Hello! I have about 8000 ips in network. Each ip must be shaped to no more then 2Mbit/s. My configuration is: ipfw pipe 22 config bw 2Mbit/s mask dst-ip 0xffffffff buckets 8192 So, when the net.inet.ip.dummynet.hash_size: 64 [root@vpn ~]# ipfw pipe 22 list 00022: 2.000 Mbit/s 0 ms burst 0 q131094 50 sl. 0 flows (1 buckets) sched 65558 weight 0 lmax 0 pri 0 droptail sched 65558 type FIFO flags 0x1 1024 buckets 4 active When: net.inet.ip.dummynet.hash_size: 8192 ipfw pipe 22 config bw 2Mbit/s mask dst-ip 0xffffffff buckets 8192 [root@vpn ~]# ipfw pipe 22 list 00022: 2.000 Mbit/s 0 ms burst 0 q131094 50 sl. 0 flows (1 buckets) sched 65558 weight 0 lmax 0 pri 0 droptail sched 65558 type FIFO flags 0x1 1024 buckets 4 active When: net.inet.ip.dummynet.hash_size: 8192 ipfw pipe 22 config bw 2Mbit/s mask dst-ip 0xffffffff NOTE: I have not use "buckets" parameter [root@vpn ~]# ipfw pipe 22 list 00022: 2.000 Mbit/s 0 ms burst 0 q131094 50 sl. 0 flows (1 buckets) sched 65558 weight 0 lmax 0 pri 0 droptail sched 65558 type FIFO flags 0x1 8192 buckets 4 active Fix: Do not use "buckets" parameter and set appropriate sysctl How-To-Repeat: Please see full description
Responsible Changed From-To: freebsd-bugs->freebsd-ipfw Over to maintainer(s).
State Changed From-To: open->analyzed There is a bug in ipdn_bound_var() function. It is designed to bound variables between minimum and maximum values. But it does not work as expected and user can set value bigger than maximum allowed. So, i can fix this function and you will not be able to set 8k value for buckets. The hardcoded maximum for buckets is 1024. Are you agree with this change?
Author: ae Date: Tue Apr 19 11:29:09 2011 New Revision: 220831 URL: http://svn.freebsd.org/changeset/base/220831 Log: ipdn_bound_var() functions is designed to bound a variable between specified minimum and maximum. In case when specified default value is out of bounds it does not work as expected and does not limit variable. Check that default value is in range and limit it if needed. Also bump max_hash_size value to 65536 to correspond with manual page. PR: kern/152887 MFC after: 2 weeks Modified: head/sys/netinet/ipfw/ip_dummynet.c Modified: head/sys/netinet/ipfw/ip_dummynet.c ============================================================================== --- head/sys/netinet/ipfw/ip_dummynet.c Tue Apr 19 10:57:40 2011 (r220830) +++ head/sys/netinet/ipfw/ip_dummynet.c Tue Apr 19 11:29:09 2011 (r220831) @@ -108,6 +108,10 @@ ipdn_bound_var(int *v, int dflt, int lo, { int oldv = *v; const char *op = NULL; + if (dflt < lo) + dflt = lo; + if (dflt > hi) + dflt = hi; if (oldv < lo) { *v = dflt; op = "Bump"; @@ -2128,7 +2132,7 @@ ip_dn_init(void) dn_cfg.red_max_pkt_size = 1500; /* default max packet size */ /* hash tables */ - dn_cfg.max_hash_size = 1024; /* max in the hash tables */ + dn_cfg.max_hash_size = 65536; /* max in the hash tables */ dn_cfg.hash_size = 64; /* default hash size */ /* create hash tables for schedulers and flowsets. _______________________________________________ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
State Changed From-To: analyzed->patched Patched in head/.
Author: ae Date: Tue May 3 05:09:02 2011 New Revision: 221359 URL: http://svn.freebsd.org/changeset/base/221359 Log: MFC r220831: ipdn_bound_var() function is designed to bound a variable between specified minimum and maximum. In case when specified default value is out of bounds it does not work as expected and does not limit variable. Check that default value is in range and limit it if needed. Also bump max_hash_size value to 65536 to correspond with manual page. PR: kern/152887 Modified: stable/8/sys/netinet/ipfw/ip_dummynet.c Directory Properties: stable/8/sys/ (props changed) stable/8/sys/amd64/include/xen/ (props changed) stable/8/sys/cddl/contrib/opensolaris/ (props changed) stable/8/sys/contrib/dev/acpica/ (props changed) stable/8/sys/contrib/pf/ (props changed) Modified: stable/8/sys/netinet/ipfw/ip_dummynet.c ============================================================================== --- stable/8/sys/netinet/ipfw/ip_dummynet.c Tue May 3 04:44:50 2011 (r221358) +++ stable/8/sys/netinet/ipfw/ip_dummynet.c Tue May 3 05:09:02 2011 (r221359) @@ -108,6 +108,10 @@ ipdn_bound_var(int *v, int dflt, int lo, { int oldv = *v; const char *op = NULL; + if (dflt < lo) + dflt = lo; + if (dflt > hi) + dflt = hi; if (oldv < lo) { *v = dflt; op = "Bump"; @@ -2129,7 +2133,7 @@ ip_dn_init(void) dn_cfg.red_max_pkt_size = 1500; /* default max packet size */ /* hash tables */ - dn_cfg.max_hash_size = 1024; /* max in the hash tables */ + dn_cfg.max_hash_size = 65536; /* max in the hash tables */ dn_cfg.hash_size = 64; /* default hash size */ /* create hash tables for schedulers and flowsets. _______________________________________________ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
State Changed From-To: patched->closed Merged to stable/8. Thanks!