Date: Mon, 29 Jan 2007 12:55:29 -0000 (UTC) From: "Spadge Fromley" <spadge@fromley.net> To: "Arone Silimantia" <aronesimi@yahoo.com> Cc: freebsd-net@freebsd.org Subject: Re: ipfw pipe show ... help with output is needed, please. Message-ID: <33457.213.123.179.188.1170075329.squirrel@webmail.fromley.net> In-Reply-To: <464814.62688.qm@web58605.mail.re3.yahoo.com> References: <464814.62688.qm@web58605.mail.re3.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>
> I see this:
>
> # ipfw pipe show 1
> 00001: 16.000 Mbit/s 0 ms 50 sl. 1 queues (1 buckets) droptail
> mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000
> BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes
> Pkt/Byte Drp
> 0 tcp 1.2.3.4/22 1.2.3.4/4333 2970975653 2649647615805 2
> 2992 10414733
> Second, there are seven headings (from BKT at the left to Drp on the
> right) but underneath those seven headings are _9_ values. What I really
> want to know is how many packets I am droppinig ... but I can't tell which
> of the fields are the "dropped" - I assume it is the final number .. if
> so, what is that measured in ? Packets ?
I can't help you with the rest of it, as I am frequently just as baffled
by ipfw/dummynet as the next man ..
But the 7/9 thing I can explain.
Tot_pkt: 2970975653
bytes: 2649647615805
Pkt: 2
Byte: 2992
Ideally, there'd be a '/' between pkts and bytes, like there is in the
headers.
Does it make a difference if you set up the ipfw rule before the dummynet
one?
Here's how I have mine:
root@tobermory# ipfw list | grep pipe
01400 pipe 101 ip from any to any uid DLMonkey via fxp0 in
01500 pipe 102 ip from any to any uid DLMonkey via fxp0 out
taken from:
root@tobermory# grep pipe /etc/rc.firewall
/sbin/ipfw -f pipe flush
/sbin/ipfw add pipe 101 ip from any to any uid DLMonkey via $WAN in
/sbin/ipfw add pipe 102 ip from any to any uid DLMonkey via $WAN out
/sbin/ipfw pipe 101 config delay 100ms
/sbin/ipfw pipe 102 config delay 100ms
Gives the following info:
root@tobermory# ipfw pipe list
00102: unlimited 100 ms 50 sl. 1 queues (1 buckets) droptail
mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000
BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes
Pkt/Byte Drp
0 tcp {my.ip.address}/61676 59.127.165.138/4662 6557083 758428752
0 0 0
00101: unlimited 100 ms 50 sl. 1 queues (1 buckets) droptail
mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000
BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes
Pkt/Byte Drp
0 udp 67.163.25.202/7871 {my.ip.address}/14298 8466595 1174764649
0 0 0
Trust me: there will be a lot more connections set up in those pipes than
that. I think it's just showing a snapshot. Or I have got it all
completely wrong and it's not actually working at all like I thought it
ought.
Who knows?
:)
--
Spadge
'Intoccabile'
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?33457.213.123.179.188.1170075329.squirrel>