From owner-freebsd-net@FreeBSD.ORG  Sat Dec 13 18:09:37 2014
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id BA0161F3
 for <net@freebsd.org>; Sat, 13 Dec 2014 18:09:37 +0000 (UTC)
Received: from leviatan.freebsdbrasil.com.br (leviatan.freebsdbrasil.com.br
 [177.10.156.9])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 1B5152F2
 for <net@freebsd.org>; Sat, 13 Dec 2014 18:09:36 +0000 (UTC)
Received: (qmail 22603 invoked from network); 13 Dec 2014 16:02:52 -0200
Received: by simscan 1.4.0 ppid: 22599, pid: 22600, t: 0.1681s
 scanners: clamav: 0.98.4/m:55/d:19710
Received: from localhost.bh.freebsdbrasil.com.br (HELO localhost) ([127.0.0.1])
 (envelope-sender <eksffa@freebsdbrasil.com.br>)
 by localhost.bh.freebsdbrasil.com.br (qmail-ldap-1.03) with SMTP
 for <rizzo@iet.unipi.it>; 13 Dec 2014 16:02:52 -0200
Message-Id: <028d142b3a17cd5ffd5f21c6f9b9d6daaa8e2780@webmail.freebsdbrasil.com.br>
From: eksffa@freebsdbrasil.com.br
To: "Luigi Rizzo" <rizzo@iet.unipi.it>,
 "Brett Glass" <brett@lariat.net>
X-Mailer: Atmail 7.0.0.12234
X-Originating-IP: 201.80.183.212
in-reply-to: <CA+hQ2+gNZmMbo0-2fgS49mCNV7nTFDkBpHAzUDg8JoiUfsY5tg@mail.gmail.com>
Subject: Re: Can DUMMYNET handle weighting of traffic according to firewall
 rules?
Date: Sat, 13 Dec 2014 16:02:52 -0200
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1
Cc: John Nielsen <lists@jnielsen.net>,
 "freebsd-net@freebsd.org" <net@freebsd.org>
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 13 Dec 2014 18:09:37 -0000

----- Menssagem Original -----=0ADe: "Luigi Rizzo" =0APara:"Brett Glass"=
 =0AC=C3=B3pia:"John Nielsen" , "freebsd-net@freebsd.org" =0AEnviado:Sat=
, 13 Dec 2014 19:15:52 +1100=0AAssunto:Can DUMMYNET handle weighting of=
 traffic according to firewall=0Arules?=0A=0A On Saturday, December 13,=
 2014, Brett Glass  wrote:=0A=0A > At 10:35 AM 12/12/2014, John Nielsen=
 wrote:=0A >=0A > Is there a reason you can't use a separate pipe for ea=
ch direction?=0A >>=0A >=0A > We want to limit the total amount of bandw=
idth consumed, based on=0Athe=0A > formula 2U + D  track of the sum.=0A=
 >=0A > What I need (and am not sure if DUMMYNET can currently supply) i=
s a=0Apipe=0A > that allows you to feed it a packet and say, "Count this=
 X times=0Atoward the=0A > bandwidth limit."=0A=0A >=0A No, as it is now=
 dummynet cannot do what you ask. It would be a=0Aone-line=0A change in=
 the kernel, plus the part to handle passing the extra=0Aparameter=0A (w=
e could call it "cost") to the queue's configuration.=0A=0A As usual, th=
e UI is 10+ times bigger than the code doing the actual=0Awork=0A (thoug=
h one could rightly blame the existing UI for not being=0Adesigned for=
=0A extensibility).=0A=0A Cheers=0A Luigi=0A=0A -- =0A -----------------=
------------------------+-------------------------------=0A Prof. Luigi=
 RIZZO, rizzo@iet.unipi.it . Dip. di Ing.=0Adell'Informazione=0A http://=
www.iet.unipi.it/~luigi/ . Universita` di Pisa=0A TEL +39-050-2211611 .=
 via Diotisalvi 2=0A Mobile +39-338-6809875 . 56122 PISA (Italy)=0A ----=
-------------------------------------+-------------------------------=0A=
=0AAs I understand the problem, there are many ways to do this without=
=0Aactually using any special feature on dummynet. From tagging a traffi=
c=0Atwice and feeding both tagged flows to the same pipe, to the easiest=
=0Aand possibily lighter approach of disabling one pass and feeding the=
=0Atraffic twice to the same pipe.=0A=0AI did a simple lazy experiment:=
=0A=0A# ipfw disable one_pass=0A# ipfw add 1 pipe 1 all from any 22 to m=
e=0A00001 pipe 1 ip from any 22 to me=0A# ipfw add 2 pipe 1 all from any=
 22 to me=0A00002 pipe 1 ip from any 22 to me=0A# ipfw pipe 1 config bw=
 256Kbit/s=0A=0A# scp proapps@serveruL800:/tmp/teste.bin /dev/null=0A=0A=
Password for proapps@serveruL800:=0Ateste.bin=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=0A0%=C2=A0 976KB=C2=A0 16.4KB/s 3:27:02 ETA=0A^C=
=0AKilled by signal 2.=0A=0ASo we have 16KB, (*8 =3D 128Kb, half the pip=
e configured bw since=0Apackets were injected twice).=0A=0A# ipfw delete=
 2=0A# scp proapps@serveruL800:/tmp/teste.bin /dev/null=0APassword for p=
roapps@serveruL800:=0Ateste.bin=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=0A1% 3408KB=C2=A0 31.4KB/s 1:54:00 ETA^CKilled by signal 2.=0A=
=0AAnd now you have 31.4M, roughly 256Kbit/s (configured pipe bw).=0A=0A=
So may you should try something like that:=0A=0Aipfw delete 1-2=0Aipfw a=
dd 1 queue 1 all from any 22 to me=0Aipfw add 2 queue 1 all from any 22=
 to me=0Aipfw add 3 queue 2 all from me to any 22=0A=0Aipfw queue 1 conf=
ig pipe 1 weight 5=0Aipfw queue 2 config pipe 1 weight 5=0Aipfw pipe 1 c=
onfig bw 256Kbit/s=0Aipfw sched 1 config type QFQ=0A=0A# ipfw sched 1 sh=
ow=0A00001: 256.000 Kbit/s=C2=A0=C2=A0=C2=A0 0 ms burst 0=0A=C2=A0sched=
 1 type QFQ flags 0x0 0 buckets 0 active=0A=C2=A0=C2=A0 Children flowset=
s: 2 1=0A=0A# ipfw queue 1-2 show=0Aq00001=C2=A0 50 sl. 0 flows (1 bucke=
ts) sched 1 weight 5 lmax 1500 pri 0=0Adroptail=0Aq00002=C2=A0 50 sl. 0=
 flows (1 buckets) sched 1 weight 5 lmax 1500 pri 0=0Adroptail=0A=0ASo t=
here's a single pipe, two flowsets, but flowset 1 is injected=0Atwice.=
=0A=0AIs that what you wanted?=0A=0A--=0APatrick Tracanelli=0A=0A-------=
------------------=0AEmail sent using ProApps