Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 17 Oct 2009 20:01:08 +0500
From:      rihad <rihad@mail.ru>
To:        Robert Watson <rwatson@FreeBSD.org>
Cc:        freebsd-net@freebsd.org
Subject:   Re: dummynet dropping too many packets
Message-ID:  <4AD9DC34.50600@mail.ru>
In-Reply-To: <alpine.BSF.2.00.0910171020150.46601@fledge.watson.org>
References:  <4AD6D99E.10805@mail.ru> <4AD95493.40200@mail.ru> <alpine.BSF.2.00.0910171020150.46601@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

Robert Watson wrote:
> 
> On Sat, 17 Oct 2009, rihad wrote:
> 
>> P.S.: BTW, there's a small admin-type inconsistency in FreeBSD 7.1: 
>> /etc/rc.firewall gets executed before values set by /etc/sysctl.conf 
>> are in effect, so "queue 2000" isn't allowed in ipfw pipe rules (as 
>> net.inet.ip.dummynet.pipe_slot_limit is only 100 by default), so the 
>> rules are silently failing without any trace in the log files - I only 
>> saw the errors at the console.
> 
> This is awkward to fix for sysctls, because the firewall module may not 
> be loaded until the firewall stage of the boot process, so the sysctl 
> wouldn't take effect (and perhaps this is what you're seeing, in fact?).
> 
Well, my kernel is built with IPFIREWALL enabled, so ipfw module is 
unneeded and doesn't get loaded automatically. I rather still think it's 
the order of execution that matters.
For that matter I've worked around the problem for now by setting the 
sysctls explicitly in /etc/rc.firewall right before configuring the pipes:
         /sbin/sysctl net.inet.ip.dummynet.hash_size=512
         /sbin/sysctl net.inet.ip.dummynet.pipe_slot_limit=2000
and commented them out in /etc/sysctl.conf with an XXX

Now I see that this is also the reason why setting 
net.inet.ip.dummynet.hash_size in sysctl.conf had no effect on the hash 
table size at the time of creation of the pipes.

> Some sysctls have associated loader tunables, which you can set in 
> /boot/loader.conf (and affect configuration when the module is loaded), 
> but it looks like that isn't true for net.inet.ip.dummynet.pipe_slot_limit.
> 
> Robert N M Watson
> Computer Laboratory
> University of Cambridge
> 
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4AD9DC34.50600>