From owner-freebsd-net@FreeBSD.ORG Sat Oct 17 09:21:53 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4C855106566B for ; Sat, 17 Oct 2009 09:21:53 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [65.122.17.42]) by mx1.freebsd.org (Postfix) with ESMTP id 28CA08FC14 for ; Sat, 17 Oct 2009 09:21:53 +0000 (UTC) Received: from fledge.watson.org (fledge.watson.org [65.122.17.41]) by cyrus.watson.org (Postfix) with ESMTPS id 9F2B346B17; Sat, 17 Oct 2009 05:21:52 -0400 (EDT) Date: Sat, 17 Oct 2009 10:21:52 +0100 (BST) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: rihad In-Reply-To: <4AD95493.40200@mail.ru> Message-ID: References: <4AD6D99E.10805@mail.ru> <4AD95493.40200@mail.ru> User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-net@freebsd.org Subject: Re: dummynet dropping too many packets X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Oct 2009 09:21:53 -0000 On Sat, 17 Oct 2009, rihad wrote: > P.S.: BTW, there's a small admin-type inconsistency in FreeBSD 7.1: > /etc/rc.firewall gets executed before values set by /etc/sysctl.conf are in > effect, so "queue 2000" isn't allowed in ipfw pipe rules (as > net.inet.ip.dummynet.pipe_slot_limit is only 100 by default), so the rules > are silently failing without any trace in the log files - I only saw the > errors at the console. This is awkward to fix for sysctls, because the firewall module may not be loaded until the firewall stage of the boot process, so the sysctl wouldn't take effect (and perhaps this is what you're seeing, in fact?). Some sysctls have associated loader tunables, which you can set in /boot/loader.conf (and affect configuration when the module is loaded), but it looks like that isn't true for net.inet.ip.dummynet.pipe_slot_limit. Robert N M Watson Computer Laboratory University of Cambridge