From owner-freebsd-bugs@FreeBSD.ORG Tue Oct 13 21:40:03 2009 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 46305106568F for ; Tue, 13 Oct 2009 21:40:03 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 0AEDD8FC1C for ; Tue, 13 Oct 2009 21:40:03 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n9DLe2TL072035 for ; Tue, 13 Oct 2009 21:40:02 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n9DLe2Om072026; Tue, 13 Oct 2009 21:40:02 GMT (envelope-from gnats) Resent-Date: Tue, 13 Oct 2009 21:40:02 GMT Resent-Message-Id: <200910132140.n9DLe2Om072026@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, alexus Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 652F31065692 for ; Tue, 13 Oct 2009 21:34:32 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21]) by mx1.freebsd.org (Postfix) with ESMTP id 540CF8FC19 for ; Tue, 13 Oct 2009 21:34:32 +0000 (UTC) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.14.3/8.14.3) with ESMTP id n9DLYWam041206 for ; Tue, 13 Oct 2009 21:34:32 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.14.3/8.14.3/Submit) id n9DLYVsl041205; Tue, 13 Oct 2009 21:34:31 GMT (envelope-from nobody) Message-Id: <200910132134.n9DLYVsl041205@www.freebsd.org> Date: Tue, 13 Oct 2009 21:34:31 GMT From: alexus To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: bin/139581: ipfw pipe X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Oct 2009 21:40:03 -0000 >Number: 139581 >Category: bin >Synopsis: ipfw pipe >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Oct 13 21:40:02 UTC 2009 >Closed-Date: >Last-Modified: >Originator: alexus >Release: 7.2 >Organization: alexusbiz corp. >Environment: FreeBSD dd.alexus.org 7.2-RELEASE-p1 FreeBSD 7.2-RELEASE-p1 #7: Sat Jun 27 02:42:30 UTC 2009 alexus@dd.alexus.org:/usr/obj/usr/src/sys/GENERIC amd64 >Description: su-3.2# cat /etc/ipfw.rules flush pipe flush pipe 1 config bw 2Mbit/s add 100 allow ip from any to any via lo0 add 200 deny ip from any to 127.0.0.0/8 add 300 deny ip from 127.0.0.0/8 to any add 8380 pipe 1 tcp from any to any src-port www uid daemon add 8380 pipe 1 tcp from any to any dst-port www uid daemon add 65000 pass all from any to any su-3.2# ipfw show 00100 1249368 205115325 allow ip from any to any via lo0 00200 0 0 deny ip from any to 127.0.0.0/8 00300 0 0 deny ip from 127.0.0.0/8 to any 08380 2838075 3586421013 pipe 1 tcp from any 80 to any uid daemon 08380 2097473 136454502 pipe 1 tcp from any to any dst-port 80 uid daemon 65000 5740679 4716157064 allow ip from any to any 65535 0 0 deny ip from any to any su-3.2# ipfw pipe show 00001: 2.000 Mbit/s 0 ms 50 sl. 1 queues (1 buckets) droptail mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp 0 tcp 64.237.55.83/59388 208.80.152.3/80 4936077 3723134341 0 0 30179 su-3.2# ps auxwww | grep ^daemon daemon 81736 0.7 0.3 77768 26460 ?? SJ 9:28PM 0:00.60 /usr/local/apache2/bin/httpd -k start daemon 81244 0.0 0.3 76744 23860 ?? SJ 9:27PM 0:00.23 /usr/local/apache2/bin/httpd -k start daemon 81253 0.0 0.3 75720 23628 ?? SJ 9:27PM 0:00.34 /usr/local/apache2/bin/httpd -k start daemon 81624 0.0 0.3 76744 25184 ?? SJ 9:27PM 0:00.52 /usr/local/apache2/bin/httpd -k start daemon 81625 0.0 0.3 75720 23640 ?? SJ 9:27PM 0:00.15 /usr/local/apache2/bin/httpd -k start daemon 81678 0.0 0.3 75720 23672 ?? SJ 9:28PM 0:00.24 /usr/local/apache2/bin/httpd -k start daemon 81929 0.0 0.3 75720 23564 ?? SJ 9:29PM 0:00.25 /usr/local/apache2/bin/httpd -k start daemon 81930 0.0 0.3 75720 23484 ?? SJ 9:29PM 0:00.13 /usr/local/apache2/bin/httpd -k start daemon 81931 0.0 0.3 75720 23616 ?? SJ 9:29PM 0:00.14 /usr/local/apache2/bin/httpd -k start daemon 81938 0.0 0.3 76744 23912 ?? SJ 9:29PM 0:00.14 /usr/local/apache2/bin/httpd -k start daemon 82710 0.0 0.3 75720 23468 ?? SJ 9:30PM 0:00.07 /usr/local/apache2/bin/httpd -k start daemon 82747 0.0 0.3 75720 23492 ?? SJ 9:30PM 0:00.04 /usr/local/apache2/bin/httpd -k start daemon 82748 0.0 0.3 75720 23604 ?? SJ 9:30PM 0:00.04 /usr/local/apache2/bin/httpd -k start daemon 82749 0.0 0.3 76744 23808 ?? SJ 9:30PM 0:00.06 /usr/local/apache2/bin/httpd -k start daemon 82758 0.0 0.3 75720 23448 ?? SJ 9:31PM 0:00.02 /usr/local/apache2/bin/httpd -k start daemon 82759 0.0 0.3 75720 23460 ?? SJ 9:31PM 0:00.02 /usr/local/apache2/bin/httpd -k start su-3.2# I'm trying to limit my apache that runs under daemon to up 2Mbit/s when I do "ipfw pipe show" I don't see anything in my slots other then very first entry that never chage, nor does it limits my traffic, as if I look at my MRTG i see way more traffic then 2Mbit/s >How-To-Repeat: su-3.2# cat /etc/ipfw.rules flush pipe flush pipe 1 config bw 2Mbit/s add 100 allow ip from any to any via lo0 add 200 deny ip from any to 127.0.0.0/8 add 300 deny ip from 127.0.0.0/8 to any add 8380 pipe 1 tcp from any to any src-port www uid daemon add 8380 pipe 1 tcp from any to any dst-port www uid daemon add 65000 pass all from any to any su-3.2# /etc/rc.d/ipfw restart /etc/rc.d/ipfw: DEBUG: checkyesno: firewall_enable is set to YES. /etc/rc.d/ipfw: DEBUG: checkyesno: firewall_enable is set to YES. /etc/rc.d/ipfw: DEBUG: run_rc_command: doit: ipfw_stop net.inet.ip.fw.enable: 1 -> 0 /etc/rc.d/natd: DEBUG: checkyesno: natd_enable is set to NO. /etc/rc.d/ipfw: DEBUG: checkyesno: firewall_enable is set to YES. /etc/rc.d/ipfw: DEBUG: run_rc_command: start_precmd: ipfw_prestart /etc/rc.d/ipfw: DEBUG: checkyesno: dummynet_enable is set to NO. /etc/rc.d/ipfw: DEBUG: checkyesno: firewall_nat_enable is set to NO. /etc/rc.d/ipfw: DEBUG: load_kld: ipfw kernel module already loaded. /etc/rc.d/ipfw: DEBUG: run_rc_command: doit: ipfw_start /etc/rc.d/natd: DEBUG: checkyesno: natd_enable is set to NO. Firewall rules loaded. /etc/rc.d/ipfw: DEBUG: checkyesno: firewall_logging is set to YES. Firewall logging enabled. net.inet.ip.fw.enable: 0 -> 1 su-3.2# >Fix: beats me! i post question on freebsd mailing list, freebsd forums asked same question on other websites no one seems to know... >Release-Note: >Audit-Trail: >Unformatted: