pf high latency

[Mario Beltran]

hello people

I have a netra sunfire v120 with openbsd 3.8 and packet filter.
LOM event: +89d+2h55m35s host reset
ng ...

p
Processor Speed = 648 MHz
Baud rate is 9600
8 Data bits, 1 stop bits, no parity (configured from lom)

Firmware CORE  Sun Microsystems, Inc.
@(#) core 1.0.12 2002/01/08 13:00
Software Power ON
Verifying NVRAM...Done
Bootmode is 0
[New I2C DIMM address]
MCR0 = 57b2ce06
MCR1 = 80008000
MCR2 = cf10000f
MCR3 = a0000086
Ecache Size = 512 KB
Clearing E$ Tags Done
Clearing I/D TLBs Done
Probing memory
Done
MEMBASE=0x0
MEMSIZE=0x20000000
Clearing memory...Done
Turning ON MMUs Done
Copy ROM to RAM (170040 bytes) Done
Orig PC=0x1fff0007e44  New PC=0xf0f07e9c
Processor Speed=648MHz
Looking for Dropin FVM ... found
Decompressing Client Done
Transferring control to Client...

ttya initialized
Reset Control: BXIR:0 BPOR:0 SXIR:0 SPOR:1 POR:0
Probing upa at 1f,0 pci pci pci
Probing upa at 0,0 SUNW,UltraSPARC-IIe SUNW,UltraSPARC-IIe (512 Kb)
Loading Support Packages: kbd-translator
Loading onboard drivers: ebus flashprom eeprom idprom SUNW,lomh
Probing /[EMAIL PROTECTED],1 Device 3  pmu i2c temperature dimm i2c-nvram idprom
  motherboard-fru fan-control
lomp
Sun Fire V120 (UltraSPARC-IIe 648MHz), No Keyboard
OpenBoot 4.0, 512 MB memory installed, Serial #56380363.
Ethernet address 0:3:ba:5c:4b:cb, Host ID: 835c4bcb.



Executing last command: boot                                         
Boot device: disk  File and args:
OpenBSD IEEE 1275 Bootblock 1.1
..>> OpenBSD 3.8 (obj) #1: Thu Sep  1 17:32:37 MDT 2005
   [EMAIL PROTECTED]:/usr/src/sys/arch/sparc64/stand/ofwboot/obj
: trying bsd...
Booting /[EMAIL PROTECTED],0/[EMAIL PROTECTED]/[EMAIL PROTECTED]/[EMAIL 
PROTECTED],0:a/bsd
[EMAIL PROTECTED]@[EMAIL PROTECTED]
symbols @ 0xfef9a280 58+259056+154413 start=0x1000000
[ using 414176 bytes of bsd ELF symbol table ]
console is /[EMAIL PROTECTED],0/[EMAIL PROTECTED],1/[EMAIL PROTECTED]/[EMAIL 
PROTECTED],3f8
Copyright (c) 1982, 1986, 1989, 1991, 1993
       The Regents of the University of California.  All rights reserved.
Copyright (c) 1995-2005 OpenBSD. All rights reserved.  
http://www.OpenBSD.org

OpenBSD 3.8 (GENERIC) #607: Sat Sep 10 16:03:59 MDT 2005
   [EMAIL PROTECTED]:/usr/src/sys/arch/sparc64/compile/GENERIC
total memory = 536870912
avail memory = 479002624
using 3276 buffers containing 26836992 bytes of memory
bootpath: /[EMAIL PROTECTED],0/[EMAIL PROTECTED],0/[EMAIL PROTECTED],0/[EMAIL 
PROTECTED],0
mainbus0 (root): Sun Fire V120 (UltraSPARC-IIe 648MHz)
cpu0 at mainbus0: SUNW,UltraSPARC-IIe @ 648 MHz, version 0 FPU
cpu0: physical 32K instruction (32 b/l), 16K data (32 b/l), 2048K 
external (64 b/l)
psycho0 at mainbus0
SUNW,sabre: impl 0, version 0: ign 7c0 bus range 0 to 3; PCI bus 0
DVMA map: c0000000 to e0000000
IOTDB: 2742000 to 27c2000
pci0 at psycho0
ppb0 at pci0 dev 1 function 1 "Sun Simba PCI-PCI" rev 0x13
pci1 at ppb0 bus 1
ebus0 at pci1 dev 12 function 0 "Sun PCIO Ebus2 (US III)" rev 0x01
flashprom at ebus0 addr 0-fffff not configured
clock1 at ebus0 addr 0-1fff: mk48t59: hostid 835c4bcb
ebus_attach: idprom: incomplete
SUNW,lomh at ebus0 addr 200000-200003 ipl 42 not configured
gem0 at pci1 dev 12 function 1 "Sun ERI Ether" rev 0x01: ivec 3006, 
address 00:03:ba:5c:4b:cb
ukphy0 at gem0 phy 1: Generic IEEE 802.3u media interface
ukphy0: OUI 0x0010dd, model 0x0002, rev. 1
ohci0 at pci1 dev 12 function 3 "Sun USB" rev 0x01: ivec 24, version 
1.0, legacy support
usb0 at ohci0: USB revision 1.0
uhub0 at usb0
uhub0: Sun OHCI root hub, rev 1.00/1.00, addr 1
uhub0: 4 ports with 4 removable, self powered
"Acer Labs M7101 Power" rev 0x00 at pci1 dev 3 function 0 not configured
"Acer Labs M7101 Power" rev 0x00 at pci1 dev 3 function 0 not configured
ebus1 at pci1 dev 7 function 0 "Acer Labs M1533 ISA" rev 0x00
power at ebus1 addr 2000-2007 ipl 37 not configured
com0 at ebus1 addr 3f8-3ff ipl 43: ns16550a, 16 byte fifo
com0: console
com1 at ebus1 addr 2e8-2ef ipl 43: ns16550a, 16 byte fifo
pciide0 at pci1 dev 13 function 0 "Acer Labs M5229 UDMA IDE" rev 0xc3: 
DMA, channel 0 configured to native-PCI, channel 1 configured to native-PCI
pciide0: using ivec 180c for native-PCI interrupt
atapiscsi0 at pciide0 channel 0 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: <TEAC, CD-224E, P.9A> SCSI0 5/cdrom removable
cd0(pciide0:0:0): using PIO mode 4, DMA mode 2
pciide0: channel 1 disabled (no drives)
gem1 at pci1 dev 5 function 1 "Sun ERI Ether" rev 0x01: ivec 301c, 
address 00:03:ba:5c:4b:cc
ukphy1 at gem1 phy 1: Generic IEEE 802.3u media interface
ukphy1: OUI 0x0010dd, model 0x0002, rev. 1
ohci1 at pci1 dev 5 function 3 "Sun USB" rev 0x01: ivec 26, version 1.0, 
legacy support
usb1 at ohci1: USB revision 1.0
uhub1 at usb1
uhub1: Sun OHCI root hub, rev 1.00/1.00, addr 1
uhub1: 4 ports with 4 removable, self powered
ppb1 at pci0 dev 1 function 0 "Sun Simba PCI-PCI" rev 0x13
pci2 at ppb1 bus 2
siop0 at pci2 dev 8 function 0 "Symbios Logic 53c896" rev 0x07: ivec 
1820, using 8K of on-board RAM
scsibus1 at siop0: 16 targets
sd0 at scsibus1 targ 0 lun 0: <FUJITSU, MAP3367N SUN36G, 0401> SCSI4 
0/direct fixed
sd0: 34732MB, 24622 cyl, 27 head, 107 sec, 512 bytes/sec, 71132959 sec total
siop1 at pci2 dev 8 function 1 "Symbios Logic 53c896" rev 0x07: ivec 
1820, using 8K of on-board RAM
scsibus2 at siop1: 16 targets
ppb2 at pci2 dev 5 function 0 "Intel S21154AE/BE PCI-PCI" rev 0x00
pci3 at ppb2 bus 3
"Sun PCIO Ebus2" rev 0x01 at pci3 dev 0 function 0 not configured
hme0 at pci3 dev 0 function 1 "Sun HME" rev 0x01: address 00:03:ba:39:bf:9a
luphy0 at hme0 phy 1: LU6612 10/100 PHY, rev. 1
hme0: using ivec 3005 for interrupt
"Sun PCIO Ebus2" rev 0x01 at pci3 dev 1 function 0 not configured
hme1 at pci3 dev 1 function 1 "Sun HME" rev 0x01: address 00:03:ba:39:bf:9b
luphy1 at hme1 phy 1: LU6612 10/100 PHY, rev. 1
hme1: using ivec 3014 for interrupt
"Sun PCIO Ebus2" rev 0x01 at pci3 dev 2 function 0 not configured
hme2 at pci3 dev 2 function 1 "Sun HME" rev 0x01: address 00:03:ba:39:bf:9c
luphy2 at hme2 phy 1: LU6612 10/100 PHY, rev. 1
hme2: using ivec 3004 for interrupt
"Sun PCIO Ebus2" rev 0x01 at pci3 dev 3 function 0 not configured
hme3 at pci3 dev 3 function 1 "Sun HME" rev 0x01: address 00:03:ba:39:bf:9d
luphy3 at hme3 phy 1: LU6612 10/100 PHY, rev. 1
hme3: using ivec 3015 for interrupt
pcons at mainbus0 not configured
No counter-timer -- using %tick at 648MHz as system clock.
root on sd0a
siop0: target 0 now using tagged 16 bit 40.0 MHz 31 REQ/ACK offset xfers
rootdev=0x700 rrootdev=0x1100 rawdev=0x1102
Automatic boot in progress: starting file system checks.
/dev/rsd0a: file system is clean; not checking
/dev/rsd0f: file system is clean; not checking
/dev/rsd0d: file system is clean; not checking
/dev/rsd0g: file system is clean; not checking
/dev/rsd0e: file system is clean; not checking
setting tty flags
pf enabled
net.inet.ip.forwarding: 0 -> 1
starting network
starting system logger
starting rpc daemons: ntpd.
savecore: no core dump
building ps databases: kvm dev.
clearing /tmp
starting pre-securelevel daemons:.
setting kernel security level: kern.securelevel: 0 -> 1
creating runtime link editor directory cache.
preserving editor files
starting network daemons: inetd sshd.
starting local daemons:.
standard daemons: cron.
Tue Jan 31 14:57:48 CST 2006


I have this configuration

                                         DMZ2
                                   hme0  | ($i_corp)
                                              |
   DMZ3                                |
 ($i_inf) ----- hme1----- [ OpenBSD ]----- gem0 ---  internet ($i_net)
                                              |
                                              |
                                    gem1 | ($i_ser)     
                                          DMZ 1

and my pf.conf has the normal sintax like this:

macros as tables:
table <lan_net> { 10.10.10.1/24 }

macros as interfaces:
i_net       =  "gem0"    # internet

macros as  hostnames:
ip_infra          = "4.4.12.254"

macros as services:
s_ssh           = "22"

and macros as shorcuts:
#syntax
p_in     = "pass in  quick"
p_ou    = "pass out quick"


I have normal rules like these ones:

$p_in on $i_net proto tcp from any to $g_web_servicios port $s_www \
             flags S/SA tag WORLD_SERVI keep state

$p_in on $i_net proto tcp from any to $banshee_ssl port $s_https \
             flags S/SA tag SERVI_CORP keep state

$p_in on $i_ser proto tcp from $g_smtp to any port $s_smtp \
             flags S/SA tag DESDE_SERVI keep state

and so on


$p_ou on $i_ser keep state tagged WORLD_SERVI
$p_ou on $i_net keep state tagged DESDE_SERVI
$p_ou on $i_corp keep state tagged SERVI_COPR

and the total bandwith in all interfaces is almost 35 Mbps

When I activate pf rules the system show high latency and all interfaces 
lost a lot of packets, when packet filter is disable the latency i go 
away and packets go well.

is this a hardaware bug?

is this a pf problem?

what should I do for solve this situation?

thanks in advance and best regards

Mario