Traffic not going through dummynet

[Ian Smith]

On Sun, 19 Jul 2015 21:05:53 -0700, hiren panchasara wrote:
 > Bah.
 > 
 > So I removed ipfw and dummynet from kernconf and loaded them manually
 > after machine came up and it worked as expected.

In your previous post, you'd said you were using 11-current, and:

 > And GENERIC has:
 > options         IPFIREWALL
 > options         DUMMYNET
 > options         HZ=1000

Are you sure this was a 11 GENERIC kernconf?  Those options haven't 
been in GENERIC for ages (if ever?), though they haven't needed to be 
since (perhaps) 8.0.  I guess people just follow the handbook :(

 > Looks like some ordering issue between ipfw and dummynet. Fwiw, for
 > working setup, kldstat shows:
 > 
 > 13    2 0xffffffff81e21000 21490    ipfw.ko
 > 14    1 0xffffffff81e43000 d0f6     dummynet.ko

Indeed.  If you load ipfw and dummynet by the usual means, being 
firewall_enable=YES and dummynet_enable=YES in rc.conf, you'll notice 
that /etc/rc.d/ipfw, in ipfw_prestart, loads dummynet if enabled, and 
natd and/or firewall_nat if enabled, in that order.

The downside to doing that is that you have to have specified a type for 
rc.firewall or pointed to a custom ruleset so it's sane on startup.

Regarding the related(?) Bug 201488 - dummynet appears broken in 
10.0-RELEASE and onwards (can't traffic shape on bridges)
 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201488
it does seem likely to be the same issue as you noted.

Did you ever hear back from James Rice (for whom I seem to have seen no 
other messages for an email address) as to whether your advice about 
loading these in the other order helped there?

As to whether this is a regression, or it would have ever worked loading 
dummynet and then ipfw, I don't know, but I have a vague feeling that 
I've seen other issues regarding loading a module that's already in 
kernel in recent times .. sorry I can't be any more exact.

Maybe dummynet needs a check that ipfw is loaded before starting?

cheers, Ian