From owner-freebsd-current@FreeBSD.ORG Thu Oct 21 21:47:49 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D58BB16A4CE for ; Thu, 21 Oct 2004 21:47:49 +0000 (GMT) Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.201]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5DBEB43D2D for ; Thu, 21 Oct 2004 21:47:49 +0000 (GMT) (envelope-from vincepoy@gmail.com) Received: by rproxy.gmail.com with SMTP id 79so76243rnk for ; Thu, 21 Oct 2004 14:47:49 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:references; b=l1qX8VFdKTMvm7RRKFKsQL+C66uEqLrbv/CtwQXSE3yqfMdJwPXLc0kKM3RJAWBXt0THUnynBx9dwbwuKy9OvBekjx6wxkgPqZvOLEy7Hs+n9XY01pKUyKpNeP/8FHWSyDhhrLLBsdQ8I9B1Qww0U0CjYztRis+iRQeurGOXYDs= Received: by 10.38.65.16 with SMTP id n16mr1617969rna; Thu, 21 Oct 2004 14:47:48 -0700 (PDT) Received: by 10.38.14.49 with HTTP; Thu, 21 Oct 2004 14:47:48 -0700 (PDT) Message-ID: <429af92e04102114472add0e51@mail.gmail.com> Date: Thu, 21 Oct 2004 14:47:48 -0700 From: Vincent Poy To: Andre Oppermann In-Reply-To: <4177B899.5EC32F5F@freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit References: <429af92e041020205510c66168@mail.gmail.com> <4177B899.5EC32F5F@freebsd.org> cc: freebsd-current@freebsd.org Subject: Re: Traffic Shaping not working correctly after ipfw coverted to use pfil_hooks API X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Vincent Poy List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Oct 2004 21:47:50 -0000 On Thu, 21 Oct 2004 15:24:41 +0200, Andre Oppermann wrote: > Vincent Poy wrote: > > > > Greetings everyone: > > > > I've recently updated from a March 6, 2004 -CURRENT to a October 19, > > 2004 -CURRENT and this appears to have broken my traffic shaping using > > ipfw/dummynet. According to /usr/src/UPDATING, these are the changes. > > > > 20040817 - IPFW has been converted to use PFIL_HOOKS. > > 20040827 - PFIL_HOOKS are a fixed part of the network stack now > > 20040828 - Network stack runs without Giant lock > > and also GENERIC kernel is now using the 4BSD scheduler instead of the > > ULE scheduler. > > > > I'm on a 6Mbps/608Kbps ADSL connection with a 8 static IP's CIDR/29 > > block so what I am doing is using the FreeBSD box as the router for > > outgoing packets with traffic shaping limiting the upstream at 480Kbps > > so that when I upload, the downloads do not slow down. I have tested > > and the speeds I get is as follows without traffic shaping: > > > > Downloading only: 650KB/sec > > Uploading only: 65KB/sec > > > > When traffic shaping was working correctly, downloading/uploading at > > the same time with the bandwidth limit at 480Kbps would show 500KB/sec > > down and 52KB/sec up. > > > > However, after the latest -CURRENT upgrade, it will do 200KB/sec down > > and 52KB/sec up. If I only download only, then it does show > > 650KB/sec. Normally, when I change the bandwidth to a number lower > > than 480Kbps for the pipe, the download speeds would go up when > > downloading. However, I have tried in 10kbps steps down to 350kbps > > but it still did not top 200KB/sec in downloading. > > Interesting. I have just looked through the ipfw to pfil_hooks changes > as they relate to dummynet. The only change to dummynet is to remove a > stored pointer to the rtentry. This doesn't influence the shaping and > limiting of dummynet in any way. Other than that the way ipfw gets > called has changed and thus how dummynet is invoked too. > > Can you verify that all dummynet queues and pipes are in use? The only > thing I can imagine is that somehow the dummynet info gets mangled and > everything goes into the same queue/pipe. Although that is unlikely. Yeah, it's weird since I was trying to fine tune the bandwidth size of the upstream pipe but noticed the download side was now only delivering 1/3rd the speed it used to no matter what I set the upstream side to since I'm only using ipfw/dummynet on the upstream side as the downstream packets go directly from my ISP to the other machines on the /29. How do I verify all dummynet queues and pipes are in use though? this is the output from ipfw show: root@bigbang [2:45pm][/home/vince] >> ipfw show 00039 42198 13780001 divert 8668 ip from 10.0.0.0/8 to any via xl0 00040 24 3864 divert 8668 ip from 172.16.0.0/12 to any via xl0 00041 339407 102789289 divert 8668 ip from 192.168.0.0/16 to any via xl0 00042 102 5342 divert 8668 ip from 208.201.244.224/29 to 10.0.0.0/8 via xl0 00043 4 188 divert 8668 ip from 208.201.244.224/29 to 172.16.0.0/12 via xl0 00044 300 15126 divert 8668 ip from 208.201.244.224/29 to 192.168.0.0/16 via xl0 00045 102 5342 divert 8668 ip from any to 10.0.0.0/8 via xl0 00046 4 188 divert 8668 ip from any to 172.16.0.0/12 via xl0 00047 2478 725705 divert 8668 ip from any to 192.168.0.0/16 via xl0 00048 213878 49058139 divert 8668 ip from any to 208.201.244.224/29 via xl0 00049 5407521 3326832795 skipto 100 ip from 208.201.244.224/29 to any 00050 680842 218217038 divert 8668 ip from any to any via xl0 00100 78346 20803996 allow ip from any to any via lo0 00200 0 0 deny ip from any to 127.0.0.0/8 00300 0 0 deny ip from 127.0.0.0/8 to any 63000 51 2671 allow ip from any to 10.0.0.0/8 out 63001 2 94 allow ip from any to 172.16.0.0/12 out 63002 431 26717 allow ip from any to 192.168.0.0/16 out 63003 58516 5627106 allow ip from any to 208.201.244.224/29 out 63004 2190398 1646865637 queue 1 tcp from any to any tcpflags ack out 63005 223 19476 queue 2 tcp from any to any dst-port 22,23 out 63006 345875 32423679 queue 2 udp from any to any not dst-port 80,443 out 63007 36129 11266686 queue 3 ip from any to any dst-port 80,443 out 63008 10031 3528577 queue 4 ip from any to any out 65000 3289575 1832553695 allow ip from any to any 65535 1 46 deny ip from any to any Cheers, Vince