From owner-freebsd-current@FreeBSD.ORG Thu Oct 21 03:55:45 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AC80E16A4CE for ; Thu, 21 Oct 2004 03:55:45 +0000 (GMT) Received: from mproxy.gmail.com (rproxy.gmail.com [64.233.170.204]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4314843D54 for ; Thu, 21 Oct 2004 03:55:45 +0000 (GMT) (envelope-from vincepoy@gmail.com) Received: by mproxy.gmail.com with SMTP id 79so504054rnk for ; Wed, 20 Oct 2004 20:55:44 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding; b=caF/yaC1gOpYkBzP1kvprDHjJjrc+9uXyrONO7yFd7oDaPkrsN2HVlk8uXWlAPKeGbTWf+j3rdfZGMsyVOJTeWMJBnhiWQsTizO64y1qJB1TT8bmSMjeslPf685Elh1yVxQg4zyA/UaUSYlasrE7Yw2KPxdeGRw/oh1PRxZ1BsY Received: by 10.38.65.47 with SMTP id n47mr1174640rna; Wed, 20 Oct 2004 20:55:44 -0700 (PDT) Received: by 10.38.14.49 with HTTP; Wed, 20 Oct 2004 20:55:44 -0700 (PDT) Message-ID: <429af92e041020205510c66168@mail.gmail.com> Date: Wed, 20 Oct 2004 20:55:44 -0700 From: Vincent Poy To: FreeBSD-current@freebsd.org, Andre Oppermann Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Traffic Shaping not working correctly after ipfw coverted to use pfil_hooks API X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Vincent Poy List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Oct 2004 03:55:45 -0000 Greetings everyone: I've recently updated from a March 6, 2004 -CURRENT to a October 19, 2004 -CURRENT and this appears to have broken my traffic shaping using ipfw/dummynet. According to /usr/src/UPDATING, these are the changes. 20040817 - IPFW has been converted to use PFIL_HOOKS. 20040827 - PFIL_HOOKS are a fixed part of the network stack now 20040828 - Network stack runs without Giant lock and also GENERIC kernel is now using the 4BSD scheduler instead of the ULE scheduler. I'm on a 6Mbps/608Kbps ADSL connection with a 8 static IP's CIDR/29 block so what I am doing is using the FreeBSD box as the router for outgoing packets with traffic shaping limiting the upstream at 480Kbps so that when I upload, the downloads do not slow down. I have tested and the speeds I get is as follows without traffic shaping: Downloading only: 650KB/sec Uploading only: 65KB/sec When traffic shaping was working correctly, downloading/uploading at the same time with the bandwidth limit at 480Kbps would show 500KB/sec down and 52KB/sec up. However, after the latest -CURRENT upgrade, it will do 200KB/sec down and 52KB/sec up. If I only download only, then it does show 650KB/sec. Normally, when I change the bandwidth to a number lower than 480Kbps for the pipe, the download speeds would go up when downloading. However, I have tried in 10kbps steps down to 350kbps but it still did not top 200KB/sec in downloading. My rc.firewall is basically set to open but with the following modifications and there is only one NIC (xl0) on this notebook machine: # Traffic Shaping for DSL connection 6.016Mbps/608Kbps # # Make packets exiting dummynet not continue down the chain # If this is not enabled, then packets leaving an early # queue might enter a later queue if the conditions for # the later queue are met, which would be completely # devastating to all the prioritizing we're doing ipfw enable one_pass # Define our upload pipe at 480Kbps ipfw pipe 1 config bw 480Kbit/s # Define a high-priority queue ipfw queue 1 config pipe 1 weight 100 # Define a medium-high-priority queue ipfw queue 2 config pipe 1 weight 66 # Define a medium-low-priority queue ipfw queue 3 config pipe 1 weight 33 # Define a low-priority queue ipfw queue 4 config pipe 1 weight 1 # Add rules so that local routable IP LAN traffic does not use natd ipfw add 39 divert natd all from 10.0.0.0/8 to any via xl0 ipfw add 40 divert natd all from 172.16.0.0/12 to any via xl0 ipfw add 41 divert natd all from 192.168.0.0/16 to any via xl0 ipfw add 42 divert natd all from 208.201.244.224/29 to 10.0.0.0/8 via xl0 ipfw add 43 divert natd all from 208.201.244.224/29 to 172.16.0.0/12 via xl0 ipfw add 44 divert natd all from 208.201.244.224/29 to 192.168.0.0/16 via xl0 ipfw add 45 divert natd all from any to 10.0.0.0/8 via xl0 ipfw add 46 divert natd all from any to 172.16.0.0/12 via xl0 ipfw add 47 divert natd all from any to 192.168.0.0/16 via xl0 ipfw add 48 divert natd all from any to 208.201.244.224/29 via xl0 ipfw add 49 skipto 100 ip from 208.201.244.224/29 to any # Network Address Translation. ipfw add 50 divert natd all from any to any via xl0 # Default rules ipfw add 100 pass all from any to any via lo0 ipfw add 200 deny all from any to 127.0.0.0/8 ipfw add 300 deny ip from 127.0.0.0/8 to any # Route LAN and RFC1918 networks without Traffic Shaping ipfw add 63000 allow all from any to 10.0.0.0/8 out ipfw add 63001 allow all from any to 172.16.0.0/12 out ipfw add 63002 allow all from any to 192.168.0.0/16 out ipfw add 63003 allow all from any to 208.201.244.224/29 out # Assign outgoing empty/small ACK packets to the high-priority queue ipfw add 63004 set 0 queue 1 tcp from any to any tcpflags ack out # Assign outgoing UDP (DNS/gaming) and SSH traffic to the medium-high-priority queue ipfw add 63005 set 0 queue 2 tcp from any to any 22,23 out ipfw add 63006 set 0 queue 2 udp from any to any not 80,443 out # Assign outgoing HTTP/HTTPS WEB traffic to the medium-low-priority queue ipfw add 63007 set 0 queue 3 all from any to any 80,443 out # Assign all other outgoing traffic to the low-priority queue ipfw add 63008 set 0 queue 4 all from any to any out # End of Traffic Shaping ipfw add 65000 pass all from any to any Cheers, Vince