Traffic not going through dummynet
Ian Smith
smithi at nimnet.asn.au
Sun Jul 26 08:52:27 UTC 2015
On Sun, 19 Jul 2015 21:05:53 -0700, hiren panchasara wrote:
> Bah.
>
> So I removed ipfw and dummynet from kernconf and loaded them manually
> after machine came up and it worked as expected.
In your previous post, you'd said you were using 11-current, and:
> And GENERIC has:
> options IPFIREWALL
> options DUMMYNET
> options HZ=1000
Are you sure this was a 11 GENERIC kernconf? Those options haven't
been in GENERIC for ages (if ever?), though they haven't needed to be
since (perhaps) 8.0. I guess people just follow the handbook :(
> Looks like some ordering issue between ipfw and dummynet. Fwiw, for
> working setup, kldstat shows:
>
> 13 2 0xffffffff81e21000 21490 ipfw.ko
> 14 1 0xffffffff81e43000 d0f6 dummynet.ko
Indeed. If you load ipfw and dummynet by the usual means, being
firewall_enable=YES and dummynet_enable=YES in rc.conf, you'll notice
that /etc/rc.d/ipfw, in ipfw_prestart, loads dummynet if enabled, and
natd and/or firewall_nat if enabled, in that order.
The downside to doing that is that you have to have specified a type for
rc.firewall or pointed to a custom ruleset so it's sane on startup.
Regarding the related(?) Bug 201488 - dummynet appears broken in
10.0-RELEASE and onwards (can't traffic shape on bridges)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201488
it does seem likely to be the same issue as you noted.
Did you ever hear back from James Rice (for whom I seem to have seen no
other messages for an email address) as to whether your advice about
loading these in the other order helped there?
As to whether this is a regression, or it would have ever worked loading
dummynet and then ipfw, I don't know, but I have a vague feeling that
I've seen other issues regarding loading a module that's already in
kernel in recent times .. sorry I can't be any more exact.
Maybe dummynet needs a check that ipfw is loaded before starting?
cheers, Ian
More information about the freebsd-ipfw
mailing list