From owner-freebsd-net@FreeBSD.ORG Sat Oct 17 15:01:11 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 69EBE1065695; Sat, 17 Oct 2009 15:01:11 +0000 (UTC) (envelope-from rihad@mail.ru) Received: from mx74.mail.ru (mx74.mail.ru [94.100.176.89]) by mx1.freebsd.org (Postfix) with ESMTP id 25D488FC14; Sat, 17 Oct 2009 15:01:11 +0000 (UTC) Received: from [217.25.27.27] (port=23978 helo=[217.25.27.27]) by mx74.mail.ru with asmtp id 1MzAmL-0007yI-00; Sat, 17 Oct 2009 19:01:09 +0400 Message-ID: <4AD9DC34.50600@mail.ru> Date: Sat, 17 Oct 2009 20:01:08 +0500 From: rihad User-Agent: Mozilla-Thunderbird 2.0.0.22 (X11/20090706) MIME-Version: 1.0 To: Robert Watson References: <4AD6D99E.10805@mail.ru> <4AD95493.40200@mail.ru> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Spam: Not detected X-Mras: Ok Cc: freebsd-net@freebsd.org Subject: Re: dummynet dropping too many packets X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Oct 2009 15:01:11 -0000 Robert Watson wrote: > > On Sat, 17 Oct 2009, rihad wrote: > >> P.S.: BTW, there's a small admin-type inconsistency in FreeBSD 7.1: >> /etc/rc.firewall gets executed before values set by /etc/sysctl.conf >> are in effect, so "queue 2000" isn't allowed in ipfw pipe rules (as >> net.inet.ip.dummynet.pipe_slot_limit is only 100 by default), so the >> rules are silently failing without any trace in the log files - I only >> saw the errors at the console. > > This is awkward to fix for sysctls, because the firewall module may not > be loaded until the firewall stage of the boot process, so the sysctl > wouldn't take effect (and perhaps this is what you're seeing, in fact?). > Well, my kernel is built with IPFIREWALL enabled, so ipfw module is unneeded and doesn't get loaded automatically. I rather still think it's the order of execution that matters. For that matter I've worked around the problem for now by setting the sysctls explicitly in /etc/rc.firewall right before configuring the pipes: /sbin/sysctl net.inet.ip.dummynet.hash_size=512 /sbin/sysctl net.inet.ip.dummynet.pipe_slot_limit=2000 and commented them out in /etc/sysctl.conf with an XXX Now I see that this is also the reason why setting net.inet.ip.dummynet.hash_size in sysctl.conf had no effect on the hash table size at the time of creation of the pipes. > Some sysctls have associated loader tunables, which you can set in > /boot/loader.conf (and affect configuration when the module is loaded), > but it looks like that isn't true for net.inet.ip.dummynet.pipe_slot_limit. > > Robert N M Watson > Computer Laboratory > University of Cambridge > >