From owner-freebsd-ipfw@FreeBSD.ORG Sun Nov 29 16:19:37 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4BEBC1065676; Sun, 29 Nov 2009 16:19:37 +0000 (UTC) (envelope-from kerbzo@gmail.com) Received: from mail-ew0-f221.google.com (mail-ew0-f221.google.com [209.85.219.221]) by mx1.freebsd.org (Postfix) with ESMTP id 77FFE8FC12; Sun, 29 Nov 2009 16:19:36 +0000 (UTC) Received: by ewy21 with SMTP id 21so3510368ewy.13 for ; Sun, 29 Nov 2009 08:19:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:cc:subject:content-type; bh=aaicWoIVDCX6wMRsG0O7sVvcsd/rkoyQ4md4S2oijf4=; b=wbHWlxYL6xBhLS794+EDYBTGOqjVDIJaMqZRjswFZnE7Jnp+kF0n1JFpy9y2Fago50 5IQ/bUrH5H3c/9uNqqP2S72UFPOQ5HepheKl3VnP1UtY5wq4ks31R9RtsNubmeIbW51l W3vCKG5LmHE6tEoudFWT0Ccf1c8AAulh829VA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject :content-type; b=CvxsADBwOoq6i2W61yc3nPxSivZgr7cOKzVWZZPEPi6kahPUoB33CVHm2IRkDbnjaq +KCECjxWb4dwUD8bbD2j7Enh1x7i2jz6h9mQvzLroKREtlJbeGQq+r+7AUimwTu1SrHS IDTbQlOllRgotsLiLSbF29KKupVVRKwZFn+jQ= Received: by 10.216.85.14 with SMTP id t14mr1025793wee.222.1259510118591; Sun, 29 Nov 2009 07:55:18 -0800 (PST) Received: from kerbzo.local (host99-203-dynamic.11-87-r.retail.telecomitalia.it [87.11.203.99]) by mx.google.com with ESMTPS id p10sm8020687gvf.28.2009.11.29.07.55.13 (version=SSLv3 cipher=RC4-MD5); Sun, 29 Nov 2009 07:55:17 -0800 (PST) Message-ID: <4B129960.9030107@gmail.com> Date: Sun, 29 Nov 2009 16:55:12 +0100 From: Kevin Smith User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812) MIME-Version: 1.0 To: freebsd-current@freebsd.org, freebsd-ipfw@freebsd.org Content-Type: multipart/mixed; boundary="------------050204000406000001000700" Cc: ben@wanderview.com Subject: dummynet issues X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Nov 2009 16:19:37 -0000 This is a multi-part message in MIME format. --------------050204000406000001000700 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Hi, I'm experiencing some dummynet issues after upgrading from 7-STABLE to 8.0-RELEASE. My /var/log/messages is full of these logs: Nov 29 15:34:18 stone kernel: dummynet: OUCH! pipe should have been idle! Nov 29 15:34:49 stone last message repeated 409 times Nov 29 15:36:49 stone last message repeated 1595 times Nov 29 15:46:50 stone last message repeated 8162 times Nov 29 15:56:51 stone last message repeated 7099 times Nov 29 16:06:52 stone last message repeated 4771 times Nov 29 16:16:53 stone last message repeated 3859 times Nov 29 16:26:54 stone last message repeated 3493 times Nov 29 16:36:55 stone last message repeated 5874 times Also I noticed that traffic shaping is not working any longer , i.e.: actually outgoing pipes do not limit bandwidth at all. Until 8 Release upgrading the same configuration was working perfectly. This is my uname -a FreeBSD stone.it 8.0-RELEASE FreeBSD 8.0-RELEASE #5: Sat Nov 28 20:22:30 CET 2009 kevin@stone.it:/usr/obj/usr/src/sys/STONE i386 Attached my dmesg.boot and my kernel configuration. Is anybody experiencing same issues? Thank you, regards, -- Kevin --------------050204000406000001000700 Content-Type: text/plain; x-mac-type="0"; x-mac-creator="0"; name="dmesg.boot" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="dmesg.boot" Copyright (c) 1992-2009 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD is a registered trademark of The FreeBSD Foundation. FreeBSD 8.0-RELEASE #5: Sat Nov 28 20:22:30 CET 2009 tinotom@stone.it:/usr/obj/usr/src/sys/STONE Timecounter "i8254" frequency 1193182 Hz quality 0 CPU: VIA Eden Processor 1200MHz (1200.01-MHz 686-class CPU) Origin = "CentaurHauls" Id = 0x6d0 Stepping = 0 Features=0xa7c9baff Features2=0x4181 VIA Padlock Features=0xffcc real memory = 1073741824 (1024 MB) avail memory = 975413248 (930 MB) kbd1 at kbdmux0 cryptosoft0: on motherboard padlock0: on motherboard acpi0: on motherboard acpi0: [ITHREAD] ACPI Error: Package List length (8) larger than NumElements count (2), truncated 20090521 dsobject-590 ACPI Error: Package List length (8) larger than NumElements count (2), truncated 20090521 dsobject-590 acpi0: Power Button (fixed) acpi0: reservation of 0, a0000 (3) failed acpi0: reservation of 100000, 3bde0000 (3) failed Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000 acpi_timer0: <24-bit timer at 3.579545MHz> port 0x408-0x40b on acpi0 acpi_button0: on acpi0 pcib0: port 0xcf8-0xcff on acpi0 pci_link2: BIOS IRQ 5 for 0.9.INTA is invalid pci_link2: BIOS IRQ 5 for 0.16.INTC is invalid pci_link2: BIOS IRQ 5 for 0.17.INTC is invalid pci0: on pcib0 agp0: on hostb0 agp0: aperture size is 32M pcib1: at device 1.0 on pci0 pci1: on pcib1 vgapci0: mem 0xf4000000-0xf7ffffff,0xfb000000-0xfbffffff irq 11 at device 0.0 on pci1 atapci0: port 0xff00-0xff0f,0xfe00-0xfe0f,0xfd00-0xfd0f,0xfc00-0xfc0f,0xfb00-0xfb1f,0xee00-0xeeff irq 11 at device 8.0 on pci0 atapci0: [ITHREAD] ata2: on atapci0 ata2: [ITHREAD] ata3: on atapci0 ata3: [ITHREAD] ata4: on atapci0 ata4: [ITHREAD] re0: port 0xec00-0xecff mem 0xfdfff000-0xfdfff0ff irq 10 at device 9.0 on pci0 re0: Chip rev. 0x18000000 re0: MAC rev. 0x00000000 miibus0: on re0 rgephy0: PHY 1 on miibus0 rgephy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-FDX, auto re0: Ethernet address: 00:30:18:a3:3e:6e re0: [FILTER] re1: port 0xe800-0xe8ff mem 0xfdffe000-0xfdffe0ff irq 10 at device 11.0 on pci0 re1: Chip rev. 0x18000000 re1: MAC rev. 0x00000000 miibus1: on re1 rgephy1: PHY 1 on miibus1 rgephy1: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-FDX, auto re1: Ethernet address: 00:30:18:a3:3e:6f re1: [FILTER] atapci1: port 0xfa00-0xfa07,0xf900-0xf903,0xf800-0xf807,0xf700-0xf703,0xf600-0xf60f,0xea00-0xeaff irq 11 at device 15.0 on pci0 atapci1: [ITHREAD] ata5: on atapci1 ata5: [ITHREAD] ata6: on atapci1 ata6: [ITHREAD] atapci2: port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xf500-0xf50f at device 15.1 on pci0 ata0: on atapci2 ata0: [ITHREAD] ata1: on atapci2 ata1: [ITHREAD] uhci0: port 0xf400-0xf41f irq 11 at device 16.0 on pci0 uhci0: [ITHREAD] uhci0: LegSup = 0x0010 usbus0: on uhci0 uhci1: port 0xf300-0xf31f irq 11 at device 16.1 on pci0 uhci1: [ITHREAD] uhci1: LegSup = 0x0010 usbus1: on uhci1 uhci2: port 0xf200-0xf21f irq 11 at device 16.2 on pci0 uhci2: [ITHREAD] uhci2: LegSup = 0x0010 usbus2: on uhci2 uhci3: port 0xf100-0xf11f irq 11 at device 16.3 on pci0 uhci3: [ITHREAD] uhci3: LegSup = 0x0010 usbus3: on uhci3 ehci0: mem 0xfdffd000-0xfdffd0ff irq 10 at device 16.4 on pci0 ehci0: [ITHREAD] usbus4: EHCI version 1.0 usbus4: on ehci0 isab0: at device 17.0 on pci0 isa0: on isab0 pci0: at device 17.5 (no driver attached) acpi_tz0: on acpi0 atrtc0: port 0x70-0x73 irq 8 on acpi0 uart0: <16550 or compatible> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0 uart0: [FILTER] uart1: <16550 or compatible> port 0x2f8-0x2ff irq 3 on acpi0 uart1: [FILTER] ppc0: port 0x378-0x37f irq 7 on acpi0 ppc0: Generic chipset (NIBBLE-only) in COMPATIBLE mode ppc0: [ITHREAD] ppbus0: on ppc0 plip0: on ppbus0 plip0: [ITHREAD] lpt0: on ppbus0 lpt0: [ITHREAD] lpt0: Interrupt-driven port ppi0: on ppbus0 atkbdc0: port 0x60,0x64 irq 1 on acpi0 atkbd0: irq 1 on atkbdc0 kbd0 at atkbd0 atkbd0: [GIANT-LOCKED] atkbd0: [ITHREAD] psm0: irq 12 on atkbdc0 psm0: [GIANT-LOCKED] psm0: [ITHREAD] psm0: model Generic PS/2 mouse, device ID 0 cpu0: on acpi0 est0: on cpu0 p4tcc0: on cpu0 pmtimer0 on isa0 orm0: at iomem 0xc0000-0xcf7ff pnpid ORM0000 on isa0 sc0: at flags 0x100 on isa0 sc0: VGA <16 virtual consoles, flags=0x300> vga0: at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0 Timecounter "TSC" frequency 1200008037 Hz quality 800 Timecounters tick every 1.000 msec ipfw2 (+ipv6) initialized, divert enabled, nat loadable, rule-based forwarding disabled, default to accept, logging disabled usbus0: 12Mbps Full Speed USB v1.0 usbus1: 12Mbps Full Speed USB v1.0 usbus2: 12Mbps Full Speed USB v1.0 usbus3: 12Mbps Full Speed USB v1.0 usbus4: 480Mbps High Speed USB v2.0 ad0: 238475MB at ata0-master UDMA100 ugen0.1: at usbus0 uhub0: on usbus0 ugen1.1: at usbus1 uhub1: on usbus1 ugen2.1: at usbus2 uhub2: on usbus2 ugen3.1: at usbus3 uhub3: on usbus3 ugen4.1: at usbus4 uhub4: on usbus4 ad1: 239372MB at ata0-slave UDMA133 ad4: 57231MB at ata2-master SATA150 uhub0: 2 ports with 2 removable, self powered uhub1: 2 ports with 2 removable, self powered uhub2: 2 ports with 2 removable, self powered uhub3: 2 ports with 2 removable, self powered ad6: 476940MB at ata3-master SATA150 ad10: 476940MB at ata5-master SATA150 GEOM: ad6s1: geometry does not match label (255h,63s != 16h,63s). GEOM: ufsid/48f65a225aa70550: geometry does not match label (255h,63s != 16h,63s). ad12: 1430799MB at ata6-master SATA150 Root mount waiting for: usbus4 Root mount waiting for: usbus4 Root mount waiting for: usbus4 uhub4: 8 ports with 8 removable, self powered Trying to mount root from ufs:/dev/ad12s1a ugen0.2: at usbus0 WARNING: attempt to domain_add(netgraph) after domainfinalize() dummynet: OUCH! pipe should have been idle! dummynet: OUCH! pipe should have been idle! dummynet: OUCH! pipe should have been idle! dummynet: OUCH! pipe should have been idle! --------------050204000406000001000700 Content-Type: text/plain; x-mac-type="0"; x-mac-creator="0"; name="STONE" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="STONE" # # GENERIC -- Generic kernel configuration file for FreeBSD/i386 # # For more information on this file, please read the config(5) manual page, # and/or the handbook section on Kernel Configuration Files: # # http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig-config.html # # The handbook is also available locally in /usr/share/doc/handbook # if you've installed the doc distribution, otherwise always see the # FreeBSD World Wide Web server (http://www.FreeBSD.org/) for the # latest information. # # An exhaustive list of options and more detailed explanations of the # device lines is also present in the ../../conf/NOTES and NOTES files. # If you are in doubt as to the purpose or necessity of a line, check first # in NOTES. # # $FreeBSD: src/sys/i386/conf/GENERIC,v 1.519.2.4.2.2 2009/11/09 23:48:01 kensmith Exp $ #cpu I486_CPU #cpu I586_CPU cpu I686_CPU ident STONE # To statically compile in device wiring instead of /boot/device.hints #hints "GENERIC.hints" # Default places to look for devices. # Use the following to compile in values accessible to the kernel # through getenv() (or kenv(1) in userland). The format of the file # is 'variable=value', see kenv(1) # # env "GENERIC.env" makeoptions DEBUG=-g # Build kernel with gdb(1) debug symbols options SCHED_ULE # ULE scheduler #options PREEMPTION # Enable kernel thread preemption options INET # InterNETworking options INET6 # IPv6 communications protocols options SCTP # Stream Control Transmission Protocol options FFS # Berkeley Fast Filesystem options SOFTUPDATES # Enable FFS soft updates support options UFS_ACL # Support for access control lists options UFS_DIRHASH # Improve performance on big directories options UFS_GJOURNAL # Enable gjournal-based UFS journaling options MD_ROOT # MD is a potential root device options NFSCLIENT # Network Filesystem Client options NFSSERVER # Network Filesystem Server options NFSLOCKD # Network Lock Manager options NFS_ROOT # NFS usable as /, requires NFSCLIENT options MSDOSFS # MSDOS Filesystem options CD9660 # ISO 9660 Filesystem options PROCFS # Process filesystem (requires PSEUDOFS) options PSEUDOFS # Pseudo-filesystem framework options GEOM_PART_GPT # GUID Partition Tables. options GEOM_LABEL # Provides labelization options COMPAT_43TTY # BSD 4.3 TTY compat (sgtty) options COMPAT_FREEBSD4 # Compatible with FreeBSD4 options COMPAT_FREEBSD5 # Compatible with FreeBSD5 options COMPAT_FREEBSD6 # Compatible with FreeBSD6 options COMPAT_FREEBSD7 # Compatible with FreeBSD7 options SCSI_DELAY=1000 # Delay (in ms) before probing SCSI options KTRACE # ktrace(1) support options STACK # stack(9) support options SYSVSHM # SYSV-style shared memory options SYSVMSG # SYSV-style message queues options SYSVSEM # SYSV-style semaphores options P1003_1B_SEMAPHORES # POSIX-style semaphores options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions options PRINTF_BUFR_SIZE=128 # Prevent printf output being interspersed. options KBD_INSTALL_CDEV # install a CDEV entry in /dev options HWPMC_HOOKS # Necessary kernel hooks for hwpmc(4) options AUDIT # Security event auditing options MAC # TrustedBSD MAC Framework options FLOWTABLE # per-cpu routing cache #options KDTRACE_HOOKS # Kernel DTrace hooks # To make an SMP kernel, the next two lines are needed #options SMP # Symmetric MultiProcessor Kernel #device apic # I/O APIC # CPU frequency control device cpufreq # Bus support. device acpi device eisa device pci # Floppy drives #device fdc # ATA and ATAPI devices device ata device atadisk # ATA disk drives device ataraid # ATA RAID drives device atapicd # ATAPI CDROM drives device atapifd # ATAPI floppy drives device atapist # ATAPI tape drives options ATA_STATIC_ID # Static device numbering # SCSI Controllers #device ahb # EISA AHA1742 family #device ahc # AHA2940 and onboard AIC7xxx devices #options AHC_REG_PRETTY_PRINT # Print register bitfields in debug # # output. Adds ~128k to driver. #device ahd # AHA39320/29320 and onboard AIC79xx devices #options AHD_REG_PRETTY_PRINT # Print register bitfields in debug # # output. Adds ~215k to driver. #device amd # AMD 53C974 (Tekram DC-390(T)) #device hptiop # Highpoint RocketRaid 3xxx series #device isp # Qlogic family ##device ispfw # Firmware for QLogic HBAs- normally a module #device mpt # LSI-Logic MPT-Fusion ##device ncr # NCR/Symbios Logic #device sym # NCR/Symbios Logic (newer chipsets + those of `ncr') #device trm # Tekram DC395U/UW/F DC315U adapters # #device adv # Advansys SCSI adapters #device adw # Advansys wide SCSI adapters #device aha # Adaptec 154x SCSI adapters #device aic # Adaptec 15[012]x SCSI adapters, AIC-6[23]60. #device bt # Buslogic/Mylex MultiMaster SCSI adapters # #device ncv # NCR 53C500 #device nsp # Workbit Ninja SCSI-3 #device stg # TMC 18C30/18C50 # # SCSI peripherals device scbus # SCSI bus (required for SCSI) device ch # SCSI media changers device da # Direct Access (disks) device sa # Sequential Access (tape etc) device cd # CD device pass # Passthrough device (direct SCSI access) device ses # SCSI Environmental Services (and SAF-TE) # RAID controllers interfaced to the SCSI subsystem #device amr # AMI MegaRAID #device arcmsr # Areca SATA II RAID #device asr # DPT SmartRAID V, VI and Adaptec SCSI RAID #device ciss # Compaq Smart RAID 5* #device dpt # DPT Smartcache III, IV - See NOTES for options #device hptmv # Highpoint RocketRAID 182x #device hptrr # Highpoint RocketRAID 17xx, 22xx, 23xx, 25xx #device iir # Intel Integrated RAID #device ips # IBM (Adaptec) ServeRAID #device mly # Mylex AcceleRAID/eXtremeRAID #device twa # 3ware 9000 series PATA/SATA RAID # ## RAID controllers #device aac # Adaptec FSA RAID #device aacp # SCSI passthrough for aac (requires CAM) #device ida # Compaq Smart RAID #device mfi # LSI MegaRAID SAS #device mlx # Mylex DAC960 family #device pst # Promise Supertrak SX6000 #device twe # 3ware ATA RAID # # atkbdc0 controls both the keyboard and the PS/2 mouse device atkbdc # AT keyboard controller device atkbd # AT keyboard device psm # PS/2 mouse device kbdmux # keyboard multiplexer device vga # VGA video card driver device splash # Splash screen and screen saver support # syscons is the default console driver, resembling an SCO console device sc device agp # support several AGP chipsets # Power management support (see NOTES for more options) #device apm # Add suspend/resume support for the i8254. device pmtimer # PCCARD (PCMCIA) support # PCMCIA and cardbus bridge support #device cbb # cardbus (yenta) bridge #device pccard # PC Card (16-bit) bus #device cardbus # CardBus (32-bit) bus # # Serial (COM) ports device uart # Generic UART driver # Parallel port device ppc device ppbus # Parallel port bus (required) device lpt # Printer device plip # TCP/IP over parallel device ppi # Parallel port interface device #device vpo # Requires scbus and da # If you've got a "dumb" serial or parallel PCI card that is # supported by the puc(4) glue driver, uncomment the following # line to enable it (connects to sio, uart and/or ppc drivers): #device puc # PCI Ethernet NICs. #device de # DEC/Intel DC21x4x (``Tulip'') #device em # Intel PRO/1000 Gigabit Ethernet Family #device igb # Intel PRO/1000 PCIE Server Gigabit Family #device ixgb # Intel PRO/10GbE Ethernet Card #device le # AMD Am7900 LANCE and Am79C9xx PCnet #device ti # Alteon Networks Tigon I/II gigabit Ethernet #device txp # 3Com 3cR990 (``Typhoon'') #device vx # 3Com 3c590, 3c595 (``Vortex'') # PCI Ethernet NICs that use the common MII bus controller code. # NOTE: Be sure to keep the 'device miibus' line in order to use these NICs! device miibus # MII bus support #device ae # Attansic/Atheros L2 FastEthernet #device age # Attansic/Atheros L1 Gigabit Ethernet #device alc # Atheros AR8131/AR8132 Ethernet #device ale # Atheros AR8121/AR8113/AR8114 Ethernet #device bce # Broadcom BCM5706/BCM5708 Gigabit Ethernet #device bfe # Broadcom BCM440x 10/100 Ethernet #device bge # Broadcom BCM570xx Gigabit Ethernet #device dc # DEC/Intel 21143 and various workalikes #device et # Agere ET1310 10/100/Gigabit Ethernet #device fxp # Intel EtherExpress PRO/100B (82557, 82558) #device jme # JMicron JMC250 Gigabit/JMC260 Fast Ethernet #device lge # Level 1 LXT1001 gigabit Ethernet #device msk # Marvell/SysKonnect Yukon II Gigabit Ethernet #device nfe # nVidia nForce MCP on-board Ethernet #device nge # NatSemi DP83820 gigabit Ethernet #device nve # nVidia nForce MCP on-board Ethernet Networking #device pcn # AMD Am79C97x PCI 10/100 (precedence over 'le') device re # RealTek 8139C+/8169/8169S/8110S #device rl # RealTek 8129/8139 #device sf # Adaptec AIC-6915 (``Starfire'') #device sis # Silicon Integrated Systems SiS 900/SiS 7016 #device sk # SysKonnect SK-984x & SK-982x gigabit Ethernet #device ste # Sundance ST201 (D-Link DFE-550TX) #device stge # Sundance/Tamarack TC9021 gigabit Ethernet #device tl # Texas Instruments ThunderLAN #device tx # SMC EtherPower II (83c170 ``EPIC'') #device vge # VIA VT612x gigabit Ethernet #device vr # VIA Rhine, Rhine II #device wb # Winbond W89C840F #device xl # 3Com 3c90x (``Boomerang'', ``Cyclone'') # ISA Ethernet NICs. pccard NICs included. #device cs # Crystal Semiconductor CS89x0 NIC # 'device ed' requires 'device miibus' #device ed # NE[12]000, SMC Ultra, 3c503, DS8390 cards #device ex # Intel EtherExpress Pro/10 and Pro/10+ #device ep # Etherlink III based cards #device fe # Fujitsu MB8696x based cards #device ie # EtherExpress 8/16, 3C507, StarLAN 10 etc. #device sn # SMC's 9000 series of Ethernet chips #device xe # Xircom pccard Ethernet # # Wireless NIC cards device wlan # 802.11 support options IEEE80211_DEBUG # enable debug msgs options IEEE80211_AMPDU_AGE # age frames in AMPDU reorder q's options IEEE80211_SUPPORT_MESH # enable 802.11s draft support device wlan_wep # 802.11 WEP support device wlan_ccmp # 802.11 CCMP support device wlan_tkip # 802.11 TKIP support device wlan_amrr # AMRR transmit rate control algorithm #device an # Aironet 4500/4800 802.11 wireless NICs. #device ath # Atheros pci/cardbus NIC's #device ath_hal # pci/cardbus chip support #options AH_SUPPORT_AR5416 # enable AR5416 tx/rx descriptors #device ath_rate_sample # SampleRate tx rate control for ath #device ral # Ralink Technology RT2500 wireless NICs. #device wi # WaveLAN/Intersil/Symbol 802.11 wireless NICs. #device wl # Older non 802.11 Wavelan wireless NIC. # Pseudo devices. device loop # Network loopback device random # Entropy device device ether # Ethernet support device tun # Packet tunnel. device pty # BSD-style compatibility pseudo ttys device md # Memory "disks" device gif # IPv6 and IPv4 tunneling device faith # IPv6-to-IPv4 relaying (translation) device firmware # firmware assist module # The `bpf' device enables the Berkeley Packet Filter. # Be aware of the administrative consequences of enabling this! # Note that 'bpf' is required for DHCP. device bpf # Berkeley packet filter # USB support device uhci # UHCI PCI->USB interface device ohci # OHCI PCI->USB interface device ehci # EHCI PCI->USB interface (USB 2.0) device usb # USB Bus (required) #device udbp # USB Double Bulk Pipe devices device uhid # "Human Interface Devices" device ukbd # Keyboard device ulpt # Printer device umass # Disks/Mass storage - Requires scbus and da device ums # Mouse device rum # Ralink Technology RT2501USB wireless NICs #device ural # Ralink Technology RT2500USB wireless NICs #device uath # Atheros AR5523 wireless NICs #device zyd # ZyDAS zb1211/zb1211b wireless NICs #device urio # Diamond Rio 500 MP3 player # USB Serial devices #device u3g # USB-based 3G modems (Option, Huawei, Sierra) #device uark # Technologies ARK3116 based serial adapters #device ubsa # Belkin F5U103 and compatible serial adapters #device uftdi # For FTDI usb serial adapters #device uipaq # Some WinCE based devices #device uplcom # Prolific PL-2303 serial adapters #device uslcom # SI Labs CP2101/CP2102 serial adapters #device uvisor # Visor and Palm devices #device uvscom # USB serial support for DDI pocket's PHS # USB Ethernet, requires miibus #device aue # ADMtek USB Ethernet #device axe # ASIX Electronics USB Ethernet #device cdce # Generic USB over Ethernet #device cue # CATC USB Ethernet #device kue # Kawasaki LSI USB Ethernet #device rue # RealTek RTL8150 USB Ethernet #device udav # Davicom DM9601E USB # FireWire support #device firewire # FireWire bus code #device sbp # SCSI over FireWire (Requires scbus and da) #device fwe # Ethernet over FireWire (non-standard!) #device fwip # IP over FireWire (RFC 2734,3146) #device dcons # Dumb console driver #device dcons_crom # Configuration ROM for dcons options NETGRAPH options MAC device drm options DUMMYNET #options VESA options SC_DISABLE_REBOOT options SC_PIXEL_MODE options SC_NORM_ATTR=(FG_GREEN|BG_BLACK) options SC_NORM_REV_ATTR=(FG_YELLOW|BG_GREEN) options SC_KERNEL_CONS_ATTR=(FG_GREEN|BG_BLACK) options SC_KERNEL_CONS_REV_ATTR=(FG_BLACK|BG_RED) #device atapicam options IPFIREWALL options IPFIREWALL_DEFAULT_TO_ACCEPT options IPFIREWALL_VERBOSE options IPDIVERT device crypto device padlock options HZ=1000 --------------050204000406000001000700-- From owner-freebsd-ipfw@FreeBSD.ORG Sun Nov 29 18:31:10 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9F6B1106566C; Sun, 29 Nov 2009 18:31:10 +0000 (UTC) (envelope-from admin@benaianet.com) Received: from mail-yx0-f184.google.com (mail-yx0-f184.google.com [209.85.210.184]) by mx1.freebsd.org (Postfix) with ESMTP id 527E98FC18; Sun, 29 Nov 2009 18:31:09 +0000 (UTC) Received: by yxe14 with SMTP id 14so2460839yxe.7 for ; Sun, 29 Nov 2009 10:31:09 -0800 (PST) Received: by 10.91.81.18 with SMTP id i18mr5504719agl.47.1259517637237; Sun, 29 Nov 2009 10:00:37 -0800 (PST) Received: from ?127.0.0.1? (189-53-144-48.poolip.SDR.embratel.net.br [189.53.144.48]) by mx.google.com with ESMTPS id 7sm1673072yxg.50.2009.11.29.10.00.33 (version=SSLv3 cipher=RC4-MD5); Sun, 29 Nov 2009 10:00:35 -0800 (PST) Message-ID: <4B12B6B9.3030106@bsd.com.br> Date: Sun, 29 Nov 2009 15:00:25 -0300 From: Alex Almeida User-Agent: Thunderbird 2.0.0.23 (Windows/20090812) MIME-Version: 1.0 To: Kevin Smith References: <4B129960.9030107@gmail.com> In-Reply-To: <4B129960.9030107@gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-ipfw@freebsd.org, freebsd-current@freebsd.org, ben@wanderview.com Subject: Re: dummynet issues X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Nov 2009 18:31:10 -0000 Hi, The same happened with me, just by setting: net.inet.ip.fw.one_pass: 0 And stopped the message, however I was using version 6.4. I hope that helps you, Hugs Alex Almeida Kevin Smith escreveu: > Hi, > > I'm experiencing some dummynet issues after upgrading from 7-STABLE to > 8.0-RELEASE. > My /var/log/messages is full of these logs: > > Nov 29 15:34:18 stone kernel: dummynet: OUCH! pipe should have been idle! > Nov 29 15:34:49 stone last message repeated 409 times > Nov 29 15:36:49 stone last message repeated 1595 times > Nov 29 15:46:50 stone last message repeated 8162 times > Nov 29 15:56:51 stone last message repeated 7099 times > Nov 29 16:06:52 stone last message repeated 4771 times > Nov 29 16:16:53 stone last message repeated 3859 times > Nov 29 16:26:54 stone last message repeated 3493 times > Nov 29 16:36:55 stone last message repeated 5874 times > > Also I noticed that traffic shaping is not working any longer , i.e.: > actually outgoing pipes do not limit bandwidth at all. > Until 8 Release upgrading the same configuration was working perfectly. > > This is my uname -a > > FreeBSD stone.it 8.0-RELEASE FreeBSD 8.0-RELEASE #5: Sat Nov 28 20:22:30 > CET 2009 kevin@stone.it:/usr/obj/usr/src/sys/STONE i386 > > Attached my dmesg.boot and my kernel configuration. > > Is anybody experiencing same issues? > Thank you, > regards, > > -- > Kevin > > ------------------------------------------------------------------------ > > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" From owner-freebsd-ipfw@FreeBSD.ORG Sun Nov 29 18:53:40 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8AEB9106568D; Sun, 29 Nov 2009 18:53:40 +0000 (UTC) (envelope-from kerbzo@gmail.com) Received: from mail-ew0-f221.google.com (mail-ew0-f221.google.com [209.85.219.221]) by mx1.freebsd.org (Postfix) with ESMTP id E90C38FC16; Sun, 29 Nov 2009 18:53:39 +0000 (UTC) Received: by ewy21 with SMTP id 21so3607271ewy.13 for ; Sun, 29 Nov 2009 10:53:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; bh=tBAhYl45URWbCIYKpopiPu5ycJaSK+AcUAEswBy9V/Q=; b=HSEiU+alC/4owYUyI6bnDIVlcBUWBcuo5Ev1b+tRePSzMW/hW5z7dwdbkUKfpDZGV9 jlpqL8DO+hYmgf2RQhvj6ULNTNOODQXS22zmhcR2FB4ZOtTZYr0lGTN7B5JL4QeVRy8n rM0c9SAFD3jIXe4ZouLew5YJhIMgXeOEkU38o= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; b=qKPLlkLHlWRnv1sF74UREedgLv2sIDHrfS3wfHu2+mF9axjNwujE93wIHgn1PlzHDL 8UWpxC5BaQ86kjPbuVwfrz/PoS1DSOqu+D1oBB/mLCOpBiXPUfS/ybmNuRw3a+HRj1of Tnulnd2mfsOuN7W2AFm30wC25uYD985EKkeMI= Received: by 10.216.88.140 with SMTP id a12mr1174920wef.157.1259520818656; Sun, 29 Nov 2009 10:53:38 -0800 (PST) Received: from kerbzo.local (host99-203-dynamic.11-87-r.retail.telecomitalia.it [87.11.203.99]) by mx.google.com with ESMTPS id t2sm8378468gve.9.2009.11.29.10.53.37 (version=SSLv3 cipher=RC4-MD5); Sun, 29 Nov 2009 10:53:38 -0800 (PST) Message-ID: <4B12C32F.3060709@gmail.com> Date: Sun, 29 Nov 2009 19:53:35 +0100 From: Kevin Smith User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812) MIME-Version: 1.0 To: Alex Almeida References: <4B129960.9030107@gmail.com> <4B12B6B9.3030106@bsd.com.br> In-Reply-To: <4B12B6B9.3030106@bsd.com.br> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-ipfw@freebsd.org, freebsd-current@freebsd.org, ben@wanderview.com Subject: Re: dummynet issues X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Nov 2009 18:53:40 -0000 Alex Almeida wrote: > Hi, > > The same happened with me, just by setting: > net.inet.ip.fw.one_pass: 0 > > And stopped the message, however I was using version 6.4. > > I hope that helps you, > > Hugs > > Alex Almeida > > > > > Kevin Smith escreveu: >> Hi, >> >> I'm experiencing some dummynet issues after upgrading from 7-STABLE to >> 8.0-RELEASE. >> My /var/log/messages is full of these logs: >> >> Nov 29 15:34:18 stone kernel: dummynet: OUCH! pipe should have been idle! >> Nov 29 15:34:49 stone last message repeated 409 times >> Nov 29 15:36:49 stone last message repeated 1595 times >> Nov 29 15:46:50 stone last message repeated 8162 times >> Nov 29 15:56:51 stone last message repeated 7099 times >> Nov 29 16:06:52 stone last message repeated 4771 times >> Nov 29 16:16:53 stone last message repeated 3859 times >> Nov 29 16:26:54 stone last message repeated 3493 times >> Nov 29 16:36:55 stone last message repeated 5874 times >> >> Also I noticed that traffic shaping is not working any longer , i.e.: >> actually outgoing pipes do not limit bandwidth at all. >> Until 8 Release upgrading the same configuration was working perfectly. >> >> This is my uname -a >> >> FreeBSD stone.it 8.0-RELEASE FreeBSD 8.0-RELEASE #5: Sat Nov 28 20:22:30 >> CET 2009 kevin@stone.it:/usr/obj/usr/src/sys/STONE i386 >> >> Attached my dmesg.boot and my kernel configuration. >> >> Is anybody experiencing same issues? >> Thank you, >> regards, >> >> -- >> Kevin >> >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> freebsd-ipfw@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw >> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" > Hi, I've already net.inet.ip.fw.one_pass set to 0, and also setting it to 1, even if this is not what I need, does not fix. Thank you anyway, regards, -- Kevin From owner-freebsd-ipfw@FreeBSD.ORG Sun Nov 29 19:14:50 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2C15C1065676 for ; Sun, 29 Nov 2009 19:14:50 +0000 (UTC) (envelope-from mailinglistmember@mgwigglesworth.net) Received: from mgwigglesworth.net (mail.mgwigglesworth.com [75.146.26.81]) by mx1.freebsd.org (Postfix) with ESMTP id C24358FC16 for ; Sun, 29 Nov 2009 19:14:49 +0000 (UTC) To: Kevin Smith Date: Sun, 29 Nov 2009 14:02:27 -0500 Envelope-To: kerbzo@gmail.com, admin@benaianet.com, freebsd-ipfw@freebsd.org, freebsd-current@freebsd.org, ben@wanderview.com References: <4B129960.9030107@gmail.com> <4B12B6B9.3030106@bsd.com.br> <4B12C32F.3060709@gmail.com> Message-ID: <4B12C543.2070204@mgwigglesworth.net> From: "Mailing LIst Member" Received: from [192.168.5.12] (192.168.5.12 [192.168.5.12]) by mgwigglesworth.net; Sun, 29 Nov 2009 14:02:42 -0500 User-Agent: Thunderbird 2.0.0.23 (X11/20090822) MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-ipfw@freebsd.org, freebsd-current@freebsd.org, Alex Almeida , ben@wanderview.com Subject: Re: dummynet issues X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Nov 2009 19:14:50 -0000 Kevin Smith wrote: > Alex Almeida wrote: > >> Hi, >> >> The same happened with me, just by setting: >> net.inet.ip.fw.one_pass: 0 >> >> And stopped the message, however I was using version 6.4. >> >> I hope that helps you, >> >> Hugs >> >> Alex Almeida >> >> >> >> >> Kevin Smith escreveu: >> >>> Hi, >>> >>> I'm experiencing some dummynet issues after upgrading from 7-STABLE to >>> 8.0-RELEASE. >>> My /var/log/messages is full of these logs: >>> >>> Nov 29 15:34:18 stone kernel: dummynet: OUCH! pipe should have been idle! >>> Nov 29 15:34:49 stone last message repeated 409 times >>> Nov 29 15:36:49 stone last message repeated 1595 times >>> Nov 29 15:46:50 stone last message repeated 8162 times >>> Nov 29 15:56:51 stone last message repeated 7099 times >>> Nov 29 16:06:52 stone last message repeated 4771 times >>> Nov 29 16:16:53 stone last message repeated 3859 times >>> Nov 29 16:26:54 stone last message repeated 3493 times >>> Nov 29 16:36:55 stone last message repeated 5874 times >>> >>> Also I noticed that traffic shaping is not working any longer , i.e.: >>> actually outgoing pipes do not limit bandwidth at all. >>> Until 8 Release upgrading the same configuration was working perfectly. >>> >>> This is my uname -a >>> >>> FreeBSD stone.it 8.0-RELEASE FreeBSD 8.0-RELEASE #5: Sat Nov 28 20:22:30 >>> CET 2009 kevin@stone.it:/usr/obj/usr/src/sys/STONE i386 >>> >>> Attached my dmesg.boot and my kernel configuration. >>> >>> Is anybody experiencing same issues? >>> Thank you, >>> regards, >>> >>> -- >>> Kevin >>> >>> ------------------------------------------------------------------------ >>> >>> _______________________________________________ >>> freebsd-ipfw@freebsd.org mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw >>> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" >>> > Hi, > > I've already net.inet.ip.fw.one_pass set to 0, and also setting it to 1, > even if this is not what I need, does not fix. > Thank you anyway, > regards, > > -- > Kevin > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" > I know this may be a rediculous question, given the audience, however, I will inquire anyhow. "Have you verified that your kernel has installed cleanly?" I am still on 7.2-Stable, on my production servers, however, when I have attempted hasty upgrades, and reinstalled the kernel after compiling it on the new system, it required a second iteration of cleaning, and recompiling/installing for the kernel to recognize the net options that are being referenced. Hence, when I initially compiled and installed the kernel, I had to repeat the process a second time, to see all firewalling activated correctly.(pipes, and other rules) Of course, as previously indicated, this may be just a new bug for the newer system, however, I would try that first. Also, make sure you port the new version of your rules/config file to the 8-Release branch. I have had trouble going between 6 and 7 with some of these rules not being recognized but the option compiled. I can't remember what that was, for a good example, however, just a few things to investigate. I apologize if these options have already been investigated. Respectfully, Martes From owner-freebsd-ipfw@FreeBSD.ORG Sun Nov 29 21:31:08 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8BAB6106568D; Sun, 29 Nov 2009 21:31:08 +0000 (UTC) (envelope-from owner-freebsd-current@freebsd.org) Received: from werkwelt.de (post.werkwelt.de [91.194.85.74]) by mx1.freebsd.org (Postfix) with ESMTP id A7E9E8FC19; Sun, 29 Nov 2009 21:31:07 +0000 (UTC) Received: by werkwelt.de (CommuniGate Pro PIPE 5.0.13) with PIPE id 6722105; Sun, 29 Nov 2009 21:30:59 +0100 X-TFF-CGPSA-Version: 1.5 X-TFF-CGPSA-Filter: Scanned X-Spam-Checker-Version: SpamAssassin 3.1.7-deb3 (2006-10-05) on post.werkwelt.de X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00, MSGID_FROM_MTA_HEADER autolearn=ham version=3.1.7-deb3 Received: from mx2.freebsd.org ([69.147.83.53] verified) by werkwelt.de (CommuniGate Pro SMTP 5.0.13) with ESMTP id 6722110 for kuku@kukulies.org; Sun, 29 Nov 2009 21:30:39 +0100 Received-SPF: pass receiver=werkwelt.de; client-ip=69.147.83.53; envelope-from=owner-freebsd-current@freebsd.org Received: from hub.freebsd.org (hub.freebsd.org [IPv6:2001:4f8:fff6::36]) by mx2.freebsd.org (Postfix) with ESMTP id DFC3F157B90; Sun, 29 Nov 2009 20:29:55 +0000 (UTC) Received: from hub.freebsd.org (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id B81D410656A7; Sun, 29 Nov 2009 20:29:55 +0000 (UTC) (envelope-from owner-freebsd-current@freebsd.org) Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2B0721065672 for ; Sun, 29 Nov 2009 19:14:51 +0000 (UTC) (envelope-from mailinglistmember@mgwigglesworth.net) Received: from mgwigglesworth.net (mail.mgwigglesworth.net [75.146.26.81]) by mx1.freebsd.org (Postfix) with ESMTP id C13E28FC18 for ; Sun, 29 Nov 2009 19:14:50 +0000 (UTC) To: Kevin Smith Date: Sun, 29 Nov 2009 14:02:27 -0500 References: <4B129960.9030107@gmail.com> <4B12B6B9.3030106@bsd.com.br> <4B12C32F.3060709@gmail.com> Message-ID: <4B12C543.2070204@mgwigglesworth.net> From: "Mailing LIst Member" Received: from [192.168.5.12] (192.168.5.12 [192.168.5.12]) by mgwigglesworth.net; Sun, 29 Nov 2009 14:02:42 -0500 User-Agent: Thunderbird 2.0.0.23 (X11/20090822) MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Mailman-Approved-At: Sun, 29 Nov 2009 20:29:53 +0000 X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Sender: owner-freebsd-current@freebsd.org Errors-To: owner-freebsd-current@freebsd.org Cc: freebsd-ipfw@freebsd.org, freebsd-current@freebsd.org, Alex Almeida , ben@wanderview.com Subject: Re: dummynet issues X-BeenThere: freebsd-ipfw@freebsd.org List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Nov 2009 21:31:08 -0000 Kevin Smith wrote: > Alex Almeida wrote: > >> Hi, >> >> The same happened with me, just by setting: >> net.inet.ip.fw.one_pass: 0 >> >> And stopped the message, however I was using version 6.4. >> >> I hope that helps you, >> >> Hugs >> >> Alex Almeida >> >> >> >> >> Kevin Smith escreveu: >> >>> Hi, >>> >>> I'm experiencing some dummynet issues after upgrading from 7-STABLE to >>> 8.0-RELEASE. >>> My /var/log/messages is full of these logs: >>> >>> Nov 29 15:34:18 stone kernel: dummynet: OUCH! pipe should have been idle! >>> Nov 29 15:34:49 stone last message repeated 409 times >>> Nov 29 15:36:49 stone last message repeated 1595 times >>> Nov 29 15:46:50 stone last message repeated 8162 times >>> Nov 29 15:56:51 stone last message repeated 7099 times >>> Nov 29 16:06:52 stone last message repeated 4771 times >>> Nov 29 16:16:53 stone last message repeated 3859 times >>> Nov 29 16:26:54 stone last message repeated 3493 times >>> Nov 29 16:36:55 stone last message repeated 5874 times >>> >>> Also I noticed that traffic shaping is not working any longer , i.e.: >>> actually outgoing pipes do not limit bandwidth at all. >>> Until 8 Release upgrading the same configuration was working perfectly. >>> >>> This is my uname -a >>> >>> FreeBSD stone.it 8.0-RELEASE FreeBSD 8.0-RELEASE #5: Sat Nov 28 20:22:30 >>> CET 2009 kevin@stone.it:/usr/obj/usr/src/sys/STONE i386 >>> >>> Attached my dmesg.boot and my kernel configuration. >>> >>> Is anybody experiencing same issues? >>> Thank you, >>> regards, >>> >>> -- >>> Kevin >>> >>> ------------------------------------------------------------------------ >>> >>> _______________________________________________ >>> freebsd-ipfw@freebsd.org mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw >>> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" >>> > Hi, > > I've already net.inet.ip.fw.one_pass set to 0, and also setting it to 1, > even if this is not what I need, does not fix. > Thank you anyway, > regards, > > -- > Kevin > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" > I know this may be a rediculous question, given the audience, however, I will inquire anyhow. "Have you verified that your kernel has installed cleanly?" I am still on 7.2-Stable, on my production servers, however, when I have attempted hasty upgrades, and reinstalled the kernel after compiling it on the new system, it required a second iteration of cleaning, and recompiling/installing for the kernel to recognize the net options that are being referenced. Hence, when I initially compiled and installed the kernel, I had to repeat the process a second time, to see all firewalling activated correctly.(pipes, and other rules) Of course, as previously indicated, this may be just a new bug for the newer system, however, I would try that first. Also, make sure you port the new version of your rules/config file to the 8-Release branch. I have had trouble going between 6 and 7 with some of these rules not being recognized but the option compiled. I can't remember what that was, for a good example, however, just a few things to investigate. I apologize if these options have already been investigated. Respectfully, Martes _______________________________________________ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org" From owner-freebsd-ipfw@FreeBSD.ORG Sun Nov 29 21:31:17 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 892CF10656C7; Sun, 29 Nov 2009 21:31:17 +0000 (UTC) (envelope-from owner-freebsd-current@freebsd.org) Received: from mail.netams.com (www.netams.com [212.192.245.10]) by mx1.freebsd.org (Postfix) with ESMTP id 7A39D8FC21; Sun, 29 Nov 2009 21:31:16 +0000 (UTC) Received: by mail.netams.com (CommuniGate Pro PIPE 5.2.8) with PIPE id 806526; Sun, 29 Nov 2009 23:31:13 +0300 X-TFF-CGPSA-Version: 1.5 X-TFF-CGPSA-Filter: Scanned X-Spam-INFO: No, score=-5.8 required=5.0 tests=BAYES_00=-2.599, MSGID_FROM_MTA_HEADER=0.803, RCVD_IN_DNSWL_MED=-4 autolearn=ham version=3.2.5 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on netams.com X-Spam-Level: X-Spam-Status: No, score=-5.8 required=5.0 tests=BAYES_00, MSGID_FROM_MTA_HEADER,RCVD_IN_DNSWL_MED autolearn=ham version=3.2.5 Received: from mx2.freebsd.org ([69.147.83.53] verified) by mail.netams.com (CommuniGate Pro SMTP 5.2.8) with ESMTP id 806532 for jura@netams.com; Sun, 29 Nov 2009 23:30:51 +0300 Received-SPF: pass receiver=mail.netams.com; client-ip=69.147.83.53; envelope-from=owner-freebsd-current@freebsd.org Received: from hub.freebsd.org (hub.freebsd.org [IPv6:2001:4f8:fff6::36]) by mx2.freebsd.org (Postfix) with ESMTP id 3430517AF2C; Sun, 29 Nov 2009 20:29:58 +0000 (UTC) Received: from hub.freebsd.org (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id AFEA41065735; Sun, 29 Nov 2009 20:29:56 +0000 (UTC) (envelope-from owner-freebsd-current@freebsd.org) Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2B0721065672 for ; Sun, 29 Nov 2009 19:14:51 +0000 (UTC) (envelope-from mailinglistmember@mgwigglesworth.net) Received: from mgwigglesworth.net (mail.mgwigglesworth.net [75.146.26.81]) by mx1.freebsd.org (Postfix) with ESMTP id C13E28FC18 for ; Sun, 29 Nov 2009 19:14:50 +0000 (UTC) To: Kevin Smith Date: Sun, 29 Nov 2009 14:02:27 -0500 References: <4B129960.9030107@gmail.com> <4B12B6B9.3030106@bsd.com.br> <4B12C32F.3060709@gmail.com> Message-ID: <4B12C543.2070204@mgwigglesworth.net> From: "Mailing LIst Member" Received: from [192.168.5.12] (192.168.5.12 [192.168.5.12]) by mgwigglesworth.net; Sun, 29 Nov 2009 14:02:42 -0500 User-Agent: Thunderbird 2.0.0.23 (X11/20090822) MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Mailman-Approved-At: Sun, 29 Nov 2009 20:29:53 +0000 X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Sender: owner-freebsd-current@freebsd.org Errors-To: owner-freebsd-current@freebsd.org Cc: freebsd-ipfw@freebsd.org, freebsd-current@freebsd.org, Alex Almeida , ben@wanderview.com Subject: Re: dummynet issues X-BeenThere: freebsd-ipfw@freebsd.org List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Nov 2009 21:31:17 -0000 Kevin Smith wrote: > Alex Almeida wrote: > >> Hi, >> >> The same happened with me, just by setting: >> net.inet.ip.fw.one_pass: 0 >> >> And stopped the message, however I was using version 6.4. >> >> I hope that helps you, >> >> Hugs >> >> Alex Almeida >> >> >> >> >> Kevin Smith escreveu: >> >>> Hi, >>> >>> I'm experiencing some dummynet issues after upgrading from 7-STABLE to >>> 8.0-RELEASE. >>> My /var/log/messages is full of these logs: >>> >>> Nov 29 15:34:18 stone kernel: dummynet: OUCH! pipe should have been idle! >>> Nov 29 15:34:49 stone last message repeated 409 times >>> Nov 29 15:36:49 stone last message repeated 1595 times >>> Nov 29 15:46:50 stone last message repeated 8162 times >>> Nov 29 15:56:51 stone last message repeated 7099 times >>> Nov 29 16:06:52 stone last message repeated 4771 times >>> Nov 29 16:16:53 stone last message repeated 3859 times >>> Nov 29 16:26:54 stone last message repeated 3493 times >>> Nov 29 16:36:55 stone last message repeated 5874 times >>> >>> Also I noticed that traffic shaping is not working any longer , i.e.: >>> actually outgoing pipes do not limit bandwidth at all. >>> Until 8 Release upgrading the same configuration was working perfectly. >>> >>> This is my uname -a >>> >>> FreeBSD stone.it 8.0-RELEASE FreeBSD 8.0-RELEASE #5: Sat Nov 28 20:22:30 >>> CET 2009 kevin@stone.it:/usr/obj/usr/src/sys/STONE i386 >>> >>> Attached my dmesg.boot and my kernel configuration. >>> >>> Is anybody experiencing same issues? >>> Thank you, >>> regards, >>> >>> -- >>> Kevin >>> >>> ------------------------------------------------------------------------ >>> >>> _______________________________________________ >>> freebsd-ipfw@freebsd.org mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw >>> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" >>> > Hi, > > I've already net.inet.ip.fw.one_pass set to 0, and also setting it to 1, > even if this is not what I need, does not fix. > Thank you anyway, > regards, > > -- > Kevin > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" > I know this may be a rediculous question, given the audience, however, I will inquire anyhow. "Have you verified that your kernel has installed cleanly?" I am still on 7.2-Stable, on my production servers, however, when I have attempted hasty upgrades, and reinstalled the kernel after compiling it on the new system, it required a second iteration of cleaning, and recompiling/installing for the kernel to recognize the net options that are being referenced. Hence, when I initially compiled and installed the kernel, I had to repeat the process a second time, to see all firewalling activated correctly.(pipes, and other rules) Of course, as previously indicated, this may be just a new bug for the newer system, however, I would try that first. Also, make sure you port the new version of your rules/config file to the 8-Release branch. I have had trouble going between 6 and 7 with some of these rules not being recognized but the option compiled. I can't remember what that was, for a good example, however, just a few things to investigate. I apologize if these options have already been investigated. Respectfully, Martes _______________________________________________ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org" From owner-freebsd-ipfw@FreeBSD.ORG Sun Nov 29 21:32:39 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A255B106568B; Sun, 29 Nov 2009 21:32:39 +0000 (UTC) (envelope-from owner-freebsd-current@freebsd.org) Received: from 372.ru (ns.372.ru [212.122.17.110]) by mx1.freebsd.org (Postfix) with ESMTP id ECEB38FC17; Sun, 29 Nov 2009 21:32:37 +0000 (UTC) X-Spam-Status: No, hits=-2.9 required=8.4 Received: by 372.ru (CommuniGate Pro PIPE 5.2.13) with PIPE id 7161594; Mon, 30 Nov 2009 06:31:18 +1000 X-TFF-CGPSA-Version: 1.5 X-TFF-CGPSA-Filter: Scanned X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on ns.372.ru X-Spam-Level: X-Spam-Status: No, score=-2.9 required=8.4 tests=BAYES_00,J_CHICKENPOX_54, MR_NOT_ATTRIBUTED_IP, MSGID_FROM_MTA_HEADER, RATWR10_MESSID, RCVD_IN_DNSWL_MED, TW_PF autolearn=ham version=3.2.5 Received: from mx2.freebsd.org ([69.147.83.53] verified) by 372.ru (CommuniGate Pro SMTP 5.2.13) with ESMTP id 7161603 for logs@372.ru; Mon, 30 Nov 2009 06:30:57 +1000 Received: from hub.freebsd.org (hub.freebsd.org [IPv6:2001:4f8:fff6::36]) by mx2.freebsd.org (Postfix) with ESMTP id 1096117AF6C; Sun, 29 Nov 2009 20:29:59 +0000 (UTC) Received: from hub.freebsd.org (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id DCBA010656B5; Sun, 29 Nov 2009 20:29:57 +0000 (UTC) (envelope-from owner-freebsd-current@freebsd.org) Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2B0721065672 for ; Sun, 29 Nov 2009 19:14:51 +0000 (UTC) (envelope-from mailinglistmember@mgwigglesworth.net) Received: from mgwigglesworth.net (mail.mgwigglesworth.net [75.146.26.81]) by mx1.freebsd.org (Postfix) with ESMTP id C13E28FC18 for ; Sun, 29 Nov 2009 19:14:50 +0000 (UTC) To: Kevin Smith Date: Sun, 29 Nov 2009 14:02:27 -0500 References: <4B129960.9030107@gmail.com> <4B12B6B9.3030106@bsd.com.br> <4B12C32F.3060709@gmail.com> Message-ID: <4B12C543.2070204@mgwigglesworth.net> From: "Mailing LIst Member" Received: from [192.168.5.12] (192.168.5.12 [192.168.5.12]) by mgwigglesworth.net; Sun, 29 Nov 2009 14:02:42 -0500 User-Agent: Thunderbird 2.0.0.23 (X11/20090822) MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Mailman-Approved-At: Sun, 29 Nov 2009 20:29:53 +0000 X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Sender: owner-freebsd-current@freebsd.org Errors-To: owner-freebsd-current@freebsd.org Cc: freebsd-ipfw@freebsd.org, freebsd-current@freebsd.org, Alex Almeida , ben@wanderview.com Subject: Re: dummynet issues X-BeenThere: freebsd-ipfw@freebsd.org List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Nov 2009 21:32:39 -0000 Kevin Smith wrote: > Alex Almeida wrote: > >> Hi, >> >> The same happened with me, just by setting: >> net.inet.ip.fw.one_pass: 0 >> >> And stopped the message, however I was using version 6.4. >> >> I hope that helps you, >> >> Hugs >> >> Alex Almeida >> >> >> >> >> Kevin Smith escreveu: >> >>> Hi, >>> >>> I'm experiencing some dummynet issues after upgrading from 7-STABLE to >>> 8.0-RELEASE. >>> My /var/log/messages is full of these logs: >>> >>> Nov 29 15:34:18 stone kernel: dummynet: OUCH! pipe should have been idle! >>> Nov 29 15:34:49 stone last message repeated 409 times >>> Nov 29 15:36:49 stone last message repeated 1595 times >>> Nov 29 15:46:50 stone last message repeated 8162 times >>> Nov 29 15:56:51 stone last message repeated 7099 times >>> Nov 29 16:06:52 stone last message repeated 4771 times >>> Nov 29 16:16:53 stone last message repeated 3859 times >>> Nov 29 16:26:54 stone last message repeated 3493 times >>> Nov 29 16:36:55 stone last message repeated 5874 times >>> >>> Also I noticed that traffic shaping is not working any longer , i.e.: >>> actually outgoing pipes do not limit bandwidth at all. >>> Until 8 Release upgrading the same configuration was working perfectly. >>> >>> This is my uname -a >>> >>> FreeBSD stone.it 8.0-RELEASE FreeBSD 8.0-RELEASE #5: Sat Nov 28 20:22:30 >>> CET 2009 kevin@stone.it:/usr/obj/usr/src/sys/STONE i386 >>> >>> Attached my dmesg.boot and my kernel configuration. >>> >>> Is anybody experiencing same issues? >>> Thank you, >>> regards, >>> >>> -- >>> Kevin >>> >>> ------------------------------------------------------------------------ >>> >>> _______________________________________________ >>> freebsd-ipfw@freebsd.org mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw >>> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" >>> > Hi, > > I've already net.inet.ip.fw.one_pass set to 0, and also setting it to 1, > even if this is not what I need, does not fix. > Thank you anyway, > regards, > > -- > Kevin > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" > I know this may be a rediculous question, given the audience, however, I will inquire anyhow. "Have you verified that your kernel has installed cleanly?" I am still on 7.2-Stable, on my production servers, however, when I have attempted hasty upgrades, and reinstalled the kernel after compiling it on the new system, it required a second iteration of cleaning, and recompiling/installing for the kernel to recognize the net options that are being referenced. Hence, when I initially compiled and installed the kernel, I had to repeat the process a second time, to see all firewalling activated correctly.(pipes, and other rules) Of course, as previously indicated, this may be just a new bug for the newer system, however, I would try that first. Also, make sure you port the new version of your rules/config file to the 8-Release branch. I have had trouble going between 6 and 7 with some of these rules not being recognized but the option compiled. I can't remember what that was, for a good example, however, just a few things to investigate. I apologize if these options have already been investigated. Respectfully, Martes _______________________________________________ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org" From owner-freebsd-ipfw@FreeBSD.ORG Mon Nov 30 11:06:55 2009 Return-Path: Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CA3E01065672 for ; Mon, 30 Nov 2009 11:06:55 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id AD9D28FC33 for ; Mon, 30 Nov 2009 11:06:55 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id nAUB6tCZ043463 for ; Mon, 30 Nov 2009 11:06:55 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id nAUB6taw043461 for freebsd-ipfw@FreeBSD.org; Mon, 30 Nov 2009 11:06:55 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 30 Nov 2009 11:06:55 GMT Message-Id: <200911301106.nAUB6taw043461@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-ipfw@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-ipfw@FreeBSD.org X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Nov 2009 11:06:55 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/139581 ipfw [ipfw] "ipfw pipe" not limiting bandwidth o kern/139226 ipfw [ipfw] install_state: entry already present, done o kern/137346 ipfw [ipfw] ipfw nat redirect_proto is broken o kern/137232 ipfw [ipfw] parser troubles o kern/136695 ipfw [ipfw] [patch] fwd reached after skipto in dynamic rul o kern/135476 ipfw [ipfw] IPFW table breaks after adding a large number o o bin/134975 ipfw [patch] ipfw(8) can't work with set in rule file. o kern/132553 ipfw [ipfw] ipfw doesn't understand ftp-data port o kern/131817 ipfw [ipfw] blocks layer2 packets that should not be blocke o kern/131601 ipfw [ipfw] [panic] 7-STABLE panic in nat_finalise (tcp=0) o kern/131558 ipfw [ipfw] Inconsistent "via" ipfw behavior o bin/130132 ipfw [patch] ipfw(8): no way to get mask from ipfw pipe sho o kern/129103 ipfw [ipfw] IPFW check state does not work =( o kern/129093 ipfw [ipfw] ipfw nat must not drop packets o kern/129036 ipfw [ipfw] 'ipfw fwd' does not change outgoing interface n o kern/128260 ipfw [ipfw] [patch] ipfw_divert damages IPv6 packets o kern/127230 ipfw [ipfw] [patch] Feature request to add UID and/or GID l o kern/127209 ipfw [ipfw] IPFW table become corrupted after many changes o bin/125370 ipfw [ipfw] [patch] increase a line buffer limit o conf/123119 ipfw [patch] rc script for ipfw does not handle IPv6 o kern/122963 ipfw [ipfw] tcpdump does not show packets redirected by 'ip s kern/121807 ipfw [request] TCP and UDP port_table in ipfw o kern/121382 ipfw [dummynet]: 6.3-RELEASE-p1 page fault in dummynet (cor o kern/121122 ipfw [ipfw] [patch] add support to ToS IP PRECEDENCE fields o kern/118993 ipfw [ipfw] page fault - probably it's a locking problem o kern/117234 ipfw [ipfw] [patch] ipfw send_pkt() and ipfw_tick() don't s o bin/117214 ipfw ipfw(8) fwd with IPv6 treats input as IPv4 o kern/116009 ipfw [ipfw] [patch] Ignore errors when loading ruleset from o bin/115172 ipfw [patch] ipfw(8) list show some rules with a wrong form o docs/113803 ipfw [patch] ipfw(8) - don't get bitten by the fwd rule p kern/113388 ipfw [ipfw] [patch] Addition actions with rules within spec o kern/112708 ipfw [ipfw] ipfw is seems to be broken to limit number of c o kern/112561 ipfw [ipfw] ipfw fwd does not work with some TCP packets o kern/107305 ipfw [ipfw] ipfw fwd doesn't seem to work o kern/105330 ipfw [ipfw] [patch] ipfw (dummynet) does not allow to set q o bin/104921 ipfw [patch] ipfw(8) sometimes treats ipv6 input as ipv4 (a o kern/104682 ipfw [ipfw] [patch] Some minor language consistency fixes a o kern/103454 ipfw [ipfw] [patch] [request] add a facility to modify DF b o kern/103328 ipfw [ipfw] [request] sugestions about ipfw table o kern/102471 ipfw [ipfw] [patch] add tos and dscp support o kern/98831 ipfw [ipfw] ipfw has UDP hickups o kern/97951 ipfw [ipfw] [patch] ipfw does not tie interface details to o kern/97504 ipfw [ipfw] IPFW Rules bug o kern/95084 ipfw [ipfw] [regression] [patch] IPFW2 ignores "recv/xmit/v o kern/93300 ipfw [ipfw] ipfw pipe lost packets o kern/91847 ipfw [ipfw] ipfw with vlanX as the device o kern/88659 ipfw [modules] ipfw and ip6fw do not work properly as modul o kern/87032 ipfw [ipfw] [patch] ipfw ioctl interface implementation o kern/86957 ipfw [ipfw] [patch] ipfw mac logging o kern/82724 ipfw [ipfw] [patch] [request] Add setnexthop and defaultrou s kern/80642 ipfw [ipfw] [patch] ipfw small patch - new RULE OPTION o bin/78785 ipfw [patch] ipfw(8) verbosity locks machine if /etc/rc.fir o kern/74104 ipfw [ipfw] ipfw2/1 conflict not detected or reported, manp o kern/73910 ipfw [ipfw] serious bug on forwarding of packets after NAT o kern/72987 ipfw [ipfw] ipfw/dummynet pipe/queue 'queue [BYTES]KBytes ( o kern/71366 ipfw [ipfw] "ipfw fwd" sometimes rewrites destination mac a o kern/69963 ipfw [ipfw] install_state warning about already existing en o kern/60719 ipfw [ipfw] Headerless fragments generate cryptic error mes o kern/55984 ipfw [ipfw] [patch] time based firewalling support for ipfw o kern/51274 ipfw [ipfw] [patch] ipfw2 create dynamic rules with parent o kern/48172 ipfw [ipfw] [patch] ipfw does not log size and flags o kern/46159 ipfw [ipfw] [patch] [request] ipfw dynamic rules lifetime f a kern/26534 ipfw [ipfw] Add an option to ipfw to log gid/uid of who cau 63 problems total. From owner-freebsd-ipfw@FreeBSD.ORG Mon Nov 30 19:18:24 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 90FAC10658D2; Mon, 30 Nov 2009 19:18:24 +0000 (UTC) (envelope-from kerbzo@gmail.com) Received: from ey-out-2122.google.com (ey-out-2122.google.com [74.125.78.24]) by mx1.freebsd.org (Postfix) with ESMTP id EBE598FC21; Mon, 30 Nov 2009 19:18:23 +0000 (UTC) Received: by ey-out-2122.google.com with SMTP id 22so1114841eye.9 for ; Mon, 30 Nov 2009 11:18:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; bh=N3U35YX0LzaiRbrQmXLEVRnbJxs1LXLg5oBB+ot+ckU=; b=RVzlJJ9PQmwPZJ7QPzuzTCv2aBB7FXN0cVXFstKij7pvtjFs3eUOkEbgBuu6r6vVaC zbHQl1KKp/aKsrbYbE34PI0l+dxafaiIigUZqx74RR+2zJkuKMLWN8tOH/6inZOIwV4b QIaqFEj9BeiA8xbiKMXNg3KbLOjcV0P0GZ/CI= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; b=TFM5Hcz4P+RcfbfRD3kNIhySX90FAdyLdBBxnVQPWy1ozfEvxF1x5qOcRW1mwiEBir Ie1KW4lIElsy6lDM/yzd8ZrqJmgr91u7d0YMhrECbl3y/seQ05T8Uu/a/8mtkdBtD5TA LGuC4vQTuorJ5/aTTU2FxtX7SGObbMSW8QVdg= Received: by 10.216.88.212 with SMTP id a62mr1556862wef.72.1259608702801; Mon, 30 Nov 2009 11:18:22 -0800 (PST) Received: from kerbzo.local (host98-2-dynamic.56-79-r.retail.telecomitalia.it [79.56.2.98]) by mx.google.com with ESMTPS id m5sm11011805gve.12.2009.11.30.11.18.18 (version=SSLv3 cipher=RC4-MD5); Mon, 30 Nov 2009 11:18:20 -0800 (PST) Message-ID: <4B141A77.4030102@gmail.com> Date: Mon, 30 Nov 2009 20:18:15 +0100 From: Kevin Smith User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812) MIME-Version: 1.0 To: Mailing LIst Member References: <4B129960.9030107@gmail.com> <4B12B6B9.3030106@bsd.com.br> <4B12C32F.3060709@gmail.com> <4B12C543.2070204@mgwigglesworth.net> In-Reply-To: <4B12C543.2070204@mgwigglesworth.net> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-ipfw@freebsd.org, freebsd-current@freebsd.org, Alex Almeida , ben@wanderview.com Subject: Re: dummynet issues X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Nov 2009 19:18:24 -0000 Mailing LIst Member wrote: > Kevin Smith wrote: >> Alex Almeida wrote: >> >>> Hi, >>> >>> The same happened with me, just by setting: >>> net.inet.ip.fw.one_pass: 0 >>> >>> And stopped the message, however I was using version 6.4. >>> >>> I hope that helps you, >>> >>> Hugs >>> >>> Alex Almeida >>> >>> >>> >>> >>> Kevin Smith escreveu: >>> >>>> Hi, >>>> >>>> I'm experiencing some dummynet issues after upgrading from 7-STABLE to >>>> 8.0-RELEASE. >>>> My /var/log/messages is full of these logs: >>>> >>>> Nov 29 15:34:18 stone kernel: dummynet: OUCH! pipe should have been >>>> idle! >>>> Nov 29 15:34:49 stone last message repeated 409 times >>>> Nov 29 15:36:49 stone last message repeated 1595 times >>>> Nov 29 15:46:50 stone last message repeated 8162 times >>>> Nov 29 15:56:51 stone last message repeated 7099 times >>>> Nov 29 16:06:52 stone last message repeated 4771 times >>>> Nov 29 16:16:53 stone last message repeated 3859 times >>>> Nov 29 16:26:54 stone last message repeated 3493 times >>>> Nov 29 16:36:55 stone last message repeated 5874 times >>>> >>>> Also I noticed that traffic shaping is not working any longer , i.e.: >>>> actually outgoing pipes do not limit bandwidth at all. >>>> Until 8 Release upgrading the same configuration was working perfectly. >>>> >>>> This is my uname -a >>>> >>>> FreeBSD stone.it 8.0-RELEASE FreeBSD 8.0-RELEASE #5: Sat Nov 28 >>>> 20:22:30 >>>> CET 2009 kevin@stone.it:/usr/obj/usr/src/sys/STONE i386 >>>> >>>> Attached my dmesg.boot and my kernel configuration. >>>> >>>> Is anybody experiencing same issues? >>>> Thank you, >>>> regards, >>>> >>>> -- >>>> Kevin >>>> >>>> ------------------------------------------------------------------------ >>>> >>>> >>>> _______________________________________________ >>>> freebsd-ipfw@freebsd.org mailing list >>>> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw >>>> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" >>>> >> Hi, >> >> I've already net.inet.ip.fw.one_pass set to 0, and also setting it to 1, >> even if this is not what I need, does not fix. >> Thank you anyway, >> regards, >> >> -- >> Kevin >> _______________________________________________ >> freebsd-ipfw@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw >> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" >> > I know this may be a rediculous question, given the audience, however, I > will inquire anyhow. > > "Have you verified that your kernel has installed cleanly?" > I am still on 7.2-Stable, on my production servers, however, when I have > attempted hasty upgrades, and reinstalled the kernel after compiling it > on the new system, it required a second iteration of cleaning, and > recompiling/installing for the kernel to recognize the net options that > are being referenced. > > Hence, when I initially compiled and installed the kernel, I had to > repeat the process a second time, to see all firewalling activated > correctly.(pipes, and other rules) > > Of course, as previously indicated, this may be just a new bug for the > newer system, however, I would try that first. Also, make sure you port > the new version of your rules/config file to the 8-Release branch. I > have had trouble going between 6 and 7 with some of these rules not > being recognized but the option compiled. > > I can't remember what that was, for a good example, however, just a few > things to investigate. > > I apologize if these options have already been investigated. > > Respectfully, > > Martes Hi, thank you for your answer, but everything seems quite fine with 8-RELEASE except for this issue. I tried to recompile without SMP or PREEMPTION options and also to apply oleg@ 's patch at http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/ipfw/ip_dummynet.c?rev=1.5.2.2;content-type=text%2Fplain committed on RELENG_8 with no luck. Upgrading was fine, I can say that all has been installed cleanly. Thank you, regards, -- Kevin From owner-freebsd-ipfw@FreeBSD.ORG Mon Nov 30 20:29:06 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D1442106566C; Mon, 30 Nov 2009 20:29:06 +0000 (UTC) (envelope-from oleg@lath.rinet.ru) Received: from lath.rinet.ru (lath.rinet.ru [195.54.192.90]) by mx1.freebsd.org (Postfix) with ESMTP id 47B8D8FC17; Mon, 30 Nov 2009 20:29:06 +0000 (UTC) Received: by lath.rinet.ru (Postfix, from userid 222) id 71D89704C; Mon, 30 Nov 2009 23:12:22 +0300 (MSK) Date: Mon, 30 Nov 2009 23:12:22 +0300 From: Oleg Bulyzhin To: Kevin Smith Message-ID: <20091130201222.GC72710@lath.rinet.ru> References: <4B129960.9030107@gmail.com> <4B12B6B9.3030106@bsd.com.br> <4B12C32F.3060709@gmail.com> <4B12C543.2070204@mgwigglesworth.net> <4B141A77.4030102@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4B141A77.4030102@gmail.com> User-Agent: Mutt/1.5.18 (2008-05-17) Cc: freebsd-ipfw@freebsd.org, freebsd-current@freebsd.org, Alex Almeida , ben@wanderview.com, Mailing LIst Member Subject: Re: dummynet issues X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Nov 2009 20:29:06 -0000 On Mon, Nov 30, 2009 at 08:18:15PM +0100, Kevin Smith wrote: > Mailing LIst Member wrote: > > Kevin Smith wrote: > >> Alex Almeida wrote: > >> > >>> Hi, > >>> > >>> The same happened with me, just by setting: > >>> net.inet.ip.fw.one_pass: 0 > >>> > >>> And stopped the message, however I was using version 6.4. > >>> > >>> I hope that helps you, > >>> > >>> Hugs > >>> > >>> Alex Almeida > >>> > >>> > >>> > >>> > >>> Kevin Smith escreveu: > >>> > >>>> Hi, > >>>> > >>>> I'm experiencing some dummynet issues after upgrading from 7-STABLE to > >>>> 8.0-RELEASE. > >>>> My /var/log/messages is full of these logs: > >>>> > >>>> Nov 29 15:34:18 stone kernel: dummynet: OUCH! pipe should have been > >>>> idle! > >>>> Nov 29 15:34:49 stone last message repeated 409 times > >>>> Nov 29 15:36:49 stone last message repeated 1595 times > >>>> Nov 29 15:46:50 stone last message repeated 8162 times > >>>> Nov 29 15:56:51 stone last message repeated 7099 times > >>>> Nov 29 16:06:52 stone last message repeated 4771 times > >>>> Nov 29 16:16:53 stone last message repeated 3859 times > >>>> Nov 29 16:26:54 stone last message repeated 3493 times > >>>> Nov 29 16:36:55 stone last message repeated 5874 times > >>>> > >>>> Also I noticed that traffic shaping is not working any longer , i.e.: > >>>> actually outgoing pipes do not limit bandwidth at all. > >>>> Until 8 Release upgrading the same configuration was working perfectly. > >>>> > >>>> This is my uname -a > >>>> > >>>> FreeBSD stone.it 8.0-RELEASE FreeBSD 8.0-RELEASE #5: Sat Nov 28 > >>>> 20:22:30 > >>>> CET 2009 kevin@stone.it:/usr/obj/usr/src/sys/STONE i386 > >>>> > >>>> Attached my dmesg.boot and my kernel configuration. > >>>> > >>>> Is anybody experiencing same issues? > >>>> Thank you, > >>>> regards, > >>>> > >>>> -- > >>>> Kevin > >>>> > >>>> ------------------------------------------------------------------------ > >>>> > >>>> > >>>> _______________________________________________ > >>>> freebsd-ipfw@freebsd.org mailing list > >>>> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > >>>> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" > >>>> > >> Hi, > >> > >> I've already net.inet.ip.fw.one_pass set to 0, and also setting it to 1, > >> even if this is not what I need, does not fix. > >> Thank you anyway, > >> regards, > >> > >> -- > >> Kevin > >> _______________________________________________ > >> freebsd-ipfw@freebsd.org mailing list > >> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > >> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" > >> > > I know this may be a rediculous question, given the audience, however, I > > will inquire anyhow. > > > > "Have you verified that your kernel has installed cleanly?" > > I am still on 7.2-Stable, on my production servers, however, when I have > > attempted hasty upgrades, and reinstalled the kernel after compiling it > > on the new system, it required a second iteration of cleaning, and > > recompiling/installing for the kernel to recognize the net options that > > are being referenced. > > > > Hence, when I initially compiled and installed the kernel, I had to > > repeat the process a second time, to see all firewalling activated > > correctly.(pipes, and other rules) > > > > Of course, as previously indicated, this may be just a new bug for the > > newer system, however, I would try that first. Also, make sure you port > > the new version of your rules/config file to the 8-Release branch. I > > have had trouble going between 6 and 7 with some of these rules not > > being recognized but the option compiled. > > > > I can't remember what that was, for a good example, however, just a few > > things to investigate. > > > > I apologize if these options have already been investigated. > > > > Respectfully, > > > > Martes > Hi, > > thank you for your answer, but everything seems quite fine with > 8-RELEASE except for this issue. > I tried to recompile without SMP or PREEMPTION options and also to apply > oleg@ 's patch at > http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/ipfw/ip_dummynet.c?rev=1.5.2.2;content-type=text%2Fplain > committed on RELENG_8 with no luck. > Upgrading was fine, I can say that all has been installed cleanly. > Thank you, > regards, > > -- > Kevin > _______________________________________________ > freebsd-current@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org" Please show your pipe/queue configuration commands and your ipfw ruleset. sysctl net.inet.ip.fw & sysctl net.inet.ip.dummynet output would not hurt too. -- Oleg. ================================================================ === Oleg Bulyzhin -- OBUL-RIPN -- OBUL-RIPE -- oleg@rinet.ru === ================================================================ From owner-freebsd-ipfw@FreeBSD.ORG Mon Nov 30 21:18:11 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 50B74106566B; Mon, 30 Nov 2009 21:18:11 +0000 (UTC) (envelope-from ben@wanderview.com) Received: from mail.wanderview.com (mail.wanderview.com [66.92.166.102]) by mx1.freebsd.org (Postfix) with ESMTP id AFE248FC15; Mon, 30 Nov 2009 21:18:10 +0000 (UTC) Received: from [192.168.1.118] (portal.theptrgroup.com [71.178.251.28]) (authenticated bits=0) by mail.wanderview.com (8.14.3/8.14.3) with ESMTP id nAUKctRX007926 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Mon, 30 Nov 2009 20:39:01 GMT (envelope-from ben@wanderview.com) Mime-Version: 1.0 (Apple Message framework v1077) Content-Type: text/plain; charset=us-ascii From: Ben Kelly In-Reply-To: <20091130201222.GC72710@lath.rinet.ru> Date: Mon, 30 Nov 2009 15:38:50 -0500 Content-Transfer-Encoding: quoted-printable Message-Id: References: <4B129960.9030107@gmail.com> <4B12B6B9.3030106@bsd.com.br> <4B12C32F.3060709@gmail.com> <4B12C543.2070204@mgwigglesworth.net> <4B141A77.4030102@gmail.com> <20091130201222.GC72710@lath.rinet.ru> To: Oleg Bulyzhin X-Mailer: Apple Mail (2.1077) X-Spam-Score: -0.72 () AWL X-Scanned-By: MIMEDefang 2.67 on 10.76.20.1 Cc: freebsd-ipfw@freebsd.org, Kevin Smith , freebsd-current@freebsd.org Subject: Re: dummynet issues X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Nov 2009 21:18:11 -0000 On Nov 30, 2009, at 3:12 PM, Oleg Bulyzhin wrote: > Please show your pipe/queue configuration commands and your ipfw = ruleset. > sysctl net.inet.ip.fw & sysctl net.inet.ip.dummynet output would not = hurt too. I've also run into the problem recently on 9-CURRENT (last synced on = 11/13/2009). My configuration looks like: # Configure traffic shaping. $fw pipe 10 config bw 950Kbit/s $fw queue 10 config pipe 10 weight 100 $fw queue 20 config pipe 10 weight 1 # Shape traffic to avoid ACK starvation when our upload is saturated. $fw add 6100 queue 10 tcp from any to any tcpflags ack iplen 0-80 out = via $oif $fw add 6110 queue 10 udp from any to any iplen 0-80 out via $oif $fw add 6120 queue 20 tcp from any to any \{ not tcpflags ack or not = iplen 0-80 \} out via $oif $fw add 6130 queue 20 udp from any to any not iplen 0-80 out via $oif The output of the sysctl elements are: gate# sysctl net.inet.ip.fw net.inet.ip.fw.dyn_keepalive: 1 net.inet.ip.fw.dyn_short_lifetime: 5 net.inet.ip.fw.dyn_udp_lifetime: 10 net.inet.ip.fw.dyn_rst_lifetime: 1 net.inet.ip.fw.dyn_fin_lifetime: 1 net.inet.ip.fw.dyn_syn_lifetime: 20 net.inet.ip.fw.dyn_ack_lifetime: 300 net.inet.ip.fw.static_count: 42 net.inet.ip.fw.dyn_max: 4096 net.inet.ip.fw.dyn_count: 232 net.inet.ip.fw.curr_dyn_buckets: 256 net.inet.ip.fw.dyn_buckets: 256 net.inet.ip.fw.default_to_accept: 0 net.inet.ip.fw.tables_max: 128 net.inet.ip.fw.default_rule: 65535 net.inet.ip.fw.verbose_limit: 0 net.inet.ip.fw.verbose: 0 net.inet.ip.fw.one_pass: 0 net.inet.ip.fw.autoinc_step: 100 net.inet.ip.fw.enable: 1 gate# sysctl net.inet.ip.dummynet net.inet.ip.dummynet.debug: 0 net.inet.ip.dummynet.pipe_byte_limit: 1048576 net.inet.ip.dummynet.pipe_slot_limit: 100 net.inet.ip.dummynet.io_pkt_drop: 1601 net.inet.ip.dummynet.io_pkt_fast: 146359 net.inet.ip.dummynet.io_pkt: 26208842 net.inet.ip.dummynet.io_fast: 0 net.inet.ip.dummynet.tick_lost: 0 net.inet.ip.dummynet.tick_diff: 1352176 net.inet.ip.dummynet.tick_adjustment: 239751 net.inet.ip.dummynet.tick_delta_sum: -494 net.inet.ip.dummynet.tick_delta: 1 net.inet.ip.dummynet.red_max_pkt_size: 1500 net.inet.ip.dummynet.red_avg_pkt_size: 512 net.inet.ip.dummynet.red_lookup_depth: 256 net.inet.ip.dummynet.max_chain_len: 16 net.inet.ip.dummynet.expire: 1 net.inet.ip.dummynet.search_steps: 0 net.inet.ip.dummynet.searches: 0 net.inet.ip.dummynet.extract_heap: 16 net.inet.ip.dummynet.ready_heap: 0 net.inet.ip.dummynet.hash_size: 64 Thanks for the help. - Ben= From owner-freebsd-ipfw@FreeBSD.ORG Mon Nov 30 23:17:47 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 631301065670; Mon, 30 Nov 2009 23:17:47 +0000 (UTC) (envelope-from kerbzo@gmail.com) Received: from mail-ew0-f226.google.com (mail-ew0-f226.google.com [209.85.219.226]) by mx1.freebsd.org (Postfix) with ESMTP id B707D8FC0A; Mon, 30 Nov 2009 23:17:46 +0000 (UTC) Received: by ewy26 with SMTP id 26so4686467ewy.3 for ; Mon, 30 Nov 2009 15:17:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; bh=a6xupEk0/kuIRrWk0juylhNtV5KBBa6/mWCDprMweL4=; b=Us4coXnw4EaibMuD3/QxBp2kww0VDqvfNo7YYKBQjrXLFyW9opPXqKKFJVHj+DXwxt VxV4F5wHhbq3kpWtaLHiHX1nqcw65ChAtFHdsmlN2VdepOtoxM9UrXhvUH/a8PVku9dx Qj6ydX/5FT3h4BAqG3Ay55trZtlqK0sEZZxbc= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; b=JcCpacQcxkkSFD6AO46lIYQ4L/233pqdA0U7QzgAzFxKHtxqHXZ19F13+X/mBZFQV7 cp2aFCuoPsZcSFjhadmF7W9N5DILM2v9SDNc1xVwsJzVEx1o/XX+j+eexD9qwK492WAF Qrf73tS7pgDe9+4U5wHtkccop4Q6QeBsFEtcA= Received: by 10.216.86.14 with SMTP id v14mr1662980wee.183.1259623064800; Mon, 30 Nov 2009 15:17:44 -0800 (PST) Received: from kerbzo.local (host98-2-dynamic.56-79-r.retail.telecomitalia.it [79.56.2.98]) by mx.google.com with ESMTPS id j8sm11296106gvb.2.2009.11.30.15.17.40 (version=SSLv3 cipher=RC4-MD5); Mon, 30 Nov 2009 15:17:44 -0800 (PST) Message-ID: <4B145292.3010503@gmail.com> Date: Tue, 01 Dec 2009 00:17:38 +0100 From: Kevin Smith User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812) MIME-Version: 1.0 To: Ben Kelly References: <4B129960.9030107@gmail.com> <4B12B6B9.3030106@bsd.com.br> <4B12C32F.3060709@gmail.com> <4B12C543.2070204@mgwigglesworth.net> <4B141A77.4030102@gmail.com> <20091130201222.GC72710@lath.rinet.ru> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-ipfw@freebsd.org, freebsd-current@freebsd.org, Oleg Bulyzhin Subject: Re: dummynet issues X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Nov 2009 23:17:47 -0000 Ben Kelly wrote: > On Nov 30, 2009, at 3:12 PM, Oleg Bulyzhin wrote: >> Please show your pipe/queue configuration commands and your ipfw ruleset. >> sysctl net.inet.ip.fw & sysctl net.inet.ip.dummynet output would not hurt too. > > I've also run into the problem recently on 9-CURRENT (last synced on 11/13/2009). My configuration looks like: > > # Configure traffic shaping. > $fw pipe 10 config bw 950Kbit/s > $fw queue 10 config pipe 10 weight 100 > $fw queue 20 config pipe 10 weight 1 > > # Shape traffic to avoid ACK starvation when our upload is saturated. > $fw add 6100 queue 10 tcp from any to any tcpflags ack iplen 0-80 out via $oif > $fw add 6110 queue 10 udp from any to any iplen 0-80 out via $oif > $fw add 6120 queue 20 tcp from any to any \{ not tcpflags ack or not iplen 0-80 \} out via $oif > $fw add 6130 queue 20 udp from any to any not iplen 0-80 out via $oif > > The output of the sysctl elements are: > > gate# sysctl net.inet.ip.fw > net.inet.ip.fw.dyn_keepalive: 1 > net.inet.ip.fw.dyn_short_lifetime: 5 > net.inet.ip.fw.dyn_udp_lifetime: 10 > net.inet.ip.fw.dyn_rst_lifetime: 1 > net.inet.ip.fw.dyn_fin_lifetime: 1 > net.inet.ip.fw.dyn_syn_lifetime: 20 > net.inet.ip.fw.dyn_ack_lifetime: 300 > net.inet.ip.fw.static_count: 42 > net.inet.ip.fw.dyn_max: 4096 > net.inet.ip.fw.dyn_count: 232 > net.inet.ip.fw.curr_dyn_buckets: 256 > net.inet.ip.fw.dyn_buckets: 256 > net.inet.ip.fw.default_to_accept: 0 > net.inet.ip.fw.tables_max: 128 > net.inet.ip.fw.default_rule: 65535 > net.inet.ip.fw.verbose_limit: 0 > net.inet.ip.fw.verbose: 0 > net.inet.ip.fw.one_pass: 0 > net.inet.ip.fw.autoinc_step: 100 > net.inet.ip.fw.enable: 1 > gate# sysctl net.inet.ip.dummynet > net.inet.ip.dummynet.debug: 0 > net.inet.ip.dummynet.pipe_byte_limit: 1048576 > net.inet.ip.dummynet.pipe_slot_limit: 100 > net.inet.ip.dummynet.io_pkt_drop: 1601 > net.inet.ip.dummynet.io_pkt_fast: 146359 > net.inet.ip.dummynet.io_pkt: 26208842 > net.inet.ip.dummynet.io_fast: 0 > net.inet.ip.dummynet.tick_lost: 0 > net.inet.ip.dummynet.tick_diff: 1352176 > net.inet.ip.dummynet.tick_adjustment: 239751 > net.inet.ip.dummynet.tick_delta_sum: -494 > net.inet.ip.dummynet.tick_delta: 1 > net.inet.ip.dummynet.red_max_pkt_size: 1500 > net.inet.ip.dummynet.red_avg_pkt_size: 512 > net.inet.ip.dummynet.red_lookup_depth: 256 > net.inet.ip.dummynet.max_chain_len: 16 > net.inet.ip.dummynet.expire: 1 > net.inet.ip.dummynet.search_steps: 0 > net.inet.ip.dummynet.searches: 0 > net.inet.ip.dummynet.extract_heap: 16 > net.inet.ip.dummynet.ready_heap: 0 > net.inet.ip.dummynet.hash_size: 64 > > Thanks for the help. > > - Ben Hi, this is my pipe/queue configuration: /sbin/ipfw pipe 1 config bw 256kbits/s /sbin/ipfw queue 3 config pipe 1 weight 40 mask all /sbin/ipfw queue 4 config pipe 1 weight 50 mask all /sbin/ipfw add queue 3 all from any to any out via tun\? uid asterisk /sbin/ipfw add queue 3 all from any to any 80 out via tun\? /sbin/ipfw add queue 3 all from any to any 53 out via tun\? /sbin/ipfw add queue 3 all from me 4300 to any out via tun\? /sbin/ipfw add queue 3 all from me 1194 to any out via tun\? /sbin/ipfw add queue 4 all from any to any out via tun\? tcpflags \!syn,ack not jail ${MLDONKEYJID:=1} /sbin/ipfw add queue 4 all from any to any out via tun\? not jail ${MLDONKEYJID:=1} /sbin/ipfw queue 1 config pipe 1 weight 1 gred 0.8/16/39/1 mask all /sbin/ipfw queue 2 config pipe 1 weight 2 gred 0.02/3/6/0.06 mask all /sbin/ipfw add queue 2 all from any to any out via tun\? iplen 40 /sbin/ipfw add queue 2 all from any to any out via tun\? iplen 41 /sbin/ipfw add queue 2 all from any to any out via tun\? iplen 42 /sbin/ipfw add queue 2 all from any to any out via tun\? iplen 43 /sbin/ipfw add queue 2 all from any to any out via tun\? iplen 44 /sbin/ipfw add queue 2 all from any to any out via tun\? iplen 45 /sbin/ipfw add queue 2 all from any to any out via tun\? iplen 46 /sbin/ipfw add queue 2 all from any to any out via tun\? iplen 47 /sbin/ipfw add queue 2 all from any to any out via tun\? iplen 48 /sbin/ipfw add queue 2 all from any to any out via tun\? iplen 49 /sbin/ipfw add queue 2 all from any to any out via tun\? iplen 50 /sbin/ipfw add queue 2 all from any to any out via tun\? iplen 51 /sbin/ipfw add queue 2 all from any to any out via tun\? iplen 52 /sbin/ipfw add queue 2 all from any to any out via tun\? iplen 53 /sbin/ipfw add queue 2 all from any to any out via tun\? iplen 55 /sbin/ipfw add queue 2 all from any to any out via tun\? iplen 56 /sbin/ipfw add queue 2 all from any to any out via tun\? iplen 57 /sbin/ipfw add queue 1 all from any to any out via tun\? jail ${MLDONKEYJID:=1} and these are some system settings: net.inet.ip.dummynet.debug: 0 net.inet.ip.dummynet.pipe_byte_limit: 1048576 net.inet.ip.dummynet.pipe_slot_limit: 100 net.inet.ip.dummynet.io_pkt_drop: 1316 net.inet.ip.dummynet.io_pkt_fast: 146311 net.inet.ip.dummynet.io_pkt: 3006844 net.inet.ip.dummynet.io_fast: 0 net.inet.ip.dummynet.tick_lost: 0 net.inet.ip.dummynet.tick_diff: 18983852 net.inet.ip.dummynet.tick_adjustment: 17727039 net.inet.ip.dummynet.tick_delta_sum: 453 net.inet.ip.dummynet.tick_delta: 1000 net.inet.ip.dummynet.red_max_pkt_size: 1500 net.inet.ip.dummynet.red_avg_pkt_size: 512 net.inet.ip.dummynet.red_lookup_depth: 256 net.inet.ip.dummynet.max_chain_len: 16 net.inet.ip.dummynet.expire: 1 net.inet.ip.dummynet.search_steps: 3047766 net.inet.ip.dummynet.searches: 3006844 net.inet.ip.dummynet.extract_heap: 16 net.inet.ip.dummynet.ready_heap: 0 net.inet.ip.dummynet.hash_size: 64 net.inet.ip.fw.dyn_keepalive: 1 net.inet.ip.fw.dyn_short_lifetime: 5 net.inet.ip.fw.dyn_udp_lifetime: 10 net.inet.ip.fw.dyn_rst_lifetime: 1 net.inet.ip.fw.dyn_fin_lifetime: 1 net.inet.ip.fw.dyn_syn_lifetime: 20 net.inet.ip.fw.dyn_ack_lifetime: 300 net.inet.ip.fw.static_count: 68 net.inet.ip.fw.dyn_max: 4096 net.inet.ip.fw.dyn_count: 0 net.inet.ip.fw.curr_dyn_buckets: 256 net.inet.ip.fw.dyn_buckets: 256 net.inet.ip.fw.default_to_accept: 1 net.inet.ip.fw.tables_max: 128 net.inet.ip.fw.default_rule: 65535 net.inet.ip.fw.verbose_limit: 0 net.inet.ip.fw.verbose: 1 net.inet.ip.fw.one_pass: 0 net.inet.ip.fw.autoinc_step: 100 net.inet.ip.fw.enable: 1 Please don't hexitate to ask me for further infos. Thank you for your help, regards, -- Kevin From owner-freebsd-ipfw@FreeBSD.ORG Mon Nov 30 23:45:38 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E4D5F1065670; Mon, 30 Nov 2009 23:45:38 +0000 (UTC) (envelope-from oleg@lath.rinet.ru) Received: from lath.rinet.ru (lath.rinet.ru [195.54.192.90]) by mx1.freebsd.org (Postfix) with ESMTP id 9ED188FC15; Mon, 30 Nov 2009 23:45:38 +0000 (UTC) Received: by lath.rinet.ru (Postfix, from userid 222) id B4048704C; Tue, 1 Dec 2009 02:45:37 +0300 (MSK) Date: Tue, 1 Dec 2009 02:45:37 +0300 From: Oleg Bulyzhin To: Ben Kelly Message-ID: <20091130234537.GA78185@lath.rinet.ru> References: <4B129960.9030107@gmail.com> <4B12B6B9.3030106@bsd.com.br> <4B12C32F.3060709@gmail.com> <4B12C543.2070204@mgwigglesworth.net> <4B141A77.4030102@gmail.com> <20091130201222.GC72710@lath.rinet.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.18 (2008-05-17) Cc: freebsd-ipfw@freebsd.org, Kevin Smith , freebsd-current@freebsd.org Subject: Re: dummynet issues X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Nov 2009 23:45:39 -0000 On Mon, Nov 30, 2009 at 03:38:50PM -0500, Ben Kelly wrote: > > I've also run into the problem recently on 9-CURRENT (last synced on 11/13/2009). My configuration looks like: > My quick attempt to reproduce the issue failed. Perhaps i'm missing something. How are you measuring connection bandwidth? -- Oleg. ================================================================ === Oleg Bulyzhin -- OBUL-RIPN -- OBUL-RIPE -- oleg@rinet.ru === ================================================================ From owner-freebsd-ipfw@FreeBSD.ORG Tue Dec 1 00:34:23 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 777F0106566C for ; Tue, 1 Dec 2009 00:34:23 +0000 (UTC) (envelope-from kudzu@tenebras.com) Received: from smtp104.prem.mail.sp1.yahoo.com (smtp104.prem.mail.sp1.yahoo.com [98.136.44.59]) by mx1.freebsd.org (Postfix) with SMTP id 3FE398FC0A for ; Tue, 1 Dec 2009 00:34:23 +0000 (UTC) Received: (qmail 33375 invoked from network); 1 Dec 2009 00:34:22 -0000 Received: from adsl-69-109-229-187.dsl.pltn13.pacbell.net (kudzu@69.109.229.187 with plain) by smtp104.prem.mail.sp1.yahoo.com with SMTP; 30 Nov 2009 16:34:22 -0800 PST X-Yahoo-SMTP: AcwmMA.swBBRnMzwDJMDF.V04AMorA-- X-YMail-OSG: ss1DaoEVM1k_MtclHLb66b8UkksWMNLromreLDrkMMu9iJgtVoxwjFL6M8QWWzuxJgsQhw_9MWJVfEu_POyhQjfbe.cBCNhqYARXFwJFUPknDqQPH8a8jiRFC1.rYKnhqAl6VPXOjJbHLxmopjuUlAWxZ7_D440vdtMgLMtmG9oL_DvSrXOcKyPyl.TPVWkUIq9DavpfGnRdUnQeOk5Ht0.YzRV0IV8NOUyj4TnWGCmU6OxERYiSP1VTOHVE2bKy7EDlzhOueNrg_8zadoE7bKyPAxoIM8vKZnu8ZrESIM8bAD0QkjBWMtPXwv9CSRSZGsrY3r1iu_C6ZD4roC3sctvbTlO30NIx5RJj9hB5mp4- X-Yahoo-Newman-Property: ymail-3 Message-ID: <4B14648D.8090507@tenebras.com> Date: Mon, 30 Nov 2009 16:34:21 -0800 From: Michael Sierchio User-Agent: Thunderbird 2.0.0.23 (X11/20090817) MIME-Version: 1.0 To: freebsd-ipfw@freebsd.org, freebsd-current@freebsd.org References: <4B129960.9030107@gmail.com> <4B12B6B9.3030106@bsd.com.br> <4B12C32F.3060709@gmail.com> <4B12C543.2070204@mgwigglesworth.net> <4B141A77.4030102@gmail.com> <20091130201222.GC72710@lath.rinet.ru> <20091130234537.GA78185@lath.rinet.ru> In-Reply-To: <20091130234537.GA78185@lath.rinet.ru> X-Enigmail-Version: 0.95.7 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Cc: Subject: Re: dummynet issues X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: kudzu@tenebras.com List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Dec 2009 00:34:23 -0000 Oleg Bulyzhin wrote: > On Mon, Nov 30, 2009 at 03:38:50PM -0500, Ben Kelly wrote: >> I've also run into the problem recently on 9-CURRENT (last synced on 11/13/2009). My configuration looks like: >> > > My quick attempt to reproduce the issue failed. Perhaps i'm missing something. > > How are you measuring connection bandwidth? > Just an aside - queue weights only come into play when queues are full. If you don't specify the queue size in terms of entries as opposed to bytes, you may not get the behavior you expect with small packets. What's your nominal connect rate in each direction? Your pipe should be that size or smaller, of course. Another aside - in practice, bulk traffic is at MTU size, and interactive packets or naked TCP ACKs are small. iplen alone is sufficient for the packets you want to assign a lower weight. -- Michael Sierchio +1 415 378 1182 PO Box 9036 Berkeley CA 94709 US kudzu@tenebras.com From owner-freebsd-ipfw@FreeBSD.ORG Tue Dec 1 04:58:57 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id F1A2F106566C; Tue, 1 Dec 2009 04:58:57 +0000 (UTC) (envelope-from ben@wanderview.com) Received: from mail.wanderview.com (mail.wanderview.com [66.92.166.102]) by mx1.freebsd.org (Postfix) with ESMTP id 972BC8FC0C; Tue, 1 Dec 2009 04:58:57 +0000 (UTC) Received: from xykon.in.wanderview.com (xykon.in.wanderview.com [10.76.10.152]) (authenticated bits=0) by mail.wanderview.com (8.14.3/8.14.3) with ESMTP id nB14wu4t011918 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Tue, 1 Dec 2009 04:58:56 GMT (envelope-from ben@wanderview.com) Mime-Version: 1.0 (Apple Message framework v1077) Content-Type: text/plain; charset=us-ascii From: Ben Kelly In-Reply-To: <20091130234537.GA78185@lath.rinet.ru> Date: Mon, 30 Nov 2009 23:58:55 -0500 Content-Transfer-Encoding: quoted-printable Message-Id: References: <4B129960.9030107@gmail.com> <4B12B6B9.3030106@bsd.com.br> <4B12C32F.3060709@gmail.com> <4B12C543.2070204@mgwigglesworth.net> <4B141A77.4030102@gmail.com> <20091130201222.GC72710@lath.rinet.ru> <20091130234537.GA78185@lath.rinet.ru> To: Oleg Bulyzhin X-Mailer: Apple Mail (2.1077) X-Spam-Score: -1.44 () ALL_TRUSTED X-Scanned-By: MIMEDefang 2.67 on 10.76.20.1 Cc: freebsd-ipfw@freebsd.org, Kevin Smith , freebsd-current@freebsd.org Subject: Re: dummynet issues X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Dec 2009 04:58:58 -0000 On Nov 30, 2009, at 6:45 PM, Oleg Bulyzhin wrote: > On Mon, Nov 30, 2009 at 03:38:50PM -0500, Ben Kelly wrote: >>=20 >> I've also run into the problem recently on 9-CURRENT (last synced on = 11/13/2009). My configuration looks like: >>=20 >=20 > My quick attempt to reproduce the issue failed. Perhaps i'm missing = something. >=20 > How are you measuring connection bandwidth?=20 I actually have not measured my bandwidth to validate dummynet. I have = simply observed these messages repeating in my log: dummynet: OUCH! pipe should have been idle! Under normal conditions I don't really need the dummynet rules to shape = traffic for my configuration to work, so it has not been a high priority = for me yet. Do you see the log messages? Thanks. - Ben= From owner-freebsd-ipfw@FreeBSD.ORG Tue Dec 1 17:34:12 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B15C110656CC; Tue, 1 Dec 2009 17:34:12 +0000 (UTC) (envelope-from oleg@lath.rinet.ru) Received: from lath.rinet.ru (lath.rinet.ru [195.54.192.90]) by mx1.freebsd.org (Postfix) with ESMTP id 301578FC15; Tue, 1 Dec 2009 17:34:11 +0000 (UTC) Received: by lath.rinet.ru (Postfix, from userid 222) id 25BDF704B; Tue, 1 Dec 2009 20:34:11 +0300 (MSK) Date: Tue, 1 Dec 2009 20:34:11 +0300 From: Oleg Bulyzhin To: Ben Kelly Message-ID: <20091201173411.GA3637@lath.rinet.ru> References: <4B129960.9030107@gmail.com> <4B12B6B9.3030106@bsd.com.br> <4B12C32F.3060709@gmail.com> <4B12C543.2070204@mgwigglesworth.net> <4B141A77.4030102@gmail.com> <20091130201222.GC72710@lath.rinet.ru> <20091130234537.GA78185@lath.rinet.ru> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="wac7ysb48OaltWcw" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.18 (2008-05-17) Cc: freebsd-ipfw@freebsd.org, Kevin Smith , freebsd-current@freebsd.org Subject: Re: dummynet issues X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Dec 2009 17:34:12 -0000 --wac7ysb48OaltWcw Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Mon, Nov 30, 2009 at 11:58:55PM -0500, Ben Kelly wrote: > > I actually have not measured my bandwidth to validate dummynet. I have simply observed these messages repeating in my log: > > dummynet: OUCH! pipe should have been idle! > > Under normal conditions I don't really need the dummynet rules to shape traffic for my configuration to work, so it has not been a high priority for me yet. Do you see the log messages? > > Thanks. > > - Ben It seems i've found the problem. Please test attached patch (it's for R8.0 sources and include r198845). I'm interested in some feedback: 1) does it solve 'OUCH' messages problem? 2) does it solve bandwidth problem (if there was any)? -- Oleg. ================================================================ === Oleg Bulyzhin -- OBUL-RIPN -- OBUL-RIPE -- oleg@rinet.ru === ================================================================ --wac7ysb48OaltWcw Content-Type: text/x-diff; charset=us-ascii Content-Disposition: attachment; filename="wf2q-fix.r80.diff" Index: sys/netinet/ipfw/ip_dummynet.c =================================================================== RCS file: /home/ncvs/src/sys/netinet/ipfw/ip_dummynet.c,v retrieving revision 1.5.2.1.2.1 diff -u -r1.5.2.1.2.1 ip_dummynet.c --- sys/netinet/ipfw/ip_dummynet.c 25 Oct 2009 01:10:29 -0000 1.5.2.1.2.1 +++ sys/netinet/ipfw/ip_dummynet.c 1 Dec 2009 17:23:45 -0000 @@ -244,6 +244,17 @@ static int dummynet_io(struct mbuf **, int , struct ip_fw_args *); /* + * Flow queue is idle if: + * 1) it's empty for at least 1 tick + * 2) it has invalid timestamp (WF2Q case) + * 3) parent pipe has no 'exhausted' burst. + */ +#define QUEUE_IS_IDLE(q) ((q)->head == NULL && (q)->S == (q)->F + 1 && \ + curr_time > (q)->idle_time + 1 && \ + ((q)->numbytes + (curr_time - (q)->idle_time - 1) * \ + (q)->fs->pipe->bandwidth >= (q)->fs->pipe->burst)) + +/* * Heap management functions. * * In the heap, first node is element 0. Children of i are 2i+1 and 2i+2. @@ -1004,7 +1015,7 @@ fs->last_expired = time_uptime ; for (i = 0 ; i <= fs->rq_size ; i++) /* last one is overflow */ for (prev=NULL, q = fs->rq[i] ; q != NULL ; ) - if (q->head != NULL || q->S != q->F+1) { + if (!QUEUE_IS_IDLE(q)) { prev = q ; q = q->next ; } else { /* entry is idle, expire it */ @@ -1134,7 +1145,7 @@ break ; /* found */ /* No match. Check if we can expire the entry */ - if (pipe_expire && q->head == NULL && q->S == q->F+1 ) { + if (pipe_expire && QUEUE_IS_IDLE(q)) { /* entry is idle and not in any heap, expire it */ struct dn_flow_queue *old_q = q ; @@ -1408,18 +1419,20 @@ if (q->idle_time < curr_time) { /* Calculate available burst size. */ q->numbytes += - (curr_time - q->idle_time) * pipe->bandwidth; + (curr_time - q->idle_time - 1) * pipe->bandwidth; if (q->numbytes > pipe->burst) q->numbytes = pipe->burst; if (io_fast) q->numbytes += pipe->bandwidth; } } else { /* WF2Q. */ - if (pipe->idle_time < curr_time) { + if (pipe->idle_time < curr_time && + pipe->scheduler_heap.elements == 0 && + pipe->not_eligible_heap.elements == 0) { /* Calculate available burst size. */ pipe->numbytes += - (curr_time - pipe->idle_time) * pipe->bandwidth; - if (pipe->numbytes > pipe->burst) + (curr_time - pipe->idle_time - 1) * pipe->bandwidth; + if (pipe->numbytes > 0 && pipe->numbytes > pipe->burst) pipe->numbytes = pipe->burst; if (io_fast) pipe->numbytes += pipe->bandwidth; --wac7ysb48OaltWcw-- From owner-freebsd-ipfw@FreeBSD.ORG Tue Dec 1 19:33:46 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 541C6106566B; Tue, 1 Dec 2009 19:33:46 +0000 (UTC) (envelope-from kerbzo@gmail.com) Received: from mail-fx0-f218.google.com (mail-fx0-f218.google.com [209.85.220.218]) by mx1.freebsd.org (Postfix) with ESMTP id 862058FC12; Tue, 1 Dec 2009 19:33:45 +0000 (UTC) Received: by fxm10 with SMTP id 10so4450993fxm.14 for ; Tue, 01 Dec 2009 11:33:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; bh=lO4zgf+G3YOZEMXjJI6ASPPWEahDjY2GnfTJ1AcKx54=; b=GWR92TBOZZaIfe3DNPBLxVaAXEYzPxkySzlP5pNv2ziBxBjDNstR/GtTD+6bZsxrXr XNbXml1aOYsKnwbk9iMhkbxkRtSJQxQOh8WHO4R1in11en0uUG3LFo3NS9k2HKFIswwD xcxohQYP4Gu5jSiFy5pxirfvIHSwhQqD064D0= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; b=dtDOpb/DfBDWOrh6xw0ICyohn67dNPrl/XEPKB4qdTXZ53Eij72nRCDzBZKPnWTuKP yvPitHk48CmUtf84mkRyAbOG+x3wVUK2xc/A9FLA9zwUsD1lwmYvIiyXQzgY4iMY3w3f hJY5tQG5jyHS7q1jFsBLQWftWpQ+1xbkj2QHA= Received: by 10.216.89.149 with SMTP id c21mr2116092wef.224.1259696024375; Tue, 01 Dec 2009 11:33:44 -0800 (PST) Received: from kerbzo.local (host111-205-dynamic.19-79-r.retail.telecomitalia.it [79.19.205.111]) by mx.google.com with ESMTPS id t2sm881343gve.24.2009.12.01.11.33.40 (version=SSLv3 cipher=RC4-MD5); Tue, 01 Dec 2009 11:33:43 -0800 (PST) Message-ID: <4B156F92.6020500@gmail.com> Date: Tue, 01 Dec 2009 20:33:38 +0100 From: Kevin Smith User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812) MIME-Version: 1.0 To: Oleg Bulyzhin References: <4B129960.9030107@gmail.com> <4B12B6B9.3030106@bsd.com.br> <4B12C32F.3060709@gmail.com> <4B12C543.2070204@mgwigglesworth.net> <4B141A77.4030102@gmail.com> <20091130201222.GC72710@lath.rinet.ru> <20091130234537.GA78185@lath.rinet.ru> <20091201173411.GA3637@lath.rinet.ru> In-Reply-To: <20091201173411.GA3637@lath.rinet.ru> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-ipfw@freebsd.org, freebsd-current@freebsd.org, Ben Kelly Subject: Re: dummynet issues X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Dec 2009 19:33:46 -0000 Oleg Bulyzhin wrote: > On Mon, Nov 30, 2009 at 11:58:55PM -0500, Ben Kelly wrote: >> I actually have not measured my bandwidth to validate dummynet. I have simply observed these messages repeating in my log: >> >> dummynet: OUCH! pipe should have been idle! >> >> Under normal conditions I don't really need the dummynet rules to shape traffic for my configuration to work, so it has not been a high priority for me yet. Do you see the log messages? >> >> Thanks. >> >> - Ben > > It seems i've found the problem. Please test attached patch (it's for R8.0 > sources and include r198845). I'm interested in some feedback: > 1) does it solve 'OUCH' messages problem? > 2) does it solve bandwidth problem (if there was any)? > > The patch fixes the problem: now it seems all ok, no more "OUCH" messages and pipe bandwidth limiting works again. Thank you very much, Oleg!! Best regards, -- Kevin From owner-freebsd-ipfw@FreeBSD.ORG Tue Dec 1 19:37:12 2009 Return-Path: Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 58FEA106566C; Tue, 1 Dec 2009 19:37:12 +0000 (UTC) (envelope-from ben@wanderview.com) Received: from mail.wanderview.com (mail.wanderview.com [66.92.166.102]) by mx1.freebsd.org (Postfix) with ESMTP id D22AE8FC16; Tue, 1 Dec 2009 19:37:11 +0000 (UTC) Received: from xykon.in.wanderview.com (xykon.in.wanderview.com [10.76.10.152]) (authenticated bits=0) by mail.wanderview.com (8.14.3/8.14.3) with ESMTP id nB1Jb97D024834 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Tue, 1 Dec 2009 19:37:09 GMT (envelope-from ben@wanderview.com) Mime-Version: 1.0 (Apple Message framework v1077) Content-Type: text/plain; charset=us-ascii From: Ben Kelly In-Reply-To: <4B156F92.6020500@gmail.com> Date: Tue, 1 Dec 2009 14:37:09 -0500 Content-Transfer-Encoding: quoted-printable Message-Id: References: <4B129960.9030107@gmail.com> <4B12B6B9.3030106@bsd.com.br> <4B12C32F.3060709@gmail.com> <4B12C543.2070204@mgwigglesworth.net> <4B141A77.4030102@gmail.com> <20091130201222.GC72710@lath.rinet.ru> <20091130234537.GA78185@lath.rinet.ru> <20091201173411.GA3637@lath.rinet.ru> <4B156F92.6020500@gmail.com> To: Kevin Smith X-Mailer: Apple Mail (2.1077) X-Spam-Score: -1.44 () ALL_TRUSTED X-Scanned-By: MIMEDefang 2.67 on 10.76.20.1 Cc: freebsd-ipfw@FreeBSD.org, freebsd-current@FreeBSD.org, Oleg Bulyzhin Subject: Re: dummynet issues X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Dec 2009 19:37:12 -0000 On Dec 1, 2009, at 2:33 PM, Kevin Smith wrote: > Oleg Bulyzhin wrote: >> On Mon, Nov 30, 2009 at 11:58:55PM -0500, Ben Kelly wrote: >>> I actually have not measured my bandwidth to validate dummynet. I = have simply observed these messages repeating in my log: >>>=20 >>> dummynet: OUCH! pipe should have been idle! >>>=20 >>> Under normal conditions I don't really need the dummynet rules to = shape traffic for my configuration to work, so it has not been a high = priority for me yet. Do you see the log messages? >>>=20 >>> Thanks. >>>=20 >>> - Ben >>=20 >> It seems i've found the problem. Please test attached patch (it's for = R8.0 >> sources and include r198845). I'm interested in some feedback: >> 1) does it solve 'OUCH' messages problem? >> 2) does it solve bandwidth problem (if there was any)? >>=20 >>=20 > The patch fixes the problem: now it seems all ok, no more "OUCH" > messages and pipe bandwidth limiting works again. > Thank you very much, Oleg!! > Best regards, I just verified that it got rid of the log messages for me as well. I = still haven't actually measured the dummynet bandwidth, though. For reference, I used only this part of the patch against 9-CURRENT = since the rest seemed to already be applied: Index: sys/netinet/ipfw/ip_dummynet.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- sys/netinet/ipfw/ip_dummynet.c (revision 252) +++ sys/netinet/ipfw/ip_dummynet.c (working copy) @@ -1426,7 +1426,9 @@ q->numbytes +=3D pipe->bandwidth; } } else { /* WF2Q. */ - if (pipe->idle_time < curr_time) { + if (pipe->idle_time < curr_time && + pipe->scheduler_heap.elements =3D=3D 0 && + pipe->not_eligible_heap.elements =3D=3D 0) { /* Calculate available burst size. */ pipe->numbytes +=3D (curr_time - pipe->idle_time - 1) * = pipe->bandwidth; Thanks for the quick fix Oleg! - Ben= From owner-freebsd-ipfw@FreeBSD.ORG Tue Dec 1 20:48:39 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E82B41065679 for ; Tue, 1 Dec 2009 20:48:39 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outR.internet-mail-service.net (outr.internet-mail-service.net [216.240.47.241]) by mx1.freebsd.org (Postfix) with ESMTP id C90E58FC17 for ; Tue, 1 Dec 2009 20:48:39 +0000 (UTC) Received: from idiom.com (mx0.idiom.com [216.240.32.160]) by out.internet-mail-service.net (Postfix) with ESMTP id 9606A9DA80; Tue, 1 Dec 2009 12:48:39 -0800 (PST) X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e Received: from julian-mac.elischer.org (h-67-100-89-137.snfccasy.static.covad.net [67.100.89.137]) by idiom.com (Postfix) with ESMTP id 057462D6012; Tue, 1 Dec 2009 12:48:38 -0800 (PST) Message-ID: <4B15812B.3000601@elischer.org> Date: Tue, 01 Dec 2009 12:48:43 -0800 From: Julian Elischer User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812) MIME-Version: 1.0 To: Kevin Smith References: <4B129960.9030107@gmail.com> <4B12B6B9.3030106@bsd.com.br> <4B12C32F.3060709@gmail.com> <4B12C543.2070204@mgwigglesworth.net> <4B141A77.4030102@gmail.com> <20091130201222.GC72710@lath.rinet.ru> <20091130234537.GA78185@lath.rinet.ru> <20091201173411.GA3637@lath.rinet.ru> <4B156F92.6020500@gmail.com> In-Reply-To: <4B156F92.6020500@gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-ipfw@freebsd.org, freebsd-current@freebsd.org, Oleg Bulyzhin , Ben Kelly Subject: Re: dummynet issues X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Dec 2009 20:48:40 -0000 Kevin Smith wrote: > Oleg Bulyzhin wrote: >> On Mon, Nov 30, 2009 at 11:58:55PM -0500, Ben Kelly wrote: >>> I actually have not measured my bandwidth to validate dummynet. I have simply observed these messages repeating in my log: >>> >>> dummynet: OUCH! pipe should have been idle! >>> >>> Under normal conditions I don't really need the dummynet rules to shape traffic for my configuration to work, so it has not been a high priority for me yet. Do you see the log messages? >>> >>> Thanks. >>> >>> - Ben >> It seems i've found the problem. Please test attached patch (it's for R8.0 >> sources and include r198845). I'm interested in some feedback: >> 1) does it solve 'OUCH' messages problem? >> 2) does it solve bandwidth problem (if there was any)? >> >> > The patch fixes the problem: now it seems all ok, no more "OUCH" > messages and pipe bandwidth limiting works again. > Thank you very much, Oleg!! > Best regards, > this should be made an errata item for 8.0 From owner-freebsd-ipfw@FreeBSD.ORG Wed Dec 2 09:32:53 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 165B5106568B; Wed, 2 Dec 2009 09:32:53 +0000 (UTC) (envelope-from oleg@lath.rinet.ru) Received: from lath.rinet.ru (lath.rinet.ru [195.54.192.90]) by mx1.freebsd.org (Postfix) with ESMTP id C0D2A8FC0A; Wed, 2 Dec 2009 09:32:52 +0000 (UTC) Received: by lath.rinet.ru (Postfix, from userid 222) id 87443704B; Wed, 2 Dec 2009 12:32:51 +0300 (MSK) Date: Wed, 2 Dec 2009 12:32:51 +0300 From: Oleg Bulyzhin To: Julian Elischer Message-ID: <20091202093251.GA32092@lath.rinet.ru> References: <4B12C32F.3060709@gmail.com> <4B12C543.2070204@mgwigglesworth.net> <4B141A77.4030102@gmail.com> <20091130201222.GC72710@lath.rinet.ru> <20091130234537.GA78185@lath.rinet.ru> <20091201173411.GA3637@lath.rinet.ru> <4B156F92.6020500@gmail.com> <4B15812B.3000601@elischer.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4B15812B.3000601@elischer.org> User-Agent: Mutt/1.5.18 (2008-05-17) Cc: freebsd-ipfw@freebsd.org, Kevin Smith , freebsd-current@freebsd.org, Ben Kelly Subject: Re: dummynet issues X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Dec 2009 09:32:53 -0000 On Tue, Dec 01, 2009 at 12:48:43PM -0800, Julian Elischer wrote: > this should be made an errata item for 8.0 I'm not sure about the procedure, should i contact re@ team? -- Oleg. ================================================================ === Oleg Bulyzhin -- OBUL-RIPN -- OBUL-RIPE -- oleg@rinet.ru === ================================================================ From owner-freebsd-ipfw@FreeBSD.ORG Wed Dec 2 10:32:44 2009 Return-Path: Delivered-To: ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 68BFB1065756 for ; Wed, 2 Dec 2009 10:32:42 +0000 (UTC) (envelope-from luigi@onelab2.iet.unipi.it) Received: from onelab2.iet.unipi.it (onelab2.iet.unipi.it [131.114.59.238]) by mx1.freebsd.org (Postfix) with ESMTP id DB7828FC12 for ; Wed, 2 Dec 2009 10:32:41 +0000 (UTC) Received: by onelab2.iet.unipi.it (Postfix, from userid 275) id 21F14730DA; Wed, 2 Dec 2009 11:25:41 +0100 (CET) Date: Wed, 2 Dec 2009 11:25:41 +0100 From: Luigi Rizzo To: current@freebsd.org Message-ID: <20091202102541.GA71448@onelab2.iet.unipi.it> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.3i Cc: ipfw@freebsd.org Subject: heads up - upcoming dummynet/ipfw refactoring X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Dec 2009 10:32:44 -0000 Hi, in the next weeks i am going to slowly push into -head (and when possible also in RELENG_8) several restructuring and cleanup changes in dummynet and ipfw. This is the result of work we have been doing in Pisa in the last few months with Riccardo Panicucci and Marta Carbone. I am trying to organize the commits so that the ABI CHANGE WILL BE HARMLESS -- basically, we have implemented some compatibility code in the kernel so that NEW KERNELS WILL UNDERSTAND THE OLD USERLAND (from 7.x and above). Apart from this, the high level goals are: - refactor and split the code which after 10+ years has grown in uncontrolled ways (huge files, some style issues, some performance issues); - pull out generic code for data structures (e.g. binary heaps, hash tables) that could be useful or perhaps already exist in other parts of the kernel. - clean up the ABI so we have a truly extensible one. This mostly affects dummynet because ipfw is already in a reasonable shape, but there are places where ipfw has issues as well (e.g. due to counter sizes etc.); - add support for more dummynet features, most noticeably an API for pluggable link schedulers so one can choose those that fit best his requirements. I don't expect much if any disruption of the system, because most of the work is on the software interfaces and not in the inner working of the algorithms. cheers luigi From owner-freebsd-ipfw@FreeBSD.ORG Wed Dec 2 14:40:02 2009 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E61E2106566C for ; Wed, 2 Dec 2009 14:40:02 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id B08E08FC14 for ; Wed, 2 Dec 2009 14:40:02 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id nB2Ee2PQ007859 for ; Wed, 2 Dec 2009 14:40:02 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id nB2Ee20w007858; Wed, 2 Dec 2009 14:40:02 GMT (envelope-from gnats) Date: Wed, 2 Dec 2009 14:40:02 GMT Message-Id: <200912021440.nB2Ee20w007858@freefall.freebsd.org> To: freebsd-ipfw@FreeBSD.org From: dfilter@FreeBSD.ORG (dfilter service) Cc: Subject: Re: kern/117234: commit references a PR X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: dfilter service List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Dec 2009 14:40:03 -0000 The following reply was made to PR kern/117234; it has been noted by GNATS. From: dfilter@FreeBSD.ORG (dfilter service) To: bug-followup@FreeBSD.org Cc: Subject: Re: kern/117234: commit references a PR Date: Wed, 2 Dec 2009 14:32:15 +0000 (UTC) Author: ume Date: Wed Dec 2 14:32:01 2009 New Revision: 200027 URL: http://svn.freebsd.org/changeset/base/200027 Log: Teach an IPv6 to send_pkt() and ipfw_tick(). It fixes the issue which keep-alive doesn't work for an IPv6. PR: kern/117234 Submitted by: mlaier, Joost Bekkers MFC after: 1 month Modified: head/sys/netinet/ipfw/ip_fw2.c Modified: head/sys/netinet/ipfw/ip_fw2.c ============================================================================== --- head/sys/netinet/ipfw/ip_fw2.c Wed Dec 2 13:24:21 2009 (r200026) +++ head/sys/netinet/ipfw/ip_fw2.c Wed Dec 2 14:32:01 2009 (r200027) @@ -94,6 +94,7 @@ __FBSDID("$FreeBSD$"); #include #ifdef INET6 #include +#include #endif #include /* XXX for in_cksum */ @@ -249,6 +250,10 @@ static struct mtx ipfw_dyn_mtx; /* mute #define IPFW_DYN_UNLOCK() mtx_unlock(&ipfw_dyn_mtx) #define IPFW_DYN_LOCK_ASSERT() mtx_assert(&ipfw_dyn_mtx, MA_OWNED) +static struct mbuf *send_pkt(struct mbuf *, struct ipfw_flow_id *, + u_int32_t, u_int32_t, int); + + /* * Timeouts for various events in handing dynamic rules. */ @@ -708,60 +713,18 @@ send_reject6(struct ip_fw_args *args, in m = args->m; if (code == ICMP6_UNREACH_RST && args->f_id.proto == IPPROTO_TCP) { struct tcphdr *tcp; - tcp_seq ack, seq; - int flags; - struct { - struct ip6_hdr ip6; - struct tcphdr th; - } ti; tcp = (struct tcphdr *)((char *)ip6 + hlen); - if ((tcp->th_flags & TH_RST) != 0) { - m_freem(m); - args->m = NULL; - return; - } - - ti.ip6 = *ip6; - ti.th = *tcp; - ti.th.th_seq = ntohl(ti.th.th_seq); - ti.th.th_ack = ntohl(ti.th.th_ack); - ti.ip6.ip6_nxt = IPPROTO_TCP; - - if (ti.th.th_flags & TH_ACK) { - ack = 0; - seq = ti.th.th_ack; - flags = TH_RST; - } else { - ack = ti.th.th_seq; - if ((m->m_flags & M_PKTHDR) != 0) { - /* - * total new data to ACK is: - * total packet length, - * minus the header length, - * minus the tcp header length. - */ - ack += m->m_pkthdr.len - hlen - - (ti.th.th_off << 2); - } else if (ip6->ip6_plen) { - ack += ntohs(ip6->ip6_plen) + sizeof(*ip6) - - hlen - (ti.th.th_off << 2); - } else { - m_freem(m); - return; - } - if (tcp->th_flags & TH_SYN) - ack++; - seq = 0; - flags = TH_RST|TH_ACK; + if ((tcp->th_flags & TH_RST) == 0) { + struct mbuf *m0; + m0 = send_pkt(args->m, &(args->f_id), + ntohl(tcp->th_seq), ntohl(tcp->th_ack), + tcp->th_flags | TH_RST); + if (m0 != NULL) + ip6_output(m0, NULL, NULL, 0, NULL, NULL, + NULL); } - bcopy(&ti, ip6, sizeof(ti)); - /* - * m is only used to recycle the mbuf - * The data in it is never read so we don't need - * to correct the offsets or anything - */ - tcp_respond(NULL, ip6, tcp, m, ack, seq, flags); + m_freem(m); } else if (code != ICMP6_UNREACH_RST) { /* Send an ICMPv6 unreach. */ #if 0 /* @@ -1649,13 +1612,16 @@ send_pkt(struct mbuf *replyto, struct ip u_int32_t ack, int flags) { struct mbuf *m; - struct ip *ip; - struct tcphdr *tcp; + int len, dir; + struct ip *h = NULL; /* stupid compiler */ +#ifdef INET6 + struct ip6_hdr *h6 = NULL; +#endif + struct tcphdr *th = NULL; MGETHDR(m, M_DONTWAIT, MT_DATA); - if (m == 0) + if (m == NULL) return (NULL); - m->m_pkthdr.rcvif = (struct ifnet *)0; M_SETFIB(m, id->fib); #ifdef MAC @@ -1667,67 +1633,118 @@ send_pkt(struct mbuf *replyto, struct ip (void)replyto; /* don't warn about unused arg */ #endif - m->m_pkthdr.len = m->m_len = sizeof(struct ip) + sizeof(struct tcphdr); + switch (id->addr_type) { + case 4: + len = sizeof(struct ip) + sizeof(struct tcphdr); + break; +#ifdef INET6 + case 6: + len = sizeof(struct ip6_hdr) + sizeof(struct tcphdr); + break; +#endif + default: + /* XXX: log me?!? */ + m_freem(m); + return (NULL); + } + dir = ((flags & (TH_SYN | TH_RST)) == TH_SYN); + m->m_data += max_linkhdr; + m->m_flags |= M_SKIP_FIREWALL; + m->m_pkthdr.len = m->m_len = len; + m->m_pkthdr.rcvif = NULL; + bzero(m->m_data, len); + + switch (id->addr_type) { + case 4: + h = mtod(m, struct ip *); + + /* prepare for checksum */ + h->ip_p = IPPROTO_TCP; + h->ip_len = htons(sizeof(struct tcphdr)); + if (dir) { + h->ip_src.s_addr = htonl(id->src_ip); + h->ip_dst.s_addr = htonl(id->dst_ip); + } else { + h->ip_src.s_addr = htonl(id->dst_ip); + h->ip_dst.s_addr = htonl(id->src_ip); + } - ip = mtod(m, struct ip *); - bzero(ip, m->m_len); - tcp = (struct tcphdr *)(ip + 1); /* no IP options */ - ip->ip_p = IPPROTO_TCP; - tcp->th_off = 5; - /* - * Assume we are sending a RST (or a keepalive in the reverse - * direction), swap src and destination addresses and ports. - */ - ip->ip_src.s_addr = htonl(id->dst_ip); - ip->ip_dst.s_addr = htonl(id->src_ip); - tcp->th_sport = htons(id->dst_port); - tcp->th_dport = htons(id->src_port); - if (flags & TH_RST) { /* we are sending a RST */ + th = (struct tcphdr *)(h + 1); + break; +#ifdef INET6 + case 6: + h6 = mtod(m, struct ip6_hdr *); + + /* prepare for checksum */ + h6->ip6_nxt = IPPROTO_TCP; + h6->ip6_plen = htons(sizeof(struct tcphdr)); + if (dir) { + h6->ip6_src = id->src_ip6; + h6->ip6_dst = id->dst_ip6; + } else { + h6->ip6_src = id->dst_ip6; + h6->ip6_dst = id->src_ip6; + } + + th = (struct tcphdr *)(h6 + 1); + break; +#endif + } + + if (dir) { + th->th_sport = htons(id->src_port); + th->th_dport = htons(id->dst_port); + } else { + th->th_sport = htons(id->dst_port); + th->th_dport = htons(id->src_port); + } + th->th_off = sizeof(struct tcphdr) >> 2; + + if (flags & TH_RST) { if (flags & TH_ACK) { - tcp->th_seq = htonl(ack); - tcp->th_ack = htonl(0); - tcp->th_flags = TH_RST; + th->th_seq = htonl(ack); + th->th_flags = TH_RST; } else { if (flags & TH_SYN) seq++; - tcp->th_seq = htonl(0); - tcp->th_ack = htonl(seq); - tcp->th_flags = TH_RST | TH_ACK; + th->th_ack = htonl(seq); + th->th_flags = TH_RST | TH_ACK; } } else { /* - * We are sending a keepalive. flags & TH_SYN determines - * the direction, forward if set, reverse if clear. - * NOTE: seq and ack are always assumed to be correct - * as set by the caller. This may be confusing... + * Keepalive - use caller provided sequence numbers */ - if (flags & TH_SYN) { - /* - * we have to rewrite the correct addresses! - */ - ip->ip_dst.s_addr = htonl(id->dst_ip); - ip->ip_src.s_addr = htonl(id->src_ip); - tcp->th_dport = htons(id->dst_port); - tcp->th_sport = htons(id->src_port); - } - tcp->th_seq = htonl(seq); - tcp->th_ack = htonl(ack); - tcp->th_flags = TH_ACK; + th->th_seq = htonl(seq); + th->th_ack = htonl(ack); + th->th_flags = TH_ACK; + } + + switch (id->addr_type) { + case 4: + th->th_sum = in_cksum(m, len); + + /* finish the ip header */ + h->ip_v = 4; + h->ip_hl = sizeof(*h) >> 2; + h->ip_tos = IPTOS_LOWDELAY; + h->ip_off = 0; + h->ip_len = len; + h->ip_ttl = V_ip_defttl; + h->ip_sum = 0; + break; +#ifdef INET6 + case 6: + th->th_sum = in6_cksum(m, IPPROTO_TCP, sizeof(*h6), + sizeof(struct tcphdr)); + + /* finish the ip6 header */ + h6->ip6_vfc |= IPV6_VERSION; + h6->ip6_hlim = IPV6_DEFHLIM; + break; +#endif } - /* - * set ip_len to the payload size so we can compute - * the tcp checksum on the pseudoheader - * XXX check this, could save a couple of words ? - */ - ip->ip_len = htons(sizeof(struct tcphdr)); - tcp->th_sum = in_cksum(m, m->m_pkthdr.len); - /* - * now fill fields left out earlier - */ - ip->ip_ttl = V_ip_defttl; - ip->ip_len = m->m_pkthdr.len; - m->m_flags |= M_SKIP_FIREWALL; + return (m); } @@ -4530,13 +4547,16 @@ static void ipfw_tick(void * vnetx) { struct mbuf *m0, *m, *mnext, **mtailp; +#ifdef INET6 + struct mbuf *m6, **m6_tailp; +#endif int i; ipfw_dyn_rule *q; #ifdef VIMAGE struct vnet *vp = vnetx; #endif - CURVNET_SET(vp); + CURVNET_SET(vp); if (V_dyn_keepalive == 0 || V_ipfw_dyn_v == NULL || V_dyn_count == 0) goto done; @@ -4548,6 +4568,10 @@ ipfw_tick(void * vnetx) */ m0 = NULL; mtailp = &m0; +#ifdef INET6 + m6 = NULL; + m6_tailp = &m6; +#endif IPFW_DYN_LOCK(); for (i = 0 ; i < V_curr_dyn_buckets ; i++) { for (q = V_ipfw_dyn_v[i] ; q ; q = q->next ) { @@ -4563,14 +4587,37 @@ ipfw_tick(void * vnetx) if (TIME_LEQ(q->expire, time_uptime)) continue; /* too late, rule expired */ - *mtailp = send_pkt(NULL, &(q->id), q->ack_rev - 1, + m = send_pkt(NULL, &(q->id), q->ack_rev - 1, q->ack_fwd, TH_SYN); - if (*mtailp != NULL) - mtailp = &(*mtailp)->m_nextpkt; - *mtailp = send_pkt(NULL, &(q->id), q->ack_fwd - 1, + mnext = send_pkt(NULL, &(q->id), q->ack_fwd - 1, q->ack_rev, 0); - if (*mtailp != NULL) - mtailp = &(*mtailp)->m_nextpkt; + + switch (q->id.addr_type) { + case 4: + if (m != NULL) { + *mtailp = m; + mtailp = &(*mtailp)->m_nextpkt; + } + if (mnext != NULL) { + *mtailp = mnext; + mtailp = &(*mtailp)->m_nextpkt; + } + break; +#ifdef INET6 + case 6: + if (m != NULL) { + *m6_tailp = m; + m6_tailp = &(*m6_tailp)->m_nextpkt; + } + if (mnext != NULL) { + *m6_tailp = mnext; + m6_tailp = &(*m6_tailp)->m_nextpkt; + } + break; +#endif + } + + m = mnext = NULL; } } IPFW_DYN_UNLOCK(); @@ -4579,6 +4626,13 @@ ipfw_tick(void * vnetx) m->m_nextpkt = NULL; ip_output(m, NULL, NULL, 0, NULL, NULL); } +#ifdef INET6 + for (m = mnext = m6; m != NULL; m = mnext) { + mnext = m->m_nextpkt; + m->m_nextpkt = NULL; + ip6_output(m, NULL, NULL, 0, NULL, NULL, NULL); + } +#endif done: callout_reset(&V_ipfw_timeout, V_dyn_keepalive_period * hz, ipfw_tick, vnetx); _______________________________________________ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org" From owner-freebsd-ipfw@FreeBSD.ORG Wed Dec 2 15:12:31 2009 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 628001065672; Wed, 2 Dec 2009 15:12:31 +0000 (UTC) (envelope-from ume@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 39A138FC1A; Wed, 2 Dec 2009 15:12:31 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id nB2FCVTX043843; Wed, 2 Dec 2009 15:12:31 GMT (envelope-from ume@freefall.freebsd.org) Received: (from ume@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id nB2FCUqU043835; Wed, 2 Dec 2009 15:12:30 GMT (envelope-from ume) Date: Wed, 2 Dec 2009 15:12:30 GMT Message-Id: <200912021512.nB2FCUqU043835@freefall.freebsd.org> To: john.w.court@nokia.com, ume@FreeBSD.org, freebsd-ipfw@FreeBSD.org From: ume@FreeBSD.org Cc: Subject: Re: kern/117234: [ipfw] [patch] ipfw send_pkt() and ipfw_tick() don't seem to support IPV6 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Dec 2009 15:12:31 -0000 Synopsis: [ipfw] [patch] ipfw send_pkt() and ipfw_tick() don't seem to support IPV6 State-Changed-From-To: open->patched State-Changed-By: ume State-Changed-When: Wed Dec 2 15:11:21 UTC 2009 State-Changed-Why: I've just committed it into HEAD. Thank you for the report. http://www.freebsd.org/cgi/query-pr.cgi?pr=117234