Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 09 Oct 2009 19:35:01 +0500
From:      rihad <rihad@mail.ru>
To:        Oleg Bulyzhin <oleg@FreeBSD.org>
Cc:        freebsd-net@freebsd.org
Subject:   Re: dummynet dropping too many packets
Message-ID:  <4ACF4A15.1010203@mail.ru>
In-Reply-To: <20091007115425.GD88982@lath.rinet.ru>
References:  <4AC8A76B.3050502@mail.ru> <20091007085902.GA88982@lath.rinet.ru> <4ACC5E23.8090405@mail.ru> <20091007100503.GB88982@lath.rinet.ru> <4ACC6A7B.5050808@mail.ru> <20091007104525.GC88982@lath.rinet.ru> <4ACC7308.6070301@mail.ru> <20091007115425.GD88982@lath.rinet.ru>
next in thread | previous in thread | raw e-mail | index | archive | help 
Oleg Bulyzhin wrote:
> On Wed, Oct 07, 2009 at 03:52:56PM +0500, rihad wrote:
> 
>> You probably have some special sources of documentation ;-) According to 
>> man ipfw, both "netgraph/ngtee" and "pipe" decide the fate of the packet 
>> unless one_pass=0. Or do you mean sprinkling smart skiptos here and 
>> there? ;-)
> 
> you can
> 1) use ng_ether & ng_netflow. (so no need in 'ngtee' rule).
> 2) use 'tee' rule with ng_ksocket & ng_netflow
> 
>>> Could you show your 'ipfw show' output? (hide ip addresses if you wish but
>>> keep counters please).
>>>
> 
>> Here it is, in its whole glory:
>>
>> 00100   10434423   1484891105 allow ip from any to any via lo0
>> 00200          2           14 deny ip from any to 127.0.0.0/8
>> 00300          1            4 deny ip from 127.0.0.0/8 to any
>> 01000 3300039938 327603104711 allow ip from any to any in
>> 01010   26214900    421138433 allow ip from me to any out
>> 01020    5453857     46806278 allow icmp from any to any out
>> 01030 3268289053 327224694165 ngtee 1 ip from any to any out
>> 01040   18681181   1089636054 skipto 1100 ip from table(127) to any out 
>> recv bce0 xmit bce1
>> 01060  777488848  76743392754 pipe tablearg ip from any to table(0) out 
>> recv bce0 xmit bce1
>> 01070  776831109  76682499457 allow ip from any to table(0) out recv 
>> bce0 xmit bce1
>> 01100   13102697    808411842 pipe tablearg ip from any to table(2) out
>> 65535  662648946  66711487830 allow ip from any to any
> 
> I guess this one would be better(faster):
> 
> 00050 allow ip from any to any in
> 00100 allow ip from any to any via lo0
> 01010 allow ip from me to any
> 01020 allow icmp from any to any
> 01030 ngtee 1 ip from any to any
> 01035 skipto 1040 ip from any to any recv bce0 xmit bce1
> 01036 allow ip from any to any
> 01040 skipto 1100 ip from table(127) to any
> 01060 pipe tablearg ip from any to table(0)
> 01070 allow ip from any to any
> 01100 pipe tablearg ip from any to table(2)
> 65535 allow ip from any to any
> 
Tried it just now - no visible effect.
400-700 packet drops per second which is around 5-7 mbps dropped on 
output. So I don't think getting rid of one_pass=0 would help at all.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4ACF4A15.1010203>