FreeBSD Bug 188261 - How to apply patch to pfSense

maverickws

Hi all,

I've come across an issue I described here:
https://forum.netgate.com/topic/155834/issue-xcp-ng-routed-config-pfsense-slow-speed-packetloss

Likely the same issue than found here:
https://forum.netgate.com/topic/77283/very-slow-traffic-from-other-vm-s-through-pfsense-on-xenserver
and here:
https://forum.netgate.com/topic/78077/unbelieveably-bad-performance/

In the meanwhile I gather this is the same issue described here:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=188261

Which takes me to this:

(In reply to Ricardo from comment #38)
Hello,

I've looked into it in the past, but I'm not a networking expert, and properly solving those issues requires a very good understanding of the network subsystem, as I think some modifications to common code are required. When trying to solve this I've made the following patches:

https://reviews.freebsd.org/D6611
https://reviews.freebsd.org/D6612

(this last one might not be required:)

https://reviews.freebsd.org/D6656

I'm afraid those patches are old, so they might not apply cleanly. Let me know if you can apply and give them a try, and whether they fix anything.

Roger.

but looking for where to apply the patch I don't have the directory /sys and /usr/src/sys is empty/doesn't exist.

Tried to find it but without success:

[admin@pfs-fw01]/: find / -iname 'ip_fastfwd.c'
[admin@pfs-fw01]/:

pfSense 2.4.5-RELEASE-p1 (amd64) 
built on Tue Jun 02 17:51:17 EDT 2020 
FreeBSD 11.3-STABLE

So could someone please help me where to apply this patch and see if it works?

Thank you.

DaddyGo

@maverickws "FreeBSD Bug 188261 - How to apply patch to pfSense"

pfSense is not "clean" FreeBSD please keep this in mind
if you need a fix you will have to wait for the pfSense team to resolve it...

or
submit a request for repair or a future request for a new feature

https://redmine.pfsense.org/

BTW:
checked "patch" so it can be applied (not recommended)

maverickws

@DaddyGo said in FreeBSD Bug 188261 - How to apply patch to pfSense:

https://redmine.pfsense.org/

Hi there thank you so much for your reply.

I think I'll go to pfSense bug tracker and take the issue there. Cheers!

DaddyGo

@maverickws said in FreeBSD Bug 188261 - How to apply patch to pfSense:

I'll go to pfSense bug tracker

pls. let me suggest his help as well @viktor_g

maverickws

@DaddyGo I've added here:
https://redmine.pfsense.org/issues/10820

Thanks!

DaddyGo

@maverickws said in FreeBSD Bug 188261 - How to apply patch to pfSense:

I've added here:

nice..
You Welcome

maverickws

@DaddyGo Hi,
I just wanted to post an update, after some tests I concluded that this issue was only happening when I was using Hetzner vSwitch, and after creating new network interfaces and assigning those the issue stopped. So it is not due to pfSense nor the virtualisation per se.
Cheers

DaddyGo

@maverickws said in FreeBSD Bug 188261 - How to apply patch to pfSense:

Hetzner vSwitch

In any case, it is definitely useful for lessons and information about Hetzner vSwitch vs. pfSense

stephenw10

Just for reference if you wanted to apply that patch (which you don't because it's ancient) you would need to do so against the pfSense source code and then build it. You can't apply it against an installed system, it's against C source code.
https://github.com/pfsense/FreeBSD-src/blob/RELENG_2_4_5/sys/netinet/ip_fastfwd.c

Steve

maverickws

@DaddyGo said in FreeBSD Bug 188261 - How to apply patch to pfSense:

In any case, it is definitely useful for lessons and information about Hetzner vSwitch vs. pfSense

Right. So here what happened was I had set the LAN interface to MTU 1400, but apparently that was not enough (at all!)

What I did next was to, in:
Services > DHCP Server

for each interface that was connected to Hetzner's vSwitch I have added to:

• Additional BOOTP/DHCP Options

Option Number: 26
Type: Unsigned 16 bit integer
Value: 1400

This fixed it, but afterwards I went to the interfaces and also added MSS 1400 (for target value 1360).

@stephenw10 said in FreeBSD Bug 188261 - How to apply patch to pfSense:

Just for reference if you wanted to apply that patch (which you don't because it's ancient) you would need to do so against the pfSense source code and then build it. You can't apply it against an installed system, it's against C source code.
https://github.com/pfsense/FreeBSD-src/blob/RELENG_2_4_5/sys/netinet/ip_fastfwd.c

Steve

Yes I see that now. But actually it turned out to be good that wasn't easily patched as the solution was not related to that!!

stephenw10

Nice catch. That's an unfortunate situation if you really need to apply that to everything.

Is that workaround documented anywhere?

Steve

maverickws

Hi Stephen, not that I know of.
Actually I busted my brains for three days trying to figure out the issue. As I was already looking to patch pfSense :D and all lol.

So basically here I had set the LAN/DMZ etc interface (the internal facing) to MTU 1400 on the interface configuration. I had assumed that by having the interface at 1400 mtu it would automatically set it to all the client interfaces but apparently not.

So after I added the additional dhcp options all started working just fine, but decided to configure MSS anyway after reading about.

chrcoluk

If you want this patch I think the best avenue is a ticket on redmine. If the pfSense developers agree, then they will patch themselves. Otherwise it is waiting until an eventual update which would use a patched version of FreeBSD

DaddyGo

@chrcoluk said in FreeBSD Bug 188261 - How to apply patch to pfSense:

ticket on redmine

if you read, this has happened in the past

@maverickws " I've added here:
https://redmine.pfsense.org/issues/10820

Thanks!"