pf and hnX interfaces

[Eugene M. Zheganin]

Hello,

I'm running a FreeBSD 12.1 server as a VM under Hyper-V. And although 
this letter will make an impression of another lame post blaming FreeBSD 
for all of the issues while the author should blame himselm, I'm atm out 
of another explanation. The thing is: I'm getting loads of sendmail 
errors like:


===Cut===

Oct 13 13:49:33 gw1 sm-mta[95760]: 09D8mN2P092173: SYSERR(root): 
putbody: write error: Permission denied
Oct 13 13:49:33 gw1 sm-mta[95760]: 09D8mN2P092173: SYSERR(root): timeout 
writing message to <whatever>.mail.protection.outlook.com.: Permission 
denied

===Cut===


The relay address is just random. The thing is, I can successfully 
connect to it via telnet. Even send some commands. But when this is done 
by senamil - and when it's actually sending messages, I get random 
errors. Firstly I was blaming myself and trying to get the rule that 
actually blocks something. I ended up having none of the block rules 
without log clause, and in the same time tcpdump -netti pflog0 shows no 
droppen packets, but sendmail still eventually complains.

If it matters, I have relatively high rps on this interface, about 25 Kpps.

I've also found several posting mentionsing that hnX is badly handling 
the TSO and LRO mode, so I switched it off. No luck however, with 
vlanhwtag and vlanmtu, which for some reason just cannot be switched 
off. the if_hn also lacks a man page for some reason, so it's unclear 
how to tweak it right.

And the most mysterious part  - when I switch the pf off, the errors 
stops to appear. This would clearly mean that pf blocks some packets, 
but then again, this way the pflog0 would show them up, right (and yes - 
it's "UP" )?

Is there some issue with pf and hn interfaces that I'm unaware about?

Are these symptoms of a bug ?


Thanks.

Eugene.