From owner-freebsd-net@FreeBSD.ORG  Sat Oct 17 09:21:53 2009
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 4C855106566B
	for <freebsd-net@freebsd.org>; Sat, 17 Oct 2009 09:21:53 +0000 (UTC)
	(envelope-from rwatson@FreeBSD.org)
Received: from cyrus.watson.org (cyrus.watson.org [65.122.17.42])
	by mx1.freebsd.org (Postfix) with ESMTP id 28CA08FC14
	for <freebsd-net@freebsd.org>; Sat, 17 Oct 2009 09:21:53 +0000 (UTC)
Received: from fledge.watson.org (fledge.watson.org [65.122.17.41])
	by cyrus.watson.org (Postfix) with ESMTPS id 9F2B346B17;
	Sat, 17 Oct 2009 05:21:52 -0400 (EDT)
Date: Sat, 17 Oct 2009 10:21:52 +0100 (BST)
From: Robert Watson <rwatson@FreeBSD.org>
X-X-Sender: robert@fledge.watson.org
To: rihad <rihad@mail.ru>
In-Reply-To: <4AD95493.40200@mail.ru>
Message-ID: <alpine.BSF.2.00.0910171020150.46601@fledge.watson.org>
References: <4AD6D99E.10805@mail.ru> <4AD95493.40200@mail.ru>
User-Agent: Alpine 2.00 (BSF 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Cc: freebsd-net@freebsd.org
Subject: Re: dummynet dropping too many packets
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 17 Oct 2009 09:21:53 -0000


On Sat, 17 Oct 2009, rihad wrote:

> P.S.: BTW, there's a small admin-type inconsistency in FreeBSD 7.1: 
> /etc/rc.firewall gets executed before values set by /etc/sysctl.conf are in 
> effect, so "queue 2000" isn't allowed in ipfw pipe rules (as 
> net.inet.ip.dummynet.pipe_slot_limit is only 100 by default), so the rules 
> are silently failing without any trace in the log files - I only saw the 
> errors at the console.

This is awkward to fix for sysctls, because the firewall module may not be 
loaded until the firewall stage of the boot process, so the sysctl wouldn't 
take effect (and perhaps this is what you're seeing, in fact?).

Some sysctls have associated loader tunables, which you can set in 
/boot/loader.conf (and affect configuration when the module is loaded), but it 
looks like that isn't true for net.inet.ip.dummynet.pipe_slot_limit.

Robert N M Watson
Computer Laboratory
University of Cambridge