From owner-freebsd-ipfw@FreeBSD.ORG Mon Mar 24 19:42:17 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 530F8106566B for ; Mon, 24 Mar 2008 19:42:17 +0000 (UTC) (envelope-from asstec@matik.com.br) Received: from msrv.matik.com.br (msrv.matik.com.br [200.152.83.14]) by mx1.freebsd.org (Postfix) with ESMTP id 8DDAF8FC13 for ; Mon, 24 Mar 2008 19:42:16 +0000 (UTC) (envelope-from asstec@matik.com.br) Received: from anb.p.matik.com.br (anb.p.matik.com.br [200.152.83.34] (may be forged)) by msrv.matik.com.br (8.14.1/8.13.1) with ESMTP id m2OJgHUm077073; Mon, 24 Mar 2008 16:42:17 -0300 (BRT) (envelope-from asstec@matik.com.br) From: AT Matik Organization: Infomatik To: "Alexander Shulikov" Date: Mon, 24 Mar 2008 16:41:37 -0300 User-Agent: KMail/1.9.7 References: <18292fe60803240107v1462a87v4222790745844d5d@mail.gmail.com> <200803241411.51930.asstec@matik.com.br> <18292fe60803241208i248ffeachf12c49aee3ab2756@mail.gmail.com> In-Reply-To: <18292fe60803241208i248ffeachf12c49aee3ab2756@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Message-Id: <200803241641.37884.asstec@matik.com.br> X-Virus-Scanned: ClamAV version 0.91.2, clamav-milter version 0.91.2 on msrv.matik.com.br X-Virus-Status: Clean Cc: freebsd-ipfw@freebsd.org, bu7cher@yandex.ru Subject: Re: kern/121955: [ipfw] [panic] freebsd 7.0 panic with mpd X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Mar 2008 19:42:17 -0000 On Monday 24 March 2008 16:08:10 Alexander Shulikov wrote: > By default I have: > # sysctl kern.ipc.nmbclusters > kern.ipc.nmbclusters: 25600 hard to say, do you checked netstat -m if you get to your limit? If you get= =20 there set it higher > # sysctl net.inet.ip.intr_queue_maxlen > net.inet.ip.intr_queue_maxlen: 50 seems to be the default try 128, 256, 512 > > What range of value is optimal to try? > Also I add to loader.conf: > kern.maxusers=3D1536 I guess maxusers does not help for your setup and probably you should let t= he=20 system selftune itself > kern.ipc.maxpipekva=3D32000000 > net.graph.maxalloc=3D2048 > (but it was added after panic's) > I believe both do not help anything for ipfw > Other thing, that I want to try - net.isr.direct -> 0? May be it > temprorary resolved problem, because packet will be going to queue for > processing. > I guess this does not help dummynet either > 2008/3/24, AT Matik : > > On Monday 24 March 2008 12:11:44 Alexander Shulikov wrote: > > > In real script I have in and out. But some ip's for the same speed I > > > add in table, and then do: > > > # 512/128 > > > ${fwcmd} pipe 357 config bw 128Kbit/s queue 100 mask src-ip 0xffffff= ff > > > ${fwcmd} pipe 358 config bw 512Kbit/s queue 100 mask dst-ip 0xffffff= ff > > > ${fwcmd} add pipe 357 ip from "table(3)" to any in > > > ${fwcmd} add pipe 358 ip from any to "table(3)" out > > > > > > IPs for individual speed added as in example in previous letter, but > > > with in/out. > > > > > > But what can I do for resolve this problem. Now I have server with > > > FreeBSD 6.2 and copy of this configs - and all works fine. o_O > > > > well I use the above different, first I define the pipe and second the = bw > > anyway I do not use tables > > > > also seems you use long queues so may be you like to tune > > net.inet.ip.intr_queue_maxlen and mbuf of your machine > > > > > 2008/3/24, AT Matik : > > > > On Monday 24 March 2008 11:51:44 Alexander Shulikov wrote: > > > > > # sysctl -a | grep one_pass > > > > > net.inet.ip.fw.one_pass: 0 > > > > > > > > > > Yes - it eq 0. But I need it for next situation: all net I need > > > > > shape at one speed, but invididual ip addresses to another spee= d. > > > > > For example, > > > > > ipfw pipe 1 config bw 10Mbit/s queue 100 > > > > > ipfw pipe 2 config bw 10Mbit/s queue 100 > > > > > ipfw add pipe 1 ip from 192.168.1.0/24 to any > > > > > ipfw add pipe 2 ip from any to 192.168.1.0/24 > > > > > ipfw pipe 3 config bw 1Mbit/s queue 100 > > > > > ipfw pipe 4 config bw 1Mbit/s queue 100 > > > > > ipfw add pipe 3 ip from 192.168.1.1/32 to any > > > > > ipfw add pipe 4 ip from any to 192.168.1.1/32 > > > > > > > > that should work, I have similar setups running fine > > > > the /32 mask you should not need but I am missing the in/out > > > > definition in your rules > > > > > > > > > ...... > > > > > > > > > > > > > > > Also this configuration work in FreeBSD 6.2. (May be in 6.2 > > > > > smaller call tree?) > > > > > > > > > > 2008/3/24, AT Matik : > > > > > > On Monday 24 March 2008 08:08:02 Andrey V. Elsukov wrote: > > > > > > > AT Matik wrote: > > > > > > > > what do you mean? By setting to 0 the packages are not > > > > > > > > re-injected into the pipe but go through other existing > > > > > > > > rules after the matching pipe, or not? > > > > > > > > > > > > > > When you reset net.inet.ip.fw.one_pass to zero, packets > > > > > > > return back into ipfw to the next rule after > > > > > > > dummynet/netgraph. And if you have similar rules packets > > > > > > > will be passed into > > > > > > > dummynet/netgraph again. > > > > > > > > > > > > > > This is example how to get double fault (from mail archive= ): > > > > > > > > > > > > jaaa well but that is the famous bw 0 example which is not > > > > > > valid, as by itself certainly an invalid config, not connected > > > > > > to the existing problem the reporter has I guess > > > > > > > > > > > > Jo=C3=A3o > > > > > > > > > > > > > ifconfig em0 192.168.0.2/24 > > > > > > > kldload ipfw > > > > > > > kldload dummynet > > > > > > > sysctl net.inet.ip.fw.one_pass=3D0 > > > > > > > ipfw pipe 2 config bw 0 > > > > > > > ipfw add 2 pipe 2 ip from any to any > > > > > > > ipfw add 2 pipe 2 ip from any to any > > > > > > > ipfw add 2 pipe 2 ip from any to any > > > > > > > ipfw add 2 pipe 2 ip from any to any > > > > > > > ipfw add 2 pipe 2 ip from any to any > > > > > > > ipfw add 2 pipe 2 ip from any to any > > > > > > > ipfw add 2 pipe 2 ip from any to any > > > > > > > ipfw add 2 pipe 2 ip from any to any > > > > > > > ipfw add 2 pipe 2 ip from any to any > > > > > > > ipfw add 2 pipe 2 ip from any to any > > > > > > > ipfw add 2 pipe 2 ip from any to any > > > > > > > ipfw add 2 pipe 2 ip from any to any > > > > > > > ipfw add 2 pipe 2 ip from any to any > > > > > > > ipfw add 2 pipe 2 ip from any to any > > > > > > > ipfw add 2 pipe 2 ip from any to any > > > > > > > ipfw add 2 pipe 2 ip from any to any > > > > > > > ipfw add 2 pipe 2 ip from any to any > > > > > > > ping 192.168.0.1 > > > > > > > > > > > > -- > > > > > > > > > > > > > > > > > > Atenciosamente, J.M. > > > > > > Respons=C3=A1vel Plant=C3=A3o Site Support Matik > > > > > > Infomatik Internet Technology > > > > > > (18)3551.8155 (18)8112.7007 > > > > > > http://info.matik.com.br > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > A mensagem foi scaneada pelo sistema de e-mail e pode ser > > > > > > considerada segura. Service fornecido pelo Datacenter Matik > > > > > > https://datacenter.matik.com.br > > > > > > > > -- > > > > > > > > > > > > Atenciosamente, J.M. > > > > Respons=C3=A1vel Plant=C3=A3o Site Support Matik > > > > Infomatik Internet Technology > > > > (18)3551.8155 (18)8112.7007 > > > > http://info.matik.com.br > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > A mensagem foi scaneada pelo sistema de e-mail e pode ser > > > > considerada segura. Service fornecido pelo Datacenter Matik > > > > https://datacenter.matik.com.br > > > > -- > > > > > > Atenciosamente, J.M. > > Respons=C3=A1vel Plant=C3=A3o Site Support Matik > > Infomatik Internet Technology > > (18)3551.8155 (18)8112.7007 > > http://info.matik.com.br > > > > > > > > > > > > > > > > A mensagem foi scaneada pelo sistema de e-mail e pode ser considerada > > segura. Service fornecido pelo Datacenter Matik=20 > > https://datacenter.matik.com.br =2D-=20 Atenciosamente, J.M. Respons=C3=A1vel Plant=C3=A3o Site Support Matik Infomatik Internet Technology (18)3551.8155 =C2=A0(18)8112.7007 http://info.matik.com.br A mensagem foi scaneada pelo sistema de e-mail e pode ser considerada segura. Service fornecido pelo Datacenter Matik https://datacenter.matik.com.br