Date: Thu, 7 Dec 2006 14:47:51 +0200 From: Timofej Dod <hidden@4you.lt> To: =?iso-8859-1?Q?H=E5kon_Granlund?= <hg@sircon.no> Cc: freebsd-net@freebsd.org Subject: Re[2]: dummynet throughput problem Message-ID: <1797123194.20061207144751@4you.lt> In-Reply-To: <45780C9C.1000907@sircon.no> References: <1895992105.20061206224504@4you.lt> <45780C9C.1000907@sircon.no>
next in thread | previous in thread | raw e-mail | index | archive | help
Sveiki, Yep, it was a problem at the upstream which was seeing the packets twice and adding them into the pipe twice because of that. There were no skipto rules at the upstream. ------------------- HG> Timofej Dod wrote: >> Hi, >> >> I got a firewall with ipfw + dummynet. >> system is: >> FreeBSD 6.1-RELEASE-p10 >> >> table 1 contains 211 IP addresses. >> >> 00502 pipe 11 ip from any to table(1) out via rl0 >> 00502 skipto 2000 ip from any to table(1) >> >> and with pipe configured >> ipfw -q pipe 11 config mask dst-ip 0xffffffff bw 256Kbit/s >> >> however everybody only getting half of it i.e. 128 Kbits. >> also net.inet.ip.fw.one_pass: 1 doesn't seem to work properly since >> counters show that skipto rule is being triggered and it should not with >> the one_pass activated. >> Any clues how to make it give the speed it is supposed to? HG> I'm absolutely no expert on this matter, but I think you have to define HG> where the packets are going. It's got something to do with DUMMYNET or HG> IPFW seeing the packet twice. You're probably looking for: HG> 00502 pipe 11 ip from any to table(1) out xmit rl0 HG> A similar rule for incoming would be: HG> pipe 12 ip from table(1) to any in recv rl0 HG> -- HG> Håkon Granlund -- Timofej Dod Interneto programuotojas / Web Developer UAB "Eilorita" , 4you.ltT Tel./Faks:+370 52 349 379 Mob. +375 29 7783581 ICQ 136621403 http://www.4you.lt
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1797123194.20061207144751>