Date: Mon, 24 Mar 2008 16:41:37 -0300 From: AT Matik <asstec@matik.com.br> To: "Alexander Shulikov" <shulikov@gmail.com> Cc: freebsd-ipfw@freebsd.org, bu7cher@yandex.ru Subject: Re: kern/121955: [ipfw] [panic] freebsd 7.0 panic with mpd Message-ID: <200803241641.37884.asstec@matik.com.br> In-Reply-To: <18292fe60803241208i248ffeachf12c49aee3ab2756@mail.gmail.com> References: <18292fe60803240107v1462a87v4222790745844d5d@mail.gmail.com> <200803241411.51930.asstec@matik.com.br> <18292fe60803241208i248ffeachf12c49aee3ab2756@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Monday 24 March 2008 16:08:10 Alexander Shulikov wrote:
> By default I have:
> # sysctl kern.ipc.nmbclusters
> kern.ipc.nmbclusters: 25600
hard to say, do you checked netstat -m if you get to your limit? If you get=
=20
there set it higher
> # sysctl net.inet.ip.intr_queue_maxlen
> net.inet.ip.intr_queue_maxlen: 50
seems to be the default
try 128, 256, 512
>
> What range of value is optimal to try?
> Also I add to loader.conf:
> kern.maxusers=3D1536
I guess maxusers does not help for your setup and probably you should let t=
he=20
system selftune itself
> kern.ipc.maxpipekva=3D32000000
> net.graph.maxalloc=3D2048
> (but it was added after panic's)
>
I believe both do not help anything for ipfw
> Other thing, that I want to try - net.isr.direct -> 0? May be it
> temprorary resolved problem, because packet will be going to queue for
> processing.
>
I guess this does not help dummynet either
> 2008/3/24, AT Matik <asstec@matik.com.br>:
> > On Monday 24 March 2008 12:11:44 Alexander Shulikov wrote:
> > > In real script I have in and out. But some ip's for the same speed I
> > > add in table, and then do:
> > > # 512/128
> > > ${fwcmd} pipe 357 config bw 128Kbit/s queue 100 mask src-ip 0xffffff=
ff
> > > ${fwcmd} pipe 358 config bw 512Kbit/s queue 100 mask dst-ip 0xffffff=
ff
> > > ${fwcmd} add pipe 357 ip from "table(3)" to any in
> > > ${fwcmd} add pipe 358 ip from any to "table(3)" out
> > >
> > > IPs for individual speed added as in example in previous letter, but
> > > with in/out.
> > >
> > > But what can I do for resolve this problem. Now I have server with
> > > FreeBSD 6.2 and copy of this configs - and all works fine. o_O
> >
> > well I use the above different, first I define the pipe and second the =
bw
> > anyway I do not use tables
> >
> > also seems you use long queues so may be you like to tune
> > net.inet.ip.intr_queue_maxlen and mbuf of your machine
> >
> > > 2008/3/24, AT Matik <asstec@matik.com.br>:
> > > > On Monday 24 March 2008 11:51:44 Alexander Shulikov wrote:
> > > > > # sysctl -a | grep one_pass
> > > > > net.inet.ip.fw.one_pass: 0
> > > > >
> > > > > Yes - it eq 0. But I need it for next situation: all net I need
> > > > > shape at one speed, but invididual ip addresses to another spee=
d.
> > > > > For example,
> > > > > ipfw pipe 1 config bw 10Mbit/s queue 100
> > > > > ipfw pipe 2 config bw 10Mbit/s queue 100
> > > > > ipfw add pipe 1 ip from 192.168.1.0/24 to any
> > > > > ipfw add pipe 2 ip from any to 192.168.1.0/24
> > > > > ipfw pipe 3 config bw 1Mbit/s queue 100
> > > > > ipfw pipe 4 config bw 1Mbit/s queue 100
> > > > > ipfw add pipe 3 ip from 192.168.1.1/32 to any
> > > > > ipfw add pipe 4 ip from any to 192.168.1.1/32
> > > >
> > > > that should work, I have similar setups running fine
> > > > the /32 mask you should not need but I am missing the in/out
> > > > definition in your rules
> > > >
> > > > > ......
> > > > >
> > > > >
> > > > > Also this configuration work in FreeBSD 6.2. (May be in 6.2
> > > > > smaller call tree?)
> > > > >
> > > > > 2008/3/24, AT Matik <asstec@matik.com.br>:
> > > > > > On Monday 24 March 2008 08:08:02 Andrey V. Elsukov wrote:
> > > > > > > AT Matik wrote:
> > > > > > > > what do you mean? By setting to 0 the packages are not
> > > > > > > > re-injected into the pipe but go through other existing
> > > > > > > > rules after the matching pipe, or not?
> > > > > > >
> > > > > > > When you reset net.inet.ip.fw.one_pass to zero, packets
> > > > > > > return back into ipfw to the next rule after
> > > > > > > dummynet/netgraph. And if you have similar rules packets
> > > > > > > will be passed into
> > > > > > > dummynet/netgraph again.
> > > > > > >
> > > > > > > This is example how to get double fault (from mail archive=
):
> > > > > >
> > > > > > jaaa well but that is the famous bw 0 example which is not
> > > > > > valid, as by itself certainly an invalid config, not connected
> > > > > > to the existing problem the reporter has I guess
> > > > > >
> > > > > > Jo=C3=A3o
> > > > > >
> > > > > > > ifconfig em0 192.168.0.2/24
> > > > > > > kldload ipfw
> > > > > > > kldload dummynet
> > > > > > > sysctl net.inet.ip.fw.one_pass=3D0
> > > > > > > ipfw pipe 2 config bw 0
> > > > > > > ipfw add 2 pipe 2 ip from any to any
> > > > > > > ipfw add 2 pipe 2 ip from any to any
> > > > > > > ipfw add 2 pipe 2 ip from any to any
> > > > > > > ipfw add 2 pipe 2 ip from any to any
> > > > > > > ipfw add 2 pipe 2 ip from any to any
> > > > > > > ipfw add 2 pipe 2 ip from any to any
> > > > > > > ipfw add 2 pipe 2 ip from any to any
> > > > > > > ipfw add 2 pipe 2 ip from any to any
> > > > > > > ipfw add 2 pipe 2 ip from any to any
> > > > > > > ipfw add 2 pipe 2 ip from any to any
> > > > > > > ipfw add 2 pipe 2 ip from any to any
> > > > > > > ipfw add 2 pipe 2 ip from any to any
> > > > > > > ipfw add 2 pipe 2 ip from any to any
> > > > > > > ipfw add 2 pipe 2 ip from any to any
> > > > > > > ipfw add 2 pipe 2 ip from any to any
> > > > > > > ipfw add 2 pipe 2 ip from any to any
> > > > > > > ipfw add 2 pipe 2 ip from any to any
> > > > > > > ping 192.168.0.1
> > > > > >
> > > > > > --
> > > > > >
> > > > > >
> > > > > > Atenciosamente, J.M.
> > > > > > Respons=C3=A1vel Plant=C3=A3o Site Support Matik
> > > > > > Infomatik Internet Technology
> > > > > > (18)3551.8155 (18)8112.7007
> > > > > > http://info.matik.com.br
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > A mensagem foi scaneada pelo sistema de e-mail e pode ser
> > > > > > considerada segura. Service fornecido pelo Datacenter Matik
> > > > > > https://datacenter.matik.com.br
> > > >
> > > > --
> > > >
> > > >
> > > > Atenciosamente, J.M.
> > > > Respons=C3=A1vel Plant=C3=A3o Site Support Matik
> > > > Infomatik Internet Technology
> > > > (18)3551.8155 (18)8112.7007
> > > > http://info.matik.com.br
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > A mensagem foi scaneada pelo sistema de e-mail e pode ser
> > > > considerada segura. Service fornecido pelo Datacenter Matik
> > > > https://datacenter.matik.com.br
> >
> > --
> >
> >
> > Atenciosamente, J.M.
> > Respons=C3=A1vel Plant=C3=A3o Site Support Matik
> > Infomatik Internet Technology
> > (18)3551.8155 (18)8112.7007
> > http://info.matik.com.br
> >
> >
> >
> >
> >
> >
> >
> > A mensagem foi scaneada pelo sistema de e-mail e pode ser considerada
> > segura. Service fornecido pelo Datacenter Matik=20
> > https://datacenter.matik.com.br
=2D-=20
Atenciosamente, J.M.
Respons=C3=A1vel Plant=C3=A3o Site Support Matik
Infomatik Internet Technology
(18)3551.8155 =C2=A0(18)8112.7007
http://info.matik.com.br
A mensagem foi scaneada pelo sistema de e-mail e pode ser considerada segura.
Service fornecido pelo Datacenter Matik https://datacenter.matik.com.br
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200803241641.37884.asstec>