Subject: HELP!!! Dummynet Causing Machines Dead?? - msg#00035

Previous Message by Date: click to view message preview

RE: ipfw size mismatch? Revised

Thanks Ben, it worked like a charm. IPFW2 and dummynet, can't wait! :) Tom -----Original Message----- From: unix@xxxxxxxx [mailto:unix@xxxxxxxx] Sent: Monday, October 13, 2003 11:55 PM To: Thomas S. Crum; unix@xxxxxxxx Subject: Re: ipfw size mismatch? Revised I hate it when a patch comes out an then a revision. Well this is not a patch but I made a couple typos in kernel name. Sorry about that. Ben Bentsen USWW Systems 706-547-0087 ######## Prev Email ########## I use 4.8 also and had a problem. The following email came in and it worked with the standard release of ipfw2.c. I could not get any of the newer ipfw2.c to properly compile. I sent off an email to the ipfw group but have had no response. I already had the src's on my drives. Subject: RES: ipfw2 with FreeBSD 4.7-Release Date: Fri, 10 Oct 2003 08:20:33 -0300 From: Renato Barreto <renato_barreto@xxxxxxxxxxxxxxx> To: "'freebsd-ipfw@xxxxxxxxxxx'" <freebsd-ipfw@xxxxxxxxxxx> CC: "'traore@xxxxxxxxxxxxxxx'" <traore@xxxxxxxxxxxxxxx> Hi, To do this run /stand/sysinstall (as root), choose Configure -> Distributions, then src, and then lib, sbin and sys. To compile libalias: cd /usr/src/lib/libalias make -DIPFW2 make install To compile ipfw: cd /usr/src/sbin/ipfw make -DIPFW2 make install Build a Kernel with: cd /usr/src/sys/i386/conf options IPFW2 # Renato ##### End of Email ##### Beginning of what I personally did in addition to the email ################################################################# I personally used the following to compile the kernel # cd /usr/src/sys/i386/conf # cp GENERIC USWW48-1 # ee USWW48-1 and added options IPFW2 # /usr/sbin/config USWW48-1 # cd ../../compile/USWW48-1 # make depend # make # make install And it worked Additionally I made the following changes to the kernel I commented out the following #cpu I386_CPU #cpu I486_CPU #options INET6 #IPv6 communications protocols #pseudo-device gif # IPv6 and IPv4 tunneling #pseudo-device faith 1 # IPv6-to-IPv4 relaying (translation) ### I have had many problems with ip6 so I just omit it for now. ### Until it becomes more of a standard I won;t dive in to it. And I added the following under maxusers 0 ## Start BB # Add the next line to the end of this file uncommented # pseudo-device speaker #Play IBM BASIC-style noises out your speaker BB Added # I added "reveille" below to the end of rc.local file so when it boots I know it did. # echo "t255l8c.f.afc~c.f.afc~c.f.afc.f.a..f.~c.f.afc~c.f.afc~c.f.afc~c.f..">/d ev/speaker # TCPDEBUG is undocumented. # /usr/sbin/config USWW48V1;cd ../../compile/USWW48V1;make depend;make;make install # # BRIDGE enables bridging between ethernet cards -- see bridge(4). # You can use IPFIREWALL and dummynet together with bridging. options IPFW2 # USE make -DIPFW2 when Making kernel options BRIDGE options DUMMYNET # This is for bandwith limiting see man dummynet options MROUTING # Multicast routing options IPFIREWALL # firewall options IPFIREWALL_FORWARD # enable transparent proxy support options IPFIREWALL_VERBOSE # print information about # dropped packets options IPFIREWALL_VERBOSE_LIMIT=100 # limit verbosity options IPFIREWALL_DEFAULT_TO_ACCEPT # allow everything by default options IPDIVERT # divert sockets options TCPDEBUG ## End BB I hope this helps it works well for me Your rules sets may need to checked and MAC addresses addressed Remember the order of the MACs in rc.local or rc.firewall. I personally do not use rc.firewall I put all rules in rc.local. An old method but works much better and safer for me. Destination Source ipfw add 880 pass log logamount 10000 mac 00:50:bf:16:15:37 00:48:54:8a:b7:f4 ipfw add 880 pass log logamount 10000 mac 00:48:54:8a:b7:f4 00:50:bf:16:15:37 I have used FreeBSD for years and am well satisfied with it. I use it on all my network boxes. Ben Bentsen USWW Systems 706-547-0087 "Thomas S. Crum" wrote: > > Hello all, > > I recently installed FreeBSD 4.8 release and am having problems getting > a dummynet bridge working. Not that dummynet is the problem, I cannot > get the bridge itself working. I keep getting an error at start: ipfw: > size mismatch (have 176 want 36) and when I enter: sh /etc/rc.firewall I > get the mismatch along with getsockopt(IP_FW_ADD): Invalid argument. > > I have no ip addresses assigned to either of my two interfaces. > > The kernel was rebuilt with the added options: > > options BRIDGE > options IPFIREWALL > options IPDIVERT (tried with and without this option) > options IPFIREWALL_VERBOSE > options IPFW2 > options DUMMYNET > > I built the kernel with: > > cd /usr/src > make buildkernel KERNCONF=MYKERNEL > make installkernel KERNCONF=MYKERNEL > > I put these lines in /etc/rc.conf: > > firewall_enable="YES" > firewall_type="OPEN" > firewall_quiet="YES" > firewall_logging="YES" > > Put these lines in /etc/sysctl.conf (where rl0 and rl1 are my NIC's): > > net.link.ether.bridge_cfg=rl0:0,rl1:0 > net.link.ether.bridge_ipfw=1 > net.link.ether.bridge=1 > > I have used this same setup w/ 4.4 with no problem (of course lacking > the ipfw2 option). Tried google with the errors I'm getting to no > avail. Any help getting this bridge up will be appreciated. > > Best, > > Tom > > _______________________________________________ > freebsd-ipfw@xxxxxxxxxxx mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@xxxxxxxxxxx" _______________________________________________ freebsd-ipfw@xxxxxxxxxxx mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@xxxxxxxxxxx"

Next Message by Date: click to view message preview

Dummynet Causing Machines Dead

I have three Squid machines working together as a cache array. I used Dummynet to control the inter-cache bandwidth. My three squid is 10.12.0.1, 10.12.0.2 and 10.12.0.3 I used the following commands to create pipes in each squid For example, in Squid1: ipfw add pipe 1 IP from 10.12.0.1 to 10.12.0.2 out ipfw add pipe 2 IP from 10.12.0.1 to 10.12.0.3 out ipfw pipe 1 config bw 10Mbit/s queue 75Kbytes ipfw pipe 2 config bw 10Mbit/s queue 75Kbytes I have another program to change the bandwidth of each pipe every half an hour, with a lot of traffic going through the caches at the same time. So that the configeration for a pipe can change FROM: ipfw pipe 1 config bw 10Mbit/s queue 73Kbytes TO: ipfw pipe 1 config bw 2Mbit/s queue 25Kbytes Then in very short time, the machine is dead. I think the problem might because of the setting of "queue". But I don't know how much should be correct. I was using "bw x Mbit/s queue 6*x+13 Kbytes". Oh, when bandwidth change from 5M to 3M ,or 8M to 5M (smaller difference), the machines will run just fine with my 6*x+13 setting. Only steep jump like from 8M to 2M will cause death. Please help me out!!! This is emergency!!!! Thanks, Ming _______________________________________________ freebsd-ipfw@xxxxxxxxxxx mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@xxxxxxxxxxx"

Previous Message by Thread: click to view message preview

RE: ipfw size mismatch? Revised

Thanks Ben, it worked like a charm. IPFW2 and dummynet, can't wait! :) Tom -----Original Message----- From: unix@xxxxxxxx [mailto:unix@xxxxxxxx] Sent: Monday, October 13, 2003 11:55 PM To: Thomas S. Crum; unix@xxxxxxxx Subject: Re: ipfw size mismatch? Revised I hate it when a patch comes out an then a revision. Well this is not a patch but I made a couple typos in kernel name. Sorry about that. Ben Bentsen USWW Systems 706-547-0087 ######## Prev Email ########## I use 4.8 also and had a problem. The following email came in and it worked with the standard release of ipfw2.c. I could not get any of the newer ipfw2.c to properly compile. I sent off an email to the ipfw group but have had no response. I already had the src's on my drives. Subject: RES: ipfw2 with FreeBSD 4.7-Release Date: Fri, 10 Oct 2003 08:20:33 -0300 From: Renato Barreto <renato_barreto@xxxxxxxxxxxxxxx> To: "'freebsd-ipfw@xxxxxxxxxxx'" <freebsd-ipfw@xxxxxxxxxxx> CC: "'traore@xxxxxxxxxxxxxxx'" <traore@xxxxxxxxxxxxxxx> Hi, To do this run /stand/sysinstall (as root), choose Configure -> Distributions, then src, and then lib, sbin and sys. To compile libalias: cd /usr/src/lib/libalias make -DIPFW2 make install To compile ipfw: cd /usr/src/sbin/ipfw make -DIPFW2 make install Build a Kernel with: cd /usr/src/sys/i386/conf options IPFW2 # Renato ##### End of Email ##### Beginning of what I personally did in addition to the email ################################################################# I personally used the following to compile the kernel # cd /usr/src/sys/i386/conf # cp GENERIC USWW48-1 # ee USWW48-1 and added options IPFW2 # /usr/sbin/config USWW48-1 # cd ../../compile/USWW48-1 # make depend # make # make install And it worked Additionally I made the following changes to the kernel I commented out the following #cpu I386_CPU #cpu I486_CPU #options INET6 #IPv6 communications protocols #pseudo-device gif # IPv6 and IPv4 tunneling #pseudo-device faith 1 # IPv6-to-IPv4 relaying (translation) ### I have had many problems with ip6 so I just omit it for now. ### Until it becomes more of a standard I won;t dive in to it. And I added the following under maxusers 0 ## Start BB # Add the next line to the end of this file uncommented # pseudo-device speaker #Play IBM BASIC-style noises out your speaker BB Added # I added "reveille" below to the end of rc.local file so when it boots I know it did. # echo "t255l8c.f.afc~c.f.afc~c.f.afc.f.a..f.~c.f.afc~c.f.afc~c.f.afc~c.f..">/d ev/speaker # TCPDEBUG is undocumented. # /usr/sbin/config USWW48V1;cd ../../compile/USWW48V1;make depend;make;make install # # BRIDGE enables bridging between ethernet cards -- see bridge(4). # You can use IPFIREWALL and dummynet together with bridging. options IPFW2 # USE make -DIPFW2 when Making kernel options BRIDGE options DUMMYNET # This is for bandwith limiting see man dummynet options MROUTING # Multicast routing options IPFIREWALL # firewall options IPFIREWALL_FORWARD # enable transparent proxy support options IPFIREWALL_VERBOSE # print information about # dropped packets options IPFIREWALL_VERBOSE_LIMIT=100 # limit verbosity options IPFIREWALL_DEFAULT_TO_ACCEPT # allow everything by default options IPDIVERT # divert sockets options TCPDEBUG ## End BB I hope this helps it works well for me Your rules sets may need to checked and MAC addresses addressed Remember the order of the MACs in rc.local or rc.firewall. I personally do not use rc.firewall I put all rules in rc.local. An old method but works much better and safer for me. Destination Source ipfw add 880 pass log logamount 10000 mac 00:50:bf:16:15:37 00:48:54:8a:b7:f4 ipfw add 880 pass log logamount 10000 mac 00:48:54:8a:b7:f4 00:50:bf:16:15:37 I have used FreeBSD for years and am well satisfied with it. I use it on all my network boxes. Ben Bentsen USWW Systems 706-547-0087 "Thomas S. Crum" wrote: > > Hello all, > > I recently installed FreeBSD 4.8 release and am having problems getting > a dummynet bridge working. Not that dummynet is the problem, I cannot > get the bridge itself working. I keep getting an error at start: ipfw: > size mismatch (have 176 want 36) and when I enter: sh /etc/rc.firewall I > get the mismatch along with getsockopt(IP_FW_ADD): Invalid argument. > > I have no ip addresses assigned to either of my two interfaces. > > The kernel was rebuilt with the added options: > > options BRIDGE > options IPFIREWALL > options IPDIVERT (tried with and without this option) > options IPFIREWALL_VERBOSE > options IPFW2 > options DUMMYNET > > I built the kernel with: > > cd /usr/src > make buildkernel KERNCONF=MYKERNEL > make installkernel KERNCONF=MYKERNEL > > I put these lines in /etc/rc.conf: > > firewall_enable="YES" > firewall_type="OPEN" > firewall_quiet="YES" > firewall_logging="YES" > > Put these lines in /etc/sysctl.conf (where rl0 and rl1 are my NIC's): > > net.link.ether.bridge_cfg=rl0:0,rl1:0 > net.link.ether.bridge_ipfw=1 > net.link.ether.bridge=1 > > I have used this same setup w/ 4.4 with no problem (of course lacking > the ipfw2 option). Tried google with the errors I'm getting to no > avail. Any help getting this bridge up will be appreciated. > > Best, > > Tom > > _______________________________________________ > freebsd-ipfw@xxxxxxxxxxx mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@xxxxxxxxxxx" _______________________________________________ freebsd-ipfw@xxxxxxxxxxx mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@xxxxxxxxxxx"

Next Message by Thread: click to view message preview

Re: HELP!!! Dummynet Causing Machines Dead??

On Tue, Oct 14, 2003 at 02:51:18PM -0500, mzu@xxxxxxxxx wrote: > I have another program to change the bandwidth of each pipe every half an > hour, with a lot of traffic going through the caches at the same time. So > that the configeration for a pipe can change > > FROM: ipfw pipe 1 config bw 10Mbit/s queue 73Kbytes > > TO: ipfw pipe 1 config bw 2Mbit/s queue 25Kbytes > > Then in very short time, the machine is dead. What version of FreeBSD do You run with? This bug is believed to be fixed in RELENG_4. -- Paweł Małachowski _______________________________________________ freebsd-ipfw@xxxxxxxxxxx mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@xxxxxxxxxxx"