ipfw3: Cannot allocate memory

Dmukha Nikolay cosmic17 at yandex.ru
Thu Jul 29 12:48:06 UTC 2010


Hello.
There is some problem with ipfw3 from Luigi Rizzo.

uname -a:
FreeBSD test 8.0-STABLE-201005 FreeBSD 8.0-STABLE-201005 #0: Wed Jul 28 12:04:29 MSD 2010     root at test:/usr/src/sys/amd64/compile/MYKERNEL  amd64

The rules in /etc/rc.firewall like:
...
$IPFW pipe 11 config bw 1040Kbit/s mask dst-ip 0xffffffff 
$IPFW pipe 12 config bw 1040Kbit/s mask src-ip 0xffffffff 
########pipe 11
$IPFW sched 11 config type QFQ mask dst-ip 0xffffff00
$IPFW queue 113 config sched 11 weight 4
$IPFW queue 114 config sched 11 weight 1
$IPFW add queue 113 ip from any to table\(10\) via igb0 out proto tcp src-port 5223, 2009, 2106, 3724, 6112, 6881-6999, 7777, 27000-27050, 42292
$IPFW add queue 113 ip from any to table\(10\) via igb0 out proto icmp
$IPFW add queue 114 ip from any to table\(10\) via igb0 out
$IPFW add queue 113 ip from any to table\(10\) via igb2 out proto tcp src-port 5223, 2009, 2106, 3724, 6112, 6881-6999, 7777, 27000-27050, 42292
$IPFW add queue 113 ip from any to table\(10\) via igb2 out proto icmp
$IPFW add queue 114 ip from any to table\(10\) via igb2 out
########pipe 12
$IPFW sched 12 config type QFQ mask src-ip 0xffffff00
$IPFW queue 123 config sched 12 weight 4
$IPFW queue 124 config sched 12 weight 1
$$IPFW add queue 123 ip from table\(11\) to any via igb1 out proto tcp dst-port 5223, 2009, 2106, 3724, 6112, 6881-6999, 7777, 27000-27050, 42292
$IPFW add queue 123 ip from table\(11\) to any via igb1 out proto icmp
$IPFW add queue 124 ip from table\(11\) to any via igb1 out
$IPFW add queue 123 ip from table\(11\) to any via igb3 out proto tcp dst-port 5223, 2009, 2106, 3724, 6112, 6881-6999, 7777, 27000-27050, 42292
$IPFW add queue 123 ip from table\(11\) to any via igb3 out proto icmp
$IPFW add queue 124 ip from table\(11\) to any via igb3 out
...

Every morning script restart firewall at 6 o`clock. There was no any problems with it for a few months. But in the morning I saw messages below and firewall doesn`t work correctly:
...
update_fs fs 111 for sch 11 not 20 still unlinked
config_sched cannot allocate scheduler 65556
ipfw: setsockopt(IP_DUMMYNET_CONFIGURE): Cannot allocate memory
....
And so on for all my schedulers and queues.
I tried to restart ipfw by hand, but had no good results - the same messages. Firewall worked correctly after reboot the system.
Do you know what is the problem with ipfw?
Thanks.


More information about the freebsd-ipfw mailing list