From owner-freebsd-ipfw@FreeBSD.ORG Sun Oct 17 23:13:28 2010 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 536FF1065670; Sun, 17 Oct 2010 23:13:28 +0000 (UTC) (envelope-from wmn@siberianet.ru) Received: from mail.siberianet.ru (mail.siberianet.ru [89.105.136.7]) by mx1.freebsd.org (Postfix) with ESMTP id 021F88FC12; Sun, 17 Oct 2010 23:13:27 +0000 (UTC) Received: from wmn.localnet (wmn.siberianet.ru [89.105.137.12]) by mail.siberianet.ru (Postfix) with ESMTP id 442991DDEF4; Mon, 18 Oct 2010 06:50:08 +0800 (KRAST) From: Sergey Lobanov Organization: ISP "SiberiaNet" To: freebsd-ipfw@freebsd.org, Luigi Rizzo Date: Mon, 18 Oct 2010 06:50:13 +0800 User-Agent: KMail/1.13.5 (Linux/2.6.35-ARCH; KDE/4.5.2; i686; ; ) MIME-Version: 1.0 Content-Type: Text/Plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Message-Id: <201010180650.14003.wmn@siberianet.ru> Cc: Subject: [PATCH] ipfw: workaround handling of floating-point bw value X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Oct 2010 23:13:28 -0000 If bw value is given in floating-point format its unit is ignored completely, leading to speed definition in bits per second: root@test ~# ipfw pipe 10 config bw 1024.1Mbit/s root@test ~# /usr/obj/usr/src/sbin/ipfw/ipfw pipe 20 config bw 1024.1Kbit/s root@test ~# ipfw pipe show 00010: 1.024 Kbit/s 0 ms burst 0 q131082 50 sl. 0 flows (1 buckets) sched 65546 weight 0 lmax 0 pri 0 droptail sched 65546 type FIFO flags 0x0 0 buckets 0 active 00020: 1.024 Mbit/s 0 ms burst 0 q131092 50 sl. 0 flows (1 buckets) sched 65556 weight 0 lmax 0 pri 0 droptail sched 65556 type FIFO flags 0x0 0 buckets 0 active Workaround patch: --- sbin/ipfw/dummynet.c.orig 2010-10-18 05:57:01.000000000 +0800 +++ sbin/ipfw/dummynet.c 2010-10-18 05:57:03.000000000 +0800 @@ -532,6 +532,11 @@ char *end = NULL; bw = strtoul(arg, &end, 0); + if (*end == '.') { + end++; + while (*end >= '0' && *end <= '9') + end++; + } if (*end == 'K' || *end == 'k') { end++; bw *= 1000; -- ISP SiberiaNet System and Network Administrator From owner-freebsd-ipfw@FreeBSD.ORG Mon Oct 18 11:07:00 2010 Return-Path: Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5683C106566C for ; Mon, 18 Oct 2010 11:07:00 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 39F6F8FC29 for ; Mon, 18 Oct 2010 11:07:00 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id o9IB704v029357 for ; Mon, 18 Oct 2010 11:07:00 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id o9IB6xoH029355 for freebsd-ipfw@FreeBSD.org; Mon, 18 Oct 2010 11:06:59 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 18 Oct 2010 11:06:59 GMT Message-Id: <201010181106.o9IB6xoH029355@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-ipfw@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-ipfw@FreeBSD.org X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Oct 2010 11:07:00 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/150798 ipfw [ipfw] ipfw2 fwd rule matches packets but does not do o kern/150141 ipfw [ipfw]: Not working kernel nat freeBSD 8.1 o kern/149572 ipfw [ipfw] ipfw kernel nat not working properly o kern/148928 ipfw [ipfw] Problem with loading of ipfw NAT rules during s o kern/148827 ipfw [ipfw] divert broken with in-kernel ipfw o kern/148689 ipfw [ipfw] antispoof wrongly triggers on link local IPv6 a o kern/148430 ipfw [ipfw] IPFW schedule delete broken. o kern/148157 ipfw [ipfw] IPFW in kernel nat BUG found in FreeBSD 8.1-PRE o conf/148144 ipfw [patch] add ipfw_nat support for rc.firewall simple ty o conf/148137 ipfw [ipfw] call order of natd and ipfw startup scripts o kern/148091 ipfw [ipfw] ipfw ipv6 handling broken. o kern/147720 ipfw [ipfw] ipfw dynamic rules and fwd o kern/145733 ipfw [ipfw] [patch] ipfw flaws with ipv6 fragments o kern/145305 ipfw [ipfw] ipfw problems, panics, data corruption, ipv6 so o kern/145167 ipfw [ipfw] ipfw nat does not follow its documentation o kern/144269 ipfw [ipfw] problem with ipfw tables o kern/144187 ipfw [ipfw] deadlock using multiple ipfw nat and multiple l o kern/143973 ipfw [ipfw] [panic] ipfw forward option causes kernel reboo o kern/143653 ipfw [ipfw] [patch] ipfw nat redirect_port "buf is too smal o kern/143621 ipfw [ipfw] [dummynet] [patch] dummynet and vnet use result o kern/143474 ipfw [ipfw] ipfw table contains the same address f kern/142951 ipfw [dummynet] using pipes&queues gives OUCH! pipe should o kern/139581 ipfw [ipfw] "ipfw pipe" not limiting bandwidth o kern/139226 ipfw [ipfw] install_state: entry already present, done o kern/137346 ipfw [ipfw] ipfw nat redirect_proto is broken o kern/137232 ipfw [ipfw] parser troubles o kern/136695 ipfw [ipfw] [patch] fwd reached after skipto in dynamic rul o kern/135476 ipfw [ipfw] IPFW table breaks after adding a large number o o bin/134975 ipfw [patch] ipfw(8) can't work with set in rule file. o kern/132553 ipfw [ipfw] ipfw doesn't understand ftp-data port o kern/131817 ipfw [ipfw] blocks layer2 packets that should not be blocke o kern/131601 ipfw [ipfw] [panic] 7-STABLE panic in nat_finalise (tcp=0) o kern/131558 ipfw [ipfw] Inconsistent "via" ipfw behavior o bin/130132 ipfw [patch] ipfw(8): no way to get mask from ipfw pipe sho o kern/129103 ipfw [ipfw] IPFW check state does not work =( o kern/129093 ipfw [ipfw] ipfw nat must not drop packets o kern/129036 ipfw [ipfw] 'ipfw fwd' does not change outgoing interface n o kern/128260 ipfw [ipfw] [patch] ipfw_divert damages IPv6 packets o kern/127230 ipfw [ipfw] [patch] Feature request to add UID and/or GID l o kern/127209 ipfw [ipfw] IPFW table become corrupted after many changes o bin/125370 ipfw [ipfw] [patch] increase a line buffer limit o conf/123119 ipfw [patch] rc script for ipfw does not handle IPv6 o kern/122963 ipfw [ipfw] tcpdump does not show packets redirected by 'ip o kern/122109 ipfw [ipfw] ipfw nat traceroute problem s kern/121807 ipfw [request] TCP and UDP port_table in ipfw o kern/121382 ipfw [dummynet] 6.3-RELEASE-p1 page fault in dummynet (corr o kern/121122 ipfw [ipfw] [patch] add support to ToS IP PRECEDENCE fields o kern/118993 ipfw [ipfw] page fault - probably it's a locking problem o bin/117214 ipfw ipfw(8) fwd with IPv6 treats input as IPv4 o kern/116009 ipfw [ipfw] [patch] Ignore errors when loading ruleset from o docs/113803 ipfw [patch] ipfw(8) - don't get bitten by the fwd rule o kern/112561 ipfw [ipfw] ipfw fwd does not work with some TCP packets o kern/105330 ipfw [ipfw] [patch] ipfw (dummynet) does not allow to set q o bin/104921 ipfw [patch] ipfw(8) sometimes treats ipv6 input as ipv4 (a o kern/104682 ipfw [ipfw] [patch] Some minor language consistency fixes a o kern/103454 ipfw [ipfw] [patch] [request] add a facility to modify DF b o kern/103328 ipfw [ipfw] [request] sugestions about ipfw table o kern/102471 ipfw [ipfw] [patch] add tos and dscp support o kern/98831 ipfw [ipfw] ipfw has UDP hickups o kern/97951 ipfw [ipfw] [patch] ipfw does not tie interface details to o kern/95084 ipfw [ipfw] [regression] [patch] IPFW2 ignores "recv/xmit/v o kern/93300 ipfw [ipfw] ipfw pipe lost packets o kern/91847 ipfw [ipfw] ipfw with vlanX as the device o kern/88659 ipfw [modules] ipfw and ip6fw do not work properly as modul o kern/87032 ipfw [ipfw] [patch] ipfw ioctl interface implementation o kern/86957 ipfw [ipfw] [patch] ipfw mac logging o bin/83046 ipfw [ipfw] ipfw2 error: "setup" is allowed for icmp, but s o kern/82724 ipfw [ipfw] [patch] [request] Add setnexthop and defaultrou s kern/80642 ipfw [ipfw] [patch] ipfw small patch - new RULE OPTION o bin/78785 ipfw [patch] ipfw(8) verbosity locks machine if /etc/rc.fir o kern/74104 ipfw [ipfw] ipfw2/1 conflict not detected or reported, manp o kern/73910 ipfw [ipfw] serious bug on forwarding of packets after NAT o kern/72987 ipfw [ipfw] ipfw/dummynet pipe/queue 'queue [BYTES]KBytes ( o kern/71366 ipfw [ipfw] "ipfw fwd" sometimes rewrites destination mac a o kern/69963 ipfw [ipfw] install_state warning about already existing en o kern/60719 ipfw [ipfw] Headerless fragments generate cryptic error mes o kern/55984 ipfw [ipfw] [patch] time based firewalling support for ipfw o kern/51274 ipfw [ipfw] [patch] ipfw2 create dynamic rules with parent o kern/48172 ipfw [ipfw] [patch] ipfw does not log size and flags o kern/46159 ipfw [ipfw] [patch] [request] ipfw dynamic rules lifetime f a kern/26534 ipfw [ipfw] Add an option to ipfw to log gid/uid of who cau 81 problems total. From owner-freebsd-ipfw@FreeBSD.ORG Mon Oct 11 10:16:11 2010 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2091B1065675 for ; Mon, 11 Oct 2010 10:16:11 +0000 (UTC) (envelope-from cosmic17@gmail.com) Received: from mail-qw0-f54.google.com (mail-qw0-f54.google.com [209.85.216.54]) by mx1.freebsd.org (Postfix) with ESMTP id C85AD8FC16 for ; Mon, 11 Oct 2010 10:16:10 +0000 (UTC) Received: by qwe4 with SMTP id 4so1361183qwe.13 for ; Mon, 11 Oct 2010 03:16:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:content-type; bh=ChZ7z+QIXt7zq/58AQcvHTgof7yWOffiCPIreo5w5vI=; b=nxPQZC9ykrgquDvke5lJel0YzNVvdiL4U9wdJx+MEQbTMnufVFMDgfIbiumfo3OMRe 1FwSXqj39sIEBxBtdDAneMEALCsiaNnXV4OxBYxEYYjF3cL8HuSkOgylan3MGA6I8Gz6 tErm3RwbvcBtptDyMlWqsKhHiu+4IISWIAyS4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=NYahapaN3N49LcvUWOSOHVpLvdLwsmt7p6g8nfFzP73QZNpq5xWNMVtoMRDgV+24KY SCjYehl/dlhQ3EBBiu1wiw/7nhU6H+ZkBrHEN6kFado/xBVbvglwZF3E1tL7Bc5UEKpk P9hzUbRwMOnqLZCan1+bYrh8yaqCkE+9Xu/jU= MIME-Version: 1.0 Received: by 10.224.29.16 with SMTP id o16mr1775168qac.319.1286792169339; Mon, 11 Oct 2010 03:16:09 -0700 (PDT) Received: by 10.220.161.149 with HTTP; Mon, 11 Oct 2010 03:16:09 -0700 (PDT) In-Reply-To: References: Date: Mon, 11 Oct 2010 14:16:09 +0400 Message-ID: From: =?KOI8-R?B?7snLz8zByiDkzdXIwQ==?= To: freebsd-ipfw@freebsd.org X-Mailman-Approved-At: Mon, 18 Oct 2010 11:29:42 +0000 Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Strange behavior of packet scheduling in ipfw3 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Oct 2010 10:16:11 -0000 Hello! The system is: FreeBSD mysystem 8.0-STABLE-201005 FreeBSD 8.0-STABLE-201005 #0: Wed Jul 28 12:04:29 MSD 2010 root@mysystem:/usr/src/sys/amd64/compile/MYKERNEL amd64 There is firewall "ipfw3" from Luigi Rizzo with packet scheduling. There is part of firewall config (tariff with 1Mbit/s speed, for example), below (the rules for another speeds are the same): $IPFW pipe 11 config bw 1040Kbit/s mask dst-ip 0xffffffff $IPFW pipe 12 config bw 1040Kbit/s mask src-ip 0xffffffff ########pipe 11 $IPFW sched 11 config type QFQ mask dst-ip 0xffffff00 $IPFW queue 111 config sched 11 weight 10 $IPFW queue 112 config sched 11 weight 8 $IPFW queue 113 config sched 11 weight 4 $IPFW queue 114 config sched 11 weight 1 $IPFW add queue 111 ip from any to table\(10\) via igb0 out proto udp src-port 5060 $IPFW add queue 112 ip from any to table\(10\) via igb0 out proto tcp src-port 80,443,8080 $IPFW add queue 113 ip from any to table\(10\) via igb0 out proto tcp src-port 5223, 2009, 2106, 3724, 6112, 6881-6999, 7777, 27000-27050, 42292 $IPFW add queue 113 ip from any to table\(10\) via igb0 out proto icmp $IPFW add queue 114 ip from any to table\(10\) via igb0 out $IPFW add queue 111 ip from any to table\(10\) via igb2 out proto udp src-port 5060 $IPFW add queue 112 ip from any to table\(10\) via igb2 out proto tcp src-port 80,443,8080 $IPFW add queue 113 ip from any to table\(10\) via igb2 out proto tcp src-port 5223, 2009, 2106, 3724, 6112, 6881-6999, 7777, 27000-27050, 42292 $IPFW add queue 113 ip from any to table\(10\) via igb2 out proto icmp $IPFW add queue 114 ip from any to table\(10\) via igb2 out ########pipe 12 $IPFW sched 12 config type QFQ mask src-ip 0xffffff00 $IPFW queue 121 config sched 12 weight 10 $IPFW queue 122 config sched 12 weight 8 $IPFW queue 123 config sched 12 weight 4 $IPFW queue 124 config sched 12 weight 1 $IPFW add queue 1210 ip from table\(11\) to any via igb1 out proto udp dst-port 5060 $IPFW add queue 122 ip from table\(11\) to any via igb1 out proto tcp dst-port 80,443,8080 $IPFW add queue 123 ip from table\(11\) to any via igb1 out proto tcp dst-port 5223, 2009, 2106, 3724, 6112, 6881-6999, 7777, 27000-27050, 42292 $IPFW add queue 123 ip from table\(11\) to any via igb1 out proto icmp $IPFW add queue 124 ip from table\(11\) to any via igb1 out $IPFW add queue 121 ip from table\(11\) to any via igb3 out proto udp dst-port 5060 $IPFW add queue 122 ip from table\(11\) to any via igb3 out proto tcp dst-port 80,443,8080 $IPFW add queue 123 ip from table\(11\) to any via igb3 out proto tcp dst-port 5223, 2009, 2106, 3724, 6112, 6881-6999, 7777, 27000-27050, 42292 $IPFW add queue 123 ip from table\(11\) to any via igb3 out proto icmp $IPFW add queue 124 ip from table\(11\) to any via igb3 out Firstly, we have been tested firewall by ourself. And we had no any bad results or any problems or maybe we have not seen them in our synthetic tests. After that we have started this firewall in production. A few months later we received a message from our subscriber with speed 1Mbit/s. He had a problems with online game (big answer delay from the server). We spent a lot of time to solve this problem. Finaly we solved it. The reason was in packet scheduling: 1. we`ve tried to give to subscriber another channel (4Mbit/s) with packet scheduling - there are no such problems; 2. we`ve tried to "turn off" the packet scheduling on 1Mbit channel - there are no such problems. The utilization of subscibers channel was always 0.4Mbit/s. But the traffic from this subscriber was go on under the packet scheduling rules. That`s very strange because of: 1. net.inet.ip.dummynet.io_fast=1; 2. subscribers channel utilization 0.4Mbit/s. As I know with this option, with this firewall config and with this channel utilization (0.4Mbit/s) traffic should bypass the pipe without packet scheduling. Why subscribers traffic with all these conditions doesn`t bypass through pipe without any delays? Why his traffic was on packet scheduling rules? Thanks. From owner-freebsd-ipfw@FreeBSD.ORG Tue Oct 19 02:20:35 2010 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0C2BE106564A for ; Tue, 19 Oct 2010 02:20:35 +0000 (UTC) (envelope-from tea@nts.su) Received: from mail.nts.su (www.elsicom.ru [82.117.160.130]) by mx1.freebsd.org (Postfix) with ESMTP id 1D7848FC0C for ; Tue, 19 Oct 2010 02:20:34 +0000 (UTC) Received: from mail.nts.su (localhost [127.0.0.1]) by mail.nts.su (Postfix) with ESMTP id 05679D4E16 for ; Tue, 19 Oct 2010 08:47:56 +0700 (NOVST) Received: from eat.localnet (unknown [82.117.160.163]) by mail.nts.su (Postfix) with ESMTP id D4FEAD4C49 for ; Tue, 19 Oct 2010 08:47:55 +0700 (NOVST) From: "Evgeny A. Tyurnikov" To: freebsd-ipfw@freebsd.org Date: Tue, 19 Oct 2010 08:48:16 +0700 User-Agent: KMail/1.13.2 (Linux/2.6.32-24-generic; KDE/4.4.2; i686; ; ) X-KMail-Markup: true MIME-Version: 1.0 Message-Id: <201010190848.17015.tea@nts.su> X-Virus-Scanned: ClamAV Content-Type: text/plain; charset="windows-1251" Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: dummynet & large traffic X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Oct 2010 02:20:35 -0000 Hello All! I try shape 1Gbit per sec to clients ( /19 preffixes). FreeBSD 8 Core i7 and two Intel 82572EI nic in bridge mode. But more than 450 Mbit i do not see. At the same time increases network latency on clients. I tune and freebsd and sysctl values, but the same effect. When turn in debugging, in /var/log/messages i see .... Oct 19 08:20:35 pipe kernel: Oct 19 08:20:35 pipe kernel: dummynet: 322635308 q: 0 dummynet: avg: 0 dummynet: waking up pipe 2100 at 28 Oct 19 08:20:35 pipe kernel: Oct 19 08:20:35 pipe kernel: dummynet: 322635308 q: 0 dummynet: avg: 0 dummynet: waking up pipe 2100 at 28 Oct 19 08:20:35 pipe kernel: Oct 19 08:20:35 pipe kernel: dummynet: 322635308 q: 0 dummynet: avg: 0 dummynet: waking up pipe 1100 at 1 pipe 1100 and 2100 outbound and inbound resp. Tell me what dummynet.debug is written in the log...... Regards, Evgeny From owner-freebsd-ipfw@FreeBSD.ORG Tue Oct 19 06:33:29 2010 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A3AB7106566B for ; Tue, 19 Oct 2010 06:33:29 +0000 (UTC) (envelope-from jon.otterholm@ide.resurscentrum.se) Received: from mail1.cil.se (mail1.cil.se [217.197.56.125]) by mx1.freebsd.org (Postfix) with ESMTP id 3E91F8FC19 for ; Tue, 19 Oct 2010 06:33:28 +0000 (UTC) X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Date: Tue, 19 Oct 2010 08:33:26 +0200 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: dummynet & large traffic Thread-Index: ActvNGCUySzGCM+wRv69gHFlxQZ6RgAIu0QQ References: <201010190848.17015.tea@nts.su> From: "Jon Otterholm" To: "Evgeny A. Tyurnikov" , Cc: Subject: SV: dummynet & large traffic X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Oct 2010 06:33:29 -0000 > -----Ursprungligt meddelande----- > Fr=E5n: owner-freebsd-ipfw@freebsd.org [mailto:owner-freebsd- > ipfw@freebsd.org] F=F6r Evgeny A. Tyurnikov > Skickat: den 19 oktober 2010 03:48 > Till: freebsd-ipfw@freebsd.org > =C4mne: dummynet & large traffic >=20 > Hello All! >=20 > I try shape 1Gbit per sec to clients ( /19 preffixes). > FreeBSD 8 Core i7 and two Intel 82572EI nic in bridge mode. > But more than 450 Mbit i do not see. >=20 > At the same time increases network latency on clients. I tune and = freebsd > and sysctl values, but the same effect. >=20 > When turn in debugging, in /var/log/messages i see >=20 > .... > Oct 19 08:20:35 pipe kernel: > Oct 19 08:20:35 pipe kernel: dummynet: 322635308 q: 0 dummynet: avg: = 0 > dummynet: waking up pipe 2100 at 28 > Oct 19 08:20:35 pipe kernel: > Oct 19 08:20:35 pipe kernel: dummynet: 322635308 q: 0 dummynet: avg: = 0 > dummynet: waking up pipe 2100 at 28 > Oct 19 08:20:35 pipe kernel: > Oct 19 08:20:35 pipe kernel: dummynet: 322635308 q: 0 dummynet: avg: = 0 > dummynet: waking up pipe 1100 at 1 >=20 > pipe 1100 and 2100 outbound and inbound resp. >=20 > Tell me what dummynet.debug is written in the log...... >=20 >=20 >=20 > Regards, > Evgeny >=20 > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to = "freebsd-ipfw-unsubscribe@freebsd.org" Can you provide us with your IPFW rule set and your dummynet = configuration? //JO From owner-freebsd-ipfw@FreeBSD.ORG Fri Oct 22 11:49:56 2010 Return-Path: Delivered-To: ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DB676106566B; Fri, 22 Oct 2010 11:49:56 +0000 (UTC) (envelope-from dudu.meyer@gmail.com) Received: from mail-yw0-f54.google.com (mail-yw0-f54.google.com [209.85.213.54]) by mx1.freebsd.org (Postfix) with ESMTP id 3D9248FC19; Fri, 22 Oct 2010 11:49:55 +0000 (UTC) Received: by ywh2 with SMTP id 2so597603ywh.13 for ; Fri, 22 Oct 2010 04:49:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type; bh=I3kps9u5Je7J0USGgPg8MPra+JbZHUQOXfs+ToQ7+/s=; b=cUwWj7g8eTPhG0tJ/Jv52gc/eZO16g8xm5GuLI6iT3o0jAVnSC+STShNPoE+Hq5w5H +C6i21b9B8iuGkDflVHV6+4Q+hrrWjO0EiB6dknj8hYWK0RirCszzxrDIU+Wlzj6yP9P I8US4AKAGsWAirn2k2q3k4PI798Z4lyHoeuh4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=TsxPoFTi6zVIGks3F9Eihqpp87bH140DHutPhHnTSi39ZDt18Rad4tsXyBriksPDGk 6tNgXLdFzkLDWJzqdcw2OIIyu1yO7tCAlOLabydc277gLf2Lah+lRo8JhDS8kp2UXtXy z9EjzhALi1XkuqOU2yDY+movmhnJB1riOKRpQ= MIME-Version: 1.0 Received: by 10.229.95.19 with SMTP id b19mr2159859qcn.64.1287748195223; Fri, 22 Oct 2010 04:49:55 -0700 (PDT) Received: by 10.229.192.194 with HTTP; Fri, 22 Oct 2010 04:49:54 -0700 (PDT) In-Reply-To: References: <4CAA1E7B.1020107@freebsd.org> <4CAA45CC.8020304@freebsd.org> <4CAB8B35.7020703@freebsd.org> <4CACE7DE.9020106@freebsd.org> Date: Fri, 22 Oct 2010 09:49:54 -0200 Message-ID: From: Eduardo Meyer To: Brandon Gooch Content-Type: text/plain; charset=ISO-8859-1 Cc: Patrick Tracanelli , Luiz Otavio O Souza , ipfw@freebsd.org, Julian Elischer , Adrian Chadd Subject: Re: layer2 ipfw 'fwd' support X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Oct 2010 11:49:56 -0000 On Fri, Oct 8, 2010 at 4:02 PM, Brandon Gooch wrote: > On Fri, Oct 8, 2010 at 10:55 AM, Eduardo Meyer wrote: >> On Thu, Oct 7, 2010 at 10:23 PM, Eduardo Meyer wrote: > [SNIP] >> Luiz has added it to: http://loos.no-ip.org:280/lusca_bridge.diff >> >> I have tested and it works pretty well. >> >> I hope someone can add it to -HEAD, so we won't loose it again. With >> time, ipfw code changes and such great patches like Rizzo's and >> Julian's stop working one day. It's bad we miss such great >> functionality. > > Sounds like a reasonable request. I hope it is considered. > >> Thank you again everyone envolved. > > Thanks goes to you for your persistence in getting this working. > >> Adrian / Luiz / Julian, >> >> With this patch fwd does it's job on L2, ordinary proxy works like a >> charm. But TPROXY won't work. It would be perfect to have both >> features together. If you can suggest any further tests or changes I >> will be pleased to test. > > To be clear, are we getting to the point of having the capability in > ipfw of doing something like this in pf: > > ... > pass in quick on $INT_IF route-to lo0 inet proto tcp from any to > 127.0.0.1 port 3128 keep state > ... Yes, pretty much that. > > ...thus allowing true, transparent proxying? > > I really thought that this was possible already with ipfw :( I need to > do some more reading... > > I would be very interested in obtaining details on your final setup, > once everything is in place and fully functioning :) Right. I'm still working on that. We have separated grat things working perfectly. Now I want to glue it together. TPROXY with FreeBSD's IP_BINDANY works perfectly based on L3 redirection with IPFW. Now we can do IPFW L2 redirection/forwarding. So I want to be able to use both togerther, TPROXY with IPFW L2 forwarding. I am investigating the code, learning, trying some tests; since I am not a developer, not good at hacking 3rd party code, I am trying some dirty tricks. Unsucessfull right now but still investigating. Thank you for your interest :-) > > -Brandon > -- =========== Eduardo Meyer pessoal: dudu.meyer@gmail.com profissional: ddm.farmaciap@saude.gov.br