Date: Fri, 20 Jun 2003 10:46:38 -0700 From: Luigi Rizzo <rizzo@icir.org> To: Don Bowman <don@sandvine.com> Cc: "'freebsd-net@freebsd.org'" <freebsd-net@freebsd.org> Subject: Re: nested ipfw dummynet pipes Message-ID: <20030620104638.A84204@xorpc.icir.org> In-Reply-To: <FE045D4D9F7AED4CBFF1B3B813C8533702741AF5@mail.sandvine.com>; from don@sandvine.com on Fri, Jun 20, 2003 at 01:41:21PM -0400 References: <FE045D4D9F7AED4CBFF1B3B813C8533702741AF5@mail.sandvine.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jun 20, 2003 at 01:41:21PM -0400, Don Bowman wrote: > is there any way, in a bridging config, to have nested pipes? net.inet.ip.fw.one_pass=0 should do the job, i think the comment in the manpage is now incorrect and the code (in net/bridge.c) has been fixed (one-line) to implement this. Check the commit logs, i don't have them handy at the moment. cheers luigi > In particular, what i would like to achieve is a rule that > allows e.g. 64kbps per host (src-mask 0xffffffff), but > that all these hosts are in an overall 10Mbps pipe. The idea > will be that @ some times of the day the pipe is less than > full, so everyone gets 64kbps, but @ other times of the day > the pipe is full, and I don't want more than 10Mbps flowing. > > net.inet.ip.fw.one_pass looks to do what i want but: > "Note: bridged and layer 2 packets coming out of a pipe are never > reinjected in the firewall irrespective of the value of this > variable." > > suggests this is not the case. > > Is there some technique using e.g. netgraph? Or can someone suggest > why the note is there and if it might be easily removed? > > e.g. what i have is a system with > > em0 <--> em1 > net.link.ether.bridge_cfg="em0 em1" > net.link.ether.bridge=1 > net.link.ether.bridge_ipfw=1 > net.inet.ip.fw.one_pass=1 > > --don > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030620104638.A84204>