating rules pictures, I have explained already what is there, but for those who want to visualise here it is.






  • the issue you have is you are still approaching this as a operator error issue

    Again, it works for everyone else, so yes we're assuming it's PEBKAC.

    you simply refuse to accept anything else, until you change that line of thinking you will not manage to make any progress on this issue.

    Since you consistently refuse to provide any details whatsoever, we have nothing else to go on, do we?  You're saying that even though others (including myself) have it working but you don't we should assume it's a bug?  Here's a thought: everyone in here is telling you you're wrong but you stubbornly refuse to listen and instead want to argue with the devs and old-timers.  Maybe you're the one in need of a change in thinking?

    Also noone asked me to do do anything apart from one guy who asked for the screenshots

    I'm pretty sure I've asked at least once before.

    I know you are really hoping to see something that looks like I fiddled with something that must be to blame.

    You're making this personal for no good reason.  I was hoping we could fix your problem so you would stop moaning about it but like I said I'm done.  I'm sure someone else here can look at your diagrams.



  • You havent been constructive in any of your posts in this thread.  I have obviously personally ruled out operator error by repeating the procedure probably a dozen times now, its not my fault you wont accept that.  You said you staying out of the thread which is probably the best post you made in here, of course if you want to offer constructive input go ahead, but first step back take a breather.

    I have never said this doesnt work on any pfsense routers.  You seem to think something either must be broken on every usage case, or working in every usage case, nothing in between, except the real world doesnt work like that, bugs can surface themselves in mysterious ways.  Not to mention that you saying "everyone" has told me that I am wrong in that there is a malfunctioning code problem (or documentation issue).  As that is also not the case.

    I have spent 100s of hours in my job when having to track down bugs that may only affect sub 1% of people.  I didnt reject reports because "it works for most people".



  • A few observations-

    1. I don't think trying to continue troubleshooting in a thread that was started to comment on the bug reporting process is going to be productive for you. Perhaps continue on a previous thread, or start a clean one.
    2. Most of the people here are just other users trying to help out, so don't get so offended is someone is short with you. If you are paying me $100 an hour to troubleshoot your problem, I promise I will be very polite and professional. For free help, take what you want and ignore the rest.
    3. Skill level varies widely, so there is naturally skepticism. I have tried to reason with people who claimed to have years of network experience, but acted like twelve year old kids.
    4. Document your case, and ignore those who you feel are not constructive. Getting in feuds is not going to help you solve your problem.
      I'll stop there. Good luck on your issue. Personally, I find the shaper complex enough that I don't try to give others advice on it.


  • Fair points dotdash.

    I will take your advice and start a new thread on the issue alone and we can see if a resolution is found.



  • thread for the issue is here if anyone wants to participate on the problem at hand (not for discussion of the bug report issue.)

    https://forum.pfsense.org/index.php?topic=123757.new#new



  • I have had a lot of help from this forum, but mostly best answers given by peoples who develop or support this project.
    I have reported issues also onto redmine and it was fully working for me, until one day I have received this crap  as an answer https://redmine.pfsense.org/issues/6836
    This is unacceptable, IMHO.


  • Banned

    So right now you have started no less than 3 threads about the same thing.

    No idea how this helps to solve any of your problems. :(


  • LAYER 8 Global Moderator

    "Be gracious in giving (helping others) rather than condescending, insulting, belittling, etc."

    Not to point out the obvious here NOYB, but all the words of be nice seems a bit odd coming from someone with -109 Karma points.. When you only have 118 on the + side to counter those.. Clearly you pissed of some people with your honey vs vinger posts ;) hehehe

    Just saying ;) hehehe

    BTW: Dok is one of the nicest most helpful people on this board, and he knows his SHIT!!  That is for sure - sorry but if he says something is BS, and calls you on it.. I would bet my left nut he is right on point.. Also just saying ;)



  • John he must really know his stuff, as he said I have not provided information he needs, yet somehow managed to determine what I said was the word you used.

    Unless I have misunderstood you, you have them decided to agree with him based on his reputation alone.

    He is welcome to do any of the following which he has not done.

    Provide documentation that is not sourced from pfSense or from openbsd post 4.5 that explains what he says.
    Provide me a step by step diagnostics route to follow to prove or disprove a theory.

    All he has done is basically try to discredit me personally, thats pretty much what every one of his posts has been about.  He also hasnt said who he was in the bug report ticket, but given only one person not called jim responded to that ticket, I think I can guess who he was, the guy who pretty much decided that because it works for him that alone must mean its not what I said it is.

    So that to me actually makes me disrepect him, because he comes across as someone who thinks he is above others (note how he talks down to me as if he is some expert and I am someone who is not understanding whats going on) and because I called out his bad language on the bug report he is now just concentrating on me but not on the issue I raised.

    Obviously people develop trust with each other and friendships and so forth, he is a senior member of this community and naturally those who have been here a while will just accept his opinion.  I already know this "technical problem" will get nowhere, I will just use the traffic shaper with the LAN configured rules which are working 100% and others on here will just continue to conclude that I must have fiddled with something, or "somehow" broke it myself and that the code base remains 100% rock solid.

    Of course this issue is not the only one that will fall into a back hole.  There is the repeated unbound problems that were reported first in 2015 from what my search finds, and have yet to be actioned upon.

    I also reported a bug with pfblockerng to bbcan17, instead of calling my report bollocks, he is a friendly guy who has said he will be doing testing using the proposed fix I offered.  That is a the response of a mature friendly developer.  Its not a competition to try and score points of each other, but a community where we work together to solve problems including problems that are undesirable behaviour.

    To come back to this quote

    ""Be gracious in giving (helping others) rather than condescending, insulting, belittling, etc.""

    Are you saying NOYB has not been like that to myself on this thread and on the ticket?

    Please explain how calling a bug report bollocks and deciding from the off that the bug is invalid is not insulting and belittling?


  • Banned

    @chrcoluk:

    All he has done is basically try to discredit me personally, thats pretty much what every one of his posts has been about.  He also hasnt said who he was in the bug report ticket, but given only one person not called jim responded to that ticket, I think I can guess who he was, the guy who pretty much decided that because it works for him that alone must mean its not what I said it is.

    Hey dude, that was me. And no, I actually suggested to move your issues to the forum, where they belong. Alas, that was completely unproductive. Perhaps you need some tinfoil supply?

    And unfortunately, the suggestion by one of the pfSense devs to stop digging security holes into your firewall did not have any better effect either, as you clearly still insist on producing exact same nonsense that you filed as a security bug originally, and even suggesting that as a solution.

    From Kill Bill with love.  :P



  • Making pass rules on the LAN section is not a security hole as all outbound traffic is already allowed by a default rule created by pfsense.

    All those rules do is also move the traffic to specific ALTQ qeues.

    Lets face it mud sticks, and I have upset enough senior members of this forum that I will now only be slammed for what I do.

    e.g. it was suggested I make a new thread to invite suggestions, so far none of you have replied to that thread and even someone slammed me for making that new thread.
    No senior members have actually suggested anything, but actually instead concentrated on telling me to "not" do stuff.

    If you do not want people posting what they believe to be bugs on the bug report site, then you need to lock out the bug report site to approved people only.  The reason you dont want me posting there is because you want a sort of triage to occur on the forum first, so basically every problem is determined to be an end user problem by default unless decided otherwise.

    The following are all facts which has produced hurt, but none have really been disproved.

    Openbsd documention up to 4.5 and older states to use pass rules to send traffic to queues.
    FreeBSD documentation states the same.
    pfSense documention states to use floating match rules, however I have not been able to verify the author of that documention and who wrote them.

    My own experience which I have lost count now of how many times I have said it proves on my own specific setup/configuration the match rules created by the traffic wizard simply do not work as intended.  After pointing this out a few excuses have flown my way such as "I dont understand what they supposed to do", "I have done something wrong".  Very vague excuses but no proper diagnostics.

    Even now the post you just made.  It is concentrating on what you think I shouldnt do but no actual ideas from yourself as to why its not working.  You have no idea, all you seem intent on doing now is basically getting me off the forum.

    So to sum up.

    you have still not said what a "real bug" is.  Is it not a real bug until you or jim can produce it?  My altq interface bug report was rejected but then when jim reproduced it is now suddenly valid, umm ok.
    You told me to post it on here which I now have done, but still some days later, you have not offered anything constructive, instead you continue on a slander campaign as proved by your above posts again just concentrating on discrediting me as an idiot.
    You try to mock me for creating apparent security holes yet I am not the one who has created a default behaviour for the dns resolver to listen on the internet interface.

    Finally you label my final comment here https://redmine.pfsense.org/issues/7104#note-9 as nonsense without explaining why you believe it to be nonsense.

    How old are you 12? I mean you seem to have just proved my point, I said there is a complete lack of respect given to me on the bug ticket, by calling my report bollocks without any kind of investigation and then you done the exact same thing again, you called a proper diagnostics procedure I carried out as "nonsense", please explain yourself, or is that beneath your station?

    Remember this forum is here for all the public to see, and pfsense are selling hardware and other services in a professional environment and the sort of replies here are doing the brand no favours.


  • Banned

    @chrcoluk:

    No senior members have actually suggested anything, but actually instead concentrated on telling me to "not" do stuff.

    Perhaps because everyone is either fed up by your moaning, or just cannot be bothered to follow your 3 different threads about the same, with chaotic pieces of info posted here or there or elsewhere.

    @chrcoluk:

    Finally you label my final comment here https://redmine.pfsense.org/issues/7104#note-9 as nonsense without explaining why you believe it to be nonsense.

    Actually no, I originally labeled is a "load of bollocks". And posted a screenshot reasoning why.

    Have better things to do with my time, outta here.



  • So you are hanging onto the fact it works for you, and that reason alone that everything I said is nonsense/bollocks.

    Is that what you really trying to say and consider adequate diagnostics?

    I do agree this whole thing has been a waste of time, I have spent far too much time on this subject, especially as I already have a working solution in place.



  • @johnpoz:

    "Be gracious in giving (helping others) rather than condescending, insulting, belittling, etc."

    Not to point out the obvious here NOYB, but all the words of be nice seems a bit odd coming from someone with -109 Karma points.. When you only have 118 on the + side to counter those.. Clearly you pissed of some people with your honey vs vinger posts ;) hehehe

    Just saying ;) hehehe

    So you want to shoot the messenger eh.  ;)

    Karma point context matters.  So if you want to use that then provide the context of them as well.


  • LAYER 8 Global Moderator

    I am not aware of any of these issues, on what dok might or might not have said on some comments on redmine.  I don't really want to get involved with that.  The funny part I found in this thread was someone saying hey you catch more flies with honey, yet has a - karma that is almost higher than his +… Which doesn't see like practice what he is preaching is all..

    But what I can tell you is have been reading dok's posts, and chatting off and on with him for years.  He might seem a bit blunt or rough sometimes in his comments.  And while it might see rude or atleast not very nice to those that do no know his style.  That is not his intent to be sure..

    What I can tell you is I can not recall a post of his that was off base from tech point of view.  Be it his posts didn't put in enough please and thank you's I don't really give 2 shits about.  This is a tech board, and about information.  Sorry but if you get offended because someone calls BS on information posted - maybe you should only visit the board when its not your time of the month ;)

    To be honest his blunt and upfront posts normally bring a smile to my face ;)  Because its nice to see vs all the flowery fluff that fills many boards.. Keep in mind that its really hard to correctly interpret tone in a forum post..  I get the same reaction to some of my posts..  And I can assure you I am just here to help and exchange information that allows the user to do what they want to do.  If they are going down the wrong path per my "opinion" that I might say nonsense or bs, etc. etc.

    I don't really care for all the flowery nonsense, I don't care if you catch a billion more flies.. I don't really like flies - so if we have to spread about some vinegar about - who cares.. Keeps the flies away if you ask me ;)

    If you think he assumed something is wrong, then call him on it posting why..  The facts are the facts.  But to go crying that he was direct and to the point with his opinion and you found it not to your likely.. Oh well ;)

    Does not matter if he called you a moron or an idiot or whatever.  These are just words from some random guy on the internet.. Why would you get upset?  What does it matter - comes down to the information that the discussion is about.  If something doesn't work, then it doesn't work - show your steps in why you think the problem was xyz..  If the problem is not xyz and someone says oh that is BS.. Vs hey mister poster hope your having a nice day, but I do not believe the information you provided is correct..

    Its easier and quicker and to me gets a more honest opinion across if you just say Bollocks! or BS that is not the problem.. If they jumped to conclusion that you think is false then show why..  They are going to feel stupid if you show you are correct and they are wrong now arn't they..  If was just too blokes chatting at the pub and one said that is BS, and then finds out its not you both laugh and have a beer.. You don't go home crying to mommy ;)


  • Banned

    On a somewhat productive note, closing all your duplicate threads (this one included) and starting a new fresh one, with focus on stating relevant info (incl. the shaper config), what you are trying to achieve, what have you done, what results you have expected and what does not work might even produce some result.

    From the mess and OT noise posted so far and some chaotic descriptions, the only thing I got that you got some god knows what tool from the infamous grc.com site (proudly spreading FUD and misinformation since ~2000 or so) and did some random messing with DNS queries. Kinda hard to debug that.

    P.S. On the karma note, perhaps someone fix my satanic +666 karma meanwhile? :P



  • @doktornotor:

    P.S. On the karma note, perhaps someone fix my satanic +666 karma meanwhile? :P

    I think it's awesome, and compliments your avatar.



  • @doktornotor:

    P.S. On the karma note, perhaps someone fix my satanic +666 karma meanwhile? :P

    Nope.  I think it fits you.  We should just make it static for you.  ;)


  • Banned

    @NOYB:

    We should just make it static for you.  ;)

    Hmmm, sounds good.  8) :P


Log in to reply