From owner-freebsd-ipfw@FreeBSD.ORG Mon Dec 13 11:02:49 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 056F316A4D2 for ; Mon, 13 Dec 2004 11:02:49 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id E878443D1F for ; Mon, 13 Dec 2004 11:02:48 +0000 (GMT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.13.1/8.13.1) with ESMTP id iBDB2mCJ075638 for ; Mon, 13 Dec 2004 11:02:48 GMT (envelope-from owner-bugmaster@freebsd.org) Received: (from peter@localhost) by freefall.freebsd.org (8.13.1/8.13.1/Submit) id iBDB2mVF075632 for ipfw@freebsd.org; Mon, 13 Dec 2004 11:02:48 GMT (envelope-from owner-bugmaster@freebsd.org) Date: Mon, 13 Dec 2004 11:02:48 GMT Message-Id: <200412131102.iBDB2mVF075632@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: peter set sender to owner-bugmaster@freebsd.org using -f From: FreeBSD bugmaster To: ipfw@FreeBSD.org Subject: Current problem reports assigned to you X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Dec 2004 11:02:49 -0000 Current FreeBSD problem reports Critical problems Serious problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2003/04/22] kern/51274 ipfw ipfw2 create dynamic rules with parent nu f [2003/04/24] kern/51341 ipfw ipfw rule 'deny icmp from any to any icmp o [2003/12/11] kern/60154 ipfw ipfw core (crash) o [2004/03/03] kern/63724 ipfw IPFW2 Queues dont t work f [2004/03/25] kern/64694 ipfw [ipfw] UID/GID matching in ipfw non-funct o [2004/11/13] kern/73910 ipfw [ipfw] serious bug on forwarding of packe o [2004/11/19] kern/74104 ipfw ipfw2/1 conflict not detected or reported 7 problems total. Non-critical problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- a [2001/04/13] kern/26534 ipfw Add an option to ipfw to log gid/uid of w o [2002/12/10] kern/46159 ipfw ipfw dynamic rules lifetime feature o [2003/02/11] kern/48172 ipfw ipfw does not log size and flags o [2003/03/10] kern/49086 ipfw [patch] Make ipfw2 log to different syslo o [2003/04/09] bin/50749 ipfw ipfw2 incorrectly parses ports and port r o [2003/08/26] kern/55984 ipfw [patch] time based firewalling support fo o [2003/12/30] kern/60719 ipfw ipfw: Headerless fragments generate cryp o [2004/08/03] kern/69963 ipfw ipfw: install_state warning about already o [2004/09/04] kern/71366 ipfw "ipfw fwd" sometimes rewrites destination 9 problems total. From owner-freebsd-ipfw@FreeBSD.ORG Wed Dec 15 15:07:26 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 616E416A4CE for ; Wed, 15 Dec 2004 15:07:26 +0000 (GMT) Received: from shellma.zin.lublin.pl (shellma.zin.lublin.pl [212.182.126.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 840B543D48 for ; Wed, 15 Dec 2004 15:07:25 +0000 (GMT) (envelope-from pawmal-posting@freebsd.lublin.pl) Received: by shellma.zin.lublin.pl (Postfix, from userid 1018) id C21D5347116; Wed, 15 Dec 2004 16:08:24 +0100 (CET) Date: Wed, 15 Dec 2004 16:08:24 +0100 From: Pawel Malachowski To: freebsd-ipfw@freebsd.org Message-ID: <20041215150824.GA34851@shellma.zin.lublin.pl> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.4.2i Subject: Panic with dummynet, RELENG_4 (dummynet: heap_extract). X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Dec 2004 15:07:26 -0000 Hello, It hit me some time ago. 4.10-STABLE, perfectly stable, no configuration changes for months (only xl(4) replaced with dc(4)), works rock solid for years. IPFW2, kernel Tue Sep 28 16:04:43 CEST 2004. This is direct call to panic(9) so probaly this is something that Should Never Happen. Question: how could it happen?! :) Details: panic: dummynet: heap_extract syncing disks... 2 done Uptime: 56d3h32m3s dumping to dev #ad/0x30001, offset 1572992 dump ata0: resetting devices .. done (kgdb) bt #0 dumpsys () at ../../kern/kern_shutdown.c:487 #1 0xc023c76f in boot (howto=256) at ../../kern/kern_shutdown.c:316 #2 0xc023cb94 in poweroff_wait (junk=0xc04160b6, howto=-1069457280) at ../../kern/kern_shutdown.c:595 #3 0xc0293af9 in heap_extract (h=0xc77df138, obj=0xc7251a00) at ../../netinet/ip_dummynet.c:297 #4 0xc0294df0 in dummynet_io (m=0xc1137b00, pipe_nr=412, dir=1, fwa=0xd8675dd8) at ../../netinet/ip_dummynet.c:1222 #5 0xc029c8cd in ip_output (m0=0xc1137b00, opt=0x0, ro=0xc04cb7a4, flags=1, imo=0x0, inp=0x0) at ../../netinet/ip_output.c:1007 #6 0xc029bc82 in ip_forward (m=0xc1137b00, srcrt=0, next_hop=0x0) at ../../netinet/ip_input.c:1865 #7 0xc029aa87 in ip_input (m=0xc1137b00) at ../../netinet/ip_input.c:699 #8 0xc029ae0f in ipintr () at ../../netinet/ip_input.c:955 #9 0xc03ac1b9 in swi_net_next () #10 0xc0242845 in softclock () at ../../kern/kern_timeout.c:131 #11 0xc03ac173 in doreti_swi () #12 0x8049edf in ?? () #13 0x804a5e6 in ?? () #14 0x804b530 in ?? () #15 0x2807ae89 in ?? () #16 0x2807a9db in ?? () #17 0x80498b6 in ?? () #18 0x804926d in ?? () (kgdb) up 3 #3 0xc0293af9 in heap_extract (h=0xc77df138, obj=0xc7251a00) at ../../netinet/ip_dummynet.c:297 297 panic("dummynet: heap_extract"); (kgdb) l 292 panic("dummynet: heap_extract from middle not supported on this heap!!!\n"); 293 father = *((int *)((char *)obj + h->offset)) ; 294 if (father < 0 || father >= h->elements) { 295 printf("dummynet: heap_extract, father %d out of bound 0..%d\n", 296 father, h->elements); 297 panic("dummynet: heap_extract"); 298 } 299 } 300 RESET_OFFSET(h, father); 301 child = HEAP_LEFT(father) ; /* left child */ Sources: static void heap_extract(struct dn_heap *h, void *obj) { int child, father, max = h->elements - 1 ; if (max < 0) { printf("dummynet: warning, extract from empty heap 0x%p\n", h); return ; } father = 0 ; /* default: move up smallest child */ if (obj != NULL) { /* extract specific element, index is at offset */ if (h->offset <= 0) panic("dummynet: heap_extract from middle not supported on this heap!!! father = *((int *)((char *)obj + h->offset)) ; if (father < 0 || father >= h->elements) { printf("dummynet: heap_extract, father %d out of bound 0..%d\n", father, h->elements); panic("dummynet: heap_extract"); } } So: (father < 0 || father >= h->elements) was true. pipe_nr=412 is a queue, configured like this: q00412: weight 99 pipe 4 8 KB 512 queues (512 buckets) droptail mask: 0x00 0xffffffff/0x0000 -> 0x00000000/0x0000 q00410: weight 1 pipe 4 8 KB 0 queues (512 buckets) droptail mask: 0x00 0xffffffff/0x0000 -> 0x00000000/0x0000 q00411: weight 1 pipe 4 8 KB 515 queues (512 buckets) droptail mask: 0x00 0xffffffff/0x0000 -> 0x00000000/0x0000 00004: 1.800 Mbit/s 0 ms 12 KB 0 queues (1 buckets) droptail mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 -- Paweł Małachowski From owner-freebsd-ipfw@FreeBSD.ORG Thu Dec 16 21:51:22 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 69D3B16A4CE for ; Thu, 16 Dec 2004 21:51:22 +0000 (GMT) Received: from web21321.mail.yahoo.com (web21321.mail.yahoo.com [216.136.175.207]) by mx1.FreeBSD.org (Postfix) with SMTP id 355E143D1F for ; Thu, 16 Dec 2004 21:51:22 +0000 (GMT) (envelope-from asal20002001@yahoo.com) Received: (qmail 59022 invoked by uid 60001); 16 Dec 2004 21:51:22 -0000 Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; b=jGDEMax+1ob3dlnP0LMiLYwD6zV1H815kSbBBVjCTQkgs84MknLfbeSBlllZub31mnLECkcWSi2Bqn42wUv1ZbTgvMMXdIYvnNTbwla1dsFOzbLyKGGoAv6T5ysr5cV0CAQyMz/H+Mj9huPSqpOis/CTW11niUCUj6EvV4ObNQ4= ; Message-ID: <20041216215122.59020.qmail@web21321.mail.yahoo.com> Received: from [152.118.24.3] by web21321.mail.yahoo.com via HTTP; Thu, 16 Dec 2004 13:51:21 PST Date: Thu, 16 Dec 2004 13:51:21 -0800 (PST) From: Yudi To: freebsd-ipfw@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: Patch Dummynet X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Dec 2004 21:51:22 -0000 Halo, I'm student whose doing final project about QoS. I need Dummynet to set my bandwidth. I've search on internet, i've got "20040323.diff" patch. But somehow it didn't work. with error message : # ipfw add pipe 1 ip from any to any ipfw: getsockopt(IP_FW_ADD):Protocol not available # Could you tell me where i can get it ? maybe from you :) Thanks before Best regard, Suyudiana Student at Electricall Engineering University of Indonesia __________________________________ Do you Yahoo!? Yahoo! Mail - Easier than ever with enhanced search. Learn more. http://info.mail.yahoo.com/mail_250 From owner-freebsd-ipfw@FreeBSD.ORG Thu Dec 16 21:55:40 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5D32616A4CE for ; Thu, 16 Dec 2004 21:55:40 +0000 (GMT) Received: from xorpc.icir.org (xorpc.icir.org [192.150.187.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3B7F443D1D for ; Thu, 16 Dec 2004 21:55:40 +0000 (GMT) (envelope-from rizzo@icir.org) Received: from xorpc.icir.org (localhost [127.0.0.1]) by xorpc.icir.org (8.12.11/8.12.8) with ESMTP id iBGLtedk017636; Thu, 16 Dec 2004 13:55:40 -0800 (PST) (envelope-from rizzo@xorpc.icir.org) Received: (from rizzo@localhost) by xorpc.icir.org (8.12.11/8.12.3/Submit) id iBGLteYV017635; Thu, 16 Dec 2004 13:55:40 -0800 (PST) (envelope-from rizzo) Date: Thu, 16 Dec 2004 13:55:39 -0800 From: Luigi Rizzo To: Yudi Message-ID: <20041216135539.A17603@xorpc.icir.org> References: <20041216215122.59020.qmail@web21321.mail.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20041216215122.59020.qmail@web21321.mail.yahoo.com>; from asal20002001@yahoo.com on Thu, Dec 16, 2004 at 01:51:21PM -0800 cc: freebsd-ipfw@freebsd.org Subject: Re: Patch Dummynet X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Dec 2004 21:55:40 -0000 it is a standard part of freebsd, you don;t need any patch luigi On Thu, Dec 16, 2004 at 01:51:21PM -0800, Yudi wrote: > Halo, > I'm student whose doing final project about QoS. > I need Dummynet to set my bandwidth. > I've search on internet, i've got "20040323.diff" > patch. > But somehow it didn't work. > with error message : > # ipfw add pipe 1 ip from any to any > ipfw: getsockopt(IP_FW_ADD):Protocol not available > # > > Could you tell me where i can get it ? > maybe from you :) > > Thanks before > > Best regard, > > > > Suyudiana > Student at Electricall Engineering > University of Indonesia > > > > __________________________________ > Do you Yahoo!? > Yahoo! Mail - Easier than ever with enhanced search. Learn more. > http://info.mail.yahoo.com/mail_250 > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" From owner-freebsd-ipfw@FreeBSD.ORG Thu Dec 16 22:00:08 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DE03816A4CE for ; Thu, 16 Dec 2004 22:00:08 +0000 (GMT) Received: from smtpauth08.mail.atl.earthlink.net (smtpauth08.mail.atl.earthlink.net [209.86.89.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id ABAF843D5D for ; Thu, 16 Dec 2004 22:00:08 +0000 (GMT) (envelope-from martes.wigglesworth@earthlink.net) Received: from [83.170.20.46] (helo=[192.168.3.50]) by smtpauth08.mail.atl.earthlink.net with asmtp (TLSv1:AES256-SHA:256) (Exim 4.34) id 1Cf3fI-0006wv-4Q; Thu, 16 Dec 2004 17:00:05 -0500 From: Martes Wigglesworth To: Luigi Rizzo In-Reply-To: <20041216135539.A17603@xorpc.icir.org> References: <20041216215122.59020.qmail@web21321.mail.yahoo.com> <20041216135539.A17603@xorpc.icir.org> Content-Type: text/plain Organization: Wiggtekmicro Corporation Message-Id: <1103234432.58155.777.camel@Mobile1.276NET> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.6 Date: Fri, 17 Dec 2004 01:00:32 +0300 Content-Transfer-Encoding: 7bit X-ELNK-Trace: 532caf459ba90ce6996df0496707a79d9bea09fe345ed53d9ef193a6bfc3dd487678882f43e7abd8d954a9875e45825b8a4b8a4ee4b2abb2350badd9bab72f9c X-Originating-IP: 83.170.20.46 cc: ipfw-mailings cc: Yudi Subject: Re: Patch Dummynet X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: martes.wigglesworth@earthlink.net List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Dec 2004 22:00:09 -0000 Dude. Do you have the appropriate options within your kernel configuration? option DUMMYNET optoin HZ=1000 etc...? -- Respectfully, M.G.W. System: Asus M6N AMD Duron 256MB RAM 40GB HD 10/100 NIC BSD-5.2.1-RELEASE From owner-freebsd-ipfw@FreeBSD.ORG Fri Dec 17 08:15:50 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 294CE16A4CE for ; Fri, 17 Dec 2004 08:15:50 +0000 (GMT) Received: from web21322.mail.yahoo.com (web21322.mail.yahoo.com [216.136.175.208]) by mx1.FreeBSD.org (Postfix) with SMTP id B377E43D31 for ; Fri, 17 Dec 2004 08:15:49 +0000 (GMT) (envelope-from asal20002001@yahoo.com) Received: (qmail 66311 invoked by uid 60001); 17 Dec 2004 08:15:49 -0000 Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; b=eoHo7m79w9fnBMgkpeVtME34nw3YskM+x3fjSI3ROGPCuH+QVkp1b9Cn3UJ9LY0+WgO/txJgCBWc4Un3on148vDYnsgr+ndOZN4xYFS/frB+quVMbMyQIYYsiCg6RdXEt4YaxCNhPgwDYaWFz8YOGBvNqbgIrYqNF4zqZcl8o6o= ; Message-ID: <20041217081549.66309.qmail@web21322.mail.yahoo.com> Received: from [152.118.24.3] by web21322.mail.yahoo.com via HTTP; Fri, 17 Dec 2004 00:15:49 PST Date: Fri, 17 Dec 2004 00:15:49 -0800 (PST) From: Yudi To: freebsd-ipfw@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: load module using kldload X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Dec 2004 08:15:50 -0000 Sorry, I'm beginner in FreeBSD. I want to load module using kldload. But, I doesn't have /kernel directory in /boot directory FreeBSD kernel modules are located in /boot/kernel directory, right ? Inside /boot directory are : boot0 cdboot loader.4th loader.rc support.4th boot1 defaults loader.conf mbr boot2 loader loader.help pxeboot What should I do ? __________________________________ Do you Yahoo!? Send holiday email and support a worthy cause. Do good. http://celebrity.mail.yahoo.com From owner-freebsd-ipfw@FreeBSD.ORG Fri Dec 17 22:12:12 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1981916A4CE for ; Fri, 17 Dec 2004 22:12:12 +0000 (GMT) Received: from msmisps01.bonddesk.com (msmisps01.bonddesk.com [12.47.70.99]) by mx1.FreeBSD.org (Postfix) with ESMTP id 75F1443D2D for ; Fri, 17 Dec 2004 22:12:11 +0000 (GMT) (envelope-from csmith@bonddesk.com) Received: from 10.133.16.21 ([10.133.16.21]) by mimail.bdg.local ([10.132.16.100]) with Microsoft Exchange Server HTTP-DAV ; Fri, 17 Dec 2004 20:25:43 +0000 Received: from csmith-dt.bdg.local by mimail.bdg.local; 17 Dec 2004 15:25:43 -0500 From: Corey Smith To: freebsd-ipfw@freebsd.org Content-Type: text/plain Content-Transfer-Encoding: 7bit Date: Fri, 17 Dec 2004 15:25:43 -0500 Message-Id: <1103315143.35576.127.camel@localhost> Mime-Version: 1.0 X-Mailer: Evolution 2.0.2 FreeBSD GNOME Team Port Subject: Per flow load balancing X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: csmith@bonddesk.com List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Dec 2004 22:12:12 -0000 Is there a way to do per flow load balancing using ipfw? I'm currently using a rule like: prob 0.5 fwd ip from any to any recv bge0 xmit tun0 This effectively gives me per packet load balancing between the two tunnels. Unfortunately it also leads to significant out-of-order TCP delivery (the two tunnels have varying latency). What I'm looking for is the ability to make each TCP socket stick to a random load balanced tunnel interface for its entire lifetime IE route multipath. -Corey Smith From owner-freebsd-ipfw@FreeBSD.ORG Fri Dec 17 22:31:15 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3831616A4CE for ; Fri, 17 Dec 2004 22:31:15 +0000 (GMT) Received: from mail2.dbitech.ca (radius.wavefire.com [64.141.13.252]) by mx1.FreeBSD.org (Postfix) with SMTP id A793743D58 for ; Fri, 17 Dec 2004 22:31:14 +0000 (GMT) (envelope-from darcy@wavefire.com) Received: (qmail 11435 invoked from network); 17 Dec 2004 23:40:20 -0000 Received: from dbitech.wavefire.com (HELO ?64.141.15.253?) (darcy@64.141.15.253) by radius.wavefire.com with SMTP; 17 Dec 2004 23:40:20 -0000 From: Darcy Buskermolen Organization: Wavefire Technologies Corp. To: freebsd-ipfw@freebsd.org, csmith@bonddesk.com Date: Fri, 17 Dec 2004 14:31:12 -0800 User-Agent: KMail/1.6.2 References: <1103315143.35576.127.camel@localhost> In-Reply-To: <1103315143.35576.127.camel@localhost> MIME-Version: 1.0 Content-Disposition: inline Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200412171431.12983.darcy@wavefire.com> Subject: Re: Per flow load balancing X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Dec 2004 22:31:15 -0000 On December 17, 2004 12:25 pm, Corey Smith wrote: > Is there a way to do per flow load balancing using ipfw? > > I'm currently using a rule like: > > prob 0.5 fwd ip from any to any recv bge0 xmit tun0 > > This effectively gives me per packet load balancing between the two > tunnels. Unfortunately it also leads to significant out-of-order TCP > delivery (the two tunnels have varying latency). > > What I'm looking for is the ability to make each TCP socket stick to a > random load balanced tunnel interface for its entire lifetime IE route > multipath. Yes you can do this through the use of keep-state/check-state > > -Corey Smith > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" -- Darcy Buskermolen Wavefire Technologies Corp. ph: 250.717.0200 fx: 250.763.1759 http://www.wavefire.com From owner-freebsd-ipfw@FreeBSD.ORG Fri Dec 17 23:26:59 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 16AFB16A4CE for ; Fri, 17 Dec 2004 23:26:59 +0000 (GMT) Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id B471E43D39 for ; Fri, 17 Dec 2004 23:26:58 +0000 (GMT) (envelope-from jsimola@gmail.com) Received: by wproxy.gmail.com with SMTP id 58so21160wri for ; Fri, 17 Dec 2004 15:26:58 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding; b=YhqtyP0b4AlquEpYBRvZqiy8y6byD5uZGpFaUdv9ViKL7C6oAjyH5P4/HNkQdvTUvh/PmVVF/0/VaCm0bdqAS0XdZTUiKAeYULx60kqiLUxVNr+b4PGXeLkaAyk51johpS+tSrQ82EIGeHXrPcoXP9ti0HLHDBtnczkcC2g8vHo= Received: by 10.54.3.55 with SMTP id 55mr160496wrc; Fri, 17 Dec 2004 15:26:58 -0800 (PST) Received: by 10.54.39.49 with HTTP; Fri, 17 Dec 2004 15:26:58 -0800 (PST) Message-ID: <8eea040804121715267807440d@mail.gmail.com> Date: Fri, 17 Dec 2004 15:26:58 -0800 From: Jon Simola To: freebsd-ipfw@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Using tables for MAC addresses in ipfw2 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: jon@abccomm.com List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Dec 2004 23:26:59 -0000 I do a lot of filtering based on MAC addresses for our DSL network, and the table support in IPFW is close to what I'm looking for. I've taken a quick glimpse through the code (I'm familiar with the ipfw code pre ipfw2) and I don't see any major hangups to implementing a similar table support for MAC addresses. What the situation is is that we are a DSL reseller for the regional telco. All of our customers have their connections bridged over the ATM network and appear on a fast ethernet port on a Cisco 5505. That is the only place we gain access (The ATM and Cisco are telco owned). I have my FreeBSD 5.2.1 router plugged into that port and working fine, but at any time I have 50 or so rules specifically blocking MAC addresses of customers who haven't paid or have viral activity. Does adding MAC tables sound like a logical course of action? Can anyone suggest a different idea, possibly better overall? From owner-freebsd-ipfw@FreeBSD.ORG Sat Dec 18 00:31:45 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D630B16A4CE for ; Sat, 18 Dec 2004 00:31:45 +0000 (GMT) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.184]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3ADD843D3F for ; Sat, 18 Dec 2004 00:31:45 +0000 (GMT) (envelope-from max@love2party.net) Received: from [212.227.126.208] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1CfSVc-00007M-00; Sat, 18 Dec 2004 01:31:44 +0100 Received: from [217.227.152.17] (helo=donor.laier.local) by mrelayng.kundenserver.de with asmtp (TLSv1:RC4-MD5:128) (Exim 3.35 #1) id 1CfSVa-0002ro-00; Sat, 18 Dec 2004 01:31:42 +0100 From: Max Laier To: freebsd-ipfw@freebsd.org, jon@abccomm.com Date: Sat, 18 Dec 2004 01:31:35 +0100 User-Agent: KMail/1.7.1 References: <8eea040804121715267807440d@mail.gmail.com> In-Reply-To: <8eea040804121715267807440d@mail.gmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart4148511.vnttWTyFbD"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200412180131.42527.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:61c499deaeeba3ba5be80f48ecc83056 Subject: Re: Using tables for MAC addresses in ipfw2 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Dec 2004 00:31:45 -0000 --nextPart4148511.vnttWTyFbD Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Saturday 18 December 2004 00:26, Jon Simola wrote: > I do a lot of filtering based on MAC addresses for our DSL network, > and the table support in IPFW is close to what I'm looking for. I've > taken a quick glimpse through the code (I'm familiar with the ipfw > code pre ipfw2) and I don't see any major hangups to implementing a > similar table support for MAC addresses. > > What the situation is is that we are a DSL reseller for the regional > telco. All of our customers have their connections bridged over the > ATM network and appear on a fast ethernet port on a Cisco 5505. That > is the only place we gain access (The ATM and Cisco are telco owned). > I have my FreeBSD 5.2.1 router plugged into that port and working > fine, but at any time I have 50 or so rules specifically blocking MAC > addresses of customers who haven't paid or have viral activity. > > Does adding MAC tables sound like a logical course of action? Can > anyone suggest a different idea, possibly better overall? It might be a good idea to change the existing tables to store a generic=20 struct sockaddr instead of a sturct sockaddr_in. This way it will be possib= le=20 to store IPv6- and maybe even MAC-addresses into the tables. It should be a= =20 good idea to add some descriptive data to the table head to define what kin= d=20 of addresses are in the table. Other than that, it seems doable. If it is a good idea to have (radix tree) tables for MAC filtering remains = to=20 be seen. As you might have many MAC addresses from the same vendor (=3Dwith= the=20 same prefix) the tree will not balance and you might end up with the same o= r=20 even more overhead. It is certainly *not* a good idea to reimplement the=20 table code for MAC, IPv6 and whatnot. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart4148511.vnttWTyFbD Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQBBw3puXyyEoT62BG0RAgdBAJwJJ+G2+xWi/2VCNckpbCMr12v+1ACfRqmL qVeo0H3Nh4yOhLP0Xe4sqvQ= =4APz -----END PGP SIGNATURE----- --nextPart4148511.vnttWTyFbD--