From owner-freebsd-ipfw@FreeBSD.ORG Thu Jan 3 05:40:03 2013 Return-Path: Delivered-To: freebsd-ipfw@smarthost.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 07544659 for ; Thu, 3 Jan 2013 05:40:03 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id D6480692 for ; Thu, 3 Jan 2013 05:40:02 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id r035e2aG002392 for ; Thu, 3 Jan 2013 05:40:02 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id r035e2s6002391; Thu, 3 Jan 2013 05:40:02 GMT (envelope-from gnats) Date: Thu, 3 Jan 2013 05:40:02 GMT Message-Id: <201301030540.r035e2s6002391@freefall.freebsd.org> To: freebsd-ipfw@FreeBSD.org Cc: From: =?iso-8859-2?Q?Radek_Krej=E8a?= Subject: Re: kern/174749: Unexpected change of default route X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: =?iso-8859-2?Q?Radek_Krej=E8a?= List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Jan 2013 05:40:03 -0000 The following reply was made to PR kern/174749; it has been noted by GNATS. From: =?iso-8859-2?Q?Radek_Krej=E8a?= To: "'bug-followup@FreeBSD.org'" , =?iso-8859-2?Q?Radek_Krej=E8a?= Cc: Subject: Re: kern/174749: Unexpected change of default route Date: Thu, 3 Jan 2013 06:31:33 +0100 Hello, I see, that category was changed to From-To: freebsd-net->freebsd-ipfw, bu= t I dont use ipfw, but PF. And problem is going to be critical, because there are a lot of incidents, = currently already on 2 machines. I am trying catch pakets, but still withou= t any match. Radek From owner-freebsd-ipfw@FreeBSD.ORG Thu Jan 3 07:19:06 2013 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 98F9A655 for ; Thu, 3 Jan 2013 07:19:06 +0000 (UTC) (envelope-from sodynet1@gmail.com) Received: from mail-ia0-f181.google.com (mail-ia0-f181.google.com [209.85.210.181]) by mx1.freebsd.org (Postfix) with ESMTP id 61A9B1E6 for ; Thu, 3 Jan 2013 07:19:06 +0000 (UTC) Received: by mail-ia0-f181.google.com with SMTP id s32so12395592iak.26 for ; Wed, 02 Jan 2013 23:19:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=z5Fgjz1ij59kfUb6ONpaslAqs/uIlSrY+TKeSAliKVg=; b=yOCYrsJcoTsMdKtvxgFvdiFJqb1FscICh7FWL3xFLpmAjnqi8Su/pelK6rN4Xq2JsC CJYQ5OuClLeFiJ8Iqb6Hj+aXKRFruQY+KWtKE2/h+H0i2dWdVpMnqSl6JEjJHl4GMFMh i4nGeSceR71JMk/Acc4DRwBQcyDgAs+YfTJTIoOQZXfSEi/H8Ez/+pKB/VyvT5g5iFIR Lu8GrqP3aGheXQOMnaE1h8GqwW2M6zmFqPLqGxLYzcOJBEHAx8zmo/uENrF8NWloyyba 63+rpWjgKlnSZV7T5L+8i8NjLtf4xu0z9qcD3ReiE2xKkFWvE1ihRm0UAAwcJ57CVc52 0uFw== MIME-Version: 1.0 Received: by 10.50.151.241 with SMTP id ut17mr35619980igb.107.1357197545132; Wed, 02 Jan 2013 23:19:05 -0800 (PST) Received: by 10.64.51.98 with HTTP; Wed, 2 Jan 2013 23:19:05 -0800 (PST) Date: Thu, 3 Jan 2013 09:19:05 +0200 Message-ID: Subject: Limit Session Bandwidth From: Sami Halabi To: freebsd-ipfw Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.14 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Jan 2013 07:19:06 -0000 Hi, I wan t to configure bandwidth limits in the folowing scenario: limit a specific IP to ,say 10MB, but also limit each Session to, say 1MB. so max concurrent sessions of that same IP can with full bandwidth would be 10, each 1MB, this however doesn't limit the whole number of sessions, so there can be 20 sessions of 0.5MB. I didn't see option like that in the man pages, any ideas? Thanks in advance, -- Sami Halabi Information Systems Engineer NMS Projects Expert FreeBSD SysAdmin Expert From owner-freebsd-ipfw@FreeBSD.ORG Thu Jan 3 08:30:34 2013 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 242D3AA for ; Thu, 3 Jan 2013 08:30:34 +0000 (UTC) (envelope-from luigi@onelab2.iet.unipi.it) Received: from onelab2.iet.unipi.it (onelab2.iet.unipi.it [131.114.59.238]) by mx1.freebsd.org (Postfix) with ESMTP id E024563A for ; Thu, 3 Jan 2013 08:30:33 +0000 (UTC) Received: by onelab2.iet.unipi.it (Postfix, from userid 275) id 62DF17300A; Thu, 3 Jan 2013 09:29:37 +0100 (CET) Date: Thu, 3 Jan 2013 09:29:37 +0100 From: Luigi Rizzo To: Sami Halabi Subject: Re: Limit Session Bandwidth Message-ID: <20130103082937.GB54360@onelab2.iet.unipi.it> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2.3i Cc: freebsd-ipfw X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Jan 2013 08:30:34 -0000 On Thu, Jan 03, 2013 at 09:19:05AM +0200, Sami Halabi wrote: > Hi, > I wan t to configure bandwidth limits in the folowing scenario: > limit a specific IP to ,say 10MB, but also limit each Session to, say 1MB. > > so max concurrent sessions of that same IP can with full bandwidth would be > 10, each 1MB, this however doesn't limit the whole number of sessions, so > there can be 20 sessions of 0.5MB. > > I didn't see option like that in the man pages, any ideas? you can do this with a first per-flow pipe that limits the individual bandwidth, and then passing the traffic to a scheduler (or another pipe) with an aggregate limit of 10Mbit/s Something like this # reinject packets into firewall after they come out from a pipe sysctl net.inet.ip.fw.one_pass=0 # configure the pipe that applies the 1 Mbit/s cap to each flow ipfw pipe 123 config bw 1Mbit/s mask all # configure the second pipe with the global cap ipfw pipe 456 config bw 10Mbit/s # configure a scheduler that drives the second pipe ipfw sched 789 config mask all pipe 123 # pass outgoing packets to the first pipe ipfw add 100 pipe 123 out # and then to the scheduler ipfw add 110 queue 789 out # and then accept ipfw add 120 allow ip from any to any # # pipe 123 scheduler # +---------+ +-------+ # --->| +----------->| | # +---------+ | | pipe 456 # one per flow | |+---------+ # . . . | || |+-----> # | |+---------+ # +---------+ | | # --->| +----------->| | # +---------+ +-------+ cheers luigi From owner-freebsd-ipfw@FreeBSD.ORG Thu Jan 3 10:47:04 2013 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 37659583 for ; Thu, 3 Jan 2013 10:47:04 +0000 (UTC) (envelope-from ozkan.kirik@gmail.com) Received: from mail-vc0-f180.google.com (mail-vc0-f180.google.com [209.85.220.180]) by mx1.freebsd.org (Postfix) with ESMTP id CD7A6EC7 for ; Thu, 3 Jan 2013 10:47:03 +0000 (UTC) Received: by mail-vc0-f180.google.com with SMTP id p16so14970056vcq.25 for ; Thu, 03 Jan 2013 02:46:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=MDbhIo1uwWjAnS8Hc5IKqMWmq1TOGsxq9slBhalQVEo=; b=HlCfZnqRPrOtTY5VOnFtMC7fZ0TTuFpQhAwz8QfG8/Nr7lfh8mdb/phX7J5jlK390/ b6CjmjwPzY88aqUOuMfcqiiPKeahv0PO2IYtgOq6y0SLN+6JwovXFvLoF89DoNbTIUl/ LLyzdwmhh0/gVSwp6DUmqxJB0jeUcotNUVWectr2W3GAcyyoIJni65oGUhsbfYiO/71O CURz3gYJ6vXIMbhxHfETBBVy9pJfLrUwB4Z1fFwUcvs+dxkjWC48yHubpwDcZkOsGRM7 KUP4Y82gxUcA+3W8uC23MSpVEzIT1L+w5RRq2tas6pcCJpKSwLe6ZJEHFtY9IVjE6KhU oiLw== MIME-Version: 1.0 Received: by 10.52.17.168 with SMTP id p8mr63285895vdd.126.1357210016920; Thu, 03 Jan 2013 02:46:56 -0800 (PST) Received: by 10.58.213.134 with HTTP; Thu, 3 Jan 2013 02:46:56 -0800 (PST) In-Reply-To: <20130103082937.GB54360@onelab2.iet.unipi.it> References: <20130103082937.GB54360@onelab2.iet.unipi.it> Date: Thu, 3 Jan 2013 12:46:56 +0200 Message-ID: Subject: Re: Limit Session Bandwidth From: =?ISO-8859-1?Q?=D6zkan_KIRIK?= To: Luigi Rizzo Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.14 Cc: freebsd-ipfw , Sami Halabi X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Jan 2013 10:47:04 -0000 I think there is a mistake at the sched config line. it should be as ipfw sched 789 config mask all pipe 456 On Thu, Jan 3, 2013 at 10:29 AM, Luigi Rizzo wrote: > ipfw sched 789 config mask all pipe 123 From owner-freebsd-ipfw@FreeBSD.ORG Sat Jan 5 12:51:14 2013 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 9128A1EF for ; Sat, 5 Jan 2013 12:51:14 +0000 (UTC) (envelope-from sodynet1@gmail.com) Received: from mail-ie0-f182.google.com (mail-ie0-f182.google.com [209.85.223.182]) by mx1.freebsd.org (Postfix) with ESMTP id 3F538D22 for ; Sat, 5 Jan 2013 12:51:14 +0000 (UTC) Received: by mail-ie0-f182.google.com with SMTP id s9so20754970iec.41 for ; Sat, 05 Jan 2013 04:51:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=9Z9by3GvWIPFRRogt+cgRqlM9lEq4uA8ZZdj3ITu1EE=; b=u8GZypqtBzKVzaVY9HIGbxDRAxPuoaMppPhWQwrh2CmseOQyh6wgmNwT4OpMZEg9W1 UQu6upYM5rOluFSShq+UZPiXwXxBhesOxiFCckvblJTamrEaN2FCJW2uDIxs0B/5cpac a9b4T/IZxQJMT2CTLlZh43kQPhSpAzfPu96KCyZev4pfEu6idVPFwT9/BUno9y9q3kDK bT6ZBRH2a785SLnfwEYR8oJohovLPXXfbu2//RCabKr/oHNOl3T1pGG5c7RcW/CcBIxp bw0bMOgYRQdpeYMCS7uqc+bKZMn2wLHjawOEhnb3dde4YZQa5giRC8jzX04qLTuQ5xpV e+Fw== MIME-Version: 1.0 Received: by 10.50.151.241 with SMTP id ut17mr1365250igb.107.1357390267846; Sat, 05 Jan 2013 04:51:07 -0800 (PST) Received: by 10.64.51.98 with HTTP; Sat, 5 Jan 2013 04:51:07 -0800 (PST) In-Reply-To: References: <20130103082937.GB54360@onelab2.iet.unipi.it> Date: Sat, 5 Jan 2013 14:51:07 +0200 Message-ID: Subject: Re: Limit Session Bandwidth From: Sami Halabi To: =?ISO-8859-1?Q?=D6zkan_KIRIK?= Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.14 Cc: freebsd-ipfw , Luigi Rizzo X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 05 Jan 2013 12:51:14 -0000 Hi Luigi & Ozkan, Thanks for the response. Luigi i saw you said in some list never trust italians :), so i went step by step. first i put: me out from a pipe sysctl net.inet.ip.fw.one_pass=3D0 ipfw pipe 123 config bw 1Mbit/s mask all ipfw add 100 pipe 123 out ipfw add 120 allow ip from any to any Works like a charm. Next Step wil be: ipfw pipe 456 config bw 10Mbit/s ipfw sched 789 config mask all pipe 123 or it should be: ipfw sched 789 config mask all pipe 456 ?? ipfw add 110 queue 789 out whats is the correct configuration ? the mask options isn't well documented, in the handbook its not even mentiond. same goes for scheduler... I got the feeling that only few here know the options very welll... maybe I'm wrong? Sami On Thu, Jan 3, 2013 at 12:46 PM, =D6zkan KIRIK wrot= e: > I think there is a mistake at the sched config line. it should be as > ipfw sched 789 config mask all pipe 456 > > > On Thu, Jan 3, 2013 at 10:29 AM, Luigi Rizzo wrote: > >> ipfw sched 789 config mask all pipe 123 > > > --=20 Sami Halabi Information Systems Engineer NMS Projects Expert FreeBSD SysAdmin Expert From owner-freebsd-ipfw@FreeBSD.ORG Sat Jan 5 21:35:41 2013 Return-Path: Delivered-To: freebsd-ipfw@smarthost.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 96CCAF72; Sat, 5 Jan 2013 21:35:41 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id 58A06735; Sat, 5 Jan 2013 21:35:41 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id r05LZfrG039810; Sat, 5 Jan 2013 21:35:41 GMT (envelope-from ae@freefall.freebsd.org) Received: (from ae@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id r05LZer9039806; Sat, 5 Jan 2013 21:35:40 GMT (envelope-from ae) Date: Sat, 5 Jan 2013 21:35:40 GMT Message-Id: <201301052135.r05LZer9039806@freefall.freebsd.org> To: fbsdpr@inlandnet.com, ae@FreeBSD.org, freebsd-ipfw@FreeBSD.org From: ae@FreeBSD.org Subject: Re: kern/163873: [ipfw] ipfw fwd does not work with 'via interface' in rule body X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 05 Jan 2013 21:35:41 -0000 Synopsis: [ipfw] ipfw fwd does not work with 'via interface' in rule body State-Changed-From-To: feedback->closed State-Changed-By: ae State-Changed-When: Sat Jan 5 21:34:02 UTC 2013 State-Changed-Why: Close per submitter request. http://www.freebsd.org/cgi/query-pr.cgi?pr=163873 From owner-freebsd-ipfw@FreeBSD.ORG Sat Jan 5 21:41:39 2013 Return-Path: Delivered-To: freebsd-ipfw@smarthost.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 6968EFEB; Sat, 5 Jan 2013 21:41:39 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id 435EA75A; Sat, 5 Jan 2013 21:41:39 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id r05Lfdh9041345; Sat, 5 Jan 2013 21:41:39 GMT (envelope-from ae@freefall.freebsd.org) Received: (from ae@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id r05Lfco4041341; Sat, 5 Jan 2013 21:41:38 GMT (envelope-from ae) Date: Sat, 5 Jan 2013 21:41:38 GMT Message-Id: <201301052141.r05Lfco4041341@freefall.freebsd.org> To: gumbo@bsdmail.org, ae@FreeBSD.org, freebsd-ipfw@FreeBSD.org From: ae@FreeBSD.org Subject: Re: kern/143973: [ipfw] [panic] ipfw forward option causes kernel reboot X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 05 Jan 2013 21:41:39 -0000 Synopsis: [ipfw] [panic] ipfw forward option causes kernel reboot State-Changed-From-To: open->feedback State-Changed-By: ae State-Changed-When: Sat Jan 5 21:39:37 UTC 2013 State-Changed-Why: Do you still have this problem on recent FreeBSD versions? http://www.freebsd.org/cgi/query-pr.cgi?pr=143973 From owner-freebsd-ipfw@FreeBSD.ORG Sat Jan 5 21:46:03 2013 Return-Path: Delivered-To: freebsd-ipfw@smarthost.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 6E7E22CA; Sat, 5 Jan 2013 21:46:03 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id 37E94790; Sat, 5 Jan 2013 21:46:03 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id r05Lk3TM041457; Sat, 5 Jan 2013 21:46:03 GMT (envelope-from ae@freefall.freebsd.org) Received: (from ae@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id r05Lk2gA041453; Sat, 5 Jan 2013 21:46:02 GMT (envelope-from ae) Date: Sat, 5 Jan 2013 21:46:02 GMT Message-Id: <201301052146.r05Lk2gA041453@freefall.freebsd.org> To: dan@obluda.cz, ae@FreeBSD.org, freebsd-ipfw@FreeBSD.org From: ae@FreeBSD.org Subject: Re: kern/128260: [ipfw] [patch] ipfw_divert damages IPv6 packets X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 05 Jan 2013 21:46:03 -0000 Synopsis: [ipfw] [patch] ipfw_divert damages IPv6 packets State-Changed-From-To: patched->closed State-Changed-By: ae State-Changed-When: Sat Jan 5 21:45:06 UTC 2013 State-Changed-Why: Already merged to stable branch. http://www.freebsd.org/cgi/query-pr.cgi?pr=128260 From owner-freebsd-ipfw@FreeBSD.ORG Sat Jan 5 21:52:06 2013 Return-Path: Delivered-To: freebsd-ipfw@smarthost.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 4CC68363; Sat, 5 Jan 2013 21:52:06 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id 212EC7B4; Sat, 5 Jan 2013 21:52:06 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id r05Lq6ln042996; Sat, 5 Jan 2013 21:52:06 GMT (envelope-from ae@freefall.freebsd.org) Received: (from ae@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id r05Lq6He042992; Sat, 5 Jan 2013 21:52:06 GMT (envelope-from ae) Date: Sat, 5 Jan 2013 21:52:06 GMT Message-Id: <201301052152.r05Lq6He042992@freefall.freebsd.org> To: ae@FreeBSD.org, freebsd-ipfw@FreeBSD.org, ae@FreeBSD.org From: ae@FreeBSD.org Subject: Re: kern/148689: [ipfw] antispoof wrongly triggers on link local IPv6 addresses X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 05 Jan 2013 21:52:06 -0000 Synopsis: [ipfw] antispoof wrongly triggers on link local IPv6 addresses Responsible-Changed-From-To: freebsd-ipfw->ae Responsible-Changed-By: ae Responsible-Changed-When: Sat Jan 5 21:51:30 UTC 2013 Responsible-Changed-Why: Take it. http://www.freebsd.org/cgi/query-pr.cgi?pr=148689 From owner-freebsd-ipfw@FreeBSD.ORG Sat Jan 5 23:38:40 2013 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 9FDEBC1C for ; Sat, 5 Jan 2013 23:38:40 +0000 (UTC) (envelope-from luigi@onelab2.iet.unipi.it) Received: from onelab2.iet.unipi.it (onelab2.iet.unipi.it [131.114.59.238]) by mx1.freebsd.org (Postfix) with ESMTP id 4BFFBA58 for ; Sat, 5 Jan 2013 23:38:40 +0000 (UTC) Received: by onelab2.iet.unipi.it (Postfix, from userid 275) id 176737300A; Sun, 6 Jan 2013 00:37:43 +0100 (CET) Date: Sun, 6 Jan 2013 00:37:43 +0100 From: Luigi Rizzo To: Sami Halabi Subject: Re: Limit Session Bandwidth Message-ID: <20130105233743.GA94797@onelab2.iet.unipi.it> References: <20130103082937.GB54360@onelab2.iet.unipi.it> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2.3i Cc: freebsd-ipfw X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 05 Jan 2013 23:38:40 -0000 On Sat, Jan 05, 2013 at 02:51:07PM +0200, Sami Halabi wrote: > Hi Luigi & Ozkan, > > Thanks for the response. > > Luigi i saw you said in some list never trust italians :), so i went step > by step. > first i put: > me out from a pipe > > sysctl net.inet.ip.fw.one_pass=0 > ipfw pipe 123 config bw 1Mbit/s mask all > ipfw add 100 pipe 123 out > > ipfw add 120 allow ip from any to any > > Works like a charm. > > Next Step wil be: > ipfw pipe 456 config bw 10Mbit/s > > ipfw sched 789 config mask all pipe 123 > or it should be: > ipfw sched 789 config mask all pipe 456 the latter. > ipfw add 110 queue 789 out > > > whats is the correct configuration ? > > the mask options isn't well documented, in the handbook its not even > mentiond. the manpage is slightly more up to date. The handbook is probably years behind. cheers luigi > same goes for scheduler... > I got the feeling that only few here know the options very welll... maybe > I'm wrong? > > Sami > > > > On Thu, Jan 3, 2013 at 12:46 PM, ?zkan KIRIK wrote: > > > I think there is a mistake at the sched config line. it should be as > > ipfw sched 789 config mask all pipe 456 > > > > > > On Thu, Jan 3, 2013 at 10:29 AM, Luigi Rizzo wrote: > > > >> ipfw sched 789 config mask all pipe 123 > > > > > > > > > -- > Sami Halabi > Information Systems Engineer > NMS Projects Expert > FreeBSD SysAdmin Expert