dummynet dropping too many packets
rihad
rihad at mail.ru
Sat Oct 17 15:01:11 UTC 2009
Robert Watson wrote:
>
> On Sat, 17 Oct 2009, rihad wrote:
>
>> P.S.: BTW, there's a small admin-type inconsistency in FreeBSD 7.1:
>> /etc/rc.firewall gets executed before values set by /etc/sysctl.conf
>> are in effect, so "queue 2000" isn't allowed in ipfw pipe rules (as
>> net.inet.ip.dummynet.pipe_slot_limit is only 100 by default), so the
>> rules are silently failing without any trace in the log files - I only
>> saw the errors at the console.
>
> This is awkward to fix for sysctls, because the firewall module may not
> be loaded until the firewall stage of the boot process, so the sysctl
> wouldn't take effect (and perhaps this is what you're seeing, in fact?).
>
Well, my kernel is built with IPFIREWALL enabled, so ipfw module is
unneeded and doesn't get loaded automatically. I rather still think it's
the order of execution that matters.
For that matter I've worked around the problem for now by setting the
sysctls explicitly in /etc/rc.firewall right before configuring the pipes:
/sbin/sysctl net.inet.ip.dummynet.hash_size=512
/sbin/sysctl net.inet.ip.dummynet.pipe_slot_limit=2000
and commented them out in /etc/sysctl.conf with an XXX
Now I see that this is also the reason why setting
net.inet.ip.dummynet.hash_size in sysctl.conf had no effect on the hash
table size at the time of creation of the pipes.
> Some sysctls have associated loader tunables, which you can set in
> /boot/loader.conf (and affect configuration when the module is loaded),
> but it looks like that isn't true for net.inet.ip.dummynet.pipe_slot_limit.
>
> Robert N M Watson
> Computer Laboratory
> University of Cambridge
>
>
More information about the freebsd-net
mailing list