From owner-freebsd-ipfw@FreeBSD.ORG Sun Sep 11 11:54:51 2005 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 81E1616A41F for ; Sun, 11 Sep 2005 11:54:51 +0000 (GMT) (envelope-from vladone@spaingsm.com) Received: from mail.spaingsm.com (llwb135.servidoresdns.net [217.76.137.82]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2357643D46 for ; Sun, 11 Sep 2005 11:54:50 +0000 (GMT) (envelope-from vladone@spaingsm.com) Received: from SERVEREL (unknown [84.243.99.132]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.spaingsm.com (Postfix) with ESMTP id 3527E24C6EE for ; Sun, 11 Sep 2005 13:37:46 +0200 (CEST) Date: Sun, 11 Sep 2005 14:55:02 +0300 From: vladone X-Mailer: The Bat! (v3.0.1.33) Professional X-Priority: 3 (Normal) Message-ID: <1034721831.20050911145502@spaingsm.com> To: freebsd-ipfw@freebsd.org In-Reply-To: <004f01c5b63b$6eac04a0$a30098c8@pichler> References: <004f01c5b63b$6eac04a0$a30098c8@pichler> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Subject: Re: IPFW, queue and weight X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: vladone List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Sep 2005 11:54:51 -0000 I have some problem. After i post some message i understand that with dummynet u can't make traffc priority, only bandwith management. U can manage bandwidth with pipe or queue (weight option). Weight parameter is used to specify how is alocate bandwidth from a pipe which is shared to different queue. For traffic hierarchy u can try to use altq with ipfw (need some patches, i dont try't) or pf+altq. But notion of priority is a little strange. What is priority? Most common, is a situation when an packet is send before another. But if more packets are sended before anothers, this don't means hight bandwith? Very strange this notion, if someone can be more clear, please! From owner-freebsd-ipfw@FreeBSD.ORG Sun Sep 11 12:27:54 2005 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 045FE16A41F for ; Sun, 11 Sep 2005 12:27:54 +0000 (GMT) (envelope-from prosa@pro.sk) Received: from ns.pro.sk (proxy.pro.sk [212.55.244.46]) by mx1.FreeBSD.org (Postfix) with ESMTP id 572E043D48 for ; Sun, 11 Sep 2005 12:27:52 +0000 (GMT) (envelope-from prosa@pro.sk) Received: from peter (Peter [192.168.1.53]) by ns.pro.sk (8.13.1/8.13.1) with SMTP id j8BCRmvW007210; Sun, 11 Sep 2005 14:27:50 +0200 (CEST) (envelope-from prosa@pro.sk) Message-ID: <002b01c5b6cc$23ee71a0$3501a8c0@pro.sk> From: "Peter Rosa" To: "Chuck Swiger" References: <001501c5b616$0fb62c20$3501a8c0@pro.sk> <4322F9C3.10407@mac.com> Date: Sun, 11 Sep 2005 14:27:11 +0200 X-Priority: 1 X-MSMail-Priority: High X-Mailer: Microsoft Outlook Express 6.00.2800.1506 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1506 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-1.6 (ns.pro.sk [192.168.1.1]); Sun, 11 Sep 2005 14:27:50 +0200 (CEST) Cc: FreeBSD IPFW Subject: Re: IPFW2+NAT stateful rules VS. FTP X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Sep 2005 12:27:54 -0000 Thanks for the reply but... > If you use "passive mode" FTP, that ought to work fine. If you use "active > mode" FTP, you ought to use the FTP proxying built into NATD (see the > -use_sockets and -punch_fw options), which is aware of the FTP data channel. > Please, could you be little more specific? I tried your advice and it still does not work. What should be punch_fw basenumber if I have rules as follow (I shortened it a little bit)? good_tcpo="21,22,25,37,43,53,80,443,110,119" $cmd 002 allow all from any to any via xl0 # exclude LAN traffic $cmd 003 allow all from any to any via lo0 # exclude loopback traffic $cmd 100 divert natd ip from any to any in via $pif $cmd 101 check-state # Authorized outbound packets $cmd 120 $skip udp from any to $dns1 53 out via $pif $ks $cmd 121 $skip udp from any to $dns2 53 out via $pif $ks $cmd 125 $skip tcp from any to any $good_tcpo out via $pif setup $ks $cmd 130 $skip icmp from any to any out via $pif $ks $cmd 135 $skip udp from any to any 123 out via $pif $ks # Deny all inbound traffic from non-routable reserved address spaces .... # Authorized inbound packets $cmd 420 allow tcp from any to me 80 in via $pif setup limit src-addr 1 $cmd 450 deny log ip from any to any # This is skipto location for outbound stateful rules $cmd 500 divert natd ip from any to any out via $pif $cmd 510 allow ip from any to any Many thanks, Peter Rosa From owner-freebsd-ipfw@FreeBSD.ORG Mon Sep 12 11:02:04 2005 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 27C1A16A424 for ; Mon, 12 Sep 2005 11:02:04 +0000 (GMT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id EA38143D46 for ; Mon, 12 Sep 2005 11:02:03 +0000 (GMT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (peter@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j8CB23BT025453 for ; Mon, 12 Sep 2005 11:02:03 GMT (envelope-from owner-bugmaster@freebsd.org) Received: (from peter@localhost) by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j8CB23fU025447 for freebsd-ipfw@freebsd.org; Mon, 12 Sep 2005 11:02:03 GMT (envelope-from owner-bugmaster@freebsd.org) Date: Mon, 12 Sep 2005 11:02:03 GMT Message-Id: <200509121102.j8CB23fU025447@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: peter set sender to owner-bugmaster@freebsd.org using -f From: FreeBSD bugmaster To: freebsd-ipfw@FreeBSD.org Cc: Subject: Current problem reports assigned to you X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Sep 2005 11:02:04 -0000 Current FreeBSD problem reports Critical problems Serious problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2003/04/22] kern/51274 ipfw ipfw2 create dynamic rules with parent nu f [2003/04/24] kern/51341 ipfw ipfw rule 'deny icmp from any to any icmp o [2003/12/11] kern/60154 ipfw ipfw core (crash) o [2004/03/03] kern/63724 ipfw IPFW2 Queues dont t work o [2004/11/13] kern/73910 ipfw [ipfw] serious bug on forwarding of packe o [2004/11/19] kern/74104 ipfw ipfw2/1 conflict not detected or reported f [2004/12/25] kern/75483 ipfw ipfw count does not count o [2005/05/11] bin/80913 ipfw /sbin/ipfw2 silently discards MAC addr ar 8 problems total. Non-critical problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2004/10/29] kern/73276 ipfw ipfw2 vulnerability (parser error) o [2005/02/01] kern/76971 ipfw ipfw antispoof incorrectly blocks broadca o [2005/05/05] kern/80642 ipfw [patch] IPFW small patch - new RULE OPTIO o [2005/06/28] kern/82724 ipfw [patch] Add setnexthop and defaultroute f 4 problems total. From owner-freebsd-ipfw@FreeBSD.ORG Mon Sep 12 11:02:45 2005 Return-Path: X-Original-To: ipfw@freebsd.org Delivered-To: freebsd-ipfw@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 512DA16A41F for ; Mon, 12 Sep 2005 11:02:45 +0000 (GMT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id B531D43D46 for ; Mon, 12 Sep 2005 11:02:42 +0000 (GMT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (peter@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j8CB2gTZ026021 for ; Mon, 12 Sep 2005 11:02:42 GMT (envelope-from owner-bugmaster@freebsd.org) Received: (from peter@localhost) by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j8CB2fuk026014 for ipfw@freebsd.org; Mon, 12 Sep 2005 11:02:41 GMT (envelope-from owner-bugmaster@freebsd.org) Date: Mon, 12 Sep 2005 11:02:41 GMT Message-Id: <200509121102.j8CB2fuk026014@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: peter set sender to owner-bugmaster@freebsd.org using -f From: FreeBSD bugmaster To: ipfw@FreeBSD.org Cc: Subject: Current problem reports assigned to you X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Sep 2005 11:02:45 -0000 Current FreeBSD problem reports Critical problems Serious problems Non-critical problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- a [2001/04/13] kern/26534 ipfw Add an option to ipfw to log gid/uid of w o [2002/12/10] kern/46159 ipfw ipfw dynamic rules lifetime feature o [2003/02/11] kern/48172 ipfw ipfw does not log size and flags o [2003/03/10] kern/49086 ipfw [patch] Make ipfw2 log to different syslo o [2003/04/09] bin/50749 ipfw ipfw2 incorrectly parses ports and port r o [2003/08/26] kern/55984 ipfw [patch] time based firewalling support fo o [2003/12/30] kern/60719 ipfw ipfw: Headerless fragments generate cryp o [2004/08/03] kern/69963 ipfw ipfw: install_state warning about already o [2004/09/04] kern/71366 ipfw "ipfw fwd" sometimes rewrites destination 9 problems total. From owner-freebsd-ipfw@FreeBSD.ORG Thu Sep 15 13:32:53 2005 Return-Path: X-Original-To: freebsd-ipfw@FreeBSD.ORG Delivered-To: freebsd-ipfw@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0639416A41F for ; Thu, 15 Sep 2005 13:32:53 +0000 (GMT) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (lurza.secnetix.de [83.120.8.8]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5FA5343D46 for ; Thu, 15 Sep 2005 13:32:52 +0000 (GMT) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (ajchob@localhost [127.0.0.1]) by lurza.secnetix.de (8.13.1/8.13.1) with ESMTP id j8FDWoVP035126; Thu, 15 Sep 2005 15:32:50 +0200 (CEST) (envelope-from oliver.fromme@secnetix.de) Received: (from olli@localhost) by lurza.secnetix.de (8.13.1/8.13.1/Submit) id j8FDWoqd035125; Thu, 15 Sep 2005 15:32:50 +0200 (CEST) (envelope-from olli) Date: Thu, 15 Sep 2005 15:32:50 +0200 (CEST) Message-Id: <200509151332.j8FDWoqd035125@lurza.secnetix.de> From: Oliver Fromme To: freebsd-ipfw@FreeBSD.ORG, vladone In-Reply-To: <1126236392.20050901000512@spaingsm.com> X-Newsgroups: list.freebsd-ipfw User-Agent: tin/1.5.4-20000523 ("1959") (UNIX) (FreeBSD/4.11-RELEASE (i386)) Cc: Subject: Re: in via or in recv X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-ipfw@FreeBSD.ORG, vladone List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Sep 2005 13:32:53 -0000 The question is already a few days old, but I thought I might throw in my answer nevertheless. :-) vladone wrote: > What is difference between: > 1. in via - in recv No difference. When checking incoming packets (which "in" means), only the receiving interface is known, but not yet the transmitting interface, so "via" and "recv" do the same thing in that case. > 2. out via - out xmit When checking outgoing packets ("out"), both the receiving and the transmitting interface are known, so "via" compares with both, while "xmit" only compares with the transmitting interface. That's why "xmit" can only be used with "out", not with "in", while "recv" can be used with both "out" and "in". All of that is explained in detail in the ipfw(8) manpage. > When need to use an variant or another? That depends on what you want to do. In my experience there is rarely a need for "via". Usually you only need "recv" and "xmit" (optionally combined with "in" and "out" as appropriate for your rules). Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing Any opinions expressed in this message may be personal to the author and may not necessarily reflect the opinions of secnetix in any way. I suggested holding a "Python Object Oriented Programming Seminar", but the acronym was unpopular. -- Joseph Strout From owner-freebsd-ipfw@FreeBSD.ORG Fri Sep 16 12:27:50 2005 Return-Path: X-Original-To: freebsd-ipfw@FreeBSD.ORG Delivered-To: freebsd-ipfw@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A5D0516A41F for ; Fri, 16 Sep 2005 12:27:50 +0000 (GMT) (envelope-from tataz@tataz.chchile.org) Received: from smtp2-g19.free.fr (smtp2-g19.free.fr [212.27.42.28]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4AF4843D45 for ; Fri, 16 Sep 2005 12:27:50 +0000 (GMT) (envelope-from tataz@tataz.chchile.org) Received: from tatooine.tataz.chchile.org (vol75-8-82-233-239-98.fbx.proxad.net [82.233.239.98]) by smtp2-g19.free.fr (Postfix) with ESMTP id 89D9D250F5; Fri, 16 Sep 2005 14:27:48 +0200 (CEST) Received: by tatooine.tataz.chchile.org (Postfix, from userid 1000) id 1D450405A; Fri, 16 Sep 2005 14:27:52 +0200 (CEST) Date: Fri, 16 Sep 2005 14:27:51 +0200 From: Jeremie Le Hen To: freebsd-ipfw@FreeBSD.ORG, vladone Message-ID: <20050916122751.GC51142@obiwan.tataz.chchile.org> References: <1126236392.20050901000512@spaingsm.com> <200509151332.j8FDWoqd035125@lurza.secnetix.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200509151332.j8FDWoqd035125@lurza.secnetix.de> User-Agent: Mutt/1.5.9i Cc: Subject: Re: in via or in recv X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Sep 2005 12:27:50 -0000 Hi, > vladone wrote: > > What is difference between: > > 1. in via - in recv > > No difference. When checking incoming packets (which "in" > means), only the receiving interface is known, but not yet > the transmitting interface, so "via" and "recv" do the same > thing in that case. > > > 2. out via - out xmit > > When checking outgoing packets ("out"), both the receiving > and the transmitting interface are known, so "via" compares > with both, while "xmit" only compares with the transmitting > interface. That's why "xmit" can only be used with "out", > not with "in", while "recv" can be used with both "out" and > "in". > > All of that is explained in detail in the ipfw(8) manpage. > > > When need to use an variant or another? > > That depends on what you want to do. In my experience > there is rarely a need for "via". Usually you only need > "recv" and "xmit" (optionally combined with "in" and "out" > as appropriate for your rules). Given that this question is regurlarly asked, I've just written a webpage explaining the difference among "via", "xmit" and "recv", based on what has been said here in the past and my own understanding of ipfw code. http://tataz.chchile.org/~tataz/ipfw_via_recv_xmit.html This is quite short to read, and I would like some feedback on it. Best regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > From owner-freebsd-ipfw@FreeBSD.ORG Sat Sep 17 05:31:39 2005 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9E7B516A41F for ; Sat, 17 Sep 2005 05:31:39 +0000 (GMT) (envelope-from vladone@spaingsm.com) Received: from mail.spaingsm.com (llwb135.servidoresdns.net [217.76.137.82]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4849243D45 for ; Sat, 17 Sep 2005 05:31:38 +0000 (GMT) (envelope-from vladone@spaingsm.com) Received: from server.mshome.net (unknown [84.243.99.132]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.spaingsm.com (Postfix) with ESMTP id 62C7324C920 for ; Sat, 17 Sep 2005 07:13:46 +0200 (CEST) Date: Sat, 17 Sep 2005 08:31:24 +0300 From: vladone X-Mailer: The Bat! (v3.0.1.33) Professional X-Priority: 3 (Normal) Message-ID: <1887020464.20050917083124@spaingsm.com> To: freebsd-ipfw@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Subject: FreeBSD 6 and altq X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: vladone List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Sep 2005 05:31:39 -0000 Know someone if freebsd 6.0 have integration for altq and ipfw? From owner-freebsd-ipfw@FreeBSD.ORG Sat Sep 17 10:07:53 2005 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4BC6016A41F for ; Sat, 17 Sep 2005 10:07:53 +0000 (GMT) (envelope-from vladone@spaingsm.com) Received: from mail.spaingsm.com (llwb135.servidoresdns.net [217.76.137.82]) by mx1.FreeBSD.org (Postfix) with ESMTP id DF69943D46 for ; Sat, 17 Sep 2005 10:07:52 +0000 (GMT) (envelope-from vladone@spaingsm.com) Received: from server.mshome.net (unknown [84.243.99.132]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.spaingsm.com (Postfix) with ESMTP id 159EE24C922; Sat, 17 Sep 2005 11:50:01 +0200 (CEST) Date: Sat, 17 Sep 2005 13:07:47 +0300 From: vladone X-Mailer: The Bat! (v3.0.1.33) Professional X-Priority: 3 (Normal) Message-ID: <1352090989.20050917130747@spaingsm.com> To: freebsd-ipfw@freebsd.org In-Reply-To: <20050916122751.GC51142@obiwan.tataz.chchile.org> References: <1126236392.20050901000512@spaingsm.com> <200509151332.j8FDWoqd035125@lurza.secnetix.de> <20050916122751.GC51142@obiwan.tataz.chchile.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: Jeremie Le Hen Subject: Re[2]: in via or in recv X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: vladone List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Sep 2005 10:07:53 -0000 U speak in this explanation about "outgoing path" or "incoming path". How i can find when i have an situation or another? U say: "If the packet is on the outgoing path ....", so need to know when the packet is on "outgoing path" or "incoming path". How know that? From owner-freebsd-ipfw@FreeBSD.ORG Sat Sep 17 11:13:07 2005 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8E83616A420 for ; Sat, 17 Sep 2005 11:13:07 +0000 (GMT) (envelope-from vladone@spaingsm.com) Received: from mail.spaingsm.com (llwb135.servidoresdns.net [217.76.137.82]) by mx1.FreeBSD.org (Postfix) with ESMTP id 357D643D46 for ; Sat, 17 Sep 2005 11:13:06 +0000 (GMT) (envelope-from vladone@spaingsm.com) Received: from server.mshome.net (unknown [84.243.99.132]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.spaingsm.com (Postfix) with ESMTP id F3B6324C927 for ; Sat, 17 Sep 2005 12:55:15 +0200 (CEST) Date: Sat, 17 Sep 2005 14:13:03 +0300 From: vladone X-Mailer: The Bat! (v3.0.1.33) Professional X-Priority: 3 (Normal) Message-ID: <97663975.20050917141303@spaingsm.com> To: freebsd-ipfw@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Subject: dummynet patch X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: vladone List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Sep 2005 11:13:07 -0000 Can someone make an patch for dummynet, so an user can't get maximum bandwith. Queue work great for sharing same bandwidth, but an user can get much banditdth if is not used but anothers. So is wonderfull if i can put an paramaters for queue (like for pipe), to limit bandwidth: For example: ipfw pipe 1 congig bw 1mbit/s ipfw queue 1 config weight 10 pipe 1 bw 128kbits/s ipfw queue 1 config weight 15 pipe 1 bw 256kbits/s This mean that i have two queue that share same pipe. Bandwidth is given accordint with their weight but no more that value indicated by "bw" parameter. In my example queue 1 can get more than 128 kbits/s. In this mode bandwidth is well splited but an user can't get all bandidth if is alone on network. From owner-freebsd-ipfw@FreeBSD.ORG Sat Sep 17 11:18:17 2005 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6392616A41F for ; Sat, 17 Sep 2005 11:18:17 +0000 (GMT) (envelope-from tataz@tataz.chchile.org) Received: from smtp3-g19.free.fr (smtp3-g19.free.fr [212.27.42.29]) by mx1.FreeBSD.org (Postfix) with ESMTP id 06E4A43D48 for ; Sat, 17 Sep 2005 11:18:16 +0000 (GMT) (envelope-from tataz@tataz.chchile.org) Received: from tatooine.tataz.chchile.org (vol75-8-82-233-239-98.fbx.proxad.net [82.233.239.98]) by smtp3-g19.free.fr (Postfix) with ESMTP id 6CC133DF1; Sat, 17 Sep 2005 13:18:15 +0200 (CEST) Received: by tatooine.tataz.chchile.org (Postfix, from userid 1000) id AA1CC405C; Sat, 17 Sep 2005 13:18:17 +0200 (CEST) Date: Sat, 17 Sep 2005 13:18:17 +0200 From: Jeremie Le Hen To: vladone Message-ID: <20050917111817.GG51142@obiwan.tataz.chchile.org> References: <1126236392.20050901000512@spaingsm.com> <200509151332.j8FDWoqd035125@lurza.secnetix.de> <20050916122751.GC51142@obiwan.tataz.chchile.org> <1352090989.20050917130747@spaingsm.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1352090989.20050917130747@spaingsm.com> User-Agent: Mutt/1.5.9i Cc: freebsd-ipfw@freebsd.org Subject: Re: in via or in recv X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Sep 2005 11:18:17 -0000 > U speak in this explanation about "outgoing path" or "incoming path". > How i can find when i have an situation or another? > U say: "If the packet is on the outgoing path ....", so need to know > when the packet is on "outgoing path" or "incoming path". How know > that? The incoming path is when the packet just entered the network stack, after being received on the network adapter ; at this time, it has not been routed yet. Conversely, the outgoing path is when the packet has been routed by the network stack, just before giving it to the network adapter. Let's do some ASCII art : +-------------+ | FreeBSD box | +---------------------+ | | | Network | | stack | | | | | | [ROUTING] | | | | | fxp0 ^ v sis0 ...->---#---->---+ +-->-----#---->-... | | |incoming outgoing| | path path | +---------------------+ % ipfw add allow ip from any to any recv fxp0 xmit sis0 This rule will apply on the outgoing path (because of "xmit") and will let through all packets that arrived on fxp0 and then leave through sis0. If you have a third interface, let's say em0, then packets leaving through sis0 but that has come through the latter won't match this rule. I hope this help you to understand. I will make my webpage more precise on this. Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org >