From owner-freebsd-net@FreeBSD.ORG  Thu Dec 14 14:08:56 2006
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: net@freebsd.org
Delivered-To: freebsd-net@FreeBSD.ORG
Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 75A3316A4B3;
	Thu, 14 Dec 2006 14:08:56 +0000 (UTC)
	(envelope-from nvass@teledomenet.gr)
Received: from arwen.teledomenet.gr (arwen.teledomenet.gr [213.142.128.58])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 8A33A43DC7;
	Thu, 14 Dec 2006 14:03:13 +0000 (GMT)
	(envelope-from nvass@teledomenet.gr)
Received: from iris ([192.168.1.71])
	by arwen.teledomenet.gr (8.12.10/8.12.10) with ESMTP id kBEE4Qm1020467; 
	Thu, 14 Dec 2006 16:04:26 +0200
From: Nikos Vassiliadis <nvass@teledomenet.gr>
To: freebsd-net@freebsd.org
Date: Thu, 14 Dec 2006 16:04:01 +0200
User-Agent: KMail/1.9.1
References: <458148C7.5050607@fromley.net>
In-Reply-To: <458148C7.5050607@fromley.net>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200612141604.02106.nvass@teledomenet.gr>
Cc: Spadge <spadge@fromley.net>, net@freebsd.org
Subject: Re: Dummynet pipe causing system to lock up
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Dec 2006 14:08:56 -0000

On Thursday 14 December 2006 14:51, Spadge wrote:
> Hi all
> 
> I'm completely baffled by how to work this problem out that I am having 
> with ipfw/dummynet.
> 
> I have created some ipfw rules to use a pipe which dummynet then shapes. 
> The problem I appear to be having is that whenever a packet is sent to 
> the pipe, the entire system locks up and I have to reboot the machine 
> using the power switch. Which is completely sub-optimal, I know.
> 
> I have looked through dummynet manpages, been to the dummynet website ( 
> http://info.iet.unipi.it/~luigi/ip_dummynet/ ), tried google; none of it 
> successfully, other than I found someone who appeared to have had a 
> similar problem a year or so ago, but it looks like his problem either 
> just went away on its own or was never resolved, but no mention of which.
> 
> ** Background Information **
> 
> OS information:
> 
> spadge@tobermory$ uname -a
> FreeBSD tobermory.home 6.1-RELEASE-p11 FreeBSD 6.1-RELEASE-p11 #14: Mon 
> Dec 11 15:08:53 GMT 2006 
> root@tobermory.home:/usr/obj/usr/src/sys/TOBERMORY  i386
> 
> The kernconf has the following bits for the ipfw/dummynet stuff:
> 
> # For ipfw/natd
> 
> options         IPFIREWALL
> options         IPDIVERT
> options         IPFIREWALL_DEFAULT_TO_ACCEPT
> options         IPFIREWALL_VERBOSE
> 
> # For DUMMYNET packet shaping
> options         DUMMYNET
> options         HZ=1000
> 
> And the following rules are what cause the problem I'm having:
> 
> /sbin/ipfw add pipe 101 ip from any to any uid 1101 via $WAN in
> /sbin/ipfw add pipe 102 ip from any to any uid 1101 via $WAN out
> /sbin/ipfw pipe 101 config bw 4096kbit/s delay 200ms
> /sbin/ipfw pipe 102 config bw 512kbit/s delay 200ms
> 
> $WAN is a variable set earlier in the /etc/rc.firewall rules:
> 
> WAN="xl0"
> LAN="nge0"
> 
> The machine is my internet gateway, running my natd, dhcpd, httpd, 
> imapd, smtpd, ircd etc.
> 
> What I am trying to achieve with this dummynet exercise is to put a 
> delay onto everything that UID 1101 (which only runs mldonkey 
> (multi-network p2p client)) sends/receives so that the rest of my LAN 
> can do what it wants online (like playing online games and browsing the 
> interwebs) and have mldonkey step aside gracefully when someone else 
> wants the bandwidth. I got the idea from the mldonkey wiki page covering 
> how to do this in linux - nice of them to spare us FreeBSD users an 
> afterthought and a couple of lines at the end of the lengthy linux 
> how-to, eh.
> 
> link: http://mldonkey.sourceforge.net/TrafficShaping
> 
> Am I missing something *completely* obvious here? What am I doing wrong? 
> How can I find out more about how to do this right?
> 
> The system runs fine right up until the user in the rules starts 
> sending/receiving stuff, then it's goodbye system - and suddenly enough 
> that I can't find a single error or panic entry in any logs covering it.
> 
> Any hints or help would be great.
> 

for ipfw man, BUGS section:
     Rules which use uid, gid or jail based matching should be used only if
     debug.mpsafenet=0 to avoid possible deadlocks due to layering violations
     in its implementation.


> Thanks.
>