Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    FreeBSD Bug 188261 - How to apply patch to pfSense

    Scheduled Pinned Locked Moved General pfSense Questions
    14 Posts 4 Posters 1.4k Views 5 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • maverickwsM Offline
      maverickws
      last edited by

      Hi all,

      I've come across an issue I described here:
      https://forum.netgate.com/topic/155834/issue-xcp-ng-routed-config-pfsense-slow-speed-packetloss

      Likely the same issue than found here:
      https://forum.netgate.com/topic/77283/very-slow-traffic-from-other-vm-s-through-pfsense-on-xenserver
      and here:
      https://forum.netgate.com/topic/78077/unbelieveably-bad-performance/

      In the meanwhile I gather this is the same issue described here:
      https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=188261

      Which takes me to this:

      (In reply to Ricardo from comment #38)
      Hello,
      
      I've looked into it in the past, but I'm not a networking expert, and properly solving those issues requires a very good understanding of the network subsystem, as I think some modifications to common code are required. When trying to solve this I've made the following patches:
      
      https://reviews.freebsd.org/D6611
      https://reviews.freebsd.org/D6612
      
      (this last one might not be required:)
      
      https://reviews.freebsd.org/D6656
      
      I'm afraid those patches are old, so they might not apply cleanly. Let me know if you can apply and give them a try, and whether they fix anything.
      
      Roger.
      

      but looking for where to apply the patch I don't have the directory /sys and /usr/src/sys is empty/doesn't exist.

      Tried to find it but without success:

      [admin@pfs-fw01]/: find / -iname 'ip_fastfwd.c'
      [admin@pfs-fw01]/:
      
      pfSense 2.4.5-RELEASE-p1 (amd64) 
      built on Tue Jun 02 17:51:17 EDT 2020 
      FreeBSD 11.3-STABLE
      

      So could someone please help me where to apply this patch and see if it works?

      Thank you.

      DaddyGoD 1 Reply Last reply Reply Quote 0
      • DaddyGoD Offline
        DaddyGo @maverickws
        last edited by DaddyGo

        @maverickws "FreeBSD Bug 188261 - How to apply patch to pfSense"

        pfSense is not "clean" FreeBSD please keep this in mind
        if you need a fix you will have to wait for the pfSense team to resolve it...

        or
        submit a request for repair or a future request for a new feature

        https://redmine.pfsense.org/

        BTW:
        checked "patch" so it can be applied (not recommended)

        1006c517-53b1-46ae-b6e5-f7804cf83e08-image.png

        Cats bury it so they can't see it!
        (You know what I mean if you have a cat)

        1 Reply Last reply Reply Quote 0
        • maverickwsM Offline
          maverickws
          last edited by

          @DaddyGo said in FreeBSD Bug 188261 - How to apply patch to pfSense:

          https://redmine.pfsense.org/

          Hi there thank you so much for your reply.

          I think I'll go to pfSense bug tracker and take the issue there. Cheers!

          DaddyGoD 1 Reply Last reply Reply Quote 0
          • DaddyGoD Offline
            DaddyGo @maverickws
            last edited by

            @maverickws said in FreeBSD Bug 188261 - How to apply patch to pfSense:

            I'll go to pfSense bug tracker

            pls. let me suggest his help as well @viktor_g

            Cats bury it so they can't see it!
            (You know what I mean if you have a cat)

            maverickwsM 1 Reply Last reply Reply Quote 0
            • maverickwsM Offline
              maverickws @DaddyGo
              last edited by

              @DaddyGo I've added here:
              https://redmine.pfsense.org/issues/10820

              Thanks!

              DaddyGoD 1 Reply Last reply Reply Quote 0
              • DaddyGoD Offline
                DaddyGo @maverickws
                last edited by

                @maverickws said in FreeBSD Bug 188261 - How to apply patch to pfSense:

                I've added here:

                nice..๐Ÿ˜‰
                You Welcome

                Cats bury it so they can't see it!
                (You know what I mean if you have a cat)

                maverickwsM 1 Reply Last reply Reply Quote 1
                • maverickwsM Offline
                  maverickws @DaddyGo
                  last edited by

                  @DaddyGo Hi,
                  I just wanted to post an update, after some tests I concluded that this issue was only happening when I was using Hetzner vSwitch, and after creating new network interfaces and assigning those the issue stopped. So it is not due to pfSense nor the virtualisation per se.
                  Cheers

                  DaddyGoD 1 Reply Last reply Reply Quote 0
                  • DaddyGoD Offline
                    DaddyGo @maverickws
                    last edited by

                    @maverickws said in FreeBSD Bug 188261 - How to apply patch to pfSense:

                    Hetzner vSwitch

                    In any case, it is definitely useful for lessons and information about Hetzner vSwitch vs. pfSense ๐Ÿ˜‰

                    Cats bury it so they can't see it!
                    (You know what I mean if you have a cat)

                    maverickwsM 1 Reply Last reply Reply Quote 0
                    • stephenw10S Offline
                      stephenw10 Netgate Administrator
                      last edited by

                      Just for reference if you wanted to apply that patch (which you don't because it's ancient) you would need to do so against the pfSense source code and then build it. You can't apply it against an installed system, it's against C source code.
                      https://github.com/pfsense/FreeBSD-src/blob/RELENG_2_4_5/sys/netinet/ip_fastfwd.c

                      Steve

                      1 Reply Last reply Reply Quote 0
                      • maverickwsM Offline
                        maverickws @DaddyGo
                        last edited by

                        @DaddyGo said in FreeBSD Bug 188261 - How to apply patch to pfSense:

                        In any case, it is definitely useful for lessons and information about Hetzner vSwitch vs. pfSense ๐Ÿ˜‰

                        Right. So here what happened was I had set the LAN interface to MTU 1400, but apparently that was not enough (at all!)

                        What I did next was to, in:
                        Services > DHCP Server

                        for each interface that was connected to Hetzner's vSwitch I have added to:

                        • Additional BOOTP/DHCP Options

                        Option Number: 26
                        Type: Unsigned 16 bit integer
                        Value: 1400

                        This fixed it, but afterwards I went to the interfaces and also added MSS 1400 (for target value 1360).

                        @stephenw10 said in FreeBSD Bug 188261 - How to apply patch to pfSense:

                        Just for reference if you wanted to apply that patch (which you don't because it's ancient) you would need to do so against the pfSense source code and then build it. You can't apply it against an installed system, it's against C source code.
                        https://github.com/pfsense/FreeBSD-src/blob/RELENG_2_4_5/sys/netinet/ip_fastfwd.c

                        Steve

                        Yes I see that now. But actually it turned out to be good that wasn't easily patched as the solution was not related to that!!

                        1 Reply Last reply Reply Quote 1
                        • stephenw10S Offline
                          stephenw10 Netgate Administrator
                          last edited by

                          Nice catch. That's an unfortunate situation if you really need to apply that to everything.

                          Is that workaround documented anywhere?

                          Steve

                          1 Reply Last reply Reply Quote 0
                          • maverickwsM Offline
                            maverickws
                            last edited by maverickws

                            Hi Stephen, not that I know of.
                            Actually I busted my brains for three days trying to figure out the issue. As I was already looking to patch pfSense :D and all lol.

                            So basically here I had set the LAN/DMZ etc interface (the internal facing) to MTU 1400 on the interface configuration. I had assumed that by having the interface at 1400 mtu it would automatically set it to all the client interfaces but apparently not.

                            So after I added the additional dhcp options all started working just fine, but decided to configure MSS anyway after reading about.

                            1 Reply Last reply Reply Quote 0
                            • C Offline
                              chrcoluk
                              last edited by

                              If you want this patch I think the best avenue is a ticket on redmine. If the pfSense developers agree, then they will patch themselves. Otherwise it is waiting until an eventual update which would use a patched version of FreeBSD

                              pfSense CE 2.8.0

                              DaddyGoD 1 Reply Last reply Reply Quote 0
                              • DaddyGoD Offline
                                DaddyGo @chrcoluk
                                last edited by

                                @chrcoluk said in FreeBSD Bug 188261 - How to apply patch to pfSense:

                                ticket on redmine

                                if you read, this has happened in the past ๐Ÿ˜‰

                                @maverickws " I've added here:
                                https://redmine.pfsense.org/issues/10820

                                Thanks!"

                                Cats bury it so they can't see it!
                                (You know what I mean if you have a cat)

                                1 Reply Last reply Reply Quote 0
                                • First post
                                  Last post
                                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.