From owner-freebsd-ipfw@freebsd.org Sat Jul 18 20:28:18 2015 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C2F259A5ED2 for ; Sat, 18 Jul 2015 20:28:18 +0000 (UTC) (envelope-from hiren@strugglingcoder.info) Received: from mail.strugglingcoder.info (strugglingcoder.info [65.19.130.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id AD88F10FD for ; Sat, 18 Jul 2015 20:28:18 +0000 (UTC) (envelope-from hiren@strugglingcoder.info) Received: from localhost (unknown [10.1.1.3]) (Authenticated sender: hiren@strugglingcoder.info) by mail.strugglingcoder.info (Postfix) with ESMTPSA id 1DAD3D30C5 for ; Sat, 18 Jul 2015 13:28:18 -0700 (PDT) Date: Sat, 18 Jul 2015 13:28:18 -0700 From: hiren panchasara To: freebsd-ipfw@freebsd.org Subject: Re: Traffic not going through dummynet Message-ID: <20150718202818.GR38517@strugglingcoder.info> References: <20150718194020.GQ38517@strugglingcoder.info> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="4NNqsQ/a67jpuySk" Content-Disposition: inline In-Reply-To: <20150718194020.GQ38517@strugglingcoder.info> User-Agent: Mutt/1.5.23 (2014-03-12) X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Jul 2015 20:28:18 -0000 --4NNqsQ/a67jpuySk Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 07/18/15 at 12:40P, hiren panchasara wrote: > This is driving me nuts. I've had an ipfw/dummynet working config on > separate setup and the same thing doesn't work on this new setup I have > so I tried to narrow it down and removed all complexity and trying to > see if this works on just single host. But it doesn't work as I expect > it to. I am pretty sure I am missing something here. >=20 > 11.0-CURRENT FreeBSD 11.0-CURRENT #1 r283696M: Fri Jul 17 15:43:05 MST > 2015 >=20 > loader.conf has: > net.inet.ip.fw.default_to_accept=3D"1" > dummynet_load=3D"YES" >=20 > I did: > # ipfw add pipe 1 ip from any to any > # ipfw pipe 1 config delay 100ms >=20 > # ipfw show > 00100 0 0 pipe 1 ip from any to any > 65535 4321 509541 allow ip from any to any >=20 > # ipfw pipe show > 00001: unlimited 100 ms burst 0=20 > q131073 50 sl. 0 flows (1 buckets) sched 65537 weight 0 lmax 0 pri 0 > droptail > sched 65537 type FIFO flags 0x0 0 buckets 0 active >=20 > Now if I ping anything, I don't see 100ms delay. >=20 > # sysctl -a | grep ipfw > kern.features.ipfw_ctl3: 1 > net.link.ether.ipfw: 0 >=20 > net.inet.ip.dummynet.io_pkt_fast: 0 > net.inet.ip.dummynet.io_fast: 0 > net.link.ether.ipfw: 0 And GENERIC has: options IPFIREWALL options DUMMYNET options HZ=3D1000=20 Cheers, Hiren --4NNqsQ/a67jpuySk Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iQF8BAEBCgBmBQJVqrbhXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBNEUyMEZBMUQ4Nzg4RjNGMTdFNjZGMDI4 QjkyNTBFMTU2M0VERkU1AAoJEIuSUOFWPt/lUhsH+wcNEChAyOEcRtq2MmseYQnx h5PyCHzh3jx3n3WZxkkGJIBeQQ5oNnYAhyW4/4lNJTrAFC8eKpnOQuJy349PvVrn rIqK+0YB+QsE/L92+3Kd6lYvcL3z89w+jY7e1di45XYuzH2Ek70X9zGxsqc8SZz9 n2WqNcsgjdMZW72fw3M0Jw2LYaANS/SyaavZbN6HZpkZmE+m5iIwIuAKyCGS88zI +0/CwrDVU9u8SiCHaIK8Grp3BPyYxLRAwykooUR7Rj6R5CSv6OCpp2eraIPYrvYr Uoui22Fz+goOjN+rDkHYnBkg+xWQOVPQcmNl4seR++H/KM/m0C8yCC+Q7JZkGKM= =pAND -----END PGP SIGNATURE----- --4NNqsQ/a67jpuySk--