From owner-freebsd-ipfw@FreeBSD.ORG Mon Mar 24 17:33:59 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1B5FF1065671 for ; Mon, 24 Mar 2008 17:33:59 +0000 (UTC) (envelope-from asstec@matik.com.br) Received: from msrv.matik.com.br (msrv.matik.com.br [200.152.83.14]) by mx1.freebsd.org (Postfix) with ESMTP id 9EAC08FC23 for ; Mon, 24 Mar 2008 17:33:57 +0000 (UTC) (envelope-from asstec@matik.com.br) Received: from anb.p.matik.com.br (anb.p.matik.com.br [200.152.83.34] (may be forged)) by msrv.matik.com.br (8.14.1/8.13.1) with ESMTP id m2OHXwn0066674; Mon, 24 Mar 2008 14:33:58 -0300 (BRT) (envelope-from asstec@matik.com.br) From: AT Matik Organization: Infomatik To: "Alexander Shulikov" Date: Mon, 24 Mar 2008 14:33:18 -0300 User-Agent: KMail/1.9.7 References: <18292fe60803240107v1462a87v4222790745844d5d@mail.gmail.com> <18292fe60803240811j651decf7hd808373324f06948@mail.gmail.com> <18292fe60803240846i7095a367lfe7a104e32210ef1@mail.gmail.com> In-Reply-To: <18292fe60803240846i7095a367lfe7a104e32210ef1@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Message-Id: <200803241433.18898.asstec@matik.com.br> X-Virus-Scanned: ClamAV version 0.91.2, clamav-milter version 0.91.2 on msrv.matik.com.br X-Virus-Status: Clean Cc: freebsd-ipfw@freebsd.org, bu7cher@yandex.ru Subject: Re: kern/121955: [ipfw] [panic] freebsd 7.0 panic with mpd X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Mar 2008 17:33:59 -0000 On Monday 24 March 2008 12:46:41 Alexander Shulikov wrote: > Interesting changelog in cvs: > > Revision 1.114: download - view: text, markup, annotated - select for dif= fs > Tue Dec 25 09:36:51 2007 UTC (2 months, 4 weeks ago) by oleg > Branches: MAIN > Diff to: previous 1.113: preferred, colored > Changes since revision 1.113: +22 -7 lines > > Workaround p->numbytes overflow, which can result in infinite loop inside > dummynet module (prerequisite is using queues with "fat" pipe). > > PR: kern/113548 nice, this was in december right and after this date the problem still ocur= res=20 with dynamic pipes (mask src|dst-ip 0xfffffff) > > 2008/3/24, Alexander Shulikov : > > In real script I have in and out. But some ip's for the same speed I > > add in table, and then do: > > # 512/128 > > ${fwcmd} pipe 357 config bw 128Kbit/s queue 100 mask src-ip 0xffffffff > > ${fwcmd} pipe 358 config bw 512Kbit/s queue 100 mask dst-ip 0xffffffff > > ${fwcmd} add pipe 357 ip from "table(3)" to any in > > ${fwcmd} add pipe 358 ip from any to "table(3)" out > > > > IPs for individual speed added as in example in previous letter, but > > with in/out. > > > > But what can I do for resolve this problem. Now I have server with > > FreeBSD 6.2 and copy of this configs - and all works fine. o_O > > > > 2008/3/24, AT Matik : > > > On Monday 24 March 2008 11:51:44 Alexander Shulikov wrote: > > > > # sysctl -a | grep one_pass > > > > net.inet.ip.fw.one_pass: 0 > > > > > > > > Yes - it eq 0. But I need it for next situation: all net I need > > > > shape at one speed, but invididual ip addresses to another speed. > > > > For example, > > > > ipfw pipe 1 config bw 10Mbit/s queue 100 > > > > ipfw pipe 2 config bw 10Mbit/s queue 100 > > > > ipfw add pipe 1 ip from 192.168.1.0/24 to any > > > > ipfw add pipe 2 ip from any to 192.168.1.0/24 > > > > ipfw pipe 3 config bw 1Mbit/s queue 100 > > > > ipfw pipe 4 config bw 1Mbit/s queue 100 > > > > ipfw add pipe 3 ip from 192.168.1.1/32 to any > > > > ipfw add pipe 4 ip from any to 192.168.1.1/32 > > > > > > that should work, I have similar setups running fine > > > the /32 mask you should not need but I am missing the in/out > > > definition in your rules > > > > > > > ...... > > > > > > > > > > > > Also this configuration work in FreeBSD 6.2. (May be in 6.2 small= er > > > > call tree?) > > > > > > > > 2008/3/24, AT Matik : > > > > > On Monday 24 March 2008 08:08:02 Andrey V. Elsukov wrote: > > > > > > AT Matik wrote: > > > > > > > what do you mean? By setting to 0 the packages are not > > > > > > > re-injected into the pipe but go through other existing > > > > > > > rules after the matching pipe, or not? > > > > > > > > > > > > When you reset net.inet.ip.fw.one_pass to zero, packets retu= rn > > > > > > back into ipfw to the next rule after dummynet/netgraph. And > > > > > > if you have similar rules packets will be passed into > > > > > > dummynet/netgraph again. > > > > > > > > > > > > This is example how to get double fault (from mail archive): > > > > > > > > > > jaaa well but that is the famous bw 0 example which is not vali= d, > > > > > as by itself certainly an invalid config, not connected to the > > > > > existing problem the reporter has I guess > > > > > > > > > > Jo=C3=A3o > > > > > > > > > > > ifconfig em0 192.168.0.2/24 > > > > > > kldload ipfw > > > > > > kldload dummynet > > > > > > sysctl net.inet.ip.fw.one_pass=3D0 > > > > > > ipfw pipe 2 config bw 0 > > > > > > ipfw add 2 pipe 2 ip from any to any > > > > > > ipfw add 2 pipe 2 ip from any to any > > > > > > ipfw add 2 pipe 2 ip from any to any > > > > > > ipfw add 2 pipe 2 ip from any to any > > > > > > ipfw add 2 pipe 2 ip from any to any > > > > > > ipfw add 2 pipe 2 ip from any to any > > > > > > ipfw add 2 pipe 2 ip from any to any > > > > > > ipfw add 2 pipe 2 ip from any to any > > > > > > ipfw add 2 pipe 2 ip from any to any > > > > > > ipfw add 2 pipe 2 ip from any to any > > > > > > ipfw add 2 pipe 2 ip from any to any > > > > > > ipfw add 2 pipe 2 ip from any to any > > > > > > ipfw add 2 pipe 2 ip from any to any > > > > > > ipfw add 2 pipe 2 ip from any to any > > > > > > ipfw add 2 pipe 2 ip from any to any > > > > > > ipfw add 2 pipe 2 ip from any to any > > > > > > ipfw add 2 pipe 2 ip from any to any > > > > > > ping 192.168.0.1 > > > > > > > > > > -- > > > > > > > > > > > > > > > Atenciosamente, J.M. > > > > > Respons=C3=A1vel Plant=C3=A3o Site Support Matik > > > > > Infomatik Internet Technology > > > > > (18)3551.8155 (18)8112.7007 > > > > > http://info.matik.com.br > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > A mensagem foi scaneada pelo sistema de e-mail e pode ser > > > > > considerada segura. Service fornecido pelo Datacenter Matik > > > > > https://datacenter.matik.com.br > > > > > > -- > > > > > > > > > Atenciosamente, J.M. > > > Respons=C3=A1vel Plant=C3=A3o Site Support Matik > > > Infomatik Internet Technology > > > (18)3551.8155 (18)8112.7007 > > > http://info.matik.com.br > > > > > > > > > > > > > > > > > > > > > > > > A mensagem foi scaneada pelo sistema de e-mail e pode ser considera= da > > > segura. Service fornecido pelo Datacenter Matik=20 > > > https://datacenter.matik.com.br =2D-=20 Atenciosamente, J.M. Respons=C3=A1vel Plant=C3=A3o Site Support Matik Infomatik Internet Technology (18)3551.8155 =C2=A0(18)8112.7007 http://info.matik.com.br A mensagem foi scaneada pelo sistema de e-mail e pode ser considerada segura. Service fornecido pelo Datacenter Matik https://datacenter.matik.com.br