Traffic not going through dummynet

hiren panchasara hiren at FreeBSD.org
Thu Jul 30 18:25:53 UTC 2015 

(For various reason's I didn't get/see Ian's message. Trying to do the
right thing by setting "In-Reply-To".)

On 07/27/15 at 01:07P, Ian Smith wrote:
> On Sun, 19 Jul 2015 21:05:53 -0700, hiren panchasara wrote:
>  > Bah.
>  > 
>  > So I removed ipfw and dummynet from kernconf and loaded them manually
>  > after machine came up and it worked as expected.
> 
> In your previous post, you'd said you were using 11-current, and:
> 
>  > And GENERIC has:
>  > options         IPFIREWALL
>  > options         DUMMYNET
>  > options         HZ=1000
> 
> Are you sure this was a 11 GENERIC kernconf?  Those options haven't 
> been in GENERIC for ages (if ever?), though they haven't needed to be 
> since (perhaps) 8.0.  I guess people just follow the handbook :(

I modified GENERIC and added those options. I should have been more
clear here.
> 
>  > Looks like some ordering issue between ipfw and dummynet. Fwiw, for
>  > working setup, kldstat shows:
>  > 
>  > 13    2 0xffffffff81e21000 21490    ipfw.ko
>  > 14    1 0xffffffff81e43000 d0f6     dummynet.ko
> 
> Indeed.  If you load ipfw and dummynet by the usual means, being 
> firewall_enable=YES and dummynet_enable=YES in rc.conf, you'll notice 
> that /etc/rc.d/ipfw, in ipfw_prestart, loads dummynet if enabled, and 
> natd and/or firewall_nat if enabled, in that order.
> 
> The downside to doing that is that you have to have specified a type for 
> rc.firewall or pointed to a custom ruleset so it's sane on startup.

Didn't know the usual mean of rc.conf modifications.
> 
> Regarding the related(?) Bug 201488 - dummynet appears broken in 
> 10.0-RELEASE and onwards (can't traffic shape on bridges)
>  https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201488
> it does seem likely to be the same issue as you noted.
> 
> Did you ever hear back from James Rice (for whom I seem to have seen no 
> other messages for an email address) as to whether your advice about 
> loading these in the other order helped there?

I haven't heard back yet.
> 
> As to whether this is a regression, or it would have ever worked loading 
> dummynet and then ipfw, I don't know, but I have a vague feeling that 
> I've seen other issues regarding loading a module that's already in 
> kernel in recent times .. sorry I can't be any more exact.

Yeah, good point about whether this is a regression or not. I am not
aware of any such loading issues wrt modules.
> 
> Maybe dummynet needs a check that ipfw is loaded before starting?

That'd be logical, imo.

Cheers,
Hiren
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 618 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-ipfw/attachments/20150730/61551039/attachment.bin>

More information about the freebsd-ipfw mailing list