From nobody@FreeBSD.org  Tue Dec  7 12:45:41 2010
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 881FF1065693
	for <freebsd-gnats-submit@FreeBSD.org>; Tue,  7 Dec 2010 12:45:41 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (unknown [IPv6:2001:4f8:fff6::22])
	by mx1.freebsd.org (Postfix) with ESMTP id 790388FC19
	for <freebsd-gnats-submit@FreeBSD.org>; Tue,  7 Dec 2010 12:45:41 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.4/8.14.4) with ESMTP id oB7Cje04036274
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 7 Dec 2010 12:45:40 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.4/8.14.4/Submit) id oB7Cjekc036273;
	Tue, 7 Dec 2010 12:45:40 GMT
	(envelope-from nobody)
Message-Id: <201012071245.oB7Cjekc036273@red.freebsd.org>
Date: Tue, 7 Dec 2010 12:45:40 GMT
From: Boris Kovalenko <boris@tagnet.ru>
To: freebsd-gnats-submit@FreeBSD.org
Subject: IPFW: Can not set more then 1024 buckets with buckets flag
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         152887
>Category:       kern
>Synopsis:       [ipfw] Can not set more then 1024 buckets with buckets flag
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ipfw
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Dec 07 12:50:10 UTC 2010
>Closed-Date:    Tue May 03 11:15:17 UTC 2011
>Last-Modified:  Tue May 03 11:15:17 UTC 2011
>Originator:     Boris Kovalenko
>Release:        8.1-RELEASE
>Organization:
JSC "TAGNet"
>Environment:
FreeBSD vpn.tagnet.hn 8.1-RELEASE FreeBSD 8.1-RELEASE #1: Mon Dec  6 14:01:28 YEKT 2010     root@vpn.tagnet.hn:/usr/obj/usr/src/sys/VPN  amd64
>Description:
Hello!

I have about 8000 ips in network. Each ip must be shaped to no more then 2Mbit/s. My configuration is:

ipfw pipe 22 config bw 2Mbit/s mask dst-ip 0xffffffff buckets 8192

So, when the net.inet.ip.dummynet.hash_size: 64

[root@vpn ~]# ipfw pipe 22 list
00022:   2.000 Mbit/s    0 ms burst 0 
q131094  50 sl. 0 flows (1 buckets) sched 65558 weight 0 lmax 0 pri 0 droptail
 sched 65558 type FIFO flags 0x1 1024 buckets 4 active

When:
net.inet.ip.dummynet.hash_size: 8192
ipfw pipe 22 config bw 2Mbit/s mask dst-ip 0xffffffff buckets 8192

[root@vpn ~]# ipfw pipe 22 list
00022:   2.000 Mbit/s    0 ms burst 0 
q131094  50 sl. 0 flows (1 buckets) sched 65558 weight 0 lmax 0 pri 0 droptail
 sched 65558 type FIFO flags 0x1 1024 buckets 4 active

When:
net.inet.ip.dummynet.hash_size: 8192
ipfw pipe 22 config bw 2Mbit/s mask dst-ip 0xffffffff
NOTE: I have not use "buckets" parameter

[root@vpn ~]# ipfw pipe 22 list
00022:   2.000 Mbit/s    0 ms burst 0 
q131094  50 sl. 0 flows (1 buckets) sched 65558 weight 0 lmax 0 pri 0 droptail
 sched 65558 type FIFO flags 0x1 8192 buckets 4 active



>How-To-Repeat:
Please see full description
>Fix:
Do not use "buckets" parameter and set appropriate sysctl


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-ipfw 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Wed Dec 8 06:13:13 UTC 2010 
Responsible-Changed-Why:  
Over to maintainer(s). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=152887 
State-Changed-From-To: open->analyzed 
State-Changed-By: ae 
State-Changed-When: Thu Mar 31 16:51:11 UTC 2011 
State-Changed-Why:  
There is a bug in ipdn_bound_var() function. It is designed 
to bound variables between minimum and maximum values. But 
it does not work as expected and user can set value bigger 
than maximum allowed. 

So, i can fix this function and you will not be able to 
set 8k value for buckets. The hardcoded maximum for  
buckets is 1024. Are you agree with this change? 


http://www.freebsd.org/cgi/query-pr.cgi?pr=152887 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/152887: commit references a PR
Date: Tue, 19 Apr 2011 11:29:18 +0000 (UTC)

 Author: ae
 Date: Tue Apr 19 11:29:09 2011
 New Revision: 220831
 URL: http://svn.freebsd.org/changeset/base/220831
 
 Log:
   ipdn_bound_var() functions is designed to bound a variable between
   specified minimum and maximum. In case when specified default value
   is out of bounds it does not work as expected and does not limit
   variable. Check that default value is in range and limit it if needed.
   Also bump max_hash_size value to 65536 to correspond with manual page.
   
   PR:		kern/152887
   MFC after:	2 weeks
 
 Modified:
   head/sys/netinet/ipfw/ip_dummynet.c
 
 Modified: head/sys/netinet/ipfw/ip_dummynet.c
 ==============================================================================
 --- head/sys/netinet/ipfw/ip_dummynet.c	Tue Apr 19 10:57:40 2011	(r220830)
 +++ head/sys/netinet/ipfw/ip_dummynet.c	Tue Apr 19 11:29:09 2011	(r220831)
 @@ -108,6 +108,10 @@ ipdn_bound_var(int *v, int dflt, int lo,
  {
  	int oldv = *v;
  	const char *op = NULL;
 +	if (dflt < lo)
 +		dflt = lo;
 +	if (dflt > hi)
 +		dflt = hi;
  	if (oldv < lo) {
  		*v = dflt;
  		op = "Bump";
 @@ -2128,7 +2132,7 @@ ip_dn_init(void)
  	dn_cfg.red_max_pkt_size = 1500;	/* default max packet size */
  
  	/* hash tables */
 -	dn_cfg.max_hash_size = 1024;	/* max in the hash tables */
 +	dn_cfg.max_hash_size = 65536;	/* max in the hash tables */
  	dn_cfg.hash_size = 64;		/* default hash size */
  
  	/* create hash tables for schedulers and flowsets.
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: analyzed->patched 
State-Changed-By: ae 
State-Changed-When: Tue Apr 19 11:34:47 UTC 2011 
State-Changed-Why:  
Patched in head/. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=152887 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/152887: commit references a PR
Date: Tue,  3 May 2011 05:09:11 +0000 (UTC)

 Author: ae
 Date: Tue May  3 05:09:02 2011
 New Revision: 221359
 URL: http://svn.freebsd.org/changeset/base/221359
 
 Log:
   MFC r220831:
     ipdn_bound_var() function is designed to bound a variable between
     specified minimum and maximum. In case when specified default value
     is out of bounds it does not work as expected and does not limit
     variable. Check that default value is in range and limit it if needed.
     Also bump max_hash_size value to 65536 to correspond with manual page.
   
     PR:		kern/152887
 
 Modified:
   stable/8/sys/netinet/ipfw/ip_dummynet.c
 Directory Properties:
   stable/8/sys/   (props changed)
   stable/8/sys/amd64/include/xen/   (props changed)
   stable/8/sys/cddl/contrib/opensolaris/   (props changed)
   stable/8/sys/contrib/dev/acpica/   (props changed)
   stable/8/sys/contrib/pf/   (props changed)
 
 Modified: stable/8/sys/netinet/ipfw/ip_dummynet.c
 ==============================================================================
 --- stable/8/sys/netinet/ipfw/ip_dummynet.c	Tue May  3 04:44:50 2011	(r221358)
 +++ stable/8/sys/netinet/ipfw/ip_dummynet.c	Tue May  3 05:09:02 2011	(r221359)
 @@ -108,6 +108,10 @@ ipdn_bound_var(int *v, int dflt, int lo,
  {
  	int oldv = *v;
  	const char *op = NULL;
 +	if (dflt < lo)
 +		dflt = lo;
 +	if (dflt > hi)
 +		dflt = hi;
  	if (oldv < lo) {
  		*v = dflt;
  		op = "Bump";
 @@ -2129,7 +2133,7 @@ ip_dn_init(void)
  	dn_cfg.red_max_pkt_size = 1500;	/* default max packet size */
  
  	/* hash tables */
 -	dn_cfg.max_hash_size = 1024;	/* max in the hash tables */
 +	dn_cfg.max_hash_size = 65536;	/* max in the hash tables */
  	dn_cfg.hash_size = 64;		/* default hash size */
  
  	/* create hash tables for schedulers and flowsets.
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: patched->closed 
State-Changed-By: ae 
State-Changed-When: Tue May 3 11:14:51 UTC 2011 
State-Changed-Why:  
Merged to stable/8. Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=152887 
>Unformatted:
