Re: dummynet dropping too many packets

Fri, 09 Oct 2009 07:35:30 -0700 

Oleg Bulyzhin wrote:

On Wed, Oct 07, 2009 at 03:52:56PM +0500, rihad wrote:
You probably have some special sources of documentation ;-) According to man ipfw, both "netgraph/ngtee" and "pipe" decide the fate of the packet unless one_pass=0. Or do you mean sprinkling smart skiptos here and there? ;-) 

you can
1) use ng_ether & ng_netflow. (so no need in 'ngtee' rule).
2) use 'tee' rule with ng_ksocket & ng_netflow


Could you show your 'ipfw show' output? (hide ip addresses if you wish but
keep counters please).




Here it is, in its whole glory:

00100   10434423   1484891105 allow ip from any to any via lo0
00200          2           14 deny ip from any to 127.0.0.0/8
00300          1            4 deny ip from 127.0.0.0/8 to any
01000 3300039938 327603104711 allow ip from any to any in
01010   26214900    421138433 allow ip from me to any out
01020    5453857     46806278 allow icmp from any to any out
01030 3268289053 327224694165 ngtee 1 ip from any to any out
01040 18681181 1089636054 skipto 1100 ip from table(127) to any out recv bce0 xmit bce1 01060 777488848 76743392754 pipe tablearg ip from any to table(0) out recv bce0 xmit bce1 01070 776831109 76682499457 allow ip from any to table(0) out recv bce0 xmit bce1 
01100   13102697    808411842 pipe tablearg ip from any to table(2) out
65535  662648946  66711487830 allow ip from any to any


I guess this one would be better(faster):

00050 allow ip from any to any in
00100 allow ip from any to any via lo0
01010 allow ip from me to any
01020 allow icmp from any to any
01030 ngtee 1 ip from any to any
01035 skipto 1040 ip from any to any recv bce0 xmit bce1
01036 allow ip from any to any
01040 skipto 1100 ip from table(127) to any
01060 pipe tablearg ip from any to table(0)
01070 allow ip from any to any
01100 pipe tablearg ip from any to table(2)
65535 allow ip from any to any


Tried it just now - no visible effect.
400-700 packet drops per second which is around 5-7 mbps dropped on output. So I don't think getting rid of one_pass=0 would help at all. 
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

Reply via email to