Date: Mon, 24 Mar 2008 14:11:51 -0300 From: AT Matik <asstec@matik.com.br> To: freebsd-ipfw@freebsd.org Cc: bu7cher@yandex.ru, Alexander Shulikov <shulikov@gmail.com> Subject: Re: kern/121955: [ipfw] [panic] freebsd 7.0 panic with mpd Message-ID: <200803241411.51930.asstec@matik.com.br> In-Reply-To: <18292fe60803240811j651decf7hd808373324f06948@mail.gmail.com> References: <18292fe60803240107v1462a87v4222790745844d5d@mail.gmail.com> <200803241158.00240.asstec@matik.com.br> <18292fe60803240811j651decf7hd808373324f06948@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Monday 24 March 2008 12:11:44 Alexander Shulikov wrote:
> In real script I have in and out. But some ip's for the same speed I
> add in table, and then do:
> # 512/128
> ${fwcmd} pipe 357 config bw 128Kbit/s queue 100 mask src-ip 0xffffffff
> ${fwcmd} pipe 358 config bw 512Kbit/s queue 100 mask dst-ip 0xffffffff
> ${fwcmd} add pipe 357 ip from "table(3)" to any in
> ${fwcmd} add pipe 358 ip from any to "table(3)" out
>
> IPs for individual speed added as in example in previous letter, but
> with in/out.
>
> But what can I do for resolve this problem. Now I have server with
> FreeBSD 6.2 and copy of this configs - and all works fine. o_O
>
well I use the above different, first I define the pipe and second the bw
anyway I do not use tables
also seems you use long queues so may be you like to tune=20
net.inet.ip.intr_queue_maxlen and mbuf of your machine
> 2008/3/24, AT Matik <asstec@matik.com.br>:
> > On Monday 24 March 2008 11:51:44 Alexander Shulikov wrote:
> > > # sysctl -a | grep one_pass
> > > net.inet.ip.fw.one_pass: 0
> > >
> > > Yes - it eq 0. But I need it for next situation: all net I need shape
> > > at one speed, but invididual ip addresses to another speed.
> > > For example,
> > > ipfw pipe 1 config bw 10Mbit/s queue 100
> > > ipfw pipe 2 config bw 10Mbit/s queue 100
> > > ipfw add pipe 1 ip from 192.168.1.0/24 to any
> > > ipfw add pipe 2 ip from any to 192.168.1.0/24
> > > ipfw pipe 3 config bw 1Mbit/s queue 100
> > > ipfw pipe 4 config bw 1Mbit/s queue 100
> > > ipfw add pipe 3 ip from 192.168.1.1/32 to any
> > > ipfw add pipe 4 ip from any to 192.168.1.1/32
> >
> > that should work, I have similar setups running fine
> > the /32 mask you should not need but I am missing the in/out definition
> > in your rules
> >
> > > ......
> > >
> > >
> > > Also this configuration work in FreeBSD 6.2. (May be in 6.2 smaller
> > > call tree?)
> > >
> > > 2008/3/24, AT Matik <asstec@matik.com.br>:
> > > > On Monday 24 March 2008 08:08:02 Andrey V. Elsukov wrote:
> > > > > AT Matik wrote:
> > > > > > what do you mean? By setting to 0 the packages are not
> > > > > > re-injected into the pipe but go through other existing rules
> > > > > > after the matching pipe, or not?
> > > > >
> > > > > When you reset net.inet.ip.fw.one_pass to zero, packets return
> > > > > back into ipfw to the next rule after dummynet/netgraph. And if
> > > > > you have similar rules packets will be passed into
> > > > > dummynet/netgraph again.
> > > > >
> > > > > This is example how to get double fault (from mail archive):
> > > >
> > > > jaaa well but that is the famous bw 0 example which is not valid, =
as
> > > > by itself certainly an invalid config, not connected to the existi=
ng
> > > > problem the reporter has I guess
> > > >
> > > > Jo=E3o
> > > >
> > > > > ifconfig em0 192.168.0.2/24
> > > > > kldload ipfw
> > > > > kldload dummynet
> > > > > sysctl net.inet.ip.fw.one_pass=3D0
> > > > > ipfw pipe 2 config bw 0
> > > > > ipfw add 2 pipe 2 ip from any to any
> > > > > ipfw add 2 pipe 2 ip from any to any
> > > > > ipfw add 2 pipe 2 ip from any to any
> > > > > ipfw add 2 pipe 2 ip from any to any
> > > > > ipfw add 2 pipe 2 ip from any to any
> > > > > ipfw add 2 pipe 2 ip from any to any
> > > > > ipfw add 2 pipe 2 ip from any to any
> > > > > ipfw add 2 pipe 2 ip from any to any
> > > > > ipfw add 2 pipe 2 ip from any to any
> > > > > ipfw add 2 pipe 2 ip from any to any
> > > > > ipfw add 2 pipe 2 ip from any to any
> > > > > ipfw add 2 pipe 2 ip from any to any
> > > > > ipfw add 2 pipe 2 ip from any to any
> > > > > ipfw add 2 pipe 2 ip from any to any
> > > > > ipfw add 2 pipe 2 ip from any to any
> > > > > ipfw add 2 pipe 2 ip from any to any
> > > > > ipfw add 2 pipe 2 ip from any to any
> > > > > ping 192.168.0.1
> > > >
> > > > --
> > > >
> > > >
> > > > Atenciosamente, J.M.
> > > > Respons=E1vel Plant=E3o Site Support Matik
> > > > Infomatik Internet Technology
> > > > (18)3551.8155 (18)8112.7007
> > > > http://info.matik.com.br
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > A mensagem foi scaneada pelo sistema de e-mail e pode ser
> > > > considerada segura. Service fornecido pelo Datacenter Matik
> > > > https://datacenter.matik.com.br
> >
> > --
> >
> >
> > Atenciosamente, J.M.
> > Respons=E1vel Plant=E3o Site Support Matik
> > Infomatik Internet Technology
> > (18)3551.8155 (18)8112.7007
> > http://info.matik.com.br
> >
> >
> >
> >
> >
> >
> >
> > A mensagem foi scaneada pelo sistema de e-mail e pode ser considerada
> > segura. Service fornecido pelo Datacenter Matik=20
> > https://datacenter.matik.com.br
=2D-=20
Atenciosamente, J.M.
Respons=E1vel Plant=E3o Site Support Matik
Infomatik Internet Technology
(18)3551.8155 =A0(18)8112.7007
http://info.matik.com.br
A mensagem foi scaneada pelo sistema de e-mail e pode ser considerada segura.
Service fornecido pelo Datacenter Matik https://datacenter.matik.com.br
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200803241411.51930.asstec>