Date: Thu, 30 Jul 2015 11:25:51 -0700 From: hiren panchasara <hiren@FreeBSD.org> To: Ian Smith <smithi@nimnet.asn.au> Cc: freebsd-ipfw@freebsd.org Subject: Re: Traffic not going through dummynet Message-ID: <20150730182551.GF39365@strugglingcoder.info> In-Reply-To: <20150726181056.C17327@sola.nimnet.asn.au>
next in thread | previous in thread | raw e-mail | index | archive | help
--eVzOFob/8UvintSX Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable (For various reason's I didn't get/see Ian's message. Trying to do the right thing by setting "In-Reply-To".) On 07/27/15 at 01:07P, Ian Smith wrote: > On Sun, 19 Jul 2015 21:05:53 -0700, hiren panchasara wrote: > > Bah. > >=20 > > So I removed ipfw and dummynet from kernconf and loaded them manually > > after machine came up and it worked as expected. >=20 > In your previous post, you'd said you were using 11-current, and: >=20 > > And GENERIC has: > > options IPFIREWALL > > options DUMMYNET > > options HZ=3D1000 >=20 > Are you sure this was a 11 GENERIC kernconf? Those options haven't=20 > been in GENERIC for ages (if ever?), though they haven't needed to be=20 > since (perhaps) 8.0. I guess people just follow the handbook :( I modified GENERIC and added those options. I should have been more clear here. >=20 > > Looks like some ordering issue between ipfw and dummynet. Fwiw, for > > working setup, kldstat shows: > >=20 > > 13 2 0xffffffff81e21000 21490 ipfw.ko > > 14 1 0xffffffff81e43000 d0f6 dummynet.ko >=20 > Indeed. If you load ipfw and dummynet by the usual means, being=20 > firewall_enable=3DYES and dummynet_enable=3DYES in rc.conf, you'll notice= =20 > that /etc/rc.d/ipfw, in ipfw_prestart, loads dummynet if enabled, and=20 > natd and/or firewall_nat if enabled, in that order. >=20 > The downside to doing that is that you have to have specified a type for= =20 > rc.firewall or pointed to a custom ruleset so it's sane on startup. Didn't know the usual mean of rc.conf modifications. >=20 > Regarding the related(?) Bug 201488 - dummynet appears broken in=20 > 10.0-RELEASE and onwards (can't traffic shape on bridges) > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D201488 > it does seem likely to be the same issue as you noted. >=20 > Did you ever hear back from James Rice (for whom I seem to have seen no= =20 > other messages for an email address) as to whether your advice about=20 > loading these in the other order helped there? I haven't heard back yet. >=20 > As to whether this is a regression, or it would have ever worked loading= =20 > dummynet and then ipfw, I don't know, but I have a vague feeling that=20 > I've seen other issues regarding loading a module that's already in=20 > kernel in recent times .. sorry I can't be any more exact. Yeah, good point about whether this is a regression or not. I am not aware of any such loading issues wrt modules. >=20 > Maybe dummynet needs a check that ipfw is loaded before starting? That'd be logical, imo. Cheers, Hiren --eVzOFob/8UvintSX Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iQF8BAEBCgBmBQJVumwuXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBNEUyMEZBMUQ4Nzg4RjNGMTdFNjZGMDI4 QjkyNTBFMTU2M0VERkU1AAoJEIuSUOFWPt/lIKMH/AhnqfbqlQm3viX/wQC7p4iS mZbmxU8OFLm/AXDT0P7tnaw/hsvPeJ0Dcxum45FxE8+/R7Zj0u0qTVytoHdO9/6Y WiL7WxJi9lxVQoThx5yvRm0sLBHnFpJz8P8tkNIEwjyxzRSw9LuJdtLmnaVlCtrd ZV80nq99lgqYix/E86D/61McugjRfycxJBr4XEdxngLpAHa0RRYDjEOMH2LdvZzh ysru6q6yYGUeLMeFjxFKsbrffFRf5RpEBKKZYtmKSGWhjGvsUO1EvSeXBgJNsLuP 0EoY3Z5Id1vNDNZJ0/tlsbv8sUliwSuxYint2/374JeRPhVCUI0kRV+f7Dyu4+8= =dvEU -----END PGP SIGNATURE----- --eVzOFob/8UvintSX--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150730182551.GF39365>