This is why I wont be reporting any more bugs.
-
pfSense is amazing software, but the attitude to bug reports I have made has been pretty shocking, there is "assumptions" been made that things are due to errors I must have made myself, and I have even been called a liar, I was asked to post bugs on the forum instead of the bug reporting platform (why have a bug reporting platform if you dont want it to be used for bugs I mean wtf?) so here it is for everyone to see, the responses to a detailed bug report.
https://redmine.pfsense.org/issues/7104
I even pointed out what official FreeBSD documentation says and it wasnt even addressed in the reply either.
What kind of error could I make on the traffic shaper wizard that made pfsense write rules that are incorrect syntax?
-
https://doc.pfsense.org/index.php/Traffic_Shaping_Guide#Floating_Rules
Did you clear states before testing the match rules?
-
yep.
To be even more sure this was tested after reboot of the unit as well.
-
Hm, maybe you should post screenshots of your ruleset.
What kind of traffic did you use to test the ruleset? I normally start with something simple like SSH sessions, those are easy to reproduce during testing. -
SSH is what I tested with on my ack rule.
For the wizard rules I tested with a steam download.
I will post screenshots later today for you, I still have the wizard created rules but they are now disabled (so will show ghosted out).
-
I have to agree with chrcoluk in the attitudes you get from some responders about problems on this forum. The lack of professionalism from them is annoying. If PFsense wasn't such a great product I would have bailed a long time ago.
-
there is "assumptions" been made that things are due to errors I must have made myself
If I had a dollar for every person who stormed in here screaming about bugs that turned out to be either their own lack of understanding or user error, I could retire.
and I have even been called a liar
He didn't call you a liar, he said that something you said wasn't true. To lie you must try to deceive, and nobody thinks you're trying to trick us.
I was involved in that thread. You showed up without a clue about what you're doing, and then turn around later saying that you disagree with the pfSense devs because they don't seem to understand ALTQ as well as you do after your 3 entire hours of research. That level of arrogance stopped me from caring any further about your problem. You have yet to provide anything whatsoever to help illustrate or debug your issue, including your floating rules and general shaper config. Even your bug report has no info at all, and now you're arguing with the devs there.
-
As far as forum versus bug tracker… I personally prefer starting a discussion in a forum first, to determine if there is a bug or if it's just something I'm doing wrong. If it's determined that there is a bug, then creating a report in the bug tracker is justified. It keeps a lot of the simple determining if there's an issue out of the tracker. You can always link to a forum thread in the bug report.
-
pfSense is amazing software, but the attitude to bug reports I have made has been pretty shocking, there is "assumptions" been made that things are due to errors I must have made myself, and I have even been called a liar…
I agree, you were treated appallingly. And even if it was not a "real bug", there's this thing called diplomacy. There are a couple of posters in the forums who are prone to fly off the handle and treat people poorly.
If I treated customers or my testers like that I'd be in line at the unemployment office.
-
I will just add here from my real life experience that I totally understand where they come from when they are short with people. This is not software your newbie to networking should be using, if your that new to networking you need to be using a consumer router. This is software for people who have a fairly good understanding of how things work on firewalls and routers. I can't tell you guys how many different forums i visit and have to answer questions like whats a vlan, or whats a static route, or someone who just got rid of their asus router complaining that their vpn doesnt work and with no information wonder why.. It takes a toll.
While some people have been short with me, they have been very helpful, and you wont see many places where the guys who are developing the product are also very network aware and are willing to spend their time helping out the public.
Personally instead of complaining about how short they get, you should be asking yourself why their getting so short, and if you posted any relevant data to help them figure out your problem..
Just my 2cents…
-
KOM it was kill bill, and the post in question where he used the word "bollocks" to describe my report did specifically have the word liar. Maybe I should have done a screencap because now his comments got toned down, its only my word.
-
Please don't make excuses for rudeness. It has no place anywhere for any reason.
-
dcol exactly.
-
Think of kill bill as the Don Rickles of the forum.
Might seem a bit harsh at first but he's always spot-on. When it comes to pfSense I'd trust him blind folded. -
Should have grabbed some more popcorn I guess…
@chrcoluk: Things like the traffic shaping wizard have been used by tens of thousands of users. Don't you think someone would have noticed before you that "rules created by traffic shaper wizard dont do anything"? It's not exactly a fringe use case when you look at the traffic shaping subforum.
Why's this thread even in this section? Cannot see any mention of 2.4 in either of your "bug" reports.
-
TREY GOWDY: PIN DROP SPEECH
https://www.youtube.com/watch?v=N0dCTvX0wzsYou can watch the whole thing or go right to this time mark for some really good points re: communication and persuasion.
https://youtu.be/N0dCTvX0wzs?t=384"You also need a very effective manner or method of communication. In other words you need to learn how to persuade."
"You want to persuade, change people's minds to come around to your of thinking on whatever issue it is?"
"I will tell you what doesn't work. Insulting people."
"Insulting people does not work if your objective is to persuade.""When I see a bumper sticker that says 'Don't blame me, I didn't vote for the idiot.' Do you think that is persuasive?"
"You know what happens when you're insulted? You become even more dogmatic in holding your incorrect belief than you were before you were insulted. So if your goal is to persuade you shouldn't be insulting people."
From a constructive confrontation course the point that struck me most was to focus on the issue/problem and not the people/person.
i.e. Leave the person's knowledge out of it. Don't attack them, belittle them etc.examples:
"If you knew what you were doing then we wouldn't be having this problem in the first place."
"If you would do what you were … then ..."Instead address the issue. You may think the issue is their lack of knowledge etc. And that may very well may be the ultimate source of the issue it is not the issue at hand and is better dealt with elsewhere and perhaps by others and by other means.
If you what to help someone solve a problem. Great. But condescension, belittlement and personal attack is of little help to anyone. Unless it is therapeutic to feel better about oneself. Even that would be questionable compared to benefit of other therapies.
If you really want to feel good about yourself. Help someone you think is an idiot while genuinely abstaining from any criticism, condescension, belittlement, personal attack, product/services attacks, insults (personal or otherwise), etc.
It's kind of like the proverb; "It is more blessed to give than to receive."
Be gracious in giving (helping others) rather than condescending, insulting, belittling, etc.
It is much more fulfilling.
-
Ok regarding the issue in question (bug report), I did some more testing after I received some support.
I have now found a pattern.
I mentioned earlier that the traffic was been matched as the counters went up, well yes but it turns out its only matching the connection setup (initial syn).
I have written a ton of notes but it would be a very big post so will try to summarise.
I wiped the traffic shaper config clean and ran the wizard again, I selected dedicated link, additional to the previous options I set I set http traffic to low priority as http is really easy to test and also that steam downloads are port 80 not the ports used in the wizard.
I observed by watching the queue screen there was a very small amount of qACK traffic but qOthersLow and QothersHigh both remained at a big fat zero.
I went back to the rules page and noticed the counter for the rules only incremented a small amount at the start of a connection but never increased for more traffic, e.g. a http download would increase the counter at the start of the download, but no more during the download. This I believe it is just recognising the initial syn packets and not the data packets afterwards.
I then went to the rule and highlighted LAN so both WAN and LAN are selected. This causes a small amount of traffic to appear in the qOthersLow for http but it is very tiny, not even 1 kbyte/sec, it shows using bytes/sec.
I switched back to default WAN only selected and changed the rule to pass.
Suddenly qOthersLow full of activity during a http download and in addition the packets counter for the rulle accumulated 'during' the download rapidly, suggesting its working (but of course with the security issue as a floating rule).
I then moved the pass rule to a LAN rule away from floating and it carries on working correctly but without the security issue. This behaviour is the same for my generic ack rule also.
I have tried to prove my previous results wrong, as I am the sort of person who will hold their hand up if proven wrong even if embarrassing but I cannot replicate what should be the correct behaviour on my setup. It is matching syn packets it seems but thats it, nothing else when the rule is a 'match' rule.
I need to test UDP dns, which I will test by running a dns benchmark app as I want to confirm if UDP is having the same issues as I know for sure on TCP.
Also this was posted in this section because I am running the 2.4 beta code not 2.2 stable.
-
I wiped the traffic shaper config clean and ran the wizard again, I selected dedicated link
You should have selected Multiple Lan/Wan.
I'd really like to help you out but I think I'm done here. All these posts, all this heat, and yet you have not posted a single thing that anyone requested. No floating rules, no shaper config, nothing. Considering how you seem to want to get this working, I find it baffling that you consistently post nothing for anyone to help you other than your descriptions of what you think you've done. It works for everyone els ein the expected way.
-
@KOM:
I wiped the traffic shaper config clean and ran the wizard again, I selected dedicated link
You should have selected Multiple Lan/Wan.
I'd really like to help you out but I think I'm done here. All these posts, all this heat, and yet you have not posted a single thing that anyone requested. No floating rules, no shaper config, nothing. Considering how you seem to want to get this working, I find it baffling that you consistently post nothing for anyone to help you other than your descriptions of what you think you've done. It works for everyone els ein the expected way.
That is what I selected the first time when I made the bug report, the issue you have is you are still approaching this as a operator error issue, you simply refuse to accept anything else, until you change that line of thinking you will not manage to make any progress on this issue.
Also noone asked me to do do anything apart from one guy who asked for the screenshots which I am posting in a matter of minutes from now, I know you are really hoping to see something that looks like I fiddled with something that must be to blame.
-
Ok here is the results using the dnsbench GRC application which I used to flood my router with outbound dns connections, the results were not the same as TCP tests.
1 - With the default rules created by the wizard it doesnt work but in addition unlike the other match rules there is 0 matches tallied on the rule.
2 - changing to pass whilst still a floating rule is the same result as #1.
3 - Having it as a pass rule on the outbound LAN interface (not floating) it correctly matches the packets and I see dns traffic in qOthersHigh queue.
