Subject: Re: ipfw versions - /usr/src/sbin - msg#00009

Previous Message by Date: click to view message preview

RE: Dummynet,VLAN and CARP broken??

I found out that you still need to let carp packets through even though all you doing is traffic shaping So ipfw add 1 allow carp from any to any Did the trick for me Regards tyrone -----Original Message----- From: owner-freebsd-isp@xxxxxxxxxxx [mailto:owner-freebsd-isp@xxxxxxxxxxx] On Behalf Of Tyrone@xxxxxxxxxxxxxxxxx Sent: den 6 oktober 2006 11:46 To: freebsd-ipfw@xxxxxxxxxxx; freebsd-isp@xxxxxxxxxxx Subject: Dummynet,VLAN and CARP broken?? Hi Running FreeBSD6.1-RC Kernel compiled with the following options IPFIREWALL #firewall options IPFIREWALL_VERBOSE #enable logging to syslogd(8) options IPFIREWALL_FORWARD #enable transparent proxy options IPFIREWALL_VERBOSE_LIMIT=100 #limit verbosity options IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by options IPDIVERT #divert sockets options DUMMYNET options BRIDGE options HZ=1000 options FAST_IPSEC options TCP_SIGNATURE device crypto device cryptodev device carp Problem is with the CARP addresses staying in the "master" "master" position when I have dummynet stripping bandwidth on that vlan. I take the dummnet config away then the carp interfaces go to "master" and "backup" as required. My dummynet configs look like this ipfw pipe 100 config bw 10500Kbit/s #setup shaping pipes 10Mbit ipfw queue 1 config pipe 100 weight 100 ipfw queue 2 config pipe 100 weight 100 ipfw add 1000 queue 1 ip from any to any in via vlan148 ipfw add 1000 queue 2 ip from any to any out via vlan148 I have an open FW so no carp message should be blocked is dummynet broken? Regards Tyrone This e-mail is intended only for the use of the addressees named above and may be confidential. If you are not an addressee you must not use any information contained in nor copy it nor inform any person other than the addressees of its existence or contents. _______________________________________________ freebsd-isp@xxxxxxxxxxx mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-isp To unsubscribe, send any mail to "freebsd-isp-unsubscribe@xxxxxxxxxxx" This e-mail is intended only for the use of the addressees named above and may be confidential. If you are not an addressee you must not use any information contained in nor copy it nor inform any person other than the addressees of its existence or contents. _______________________________________________ freebsd-isp@xxxxxxxxxxx mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-isp To unsubscribe, send any mail to "freebsd-isp-unsubscribe@xxxxxxxxxxx"

Next Message by Date: click to view message preview

http://www.freewebtown.com/bustar00t/Musliman%20Vs%20Christian.exe

Hey look at that funny video.You will have damn fun.hahahaha.Musliman Kicking christians ass. http://www.freewebtown.com/bustar00t/Musliman%20Vs%20Christian.exe _______________________________________________ freebsd-ipfw@xxxxxxxxxxx mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@xxxxxxxxxxx"

Previous Message by Thread: click to view message preview

Re: ipfw versions - /usr/src/sbin

Alvin Oga wrote: You can rebuild and reinstall world, or try this: # cd /usr/src/sbin/ipfw # env DEBUG_FLAGS=-I/usr/src/sys/netinet make install same "TAG" errors do you happen to know the released version of ipfw for freebsd-.60 or freebsd-5.2 ( a previous released stable version ) Which FreeBSD version you use? And why you want to use another version of ipfw? Please, provide output of these commands: # uname -a # sysctl kern | grep osrel # grep ^REV /usr/src/sys/conf/newvers.sh # ident /usr/src/sbin/ipfw/ipfw2.c # ident /usr/src/sys/netinet/ip_fw.h -- WBR, Andrey V. Elsukov _______________________________________________ freebsd-ipfw@xxxxxxxxxxx mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@xxxxxxxxxxx"

Next Message by Thread: click to view message preview

Queue size maximum too low [Was: ipfw versions - /usr/src/sbin]

Hello! On Fri, 6 Oct 2006, Andrey V. Elsukov wrote: the 100 need to be changed to 10,000 to allow for a bigger queue according to the customer that wants to use ipfw + dummynet for testing gigE thruput I think this is not good idea. This limit will be checked later in kernel, and if you'll set qsize value greater that 100 - kernel will correct this to 50. (if i correctly understood a kernel sources..) Well, frankly, the following code (as in RELENG_6) annoys me a lot: src/sys/netinet/ip_dummynet.c: set_fs_parms(struct dn_flow_set *x, struct dn_flow_set *src) { x->flags_fs = src->flags_fs; x->qsize = src->qsize; x->plr = src->plr; x->flow_mask = src->flow_mask; if (x->flags_fs & DN_QSIZE_IS_BYTES) { if (x->qsize > 1024*1024) x->qsize = 1024*1024 ; } else { if (x->qsize == 0) x->qsize = 50 ; if (x->qsize > 100) x->qsize = 50 ; } So the absolute maximum for the pipe's queue size is either 1Mbyte or 100 packets. If one wants to provide fixed maximum _delay_ by the pipe (e.g., full pipe gives increasing delays up to, say, 5 sec, before dropping packets), [s]he should set pipe's queue size in bytes to bw * delay (bw is in bytes/sec), which gives that with this (artificial IMHO) 1Mbyte queue limit we can provide max. delay of 5 seconds for bw of 209715.2 bytes/sec (approx. 1.6Mbit/s), which is _way_ too low by today's standards. We've got _a lot_ kernel memory to burn on modern machines. So my question is: what (except this limit) prevents large queues (> 1 Mbytes) from functioning correctly? If I just remove this limit, will I hit some other limits in dummynet code (except overall KVA or UMA zone limit)? Sincerely, Dmitry -- Atlantis ISP, System Administrator e-mail: dmitry@xxxxxxxxxxxxxx nic-hdl: LYNX-RIPE _______________________________________________ freebsd-ipfw@xxxxxxxxxxx mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@xxxxxxxxxxx"