From owner-freebsd-ipfw@FreeBSD.ORG Sun Mar 2 14:46:40 2008 Return-Path: Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 62B70106566B for ; Sun, 2 Mar 2008 14:46:40 +0000 (UTC) (envelope-from piso@southcross.wired.org) Received: from mail.oltrelinux.com (krisma.oltrelinux.com [194.242.226.43]) by mx1.freebsd.org (Postfix) with ESMTP id 15CF78FC1E for ; Sun, 2 Mar 2008 14:46:39 +0000 (UTC) (envelope-from piso@southcross.wired.org) Received: from southcross.wired.org (host-62-10-30-20.cust-adsl.tiscali.it [62.10.30.20]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.oltrelinux.com (Postfix) with ESMTP id C5FE811AE94; Sun, 2 Mar 2008 15:46:39 +0100 (CET) Received: (from piso@localhost) by southcross.wired.org (8.14.2/8.14.1/Submit) id m22Enfwo023498; Sun, 2 Mar 2008 15:49:41 +0100 (CET) (envelope-from piso) Date: Sun, 2 Mar 2008 15:49:39 +0100 From: Paolo Pisati To: freebsd-ipfw@FreeBSD.org Message-ID: <20080302144939.GA23353@tin.it> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.17 (2007-11-01) X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at krisma.oltrelinux.com Cc: freebsd-net@FreeBSD.org Subject: ipfw initialization: SI_ORDER_ANY -> SI_ORDER_MIDDLE? X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 02 Mar 2008 14:46:40 -0000 Hi, i just found out that depending on a KLD doesn't imply any initialization order, thus depending on a lock initialized in the ipfw init path is _really_ a bad idea from another KLD init path (see ip_fw_nat.c::ipfw_nat_init()). A fix would be to move ipfw init priority from SI_ORDER_ANY to SI_ORDER_MIDDLE, but i guess there are side effects that i'm unaware in this modification... On the other hand, if we keep ipfw at SI_ORDER_ANY, i don't know how to build stuff that relies on it without opening race conditions: see ip_fw_nat.c::flush_nat_ptrs() called in rule deletion and rule configuration paths. bye, P. ps yes, next time i'll better read the MODULE_DEPEND man page... From owner-freebsd-ipfw@FreeBSD.ORG Sun Mar 2 15:10:13 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4CCD21065673; Sun, 2 Mar 2008 15:10:13 +0000 (UTC) (envelope-from piso@southcross.wired.org) Received: from mail.oltrelinux.com (krisma.oltrelinux.com [194.242.226.43]) by mx1.freebsd.org (Postfix) with ESMTP id E97BC8FC12; Sun, 2 Mar 2008 15:10:12 +0000 (UTC) (envelope-from piso@southcross.wired.org) Received: from southcross.wired.org (host-62-10-34-34.cust-adsl.tiscali.it [62.10.34.34]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.oltrelinux.com (Postfix) with ESMTP id 4C52011AE68; Sun, 2 Mar 2008 16:10:12 +0100 (CET) Received: (from piso@localhost) by southcross.wired.org (8.14.2/8.14.1/Submit) id m22FDBa0023669; Sun, 2 Mar 2008 16:13:11 +0100 (CET) (envelope-from piso) Date: Sun, 2 Mar 2008 16:13:10 +0100 From: Paolo Pisati To: Paolo Pisati Message-ID: <20080302151310.GB23353@tin.it> References: <20080302144939.GA23353@tin.it> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20080302144939.GA23353@tin.it> User-Agent: Mutt/1.5.17 (2007-11-01) X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at krisma.oltrelinux.com Cc: freebsd-ipfw@freebsd.org, freebsd-net@freebsd.org Subject: Re: ipfw initialization: SI_ORDER_ANY -> SI_ORDER_MIDDLE? X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 02 Mar 2008 15:10:13 -0000 On Sun, Mar 02, 2008 at 03:49:39PM +0100, Paolo Pisati wrote: > Hi, > > i just found out that depending on a KLD doesn't imply any > initialization order, thus depending on a lock initialized in the ipfw > init path is _really_ a bad idea from another KLD init path (see > ip_fw_nat.c::ipfw_nat_init()). > > A fix would be to move ipfw init priority from SI_ORDER_ANY to > SI_ORDER_MIDDLE, but i guess there are side effects that i'm > unaware in this modification... > > On the other hand, if we keep ipfw at SI_ORDER_ANY, i don't know how > to build stuff that relies on it without opening race conditions: > see ip_fw_nat.c::flush_nat_ptrs() called in rule deletion and > rule configuration paths. as the problem arises only during ip_fw_nat initialization, another viable solution would be to fix ipfw_nat_init() this way: static void ipfw_nat_init(void) { - IPFW_WLOCK(&layer3_chain); /* init ipfw hooks */ - ipfw_nat_ptr = ipfw_nat; ipfw_nat_cfg_ptr = ipfw_nat_cfg; ipfw_nat_del_ptr = ipfw_nat_del; ipfw_nat_get_cfg_ptr = ipfw_nat_get_cfg; ipfw_nat_get_log_ptr = ipfw_nat_get_log; - IPFW_WUNLOCK(&layer3_chain); + ipfw_nat_ptr = ipfw_nat; ifaddr_event_tag = EVENTHANDLER_REGISTER(ifaddr_event, ifaddr_change, NULL, EVENTHANDLER_PRI_ANY); } avoid grabbing the lock at all during init, and exploit orders of hooks initialization: as the presence of ipfw_nat in ipfw is checked via ipfw_nat_ptr, i can narrow/close the race window initializing ipfw_nat_ptr at the end of the function, but can i trust the order of variables assignment? i guess no without some sort of memory barriers, and are memory barriers available in all archs? and are memory barriers enough? bye, P. From owner-freebsd-ipfw@FreeBSD.ORG Sun Mar 2 15:17:46 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9FD3F1065677; Sun, 2 Mar 2008 15:17:46 +0000 (UTC) (envelope-from luigi@onelab2.iet.unipi.it) Received: from onelab2.iet.unipi.it (onelab2.iet.unipi.it [131.114.9.129]) by mx1.freebsd.org (Postfix) with ESMTP id 59DF78FC12; Sun, 2 Mar 2008 15:17:46 +0000 (UTC) (envelope-from luigi@onelab2.iet.unipi.it) Received: by onelab2.iet.unipi.it (Postfix, from userid 275) id C54EC73129; Sun, 2 Mar 2008 15:58:50 +0100 (CET) Date: Sun, 2 Mar 2008 15:58:50 +0100 From: Luigi Rizzo To: Paolo Pisati Message-ID: <20080302145850.GA33308@onelab2.iet.unipi.it> References: <20080302144939.GA23353@tin.it> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20080302144939.GA23353@tin.it> User-Agent: Mutt/1.4.2.3i Cc: freebsd-ipfw@freebsd.org, freebsd-net@freebsd.org Subject: Re: ipfw initialization: SI_ORDER_ANY -> SI_ORDER_MIDDLE? X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 02 Mar 2008 15:17:46 -0000 On Sun, Mar 02, 2008 at 03:49:39PM +0100, Paolo Pisati wrote: > Hi, > > i just found out that depending on a KLD doesn't imply any > initialization order, thus depending on a lock initialized in the ipfw > init path is _really_ a bad idea from another KLD init path (see > ip_fw_nat.c::ipfw_nat_init()). > > A fix would be to move ipfw init priority from SI_ORDER_ANY to > SI_ORDER_MIDDLE, but i guess there are side effects that i'm > unaware in this modification... The SI_ORDER_* definitions in /sys/sys/kernel.h are enumerated on a large range, so if the existing code does not have races, you can safely move the non-leaf modules (such as ipfw,ko in your case) to (SI_ORDER_ANY - some_small_integer) without breaking anything. If this change breaks something, it means that there was already a race condition and you are just pointing it out - so it is a worthwhile change... cheers luigi From owner-freebsd-ipfw@FreeBSD.ORG Mon Mar 3 10:14:21 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5DD12106566B; Mon, 3 Mar 2008 10:14:21 +0000 (UTC) (envelope-from piso@southcross.wired.org) Received: from mail.oltrelinux.com (krisma.oltrelinux.com [194.242.226.43]) by mx1.freebsd.org (Postfix) with ESMTP id 1EA918FC1D; Mon, 3 Mar 2008 10:14:20 +0000 (UTC) (envelope-from piso@southcross.wired.org) Received: from southcross.wired.org (host-84-221-78-158.cust-adsl.tiscali.it [84.221.78.158]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.oltrelinux.com (Postfix) with ESMTP id CAD5811AE75; Mon, 3 Mar 2008 11:14:14 +0100 (CET) Received: (from piso@localhost) by southcross.wired.org (8.14.2/8.14.1/Submit) id m23AHKDK034084; Mon, 3 Mar 2008 11:17:20 +0100 (CET) (envelope-from piso) Date: Mon, 3 Mar 2008 11:17:19 +0100 From: Paolo Pisati To: Luigi Rizzo Message-ID: <20080303101718.GA34056@tin.it> References: <20080302144939.GA23353@tin.it> <20080302145850.GA33308@onelab2.iet.unipi.it> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20080302145850.GA33308@onelab2.iet.unipi.it> User-Agent: Mutt/1.5.17 (2007-11-01) X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at krisma.oltrelinux.com Cc: freebsd-ipfw@freebsd.org, Paolo Pisati , freebsd-net@freebsd.org Subject: Re: ipfw initialization: SI_ORDER_ANY -> SI_ORDER_MIDDLE? X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Mar 2008 10:14:21 -0000 On Sun, Mar 02, 2008 at 03:58:50PM +0100, Luigi Rizzo wrote: > > The SI_ORDER_* definitions in /sys/sys/kernel.h are enumerated on a > large range, so if the existing code does not have races, > you can safely move the non-leaf modules > (such as ipfw,ko in your case) to (SI_ORDER_ANY - some_small_integer) > without breaking anything. fine, i did this. is it MFCable? bye, P. From owner-freebsd-ipfw@FreeBSD.ORG Mon Mar 3 11:07:09 2008 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B5F611065671 for ; Mon, 3 Mar 2008 11:07:09 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id AF75F8FC1A for ; Mon, 3 Mar 2008 11:07:09 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m23B79jf022073 for ; Mon, 3 Mar 2008 11:07:09 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m23B79uO022069 for freebsd-ipfw@FreeBSD.org; Mon, 3 Mar 2008 11:07:09 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 3 Mar 2008 11:07:09 GMT Message-Id: <200803031107.m23B79uO022069@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-ipfw@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-ipfw@FreeBSD.org X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Mar 2008 11:07:09 -0000 Current FreeBSD problem reports Critical problems Serious problems S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/51274 ipfw [ipfw] [patch] ipfw2 create dynamic rules with parent o kern/73910 ipfw [ipfw] serious bug on forwarding of packets after NAT o kern/74104 ipfw [ipfw] ipfw2/1 conflict not detected or reported, manp o kern/88659 ipfw [modules] ipfw and ip6fw do not work properly as modul o kern/93300 ipfw [ipfw] ipfw pipe lost packets o kern/95084 ipfw [ipfw] [patch] IPFW2 ignores "recv/xmit/via any" (IPFW o kern/97504 ipfw [ipfw] IPFW Rules bug o kern/97951 ipfw [ipfw] [patch] ipfw does not tie interface details to o kern/98831 ipfw [ipfw] ipfw has UDP hickups o kern/102471 ipfw [ipfw] [patch] add tos and dscp support o kern/103454 ipfw [ipfw] [patch] [request] add a facility to modify DF b o kern/106534 ipfw [ipfw] [panic] ipfw + dummynet o kern/112708 ipfw [ipfw] ipfw is seems to be broken to limit number of c o kern/117234 ipfw [ipfw] [patch] ipfw send_pkt() and ipfw_tick() don't s o kern/118993 ipfw [ipfw] page fault - probably it's a locking problem 15 problems total. Non-critical problems S Tracker Resp. Description -------------------------------------------------------------------------------- a kern/26534 ipfw [ipfw] Add an option to ipfw to log gid/uid of who cau o kern/46159 ipfw [ipfw] [patch] [request] ipfw dynamic rules lifetime f o kern/48172 ipfw [ipfw] [patch] ipfw does not log size and flags o kern/55984 ipfw [ipfw] [patch] time based firewalling support for ipfw o kern/60719 ipfw [ipfw] Headerless fragments generate cryptic error mes o kern/69963 ipfw [ipfw] install_state warning about already existing en o kern/71366 ipfw [ipfw] "ipfw fwd" sometimes rewrites destination mac a o kern/72987 ipfw [ipfw] ipfw/dummynet pipe/queue 'queue [BYTES]KBytes ( o bin/78785 ipfw [ipfw] [patch] ipfw verbosity locks machine if /etc/rc o kern/80642 ipfw [ipfw] [patch] ipfw small patch - new RULE OPTION o kern/82724 ipfw [ipfw] [patch] [request] Add setnexthop and defaultrou o kern/86957 ipfw [ipfw] [patch] ipfw mac logging o kern/87032 ipfw [ipfw] [patch] ipfw ioctl interface implementation o kern/91847 ipfw [ipfw] ipfw with vlanX as the device o kern/103328 ipfw [ipfw] [request] sugestions about ipfw table o kern/104682 ipfw [ipfw] [patch] Some minor language consistency fixes a o bin/104921 ipfw [patch] ipfw(8) sometimes treats ipv6 input as ipv4 (a o kern/105330 ipfw [ipfw] [patch] ipfw (dummynet) does not allow to set q o kern/107305 ipfw [ipfw] ipfw fwd doesn't seem to work o kern/111713 ipfw [dummynet] [request] Too few dummynet queue slots o kern/112561 ipfw [ipfw] ipfw fwd does not work with some TCP packets p kern/113388 ipfw [ipfw][patch] Addition actions with rules within speci o docs/113803 ipfw [patch] ipfw(8) - don't get bitten by the fwd rule o bin/115172 ipfw [patch] ipfw(8) list show some rules with a wrong form p kern/115755 ipfw [ipfw][patch] unify message and add a rule number wher o kern/116009 ipfw [ipfw] [patch] Ignore errors when loading ruleset from o kern/121122 ipfw [ipfw] [patch] add support to ToS IP PRECEDENCE fields 27 problems total. From owner-freebsd-ipfw@FreeBSD.ORG Mon Mar 3 11:26:06 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1D5AA1065671 for ; Mon, 3 Mar 2008 11:26:06 +0000 (UTC) (envelope-from freebsd-ipfw@m.gmane.org) Received: from ciao.gmane.org (main.gmane.org [80.91.229.2]) by mx1.freebsd.org (Postfix) with ESMTP id A46068FC13 for ; Mon, 3 Mar 2008 11:26:05 +0000 (UTC) (envelope-from freebsd-ipfw@m.gmane.org) Received: from list by ciao.gmane.org with local (Exim 4.43) id 1JW8nw-00009U-OI for freebsd-ipfw@freebsd.org; Mon, 03 Mar 2008 11:26:00 +0000 Received: from 195.208.174.178 ([195.208.174.178]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 03 Mar 2008 11:26:00 +0000 Received: from vadim_nuclight by 195.208.174.178 with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 03 Mar 2008 11:26:00 +0000 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-ipfw@freebsd.org From: Vadim Goncharov Date: Mon, 3 Mar 2008 11:25:53 +0000 (UTC) Organization: Nuclear Lightning @ Tomsk, TPU AVTF Hostel Lines: 40 Message-ID: References: <20080228151134.GA73358@tin.it> <20080229095150.GA76592@tin.it> <20080229154144.GA81243@tin.it> X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: 195.208.174.178 X-Comment-To: piso@FreeBSD.org User-Agent: slrn/0.9.8.1 (FreeBSD) Sender: news Subject: Re: [patch] ipfw_nat as a kld module X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: vadim_nuclight@mail.ru List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Mar 2008 11:26:06 -0000 Hi piso@FreeBSD.org! On Fri, 29 Feb 2008 16:41:44 +0100; piso@FreeBSD.org wrote about 'Re: [patch] ipfw_nat as a kld module': >>>> * struct ip_fw_chain moved to .h and no longer static, is this good? >>>> I suggest to move into it's own static chain in module, see next >>> the symbol is used outside it's originating file >> >> Is it needed if LIST_HEAD will be in its own module? > every modification/access to layer3_chain lock is arbitrated via its > own rwlock(), thus to answer your question, yes, there are places > where we would need access to layer3_chain Umm, why? Dummynet doesn't need this access, for example. >>> that's something i thought about, but i didn't see any tangible improvement >>> to this modification, cause part of ipfw_nat would still be called from >>> ipfw2.c (see ipfw_ctl). >> >> This could be fixed, too, as is done with dummynet, which is also configured >> via ipfw(8). As it is HEAD, ABI can be broken and this will not be done via >> ipfw_ctl(). > yes, but does it buy us anything? moreover, we would loose the ability > to merge the work back to 7.x. OK, this could be done after merging to 7.x to preserve ABI there. I think, some time after ``ipfw nat'' is widely tested in 7.0-RELEASE to wait for bugfixes to settle. May be a month or two. What benefits?.. I've listed some in previous message, e.g. ability to change code in NAT module without affecting main ipfw, like easily changing from LIST to HASH, etc. Of course, ``ipfw nat'' should be done this way from scratch, but while it's to late for 7.x, 8.0 still could be split to gain other possible bonuses of clean-architecture. -- WBR, Vadim Goncharov. ICQ#166852181 mailto:vadim_nuclight@mail.ru [Moderator of RU.ANTI-ECOLOGY][FreeBSD][http://antigreen.org][LJ:/nuclight] From owner-freebsd-ipfw@FreeBSD.ORG Mon Mar 3 11:30:08 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A16491065672 for ; Mon, 3 Mar 2008 11:30:08 +0000 (UTC) (envelope-from freebsd-ipfw@m.gmane.org) Received: from ciao.gmane.org (main.gmane.org [80.91.229.2]) by mx1.freebsd.org (Postfix) with ESMTP id 371568FC1F for ; Mon, 3 Mar 2008 11:30:08 +0000 (UTC) (envelope-from freebsd-ipfw@m.gmane.org) Received: from root by ciao.gmane.org with local (Exim 4.43) id 1JW8rq-0000Ka-C6 for freebsd-ipfw@freebsd.org; Mon, 03 Mar 2008 11:30:02 +0000 Received: from 195.208.174.178 ([195.208.174.178]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 03 Mar 2008 11:30:02 +0000 Received: from vadim_nuclight by 195.208.174.178 with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 03 Mar 2008 11:30:02 +0000 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-ipfw@freebsd.org From: Vadim Goncharov Date: Mon, 3 Mar 2008 11:29:00 +0000 (UTC) Organization: Nuclear Lightning @ Tomsk, TPU AVTF Hostel Lines: 51 Message-ID: References: <20080302144939.GA23353@tin.it> <20080302151310.GB23353@tin.it> X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: 195.208.174.178 X-Comment-To: Paolo Pisati User-Agent: slrn/0.9.8.1 (FreeBSD) Sender: news Subject: Re: ipfw initialization: SI_ORDER_ANY -> SI_ORDER_MIDDLE? X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: vadim_nuclight@mail.ru List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Mar 2008 11:30:08 -0000 Hi Paolo Pisati! On Sun, 2 Mar 2008 16:13:10 +0100; Paolo Pisati wrote about 'Re: ipfw initialization: SI_ORDER_ANY -> SI_ORDER_MIDDLE?': >> i just found out that depending on a KLD doesn't imply any >> initialization order, thus depending on a lock initialized in the ipfw >> init path is _really_ a bad idea from another KLD init path (see >> ip_fw_nat.c::ipfw_nat_init()). >> >> A fix would be to move ipfw init priority from SI_ORDER_ANY to >> SI_ORDER_MIDDLE, but i guess there are side effects that i'm >> unaware in this modification... >> >> On the other hand, if we keep ipfw at SI_ORDER_ANY, i don't know how >> to build stuff that relies on it without opening race conditions: >> see ip_fw_nat.c::flush_nat_ptrs() called in rule deletion and >> rule configuration paths. > as the problem arises only during ip_fw_nat initialization, another > viable solution would be to fix ipfw_nat_init() this way: > static void > ipfw_nat_init(void) > { > - IPFW_WLOCK(&layer3_chain); > /* init ipfw hooks */ > - ipfw_nat_ptr = ipfw_nat; > ipfw_nat_cfg_ptr = ipfw_nat_cfg; > ipfw_nat_del_ptr = ipfw_nat_del; > ipfw_nat_get_cfg_ptr = ipfw_nat_get_cfg; > ipfw_nat_get_log_ptr = ipfw_nat_get_log; > - IPFW_WUNLOCK(&layer3_chain); > + ipfw_nat_ptr = ipfw_nat; > ifaddr_event_tag = EVENTHANDLER_REGISTER(ifaddr_event, ifaddr_change, > NULL, EVENTHANDLER_PRI_ANY); > } > avoid grabbing the lock at all during init, and exploit orders of > hooks initialization: as the presence of ipfw_nat in ipfw is checked > via ipfw_nat_ptr, i can narrow/close the race window initializing > ipfw_nat_ptr at the end of the function, but can i trust the order of > variables assignment? i guess no without some sort of memory barriers, > and are memory barriers available in all archs? and are memory > barriers enough? Oh, just another pitfall of non-clean ipfw/ipfw nat modules separation and layer3_chain. I knew that there are must be another ones :-) -- WBR, Vadim Goncharov. ICQ#166852181 mailto:vadim_nuclight@mail.ru [Moderator of RU.ANTI-ECOLOGY][FreeBSD][http://antigreen.org][LJ:/nuclight] From owner-freebsd-ipfw@FreeBSD.ORG Mon Mar 3 11:47:11 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CC32C1065673; Mon, 3 Mar 2008 11:47:11 +0000 (UTC) (envelope-from luigi@onelab2.iet.unipi.it) Received: from onelab2.iet.unipi.it (onelab2.iet.unipi.it [131.114.9.129]) by mx1.freebsd.org (Postfix) with ESMTP id 98CB28FC18; Mon, 3 Mar 2008 11:47:10 +0000 (UTC) (envelope-from luigi@onelab2.iet.unipi.it) Received: by onelab2.iet.unipi.it (Postfix, from userid 275) id 6C57373129; Mon, 3 Mar 2008 12:48:04 +0100 (CET) Date: Mon, 3 Mar 2008 12:48:04 +0100 From: Luigi Rizzo To: Paolo Pisati Message-ID: <20080303114804.GA46175@onelab2.iet.unipi.it> References: <20080302144939.GA23353@tin.it> <20080302145850.GA33308@onelab2.iet.unipi.it> <20080303101718.GA34056@tin.it> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20080303101718.GA34056@tin.it> User-Agent: Mutt/1.4.2.3i Cc: freebsd-ipfw@freebsd.org, freebsd-net@freebsd.org Subject: Re: ipfw initialization: SI_ORDER_ANY -> SI_ORDER_MIDDLE? X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Mar 2008 11:47:12 -0000 On Mon, Mar 03, 2008 at 11:17:19AM +0100, Paolo Pisati wrote: > On Sun, Mar 02, 2008 at 03:58:50PM +0100, Luigi Rizzo wrote: > > > > The SI_ORDER_* definitions in /sys/sys/kernel.h are enumerated on a > > large range, so if the existing code does not have races, > > you can safely move the non-leaf modules > > (such as ipfw,ko in your case) to (SI_ORDER_ANY - some_small_integer) > > without breaking anything. > > fine, i did this. > > is it MFCable? i think so, the SI_ORDER_* definitions are the same at least down to RELENG_6, which is the lowest release we probably care about. cheers luigi From owner-freebsd-ipfw@FreeBSD.ORG Mon Mar 3 20:58:27 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 185BD106566B for ; Mon, 3 Mar 2008 20:58:27 +0000 (UTC) (envelope-from vladone@spaingsm.com) Received: from thunder.lsstelecom.ro (thunder.lsstelecom.ro [194.117.236.32]) by mx1.freebsd.org (Postfix) with ESMTP id 6238F8FC1E for ; Mon, 3 Mar 2008 20:58:26 +0000 (UTC) (envelope-from vladone@spaingsm.com) Received: (qmail 30382 invoked by uid 1010); 3 Mar 2008 22:31:44 +0200 Received: from 88.158.112.6 (vladone@spaingsm.com@88.158.112.6) by thunder (envelope-from , uid 1007) with qmail-scanner-2.01st (clamdscan: 0.91.2/5093. spamassassin: 3.2.3. perlscan: 2.01st. Clear:RC:1(88.158.112.6):. Processed in 0.007162 secs); 03 Mar 2008 20:31:44 -0000 Received: from 6.112.158.88.radiocom.ro (HELO ?127.0.0.1?) (vladone@spaingsm.com@88.158.112.6) by mail.lsstelecom.ro with AES256-SHA encrypted SMTP; 3 Mar 2008 22:31:44 +0200 Message-ID: <47CC602A.7030300@spaingsm.com> Date: Mon, 03 Mar 2008 22:31:38 +0200 From: Fratiman Vladut User-Agent: Thunderbird 2.0.0.12 (Windows/20080213) MIME-Version: 1.0 To: freebsd-ipfw@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: savecore: reboot after panic: X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Mar 2008 20:58:27 -0000 Hi! I try to implement some load balancing using pf. I use also ipfw for traffic shaping. In pf.conf, my rules are this: nat on $ext_if1 from $lan_net to any -> ($ext_if1) nat on $ext_if2 from $lan_net to any -> ($ext_if2) pass in on $int_if route-to { ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2), ($ext_if2 $ext_gw2) } round-robin from $lan_net to any keep state pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2 to any pass out on $ext_if2 route-to ($ext_if1 $ext_gw1) from $ext_if1 to any All work fine, but after some time , my system reboot. I found with dmesg, this error: savecore: reboot after panic: vm_fault: fault on nofault entry, addr: e13d0000 Mar 3 21:29:47 server savecore: reboot after panic: vm_fault: fault on nofault entry, addr: e13d0000 savecore: writing core to vmcore.1 Currently i use pf+ipfw, without load balancing, with pf doing only nat and some port redirection. That combination work without any problem. My system is Freebsd 7 Release, on AMD 64x2 at 4200Mhz. I have installed i386 version, not amd version. From owner-freebsd-ipfw@FreeBSD.ORG Mon Mar 3 21:02:08 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9D8B810656C1 for ; Mon, 3 Mar 2008 21:02:08 +0000 (UTC) (envelope-from vladone@spaingsm.com) Received: from thunder.lsstelecom.ro (thunder.lsstelecom.ro [194.117.236.32]) by mx1.freebsd.org (Postfix) with ESMTP id E75F78FC12 for ; Mon, 3 Mar 2008 21:02:07 +0000 (UTC) (envelope-from vladone@spaingsm.com) Received: (qmail 30731 invoked by uid 1010); 3 Mar 2008 22:34:04 +0200 Received: from 88.158.112.6 (vladone@spaingsm.com@88.158.112.6) by thunder (envelope-from , uid 1007) with qmail-scanner-2.01st (clamdscan: 0.91.2/5093. spamassassin: 3.2.3. perlscan: 2.01st. Clear:RC:1(88.158.112.6):. Processed in 0.007354 secs); 03 Mar 2008 20:34:04 -0000 Received: from 6.112.158.88.radiocom.ro (HELO ?127.0.0.1?) (vladone@spaingsm.com@88.158.112.6) by mail.lsstelecom.ro with AES256-SHA encrypted SMTP; 3 Mar 2008 22:34:04 +0200 Message-ID: <47CC60B8.3060405@spaingsm.com> Date: Mon, 03 Mar 2008 22:34:00 +0200 From: Fratiman Vladut User-Agent: Thunderbird 2.0.0.12 (Windows/20080213) MIME-Version: 1.0 To: freebsd-ipfw@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: run sh script at boot time on freebsd X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Mar 2008 21:02:08 -0000 I have some sh scripts, that works just fine on freebsd 5.4. After installed FreeBsd 7, this script won't run at startup. I put this scripts in /usr/local/etc/rc.d, but nothing work. How can resolve that? From owner-freebsd-ipfw@FreeBSD.ORG Tue Mar 4 03:23:08 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7ECB2106567E for ; Tue, 4 Mar 2008 03:23:08 +0000 (UTC) (envelope-from araujobsdport@gmail.com) Received: from wr-out-0506.google.com (wr-out-0506.google.com [64.233.184.234]) by mx1.freebsd.org (Postfix) with ESMTP id 38FB88FC24 for ; Tue, 4 Mar 2008 03:23:07 +0000 (UTC) (envelope-from araujobsdport@gmail.com) Received: by wr-out-0506.google.com with SMTP id c49so187782wra.19 for ; Mon, 03 Mar 2008 19:23:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:reply-to:organization:user-agent:mime-version:to:cc:subject:references:in-reply-to:x-enigmail-version:openpgp:content-type:from; bh=b6lwa1SDxNLXvk9ERdSOe2ClBgD6+lBSoMUrhG1hCAE=; b=YY9l+4rKefm2//UNwsM/HHeOazhv3dOzC0kLJUaEtH+W7sG1cDJrOU9rA/80vNN10ZWfvEPgAWQvCMx4MTGcAHJmQ54JCElLYJCb4JUd3lKFpM+7RF5WtHV9spGuUZw8XgG9E2xEEzWE0Hpjzi6DpDK3J5K69NtIkSUp6yfjIr4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:reply-to:organization:user-agent:mime-version:to:cc:subject:references:in-reply-to:x-enigmail-version:openpgp:content-type:from; b=STIeXASYt3zo+nsBtUq6Em3pJX72evJxDiFYYj/9imi2n2wmfAQuj2lXMqcsUarynpAQXZBwxQ3pqrDx4ut53iiPVz46q90/ISRaX9fKNlKarvl6HlEGqzfkg1U2l2QmoiMN2b5DexSXMeZjB8GfZXSrOCSjeKOKX440TAtWbdk= Received: by 10.100.194.17 with SMTP id r17mr1104569anf.51.1204600985915; Mon, 03 Mar 2008 19:23:05 -0800 (PST) Received: from island.freebsd.org ( [201.47.46.186]) by mx.google.com with ESMTPS id n29sm1911743elf.5.2008.03.03.19.23.02 (version=TLSv1/SSLv3 cipher=RC4-MD5); Mon, 03 Mar 2008 19:23:05 -0800 (PST) Message-ID: <47CCC0AA.5030106@FreeBSD.org> Date: Tue, 04 Mar 2008 00:23:22 -0300 Organization: FreeBSD User-Agent: Thunderbird 2.0.0.0 (X11/20070521) MIME-Version: 1.0 To: araujo@FreeBSD.org References: <200802261908.m1QJ8n5N023371@freefall.freebsd.org> <47C4F2D1.5080703@yandex.ru> <47C5516F.9080200@FreeBSD.org> <47C64BB7.60309@yandex.ru> <47C68CD1.10409@FreeBSD.org> In-Reply-To: <47C68CD1.10409@FreeBSD.org> X-Enigmail-Version: 0.95.0 OpenPGP: id=53E4CFA8 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enigB3DDF2320604471DBB892B66" From: Marcelo Araujo X-Mailman-Approved-At: Tue, 04 Mar 2008 04:22:42 +0000 Cc: stas@mbsd.msk.ru, Luigi Rizzo , Oleg Bulyzhin , freebsd-ipfw@FreeBSD.org, "Andrey V. Elsukov" , Julian Elischer , Ion-Mihai Tetcu , "Bruce M. Simpson" , Vadim Goncharov Subject: ipfw modip [DF|TOS|DSCP|TTL] X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: araujo@FreeBSD.org List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Mar 2008 03:23:08 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigB3DDF2320604471DBB892B66 Content-Type: text/plain; charset=KOI8-R Content-Transfer-Encoding: quoted-printable Hi all, I started a work to create a new function called of modip, but I've some doubts around this implementation. I created inside of ipfw2.c a case statement called of TOK_SETMODIP, I check if user passed one of the options(DF,TOS,DSCP,TTL), after set an int with the respective value. Now, I need to call O_SETMODIP within ip_fw2.c going with parameter opmodip, and inside O_SETMODIP I can do a goto to O_SETIPTOSPRE as exampl= e. ipfw2.c: 4913 /* New Implementation MODIP. */ 4914 /* [DF|TOS|DSCP|TTL] */ 4915 case TOK_SETMODIP: { 4916 int opmodip =3D 0; 4917 NEED1("need modip [DF|TOS|DSCP|TTL] arg\n"); 4918 if (_substrcmp(*av, "DF") =3D=3D 0 || 4919 _substrcmp(*av, "df") =3D=3D 0) { 4920 opmodip =3D 1; 4921 printf("DF.....\n"); 4922 } else if (_substrcmp(*av, "TOS") =3D=3D 0 || 4923 _substrcmp(*av, "tos") =3D=3D 0) { 4924 opmodip =3D 2; 4925 printf("TOS....\n"); 4926 } else if (_substrcmp(*av, "DSCP") =3D=3D 0 || 4927 _substrcmp(*av, "dscp") =3D=3D 0) { 4928 opmodip =3D 3; 4929 printf("DSCP....\n"); 4930 } else if (_substrcmp(*av, "TTL") =3D=3D 0 || 4931 _substrcmp(*av, "ttl") =3D=3D 0) { 4932 opmodip =3D 4; 4933 printf("TTL....\n"); 4934 } else { 4935 opmodip =3D 0; 4936 printf("0.....\n"); 4937 } 4938 fill_cmd(cmd, O_SETMODIP, 0, modip); 4939 ac--; av++; 4940 printf("Value %d\n", opmodip); 4941 break; 4942 } ip_fw2.c: 3244 /* New Implementation MODIP. */ 3245 case O_SETMODIP: 3246 printf("Entry ip_fw2.c\n"); 3247 switch (cmd->arg1) { 3248 case 1: 3249 printf("DF\n"); 3250 break; 3251 case 2: 3252 printf("TOS\n"); 3253 goto O_SETIPTOSPRE; 3254 break; 3255 case 3: 3256 printf("DSCP\n"); 3257 break; 3258 case 4: 3259 printf("TTL\n"); 3260 break; 3261 default: 3262 printf("0000000\n"); 3263 break; 3264 } When I execute the ipfw with the option I've this output: island# ipfw add modip ipfw: need modip [DF|TOS|DSCP|TTL] arg and island# ipfw add modip tos TOS.... ipfw: invalid flag tos I'd like to pass as follows: island# ipfw add modip tos flashover ip from any to any My problem I believe are in fill_cmd(). Somebody can help me with this problem?=20 Best Regards, --=20 Marcelo Araujo (__) araujo@FreeBSD.org \\\'',) http://www.FreeBSD.org \/ \ ^ Power To Server. .\. /_) --------------enigB3DDF2320604471DBB892B66 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQFHzMCvovxJd1Pkz6gRAusaAJ9rgDi20ZYyEoDkHhUvIIs3SkzyhACgh9e+ I0+me0mLj52SA6fECXXTMbI= =lYCt -----END PGP SIGNATURE----- --------------enigB3DDF2320604471DBB892B66-- From owner-freebsd-ipfw@FreeBSD.ORG Tue Mar 4 09:28:01 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 24E5B1065674 for ; Tue, 4 Mar 2008 09:28:01 +0000 (UTC) (envelope-from ady@ady.ro) Received: from ti-out-0910.google.com (ti-out-0910.google.com [209.85.142.189]) by mx1.freebsd.org (Postfix) with ESMTP id 271F08FC28 for ; Tue, 4 Mar 2008 09:27:53 +0000 (UTC) (envelope-from ady@ady.ro) Received: by ti-out-0910.google.com with SMTP id j2so882117tid.3 for ; Tue, 04 Mar 2008 01:25:52 -0800 (PST) Received: by 10.142.237.20 with SMTP id k20mr484118wfh.112.1204622361910; Tue, 04 Mar 2008 01:19:21 -0800 (PST) Received: by 10.143.167.6 with HTTP; Tue, 4 Mar 2008 01:19:21 -0800 (PST) Message-ID: <78cb3d3f0803040119g7bfa060m71ac2b6814bc2937@mail.gmail.com> Date: Tue, 4 Mar 2008 11:19:21 +0200 From: "Adrian Penisoara" Sender: ady@ady.ro To: freebsd-ipfw@freebsd.org, "Fratiman Vladut" In-Reply-To: <78cb3d3f0803040112j443413e9u1e8b319ab7f2187d@mail.gmail.com> MIME-Version: 1.0 References: <47CC602A.7030300@spaingsm.com> <78cb3d3f0803040112j443413e9u1e8b319ab7f2187d@mail.gmail.com> X-Google-Sender-Auth: 4d9fd214598a21bc Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Subject: Re: savecore: reboot after panic: X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Mar 2008 09:28:01 -0000 Hi, On Mon, Mar 3, 2008 at 10:31 PM, Fratiman Vladut wrote: > Hi! > I try to implement some load balancing using pf. I use also ipfw for > traffic shaping. Have you tried to use traffic shaping with ALTQ inside pf ? Perhaps there is a negative side-effect when combining ipfw and pf this way. > > In pf.conf, my rules are this: > nat on $ext_if1 from $lan_net to any -> ($ext_if1) > nat on $ext_if2 from $lan_net to any -> ($ext_if2) > > pass in on $int_if route-to { ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2), > ($ext_if2 $ext_gw2) } round-robin from $lan_net to any keep state > > pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2 to any > pass out on $ext_if2 route-to ($ext_if1 $ext_gw1) from $ext_if1 to any > > All work fine, but after some time , my system reboot. I found with > dmesg, this error: > savecore: reboot after panic: vm_fault: fault on nofault entry, addr: > e13d0000 > Mar 3 21:29:47 server savecore: reboot after panic: vm_fault: fault on > nofault entry, addr: e13d0000 > savecore: writing core to vmcore.1 Have you tried to extract a gdb stack trace from the core file ? See link below: http://www.freebsd.org/doc/en_US.ISO8859-1/books/developers-handbook/kerneldebug-gdb.html Regards, Adrian Penisoara ROFUG / EnterpriseBSD From owner-freebsd-ipfw@FreeBSD.ORG Tue Mar 4 09:45:27 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 17224106566C for ; Tue, 4 Mar 2008 09:45:27 +0000 (UTC) (envelope-from ady@ady.ro) Received: from wf-out-1314.google.com (wf-out-1314.google.com [209.85.200.174]) by mx1.freebsd.org (Postfix) with ESMTP id 032708FC28 for ; Tue, 4 Mar 2008 09:45:26 +0000 (UTC) (envelope-from ady@ady.ro) Received: by wf-out-1314.google.com with SMTP id 25so759853wfa.7 for ; Tue, 04 Mar 2008 01:45:26 -0800 (PST) Received: by 10.142.203.13 with SMTP id a13mr490827wfg.66.1204622252544; Tue, 04 Mar 2008 01:17:32 -0800 (PST) Received: by 10.143.167.6 with HTTP; Tue, 4 Mar 2008 01:17:32 -0800 (PST) Message-ID: <78cb3d3f0803040117n49c56a2dna1b987c064996ff2@mail.gmail.com> Date: Tue, 4 Mar 2008 11:17:32 +0200 From: "Adrian Penisoara" Sender: ady@ady.ro To: "Fratiman Vladut" In-Reply-To: <47CC60B8.3060405@spaingsm.com> MIME-Version: 1.0 References: <47CC60B8.3060405@spaingsm.com> X-Google-Sender-Auth: 4cc107e6d4e9f250 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-ipfw@freebsd.org Subject: Re: run sh script at boot time on freebsd X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Mar 2008 09:45:27 -0000 Hi, This is better suited for freebsd-questions mailing list. On Mon, Mar 3, 2008 at 10:34 PM, Fratiman Vladut wrote: > I have some sh scripts, that works just fine on freebsd 5.4. > After installed FreeBsd 7, this script won't run at startup. I put this > scripts in /usr/local/etc/rc.d, but nothing work. Do the files have execution bits set (e.g. chmod +x *) ? Can you attach one sample script ? Regards, Adrian Penisoara ROFUG / EnterpriseBSD From owner-freebsd-ipfw@FreeBSD.ORG Tue Mar 4 10:13:07 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C4306106566B for ; Tue, 4 Mar 2008 10:13:07 +0000 (UTC) (envelope-from rve@techno-matic.dk) Received: from mail.webhotel.net (mail.webhotel.net [217.145.49.10]) by mx1.freebsd.org (Postfix) with SMTP id 4BA9F8FC19 for ; Tue, 4 Mar 2008 10:13:06 +0000 (UTC) (envelope-from rve@techno-matic.dk) Received: (qmail 6909 invoked from network); 4 Mar 2008 10:44:06 +0100 Received: from unknown (HELO ws60b) (87.48.192.254) by mail.webhotel.net with SMTP; 4 Mar 2008 10:44:06 +0100 From: =?iso-8859-1?Q?Ren=E9_Vestergaard?= To: Date: Tue, 4 Mar 2008 10:46:24 +0100 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198 Importance: Normal Subject: IPFW2 script with natd and dummynet (loadsharing) X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Mar 2008 10:13:07 -0000 I am trying to have both natd (divert) and loadsharing (pipe/queue) in the same IPFW2 firewall script. It works partly. That is, something is wrong because, pipe-bandwidth does not at all match the measured and by using the log-facility I found that the following package enter the script at rule 11: "TCP 207.46.211.119:80 192.168.12.150:1574 out via em0" but it looks like i had just been translated by rule number 400 In /etc/sysctl.conf i wrote: ------------------------------ net.inet.ip.forwarding=1 net.inet.ip.redirect=1 net.inet.ip.fw.enable=1 # Disable one_pass to allow both NATD and LOADSHARING (default is 1) net.inet.ip.fw.one_pass=0 ------------------------------ The NIC with IP 192.168.10.248 is connected to WAN and the NIC with IP 192.168.12.10 is connected to LAN Here is my script: ------------------------------ # Firewall script (Kernel compilation: default-rule was set to allow) ipfw -f -q flush ipfw -q add 60000 allow all from any to any # Log-facility (for debuging) ipfw add 11 skipto 12 log all from any to any ipfw pipe 1 config bw 80KByte/s # upload limit ipfw pipe 2 config bw 800KByte/s # download limit # Package going in the download-direction are translated by NATD # to get the destination .12-subnet IP address # (change destination ip address) ipfw add 100 divert natd ip from any to 192.168.10.248 // Download ipfw add 200 queue 1 ip from 192.168.12.0/24 to not 192.168.12.0/24 // Upload ipfw queue 1 config weight 10 pipe 1 mask src-ip 0x000000ff ipfw add 300 queue 2 ip from any to 192.168.12.0/24 // Download ipfw queue 2 config weight 10 pipe 2 mask dst-ip 0x000000ff # Package going in the upload-direction are translated by NATD # to get the source IP address of the WAN NIC (and the port number is also changed) ipfw add 400 divert natd ip from 192.168.12.0/24 to any // Upload ------------------------------ What is wrong? From owner-freebsd-ipfw@FreeBSD.ORG Tue Mar 4 11:31:07 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B46631065677; Tue, 4 Mar 2008 11:31:07 +0000 (UTC) (envelope-from vadim_nuclight@mail.ru) Received: from mx27.mail.ru (mx27.mail.ru [194.67.23.23]) by mx1.freebsd.org (Postfix) with ESMTP id 76DE58FC1D; Tue, 4 Mar 2008 11:31:07 +0000 (UTC) (envelope-from vadim_nuclight@mail.ru) Received: from [78.140.2.241] (port=36158 helo=nuclight.avtf.net) by mx27.mail.ru with asmtp id 1JWVMP-000KA9-00; Tue, 04 Mar 2008 14:31:05 +0300 Date: Tue, 04 Mar 2008 17:30:58 +0600 To: araujo@freebsd.org References: <200802261908.m1QJ8n5N023371@freefall.freebsd.org> <47C4F2D1.5080703@yandex.ru> <47C5516F.9080200@FreeBSD.org> <47C64BB7.60309@yandex.ru> <47C68CD1.10409@FreeBSD.org> <47CCC0AA.5030106@FreeBSD.org> From: "Vadim Goncharov" Organization: AVTF TPU Hostel Content-Type: text/plain; format=flowed; delsp=yes; charset=koi8-r MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-ID: In-Reply-To: <47CCC0AA.5030106@FreeBSD.org> User-Agent: Opera M2/7.54 (Win32, build 3865) X-Mras: OK Cc: stas@mbsd.msk.ru, Luigi Rizzo , Oleg Bulyzhin , freebsd-ipfw@freebsd.org, "Andrey V. Elsukov" , Julian Elischer , Ion-Mihai Tetcu , "Bruce M. Simpson" Subject: Re: ipfw modip [DF|TOS|DSCP|TTL] X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Mar 2008 11:31:07 -0000 04.03.08 @ 09:23 Marcelo Araujo wrote: > Hi all, > I started a work to create a new function called of modip, but I've some > doubts around this implementation. > I created inside of ipfw2.c a case statement called of TOK_SETMODIP, I > check if user passed one of the options(DF,TOS,DSCP,TTL), after set an > int with the respective value. > Now, I need to call O_SETMODIP within ip_fw2.c going with parameter > opmodip, and inside O_SETMODIP I can do a goto to O_SETIPTOSPRE as > example. Only as example - no O_SETIPTOSPRE should be in actual patch... > ipfw2.c: > 4913 /* New Implementation MODIP. */ > 4914 /* [DF|TOS|DSCP|TTL] */ > 4915 case TOK_SETMODIP: { > 4916 int opmodip = 0; > 4917 NEED1("need modip [DF|TOS|DSCP|TTL] arg\n"); You're checking only one argument, but there are two - e.g. "tos" and actual arg. > 4918 if (_substrcmp(*av, "DF") == 0 || > 4919 _substrcmp(*av, "df") == 0) { > 4920 opmodip = 1; Operation constants for O_MODIP should be #defines in ip_fw.h rather than plain 1, 2, 3, etc. > 4938 fill_cmd(cmd, O_SETMODIP, 0, modip); Why "modip" var, not "opmodip" you've used before? > 4939 ac--; av++; > 4940 printf("Value %d\n", opmodip); > 4941 break; > 4942 } > When I execute the ipfw with the option I've this output: > island# ipfw add modip > ipfw: need modip [DF|TOS|DSCP|TTL] arg > > and > > island# ipfw add modip tos > TOS.... > ipfw: invalid flag tos > > I'd like to pass as follows: > island# ipfw add modip tos flashover ip from any to any > > My problem I believe are in fill_cmd(). > Somebody can help me with this problem? I think problem is in "ac--; av++" count times, not in fill_cmd() which is only instruction setter, not parser. -- WBR, Vadim Goncharov From owner-freebsd-ipfw@FreeBSD.ORG Tue Mar 4 15:48:28 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 45E2B106566B for ; Tue, 4 Mar 2008 15:48:28 +0000 (UTC) (envelope-from vladone@spaingsm.com) Received: from thunder.lsstelecom.ro (thunder.lsstelecom.ro [194.117.236.32]) by mx1.freebsd.org (Postfix) with ESMTP id 407B98FC40 for ; Tue, 4 Mar 2008 15:48:26 +0000 (UTC) (envelope-from vladone@spaingsm.com) Received: (qmail 1356 invoked by uid 1010); 4 Mar 2008 17:48:18 +0200 Received: from 88.158.112.6 (vladone@spaingsm.com@88.158.112.6) by thunder (envelope-from , uid 1007) with qmail-scanner-2.01st (clamdscan: 0.91.2/5093. spamassassin: 3.2.3. perlscan: 2.01st. Clear:RC:1(88.158.112.6):. Processed in 1.639781 secs); 04 Mar 2008 15:48:18 -0000 Received: from 6.112.158.88.radiocom.ro (HELO ?127.0.0.1?) (vladone@spaingsm.com@88.158.112.6) by mail.lsstelecom.ro with AES256-SHA encrypted SMTP; 4 Mar 2008 17:48:16 +0200 Message-ID: <47CD6F3B.9060805@spaingsm.com> Date: Tue, 04 Mar 2008 17:48:11 +0200 From: Fratiman Vladut User-Agent: Thunderbird 2.0.0.12 (Windows/20080213) MIME-Version: 1.0 To: freebsd-ipfw@freebsd.org References: <47CC602A.7030300@spaingsm.com> <78cb3d3f0803040112j443413e9u1e8b319ab7f2187d@mail.gmail.com> <78cb3d3f0803040119g7bfa060m71ac2b6814bc2937@mail.gmail.com> In-Reply-To: <78cb3d3f0803040119g7bfa060m71ac2b6814bc2937@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Re: savecore: reboot after panic: X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Mar 2008 15:48:28 -0000 With *kgdb* , obtain this: Unread portion of the kernel message buffer: panic: vm_fault: fault on nofault entry, addr: e13d0000 cpuid = 0 Uptime: 1h8m8s Physical memory: 882 MB Dumping 63 MB: 48 32 16 #0 doadump () at pcpu.h:195 195 __asm __volatile("movl %%fs:0,%0" : "=r" (td)); (kgdb) Quit I use ipfw with dummynet because can use dynamically rules for shaping. With altq, need to put rule for every host, in order to share bandwith equal to all host in lan. If i have hundredth of host, this can be painful. This is why i use dummynet with ipfw. Adrian Penisoara wrote: > Hi, > > On Mon, Mar 3, 2008 at 10:31 PM, Fratiman Vladut > wrote: > > Hi! > I try to implement some load balancing using pf. I use also ipfw for > traffic shaping. > > > Have you tried to use traffic shaping with ALTQ inside pf ? Perhaps > there is a negative side-effect when combining ipfw and pf this way. > > > > In pf.conf, my rules are this: > nat on $ext_if1 from $lan_net to any -> ($ext_if1) > nat on $ext_if2 from $lan_net to any -> ($ext_if2) > > pass in on $int_if route-to { ($ext_if1 $ext_gw1), ($ext_if2 > $ext_gw2), > ($ext_if2 $ext_gw2) } round-robin from $lan_net to any keep state > > pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2 to any > pass out on $ext_if2 route-to ($ext_if1 $ext_gw1) from $ext_if1 to any > > All work fine, but after some time , my system reboot. I found with > dmesg, this error: > savecore: reboot after panic: vm_fault: fault on nofault entry, addr: > e13d0000 > Mar 3 21:29:47 server savecore: reboot after panic: vm_fault: > fault on > nofault entry, addr: e13d0000 > savecore: writing core to vmcore.1 > > > Have you tried to extract a gdb stack trace from the core file ? See > link below: > > http://www.freebsd.org/doc/en_US.ISO8859-1/books/developers-handbook/kerneldebug-gdb.html > > Regards, > Adrian Penisoara > ROFUG / EnterpriseBSD From owner-freebsd-ipfw@FreeBSD.ORG Tue Mar 4 16:21:15 2008 Return-Path: Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A92501065672; Tue, 4 Mar 2008 16:21:15 +0000 (UTC) (envelope-from novel@FreeBSD.org) Received: from viefep25-int.chello.at (viefep25-int.chello.at [62.179.121.45]) by mx1.freebsd.org (Postfix) with ESMTP id 7E1858FC2A; Tue, 4 Mar 2008 16:21:14 +0000 (UTC) (envelope-from novel@FreeBSD.org) Received: from novel.renet.ru ([82.116.33.234]) by viefep28-int.chello.at (InterMail vM.7.08.02.02 201-2186-121-104-20070414) with ESMTP id <20080304160502.FQKK13245.viefep28-int.chello.at@novel.renet.ru>; Tue, 4 Mar 2008 17:05:02 +0100 Date: Tue, 4 Mar 2008 19:08:09 +0300 From: Roman Bogorodskiy To: "Andrey V. Elsukov" Message-ID: <20080304160809.GA73149@underworld.novel.ru> References: <200802261908.m1QJ8n5N023371@freefall.freebsd.org> <47C4F2D1.5080703@yandex.ru> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="PEIAKu/WMn1b1Hv9" Content-Disposition: inline In-Reply-To: <47C4F2D1.5080703@yandex.ru> X-PGP: http://people.freebsd.org/~novel/novel.key.asc Cc: freebsd-bugs@FreeBSD.org, Luigi Rizzo , araujo@FreeBSD.org, freebsd-ipfw@FreeBSD.org, Vadim Goncharov , Oleg Bulyzhin , Julian Elischer Subject: Re: kern/121122: [ipfw] [patch] add support to ToS IP PRECEDENCE fields X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Mar 2008 16:21:15 -0000 --PEIAKu/WMn1b1Hv9 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Andrey V. Elsukov wrote: > araujo@FreeBSD.org wrote: >> Synopsis: [ipfw] [patch] add support to ToS IP PRECEDENCE fields >> Responsible-Changed-From-To: freebsd-bugs->freebsd-ipfw >> Responsible-Changed-By: araujo >> Responsible-Changed-When: Tue Feb 26 19:08:49 UTC 2008 >> Responsible-Changed-Why: Over to maintainer(s). >> http://www.freebsd.org/cgi/query-pr.cgi?pr=3D121122 >=20 > Hi, Marcelo. >=20 > I talked to Roman when he submitted his first patch about > it's design. What you think about making TOK_SETIPTOSPRE not > an action, but a modifier? I think it will be much usable. > A syntax example: >=20 > # ipfw add allow iptospre flashover ip from any to any > # ipfw add count iptospre immediate ip from anyt to any > # ipfw add skipto .... >=20 > Also I talked to Roman about extensible variant of this ability. > A syntax example: >=20 > [{modip [DF|TOS|DSCP|TTL]}] I agree with you, this syntax looks cleaner, however when I was writing my patches I just needed to have the things working and haven't had much time improving/extending this feature. > Also look into: > http://www.freebsd.org/cgi/query-pr.cgi?pr=3Dkern/102471 > http://www.freebsd.org/cgi/query-pr.cgi?pr=3Dkern/103454 >=20 > I added to CC several men who are active in ipfw area. > It will be interested what you think about this? >=20 > --=20 > WBR, Andrey V. Elsukov Roman Bogorodskiy --PEIAKu/WMn1b1Hv9 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQFHzXPn5nvOfo4+NdURAlnLAJ4vjC3dY+p7rpqmYieIwXYGh8UXlwCdG4ww /HEHBK5HfyPkLqkGhQ4I15A= =cpkK -----END PGP SIGNATURE----- --PEIAKu/WMn1b1Hv9-- From owner-freebsd-ipfw@FreeBSD.ORG Tue Mar 4 16:24:05 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 05B57106566C for ; Tue, 4 Mar 2008 16:24:05 +0000 (UTC) (envelope-from vladone@spaingsm.com) Received: from thunder.lsstelecom.ro (thunder.lsstelecom.ro [194.117.236.32]) by mx1.freebsd.org (Postfix) with ESMTP id 55A688FC17 for ; Tue, 4 Mar 2008 16:24:04 +0000 (UTC) (envelope-from vladone@spaingsm.com) Received: (qmail 8970 invoked by uid 1010); 4 Mar 2008 18:24:03 +0200 Received: from 88.158.112.6 (vladone@spaingsm.com@88.158.112.6) by thunder (envelope-from , uid 1007) with qmail-scanner-2.01st (clamdscan: 0.91.2/5093. spamassassin: 3.2.3. perlscan: 2.01st. Clear:RC:1(88.158.112.6):. Processed in 1.613009 secs); 04 Mar 2008 16:24:03 -0000 Received: from 6.112.158.88.radiocom.ro (HELO ?127.0.0.1?) (vladone@spaingsm.com@88.158.112.6) by mail.lsstelecom.ro with AES256-SHA encrypted SMTP; 4 Mar 2008 18:24:01 +0200 Message-ID: <47CD779C.7020004@spaingsm.com> Date: Tue, 04 Mar 2008 18:23:56 +0200 From: Fratiman Vladut User-Agent: Thunderbird 2.0.0.12 (Windows/20080213) MIME-Version: 1.0 To: freebsd-ipfw@freebsd.org References: <47CC60B8.3060405@spaingsm.com> <78cb3d3f0803040117n49c56a2dna1b987c064996ff2@mail.gmail.com> In-Reply-To: <78cb3d3f0803040117n49c56a2dna1b987c064996ff2@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: run sh script at boot time on freebsd X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Mar 2008 16:24:05 -0000 Is set, but not work. For example, i have script to launch opendchub daemon: name of file: opendchub content: #! /bin/sh case "$1" in start) [ -x /usr/local/bin/opendchub ] && /usr/local/bin/opendchub -w /usr/local/etc/ -l /var/log/opendchub.log> /dev/null && echo 'Started opendchub' ;; stop) killall -9 opendchub > /dev/null && echo 'hub stopped.' ;; restart) $0 stop $0 start ;; status) ps -auxww | egrep opendchub | egrep -v "($0|egrep)" ;; *) #echo "Usage: `basename $0` {start|stop|restart|status}" >&2 [ -x /usr/local/bin/opendchub ] && /usr/local/bin/opendchub -l /var/log/opendchub.log -w /usr/local/etc/> /dev/null && echo 'Started opendchub' ;; esac exit 0 This script don't start. When i run in console, with command "sh opendchub", then the daemon start without any problem. Same problem with sh script. For example, i have an script named myifconfig: #!/bin/sh ifconfig ng0 group ng ifconfig ng1 group ng This not work at boot time, but in console, with command "sh myifconfig", do the job. Bits are right set server:/rc.d#ls -l total 42 -rwxr-xr-x 1 root wheel 2325 Mar 3 20:26 myifconfig -rwx--x--x 1 vlad wheel 616 Mar 1 00:51 opendchub All files are in /usr/local/etc/rc.d Adrian Penisoara wrote: > Hi, > > This is better suited for freebsd-questions mailing list. > > On Mon, Mar 3, 2008 at 10:34 PM, Fratiman Vladut > wrote: > > >> I have some sh scripts, that works just fine on freebsd 5.4. >> After installed FreeBsd 7, this script won't run at startup. I put this >> scripts in /usr/local/etc/rc.d, but nothing work. >> > > > Do the files have execution bits set (e.g. chmod +x *) ? > Can you attach one sample script ? > > Regards, > Adrian Penisoara > ROFUG / EnterpriseBSD > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" > > > From owner-freebsd-ipfw@FreeBSD.ORG Tue Mar 4 16:30:06 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3437C1065672 for ; Tue, 4 Mar 2008 16:30:06 +0000 (UTC) (envelope-from ady@ady.ro) Received: from ag-out-0708.google.com (ag-out-0708.google.com [72.14.246.242]) by mx1.freebsd.org (Postfix) with ESMTP id E679B8FC14 for ; Tue, 4 Mar 2008 16:30:05 +0000 (UTC) (envelope-from ady@ady.ro) Received: by ag-out-0708.google.com with SMTP id 31so992178agc.3 for ; Tue, 04 Mar 2008 08:30:04 -0800 (PST) Received: by 10.142.103.6 with SMTP id a6mr576921wfc.21.1204648202500; Tue, 04 Mar 2008 08:30:02 -0800 (PST) Received: by 10.143.167.6 with HTTP; Tue, 4 Mar 2008 08:30:02 -0800 (PST) Message-ID: <78cb3d3f0803040830t68f4ad54w8b6f021a83d2d03f@mail.gmail.com> Date: Tue, 4 Mar 2008 18:30:02 +0200 From: "Adrian Penisoara" Sender: ady@ady.ro To: "Fratiman Vladut" In-Reply-To: <47CD6F3B.9060805@spaingsm.com> MIME-Version: 1.0 References: <47CC602A.7030300@spaingsm.com> <78cb3d3f0803040112j443413e9u1e8b319ab7f2187d@mail.gmail.com> <78cb3d3f0803040119g7bfa060m71ac2b6814bc2937@mail.gmail.com> <47CD6F3B.9060805@spaingsm.com> X-Google-Sender-Auth: 028b62c4be607b0e Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-ipfw@freebsd.org Subject: Re: savecore: reboot after panic: X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Mar 2008 16:30:06 -0000 Hi, On Tue, Mar 4, 2008 at 5:48 PM, Fratiman Vladut wrote: > With *kgdb* , obtain this: > Unread portion of the kernel message buffer: > panic: vm_fault: fault on nofault entry, addr: e13d0000 > cpuid = 0 > Uptime: 1h8m8s > Physical memory: 882 MB > Dumping 63 MB: 48 32 16 > > #0 doadump () at pcpu.h:195 > 195 __asm __volatile("movl %%fs:0,%0" : "=r" (td)); > (kgdb) Quit Quite a short stack trace, not sure whether it helps. > > > I use ipfw with dummynet because can use dynamically rules for shaping. > With altq, need to put rule for every host, in order to share bandwith > equal to all host in lan. If i have hundredth of host, this can be > painful. > This is why i use dummynet with ipfw. > You are probably referring to dummynet's mask classifier. I guess this would be a good reason to attempt implementing similar mask classifiers into pf(4). Regards, Adrian Penisoara ROFUG / EnterpriseBSD > > > Adrian Penisoara wrote: > > Hi, > > > > On Mon, Mar 3, 2008 at 10:31 PM, Fratiman Vladut > > wrote: > > > > Hi! > > I try to implement some load balancing using pf. I use also ipfw for > > traffic shaping. > > > > > > Have you tried to use traffic shaping with ALTQ inside pf ? Perhaps > > there is a negative side-effect when combining ipfw and pf this way. > > > > > > > > In pf.conf, my rules are this: > > nat on $ext_if1 from $lan_net to any -> ($ext_if1) > > nat on $ext_if2 from $lan_net to any -> ($ext_if2) > > > > pass in on $int_if route-to { ($ext_if1 $ext_gw1), ($ext_if2 > > $ext_gw2), > > ($ext_if2 $ext_gw2) } round-robin from $lan_net to any keep state > > > > pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2 to > any > > pass out on $ext_if2 route-to ($ext_if1 $ext_gw1) from $ext_if1 to > any > > > > All work fine, but after some time , my system reboot. I found with > > dmesg, this error: > > savecore: reboot after panic: vm_fault: fault on nofault entry, > addr: > > e13d0000 > > Mar 3 21:29:47 server savecore: reboot after panic: vm_fault: > > fault on > > nofault entry, addr: e13d0000 > > savecore: writing core to vmcore.1 > > > > > > Have you tried to extract a gdb stack trace from the core file ? See > > link below: > > > > > http://www.freebsd.org/doc/en_US.ISO8859-1/books/developers-handbook/kerneldebug-gdb.html > > > > Regards, > > Adrian Penisoara > > ROFUG / EnterpriseBSD > > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" > From owner-freebsd-ipfw@FreeBSD.ORG Tue Mar 4 16:37:44 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 59E42106566C for ; Tue, 4 Mar 2008 16:37:44 +0000 (UTC) (envelope-from ady@ady.ro) Received: from gv-out-0910.google.com (gv-out-0910.google.com [216.239.58.188]) by mx1.freebsd.org (Postfix) with ESMTP id 4285C8FC1C for ; Tue, 4 Mar 2008 16:37:43 +0000 (UTC) (envelope-from ady@ady.ro) Received: by gv-out-0910.google.com with SMTP id n40so967090gve.39 for ; Tue, 04 Mar 2008 08:37:41 -0800 (PST) Received: by 10.143.36.15 with SMTP id o15mr552347wfj.182.1204648659329; Tue, 04 Mar 2008 08:37:39 -0800 (PST) Received: by 10.143.167.6 with HTTP; Tue, 4 Mar 2008 08:37:39 -0800 (PST) Message-ID: <78cb3d3f0803040837i64726c44w7f57e1f7978a74f8@mail.gmail.com> Date: Tue, 4 Mar 2008 18:37:39 +0200 From: "Adrian Penisoara" Sender: ady@ady.ro To: "Fratiman Vladut" In-Reply-To: <47CD779C.7020004@spaingsm.com> MIME-Version: 1.0 References: <47CC60B8.3060405@spaingsm.com> <78cb3d3f0803040117n49c56a2dna1b987c064996ff2@mail.gmail.com> <47CD779C.7020004@spaingsm.com> X-Google-Sender-Auth: a44ac96b0e755fee Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-ipfw@freebsd.org Subject: Re: run sh script at boot time on freebsd X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Mar 2008 16:37:44 -0000 Hi, On Tue, Mar 4, 2008 at 6:23 PM, Fratiman Vladut wrote: > Is set, but not work. > For example, i have script to launch opendchub daemon: > name of file: opendchub > content: > #! /bin/sh > > case "$1" in > start) > [ -x /usr/local/bin/opendchub ] && > /usr/local/bin/opendchub -w /usr/local/etc/ -l /var/log/opendchub.log> > /dev/null && echo 'Started opendchub' > ;; > stop) > killall -9 opendchub > /dev/null && echo 'hub stopped.' > ;; > restart) > $0 stop > $0 start > ;; > status) > ps -auxww | egrep opendchub | egrep -v "($0|egrep)" > ;; > *) > #echo "Usage: `basename $0` {start|stop|restart|status}" >&2 > [ -x /usr/local/bin/opendchub ] && > /usr/local/bin/opendchub -l /var/log/opendchub.log -w > /usr/local/etc/> /dev/null && echo 'Started opendchub' > ;; > esac > > exit 0 > > This script don't start. When i run in console, with command "sh > opendchub", then the daemon start without any problem. The rc.d scripts syntax has changed in the mean time -- you/it should make use of the /etc/rc.subr stub. For packages you will need to upgrade them [from updated ports] to the latest version. Check whether you have an /etc/rc.d/localpkg script. Try to run it with trace (e.g. "sh -x /etc/rc.d/localpkg start"). Regards, Adrian Penisoara ROFUG / EnterpriseBSD From owner-freebsd-ipfw@FreeBSD.ORG Tue Mar 4 18:30:32 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A383C1065674 for ; Tue, 4 Mar 2008 18:30:32 +0000 (UTC) (envelope-from vladone@spaingsm.com) Received: from thunder.lsstelecom.ro (thunder.lsstelecom.ro [194.117.236.32]) by mx1.freebsd.org (Postfix) with ESMTP id 035358FC26 for ; Tue, 4 Mar 2008 18:30:31 +0000 (UTC) (envelope-from vladone@spaingsm.com) Received: (qmail 8359 invoked by uid 1010); 4 Mar 2008 20:30:29 +0200 Received: from 88.158.112.6 (vladone@spaingsm.com@88.158.112.6) by thunder (envelope-from , uid 1007) with qmail-scanner-2.01st (clamdscan: 0.91.2/5093. spamassassin: 3.2.3. perlscan: 2.01st. Clear:RC:1(88.158.112.6):. Processed in 1.635408 secs); 04 Mar 2008 18:30:29 -0000 Received: from 6.112.158.88.radiocom.ro (HELO ?127.0.0.1?) (vladone@spaingsm.com@88.158.112.6) by mail.lsstelecom.ro with AES256-SHA encrypted SMTP; 4 Mar 2008 20:30:27 +0200 Message-ID: <47CD953F.5020007@spaingsm.com> Date: Tue, 04 Mar 2008 20:30:23 +0200 From: Fratiman Vladut User-Agent: Thunderbird 2.0.0.12 (Windows/20080213) MIME-Version: 1.0 To: freebsd-ipfw@freebsd.org References: <47CC60B8.3060405@spaingsm.com> <78cb3d3f0803040117n49c56a2dna1b987c064996ff2@mail.gmail.com> <47CD779C.7020004@spaingsm.com> <78cb3d3f0803040837i64726c44w7f57e1f7978a74f8@mail.gmail.com> In-Reply-To: <78cb3d3f0803040837i64726c44w7f57e1f7978a74f8@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: run sh script at boot time on freebsd X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Mar 2008 18:30:32 -0000 I have an file /etc/rc.d/localpkg. After read this file, i see that only script with extension .sh, are considered to run at boot time. So i modify my scripts according with that, and now run without any problem. Thanks for reply. Adrian Penisoara wrote: > Hi, > > On Tue, Mar 4, 2008 at 6:23 PM, Fratiman Vladut > wrote: > > Is set, but not work. > For example, i have script to launch opendchub daemon: > name of file: opendchub > content: > #! /bin/sh > > case "$1" in > start) > [ -x /usr/local/bin/opendchub ] && > /usr/local/bin/opendchub -w /usr/local/etc/ -l /var/log/opendchub.log> > /dev/null && echo 'Started opendchub' > ;; > stop) > killall -9 opendchub > /dev/null && echo 'hub stopped.' > ;; > restart) > $0 stop > $0 start > ;; > status) > ps -auxww | egrep opendchub | egrep -v "($0|egrep)" > ;; > *) > #echo "Usage: `basename $0` {start|stop|restart|status}" >&2 > [ -x /usr/local/bin/opendchub ] && > /usr/local/bin/opendchub -l /var/log/opendchub.log -w > /usr/local/etc/> /dev/null && echo 'Started opendchub' > ;; > esac > > exit 0 > > This script don't start. When i run in console, with command "sh > opendchub", then the daemon start without any problem. > > > The rc.d scripts syntax has changed in the mean time -- you/it should > make use of the /etc/rc.subr stub. > For packages you will need to upgrade them [from updated ports] to the > latest version. > > Check whether you have an /etc/rc.d/localpkg script. Try to run it > with trace (e.g. "sh -x /etc/rc.d/localpkg start"). > > Regards, > Adrian Penisoara > ROFUG / EnterpriseBSD From owner-freebsd-ipfw@FreeBSD.ORG Tue Mar 4 18:36:52 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0FC38106566C for ; Tue, 4 Mar 2008 18:36:52 +0000 (UTC) (envelope-from vladone@spaingsm.com) Received: from thunder.lsstelecom.ro (thunder.lsstelecom.ro [194.117.236.32]) by mx1.freebsd.org (Postfix) with ESMTP id 61ADD8FC17 for ; Tue, 4 Mar 2008 18:36:51 +0000 (UTC) (envelope-from vladone@spaingsm.com) Received: (qmail 9707 invoked by uid 1010); 4 Mar 2008 20:36:50 +0200 Received: from 88.158.112.6 (vladone@spaingsm.com@88.158.112.6) by thunder (envelope-from , uid 1007) with qmail-scanner-2.01st (clamdscan: 0.91.2/5093. spamassassin: 3.2.3. perlscan: 2.01st. Clear:RC:1(88.158.112.6):. Processed in 1.612629 secs); 04 Mar 2008 18:36:50 -0000 Received: from 6.112.158.88.radiocom.ro (HELO ?127.0.0.1?) (vladone@spaingsm.com@88.158.112.6) by mail.lsstelecom.ro with AES256-SHA encrypted SMTP; 4 Mar 2008 20:36:49 +0200 Message-ID: <47CD96BC.1000709@spaingsm.com> Date: Tue, 04 Mar 2008 20:36:44 +0200 From: Fratiman Vladut User-Agent: Thunderbird 2.0.0.12 (Windows/20080213) MIME-Version: 1.0 To: freebsd-ipfw@freebsd.org References: <47CC602A.7030300@spaingsm.com> <78cb3d3f0803040112j443413e9u1e8b319ab7f2187d@mail.gmail.com> <78cb3d3f0803040119g7bfa060m71ac2b6814bc2937@mail.gmail.com> <47CD6F3B.9060805@spaingsm.com> <78cb3d3f0803040830t68f4ad54w8b6f021a83d2d03f@mail.gmail.com> In-Reply-To: <78cb3d3f0803040830t68f4ad54w8b6f021a83d2d03f@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: savecore: reboot after panic: X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Mar 2008 18:36:52 -0000 Any idea when is planning to implement mask classifiers into pf? This really help in dummynet, to simplify rules set. Adrian Penisoara wrote: > Hi, > > On Tue, Mar 4, 2008 at 5:48 PM, Fratiman Vladut > wrote: > > >> With *kgdb* , obtain this: >> Unread portion of the kernel message buffer: >> panic: vm_fault: fault on nofault entry, addr: e13d0000 >> cpuid = 0 >> Uptime: 1h8m8s >> Physical memory: 882 MB >> Dumping 63 MB: 48 32 16 >> >> #0 doadump () at pcpu.h:195 >> 195 __asm __volatile("movl %%fs:0,%0" : "=r" (td)); >> (kgdb) Quit >> > > > Quite a short stack trace, not sure whether it helps. > > > >> I use ipfw with dummynet because can use dynamically rules for shaping. >> With altq, need to put rule for every host, in order to share bandwith >> equal to all host in lan. If i have hundredth of host, this can be >> painful. >> This is why i use dummynet with ipfw. >> >> > > You are probably referring to dummynet's mask classifier. I guess this would > be a good reason to attempt implementing similar mask classifiers into > pf(4). > > Regards, > Adrian Penisoara > ROFUG / EnterpriseBSD > > > >> Adrian Penisoara wrote: >> >>> Hi, >>> >>> On Mon, Mar 3, 2008 at 10:31 PM, Fratiman Vladut >> > wrote: >>> >>> Hi! >>> I try to implement some load balancing using pf. I use also ipfw for >>> traffic shaping. >>> >>> >>> Have you tried to use traffic shaping with ALTQ inside pf ? Perhaps >>> there is a negative side-effect when combining ipfw and pf this way. >>> >>> >>> >>> In pf.conf, my rules are this: >>> nat on $ext_if1 from $lan_net to any -> ($ext_if1) >>> nat on $ext_if2 from $lan_net to any -> ($ext_if2) >>> >>> pass in on $int_if route-to { ($ext_if1 $ext_gw1), ($ext_if2 >>> $ext_gw2), >>> ($ext_if2 $ext_gw2) } round-robin from $lan_net to any keep state >>> >>> pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2 to >>> >> any >> >>> pass out on $ext_if2 route-to ($ext_if1 $ext_gw1) from $ext_if1 to >>> >> any >> >>> All work fine, but after some time , my system reboot. I found with >>> dmesg, this error: >>> savecore: reboot after panic: vm_fault: fault on nofault entry, >>> >> addr: >> >>> e13d0000 >>> Mar 3 21:29:47 server savecore: reboot after panic: vm_fault: >>> fault on >>> nofault entry, addr: e13d0000 >>> savecore: writing core to vmcore.1 >>> >>> >>> Have you tried to extract a gdb stack trace from the core file ? See >>> link below: >>> >>> >>> >> http://www.freebsd.org/doc/en_US.ISO8859-1/books/developers-handbook/kerneldebug-gdb.html >> >>> Regards, >>> Adrian Penisoara >>> ROFUG / EnterpriseBSD >>> >> _______________________________________________ >> freebsd-ipfw@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw >> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" >> >> > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" > > > From owner-freebsd-ipfw@FreeBSD.ORG Wed Mar 5 09:41:51 2008 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 965D410657C2; Wed, 5 Mar 2008 09:41:51 +0000 (UTC) (envelope-from remko@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 6806B8FC34; Wed, 5 Mar 2008 09:41:51 +0000 (UTC) (envelope-from remko@FreeBSD.org) Received: from freefall.freebsd.org (remko@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m259fpxK052714; Wed, 5 Mar 2008 09:41:51 GMT (envelope-from remko@freefall.freebsd.org) Received: (from remko@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m259fpoO052710; Wed, 5 Mar 2008 09:41:51 GMT (envelope-from remko) Date: Wed, 5 Mar 2008 09:41:51 GMT Message-Id: <200803050941.m259fpoO052710@freefall.freebsd.org> To: remko@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-ipfw@FreeBSD.org From: remko@FreeBSD.org Cc: Subject: Re: kern/121382: [dummeynet]: 6.3-RELEASE-p1 page fault in dummynet (corrupt stack?) after ~5d uptime X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Mar 2008 09:41:51 -0000 Old Synopsis: 6.3-RELEASE-p1 page fault in dummynet (corrupt stack?) after ~5d uptime New Synopsis: [dummeynet]: 6.3-RELEASE-p1 page fault in dummynet (corrupt stack?) after ~5d uptime Responsible-Changed-From-To: freebsd-bugs->freebsd-ipfw Responsible-Changed-By: remko Responsible-Changed-When: Wed Mar 5 09:41:28 UTC 2008 Responsible-Changed-Why: reassign to ipfw team http://www.freebsd.org/cgi/query-pr.cgi?pr=121382 From owner-freebsd-ipfw@FreeBSD.ORG Wed Mar 5 12:12:42 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 380D0106567B for ; Wed, 5 Mar 2008 12:12:42 +0000 (UTC) (envelope-from araujobsdport@gmail.com) Received: from el-out-1112.google.com (el-out-1112.google.com [209.85.162.176]) by mx1.freebsd.org (Postfix) with ESMTP id C98778FC18 for ; Wed, 5 Mar 2008 12:12:41 +0000 (UTC) (envelope-from araujobsdport@gmail.com) Received: by el-out-1112.google.com with SMTP id v27so1571575ele.12 for ; Wed, 05 Mar 2008 04:12:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:reply-to:organization:user-agent:mime-version:to:cc:subject:references:in-reply-to:x-enigmail-version:openpgp:content-type:from; bh=smDEU96O55HqCx+9KG4mQU8Sy1jvlzHcVZaXYfc73Sk=; b=n4C2OEKN0sNkEWQwECJB0qXTQylimG8MivB3/C7Mxw42viHPYdPrB0mRGNEsfTcY1MmKP9TxCGS1pyQdpNFhbbk+RG/nyop4LasGYZxxZOM7VwzBaIBHBL7U3dlU09bXMaoRbm8RuBuxgBehajgapJzt/iYCv7eYLXiNoccPzL8= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:reply-to:organization:user-agent:mime-version:to:cc:subject:references:in-reply-to:x-enigmail-version:openpgp:content-type:from; b=iMP+dQ2MbJ8i357qOv5auPCyQAjG4/Dj0X9ZR9XVVPGey+ulO92r1NuzU28qZZ+C+Ljxbl59WmB9Ue69uGOxzpRymHDgWVem6ZLCAC6iySf5tOR9Z5eVSmur9Qdbeg2mBKJFMnGh2wKnkS2hbyEEPAX3VM63UDNcnHU+Rrvxwv8= Received: by 10.141.15.19 with SMTP id s19mr1186247rvi.75.1204719160126; Wed, 05 Mar 2008 04:12:40 -0800 (PST) Received: from island.freebsd.org ( [200.247.114.5]) by mx.google.com with ESMTPS id 32sm1280078wri.0.2008.03.05.04.12.35 (version=TLSv1/SSLv3 cipher=RC4-MD5); Wed, 05 Mar 2008 04:12:39 -0800 (PST) Message-ID: <47CE8E43.6030409@FreeBSD.org> Date: Wed, 05 Mar 2008 09:12:51 -0300 Organization: FreeBSD User-Agent: Thunderbird 2.0.0.0 (X11/20070521) MIME-Version: 1.0 To: Vadim Goncharov References: <200802261908.m1QJ8n5N023371@freefall.freebsd.org> <47C4F2D1.5080703@yandex.ru> <47C5516F.9080200@FreeBSD.org> <47C64BB7.60309@yandex.ru> <47C68CD1.10409@FreeBSD.org> <47CCC0AA.5030106@FreeBSD.org> In-Reply-To: X-Enigmail-Version: 0.95.0 OpenPGP: id=53E4CFA8 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig6E7FB4F04CFAEE1BE30460D2" From: Marcelo Araujo Cc: stas@mbsd.msk.ru, Luigi Rizzo , Oleg Bulyzhin , freebsd-ipfw@freebsd.org, "Andrey V. Elsukov" , Julian Elischer , Ion-Mihai Tetcu , "Bruce M. Simpson" Subject: ipfw with modip(). X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: araujo@FreeBSD.org List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Mar 2008 12:12:42 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig6E7FB4F04CFAEE1BE30460D2 Content-Type: text/plain; charset=KOI8-R Content-Transfer-Encoding: quoted-printable Hi all, I continue play with the modip function. Yesterday I talked with Roman(aka novel@) about what would be the best way to implement the suggestions sent by some guys. We talked about how to implement the function and how to use it. My vision is: to create a function with a minor impact possible for usability. I believe the best way is the function as an action. Example: island# ipfw add modip ipfw: need modip [DF|TOS|IPPRE|DSCP]:code arg island# ipfw add 10 modip tos:lowdelay ip from any to any island# ipfw add 15 modip ippre:immediate ip from any to any island# ipfw add 20 modip dscp:af14 ip from 192.168.0.0/16 to any via xl0= I continue to work within modip(), now I begin to implement another patchs related with QoS in layer IP: kern/102471, kern/103454 and kern/121122. I'd like some opinions around this concern and suggestions. Best Regards, --=20 Marcelo Araujo (__) araujo@FreeBSD.org \\\'',) http://www.FreeBSD.org \/ \ ^ Power To Server. .\. /_) --------------enig6E7FB4F04CFAEE1BE30460D2 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQFHzo5HovxJd1Pkz6gRAiz3AJ9dkGsqFZn9Wgz+RLVkR5LwrTEQgwCfbBKB hgkp3siVEFkgp4uJaL2CyAc= =lD79 -----END PGP SIGNATURE----- --------------enig6E7FB4F04CFAEE1BE30460D2-- From owner-freebsd-ipfw@FreeBSD.ORG Wed Mar 5 15:05:17 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 07D031065670 for ; Wed, 5 Mar 2008 15:05:17 +0000 (UTC) (envelope-from freebsd-ipfw@m.gmane.org) Received: from ciao.gmane.org (main.gmane.org [80.91.229.2]) by mx1.freebsd.org (Postfix) with ESMTP id AE0348FC20 for ; Wed, 5 Mar 2008 15:05:16 +0000 (UTC) (envelope-from freebsd-ipfw@m.gmane.org) Received: from root by ciao.gmane.org with local (Exim 4.43) id 1JWvB0-0002Sz-MH for freebsd-ipfw@freebsd.org; Wed, 05 Mar 2008 15:05:02 +0000 Received: from 195.208.174.178 ([195.208.174.178]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 05 Mar 2008 15:05:02 +0000 Received: from vadim_nuclight by 195.208.174.178 with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 05 Mar 2008 15:05:02 +0000 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-ipfw@freebsd.org From: Vadim Goncharov Date: Wed, 5 Mar 2008 15:04:10 +0000 (UTC) Organization: Nuclear Lightning @ Tomsk, TPU AVTF Hostel Lines: 21 Message-ID: References: <200802261908.m1QJ8n5N023371@freefall.freebsd.org> <47C4F2D1.5080703@yandex.ru> <47C5516F.9080200@FreeBSD.org> <47C64BB7.60309@yandex.ru> <47C68CD1.10409@FreeBSD.org> <47CCC0AA.5030106@FreeBSD.org> <47CE8E43.6030409@FreeBSD.org> X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: 195.208.174.178 X-Comment-To: Marcelo Araujo User-Agent: slrn/0.9.8.1 (FreeBSD) Sender: news Subject: Re: ipfw with modip(). X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: vadim_nuclight@mail.ru List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Mar 2008 15:05:17 -0000 Hi Marcelo Araujo! On Wed, 05 Mar 2008 09:12:51 -0300; Marcelo Araujo wrote about 'ipfw with modip().': > island# ipfw add modip > ipfw: need modip [DF|TOS|IPPRE|DSCP]:code arg > island# ipfw add 10 modip tos:lowdelay ip from any to any > island# ipfw add 15 modip ippre:immediate ip from any to any > island# ipfw add 20 modip dscp:af14 ip from 192.168.0.0/16 to any via xl0= > I continue to work within modip(), now I begin to implement another > patchs related with QoS in layer IP: > kern/102471, kern/103454 and kern/121122. > I'd like some opinions around this concern and suggestions. Agreed with syntax. But what about TTL?.. -- WBR, Vadim Goncharov. ICQ#166852181 mailto:vadim_nuclight@mail.ru [Moderator of RU.ANTI-ECOLOGY][FreeBSD][http://antigreen.org][LJ:/nuclight] From owner-freebsd-ipfw@FreeBSD.ORG Wed Mar 5 16:46:36 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 672D7106566C for ; Wed, 5 Mar 2008 16:46:36 +0000 (UTC) (envelope-from araujobsdport@gmail.com) Received: from gv-out-0910.google.com (gv-out-0910.google.com [216.239.58.189]) by mx1.freebsd.org (Postfix) with ESMTP id D3F328FC15 for ; Wed, 5 Mar 2008 16:46:35 +0000 (UTC) (envelope-from araujobsdport@gmail.com) Received: by gv-out-0910.google.com with SMTP id n40so1734801gve.39 for ; Wed, 05 Mar 2008 08:46:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:reply-to:organization:user-agent:mime-version:to:cc:subject:references:in-reply-to:x-enigmail-version:openpgp:content-type:from; bh=pejDOKh3xjn+B9fWU5WtM00gY/H+1B2MmH1MSG/Xg/8=; b=Li0OupcyRNPtYLxU/NQu7dKFVkvX+J3Ue+29zXZaQDUhPHvEyljhtefeVmbnOcVwvEWb8lXzUrdrvwUdZDvJJUnPI4nU4Be1DJCd1npcZOfkjU+k5cdxdxFPdQ1WK2rHU6SI0dUI8N3yw0NqxCtRNsyAgWYoYtv8b5JHRMMyPPY= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:reply-to:organization:user-agent:mime-version:to:cc:subject:references:in-reply-to:x-enigmail-version:openpgp:content-type:from; b=M69Gjlu9nQ+lIj4gcMq8kwZExZNlS5UlGQ6yyB+YCTYXsvfQFjmg7pU/o+Af67wt9bHiKwkttm/JXwc1uCVCY/Sp19mOtQTNdYXkXcbUTigFl/+v4hrZb7I04+Q/gd/gIkowrgaEtsLSPc/7hJXJiBUG2tzGPPzjO4BLa6ADl90= Received: by 10.142.242.8 with SMTP id p8mr902783wfh.212.1204735593012; Wed, 05 Mar 2008 08:46:33 -0800 (PST) Received: from island.freebsd.org ( [200.247.114.5]) by mx.google.com with ESMTPS id c53sm1859891wrc.28.2008.03.05.08.46.30 (version=TLSv1/SSLv3 cipher=RC4-MD5); Wed, 05 Mar 2008 08:46:31 -0800 (PST) Message-ID: <47CECE7B.9000206@FreeBSD.org> Date: Wed, 05 Mar 2008 13:46:51 -0300 Organization: FreeBSD User-Agent: Thunderbird 2.0.0.0 (X11/20070521) MIME-Version: 1.0 To: vadim_nuclight@mail.ru References: <200802261908.m1QJ8n5N023371@freefall.freebsd.org> <47C4F2D1.5080703@yandex.ru> <47C5516F.9080200@FreeBSD.org> <47C64BB7.60309@yandex.ru> <47C68CD1.10409@FreeBSD.org> <47CCC0AA.5030106@FreeBSD.org> <47CE8E43.6030409@FreeBSD.org> In-Reply-To: X-Enigmail-Version: 0.95.0 OpenPGP: id=53E4CFA8 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig194DD64F5A355E3896609ADA" From: Marcelo Araujo Cc: freebsd-ipfw@freebsd.org Subject: Re: ipfw with modip(). X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: araujo@FreeBSD.org List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Mar 2008 16:46:36 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig194DD64F5A355E3896609ADA Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Vadim Goncharov wrote: > > Agreed with syntax. But what about TTL?.. > > =20 Haaa, TTL is included too, but I forgot to include in this message. --=20 Marcelo Araujo (__) araujo@FreeBSD.org \\\'',) http://www.FreeBSD.org \/ \ ^ Power To Server. .\. /_) --------------enig194DD64F5A355E3896609ADA Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQFHzs5+ovxJd1Pkz6gRAhyJAJ9xUQ1pgNwJxp9ttB5tXihr4iVoWACdFueD gqk6zRVYUzWQbmXR1GOt0kw= =juEW -----END PGP SIGNATURE----- --------------enig194DD64F5A355E3896609ADA-- From owner-freebsd-ipfw@FreeBSD.ORG Wed Mar 5 18:23:51 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 590E71065675 for ; Wed, 5 Mar 2008 18:23:51 +0000 (UTC) (envelope-from freebsd-ipfw@m.gmane.org) Received: from ciao.gmane.org (main.gmane.org [80.91.229.2]) by mx1.freebsd.org (Postfix) with ESMTP id 1070B8FC1F for ; Wed, 5 Mar 2008 18:23:50 +0000 (UTC) (envelope-from freebsd-ipfw@m.gmane.org) Received: from list by ciao.gmane.org with local (Exim 4.43) id 1JWyHI-0005LV-80 for freebsd-ipfw@freebsd.org; Wed, 05 Mar 2008 18:23:45 +0000 Received: from 195.208.174.178 ([195.208.174.178]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 05 Mar 2008 18:23:44 +0000 Received: from vadim_nuclight by 195.208.174.178 with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 05 Mar 2008 18:23:44 +0000 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-ipfw@freebsd.org From: Vadim Goncharov Date: Wed, 5 Mar 2008 18:23:31 +0000 (UTC) Organization: Nuclear Lightning @ Tomsk, TPU AVTF Hostel Lines: 15 Message-ID: References: <200802261908.m1QJ8n5N023371@freefall.freebsd.org> <47C4F2D1.5080703@yandex.ru> <47C5516F.9080200@FreeBSD.org> <47C64BB7.60309@yandex.ru> <47C68CD1.10409@FreeBSD.org> <47CCC0AA.5030106@FreeBSD.org> <47CE8E43.6030409@FreeBSD.org> <47CECE7B.9000206@FreeBSD.org> X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: 195.208.174.178 X-Comment-To: Marcelo Araujo User-Agent: slrn/0.9.8.1 (FreeBSD) Sender: news Subject: Re: ipfw with modip(). X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: vadim_nuclight@mail.ru List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Mar 2008 18:23:51 -0000 Hi Marcelo Araujo! On Wed, 05 Mar 2008 13:46:51 -0300; Marcelo Araujo wrote about 'Re: ipfw with modip().': >> Agreed with syntax. But what about TTL?.. >> >> =20 > Haaa, TTL is included too, but I forgot to include in this message. Ah, OK. Supports TTL inc/dec as well as set? Can accept multiple TOS flags and hex DSCP values? Is it enugh 16-bit arg1 for these in ipfw_insn?.. -- WBR, Vadim Goncharov. ICQ#166852181 mailto:vadim_nuclight@mail.ru [Moderator of RU.ANTI-ECOLOGY][FreeBSD][http://antigreen.org][LJ:/nuclight] From owner-freebsd-ipfw@FreeBSD.ORG Fri Mar 7 13:22:12 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3BAF61065670 for ; Fri, 7 Mar 2008 13:22:12 +0000 (UTC) (envelope-from hagge1983@gmail.com) Received: from rn-out-0910.google.com (rn-out-0910.google.com [64.233.170.191]) by mx1.freebsd.org (Postfix) with ESMTP id E4CD78FC15 for ; Fri, 7 Mar 2008 13:22:11 +0000 (UTC) (envelope-from hagge1983@gmail.com) Received: by rn-out-0910.google.com with SMTP id e11so777037rng.7 for ; Fri, 07 Mar 2008 05:22:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:sender:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition:x-google-sender-auth; bh=cIiBYLZJk2aaTkdLwRnFZ4lr4WHdQq3qNhtd2Dgpjog=; b=Np67rMAiunkuueslL6qeJBS1gKLVruTkEyrfATVos1iKIZf8RxYo+KkuXBisEscpMVCXYbr9XDBriEQZxpqCn2XLs98Q+YAwdca84MBPEuUK4PAUrBlWnq+m1oDCz1je+17Y9f3x0hclgkJsRpY2c2+0EneU3hsds52cqBjJFFA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:sender:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition:x-google-sender-auth; b=lYqn/omBL95ohYH1ZDfHXhJRMGl5tchUEaHZLafcTp28KznZMkRp+J6xyjLkj2IHLe6cVWxFma8fSymu3Q+B2mc//Jm+J6rPiLfUYX7ojb7swfsqnSXcUjko2KahceU5N9HJFjGs7fPbH351ef+4HhqB28mac0XdoUqjYGCWARo= Received: by 10.142.232.20 with SMTP id e20mr460889wfh.187.1204894458402; Fri, 07 Mar 2008 04:54:18 -0800 (PST) Received: by 10.143.125.7 with HTTP; Fri, 7 Mar 2008 04:54:18 -0800 (PST) Message-ID: <1a5a68400803070454s2622a5cenc6e37462528c51b@mail.gmail.com> Date: Fri, 7 Mar 2008 13:54:18 +0100 From: "=?ISO-8859-1?Q?Anders_H=E4ggstr=F6m?=" Sender: hagge1983@gmail.com To: freebsd-ipfw@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Google-Sender-Auth: ca95a8fa21c929a5 Subject: Dummynet/ipfw-rules to limit bandwidth based on IP X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Mar 2008 13:22:12 -0000 Hello list! I have tried to solve this configuration-issue for a time now but without success, so I'm asking if anyone can help me with an example-ruleset or point me to some good documentation that describe this type of setup. My scenario is a webserver at 10MBit/s with httpd-service, ftp-serivce and ssh-service and I want to limit the bandwidth to 1MBit/s inbound and 1MBit/s outbound per IP-address that is connected no matter what service/port they use and no matter how many connections that IP has occupied so that one visitor/user does not eat up all my bandwidth if he/she has more bandwidth availible than my server. An example is that "user1" connects to three different websites hosted on my webserver and download one relese-image (large file, outbound) and "user2" is uploading a file by ftp to the server (large file, inbound) and "user3" is downloading a large file by ftp (outbound) and at the same time uploading another large file by scp/ssh (inbound). In my scenario the three users will load my server with a maximum of 1Mbit/s each per direction. In this example a total of 2MBit/s inbound and a total of 2MBit/s outbound even if some of the users have 100MBit/s availible at there ISP. Thanks in advance! Anders From owner-freebsd-ipfw@FreeBSD.ORG Fri Mar 7 14:23:34 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B891B106566C for ; Fri, 7 Mar 2008 14:23:34 +0000 (UTC) (envelope-from ady@ady.ro) Received: from wf-out-1314.google.com (wf-out-1314.google.com [209.85.200.174]) by mx1.freebsd.org (Postfix) with ESMTP id 931888FC21 for ; Fri, 7 Mar 2008 14:23:34 +0000 (UTC) (envelope-from ady@ady.ro) Received: by wf-out-1314.google.com with SMTP id 25so533767wfa.7 for ; Fri, 07 Mar 2008 06:23:34 -0800 (PST) Received: by 10.142.178.13 with SMTP id a13mr564464wff.129.1204899813685; Fri, 07 Mar 2008 06:23:33 -0800 (PST) Received: by 10.143.37.8 with HTTP; Fri, 7 Mar 2008 06:23:33 -0800 (PST) Message-ID: <78cb3d3f0803070623j516197fn41e33ad8219efa98@mail.gmail.com> Date: Fri, 7 Mar 2008 16:23:33 +0200 From: "Adrian Penisoara" Sender: ady@ady.ro To: "=?ISO-8859-1?Q?Anders_H=E4ggstr=F6m?=" In-Reply-To: <1a5a68400803070454s2622a5cenc6e37462528c51b@mail.gmail.com> MIME-Version: 1.0 References: <1a5a68400803070454s2622a5cenc6e37462528c51b@mail.gmail.com> X-Google-Sender-Auth: 8ade84e1b2bd0bb6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-ipfw@freebsd.org Subject: Re: Dummynet/ipfw-rules to limit bandwidth based on IP X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Mar 2008 14:23:34 -0000 Hi, On Fri, Mar 7, 2008 at 2:54 PM, Anders H=E4ggstr=F6m < hagge.lists@intercorner.net> wrote: > Hello list! > > I have tried to solve this configuration-issue for a time now but > without success, so I'm asking if anyone can help me with an > example-ruleset or point me to some good documentation that describe > this type of setup. > > My scenario is a webserver at 10MBit/s with httpd-service, ftp-serivce > and ssh-service and I want to limit the bandwidth to 1MBit/s inbound > and 1MBit/s outbound per IP-address that is connected no matter what > service/port they use and no matter how many connections that IP has > occupied so that one visitor/user does not eat up all my bandwidth if > he/she has more bandwidth availible than my server. That's exactly what is the ipfw pipe/queue + mask syntax for. The mask parameter will allow filtering based on various specifiers like dst-ip, src-ip, dst-port, src-port, proto, etc. Check the ipfw(8) manual page. > > > An example is that "user1" connects to three different websites hosted > on my webserver and download one relese-image (large file, outbound) > and "user2" is uploading a file by ftp to the server (large file, > inbound) and "user3" is downloading a large file by ftp (outbound) and > at the same time uploading another large file by scp/ssh (inbound). In > my scenario the three users will load my server with a maximum of > 1Mbit/s each per direction. In this example a total of 2MBit/s inbound > and a total of 2MBit/s outbound even if some of the users have > 100MBit/s availible at there ISP. > I guess the following should do the job: ipfw add pipe 1 from any to me in ipfw add pipe 2 from me to any out ipfw pipe 1 config mask src-ip 0xffffffff bw 1Mbit/s ipfw pipe 2 config mask dst-ip 0xffffffff bw 1Mbit/s A pretty similar example is found even in ipfw(8) -- it's always best to check the manual at the Examples section :). A more complicated setup would have been to get a fixed bandwidth limit for the entire traffic and force the users to fairly share the bandwidth betwee= n themselves (with the same per-IP masking). That would require connecting dynamic (masked) queues to a single pipe. Regards, Adrian Penisoara ROFUG / EnterpriseBSD From owner-freebsd-ipfw@FreeBSD.ORG Fri Mar 7 15:02:21 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A13DA1065781 for ; Fri, 7 Mar 2008 15:02:21 +0000 (UTC) (envelope-from raffaele.delorenzo@libero.it) Received: from grupposervizi.it (mail1.tagetik.com [85.18.71.243]) by mx1.freebsd.org (Postfix) with SMTP id 2860B8FC18 for ; Fri, 7 Mar 2008 15:02:20 +0000 (UTC) (envelope-from raffaele.delorenzo@libero.it) Received: (qmail 20881 invoked by uid 453); 7 Mar 2008 14:35:39 -0000 Received: from [192.9.217.29] (HELO noel.grupposervizi.it) (192.9.217.29) by grupposervizi.it (qpsmtpd/0.31.1) with ESMTP; Fri, 07 Mar 2008 15:35:39 +0100 Message-ID: <47D152BE.5070708@libero.it> Date: Fri, 07 Mar 2008 15:35:42 +0100 From: Raffaele De Lorenzo User-Agent: Thunderbird 2.0.0.9 (X11/20071204) MIME-Version: 1.0 To: freebsd-ipfw@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: Dummynet and VMware X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Mar 2008 15:02:21 -0000 Hi, VMWare have some time sync troubles with Unix Machine emulation (like FreeBSD and Linux), in fact the time machine will be lost sometime . The Vmware Tools installation doesn't always solve the issue. I don't know why the time machine be lost, but the Real Time Algorithm used by Dummynet queues is more influenced by the time machine. cheers Raffaele