From owner-freebsd-ipfw@FreeBSD.ORG Mon Feb 7 11:07:02 2011 Return-Path: Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CAC3F10656AC for ; Mon, 7 Feb 2011 11:07:02 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 813A08FC27 for ; Mon, 7 Feb 2011 11:07:02 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p17B72QR027769 for ; Mon, 7 Feb 2011 11:07:02 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p17B7108027767 for freebsd-ipfw@FreeBSD.org; Mon, 7 Feb 2011 11:07:01 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 7 Feb 2011 11:07:01 GMT Message-Id: <201102071107.p17B7108027767@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-ipfw@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-ipfw@FreeBSD.org X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Feb 2011 11:07:02 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/153415 ipfw [ipfw] [patch] Port numbers always zero in dynamic IPF o bin/153252 ipfw [ipfw][patch] ipfw lockdown system in subsequent call o kern/153161 ipfw IPFIREWALL does not allow specify rules with ICMP code o kern/152887 ipfw [ipfw] Can not set more then 1024 buckets with buckets o kern/152113 ipfw [ipfw] page fault on 8.1-RELEASE caused by certain amo o kern/150798 ipfw [ipfw] ipfw2 fwd rule matches packets but does not do o kern/148827 ipfw [ipfw] divert broken with in-kernel ipfw o kern/148689 ipfw [ipfw] antispoof wrongly triggers on link local IPv6 a o kern/148430 ipfw [ipfw] IPFW schedule delete broken. o kern/148157 ipfw [ipfw] IPFW in kernel nat BUG found in FreeBSD 8.1-PRE o kern/148091 ipfw [ipfw] ipfw ipv6 handling broken. o kern/147720 ipfw [ipfw] ipfw dynamic rules and fwd o kern/145733 ipfw [ipfw] [patch] ipfw flaws with ipv6 fragments o kern/145305 ipfw [ipfw] ipfw problems, panics, data corruption, ipv6 so o kern/144269 ipfw [ipfw] problem with ipfw tables o kern/144187 ipfw [ipfw] deadlock using multiple ipfw nat and multiple l o kern/143973 ipfw [ipfw] [panic] ipfw forward option causes kernel reboo o kern/143653 ipfw [ipfw] [patch] ipfw nat redirect_port "buf is too smal o kern/143621 ipfw [ipfw] [dummynet] [patch] dummynet and vnet use result o kern/143474 ipfw [ipfw] ipfw table contains the same address f kern/142951 ipfw [dummynet] using pipes&queues gives OUCH! pipe should o kern/139581 ipfw [ipfw] "ipfw pipe" not limiting bandwidth o kern/139226 ipfw [ipfw] install_state: entry already present, done o kern/137346 ipfw [ipfw] ipfw nat redirect_proto is broken o kern/137232 ipfw [ipfw] parser troubles o kern/136695 ipfw [ipfw] [patch] fwd reached after skipto in dynamic rul o kern/135476 ipfw [ipfw] IPFW table breaks after adding a large number o o bin/134975 ipfw [patch] ipfw(8) can't work with set in rule file. o kern/131817 ipfw [ipfw] blocks layer2 packets that should not be blocke o kern/131601 ipfw [ipfw] [panic] 7-STABLE panic in nat_finalise (tcp=0) o kern/131558 ipfw [ipfw] Inconsistent "via" ipfw behavior o bin/130132 ipfw [patch] ipfw(8): no way to get mask from ipfw pipe sho o kern/129103 ipfw [ipfw] IPFW check state does not work =( o kern/129093 ipfw [ipfw] ipfw nat must not drop packets o kern/129036 ipfw [ipfw] 'ipfw fwd' does not change outgoing interface n o kern/128260 ipfw [ipfw] [patch] ipfw_divert damages IPv6 packets o kern/127230 ipfw [ipfw] [patch] Feature request to add UID and/or GID l o kern/127209 ipfw [ipfw] IPFW table become corrupted after many changes o bin/125370 ipfw [ipfw] [patch] increase a line buffer limit o conf/123119 ipfw [patch] rc script for ipfw does not handle IPv6 o kern/122963 ipfw [ipfw] tcpdump does not show packets redirected by 'ip o kern/122109 ipfw [ipfw] ipfw nat traceroute problem s kern/121807 ipfw [request] TCP and UDP port_table in ipfw o kern/121382 ipfw [dummynet] 6.3-RELEASE-p1 page fault in dummynet (corr o kern/121122 ipfw [ipfw] [patch] add support to ToS IP PRECEDENCE fields o kern/118993 ipfw [ipfw] page fault - probably it's a locking problem o bin/117214 ipfw ipfw(8) fwd with IPv6 treats input as IPv4 o kern/116009 ipfw [ipfw] [patch] Ignore errors when loading ruleset from o docs/113803 ipfw [patch] ipfw(8) - don't get bitten by the fwd rule o kern/112561 ipfw [ipfw] ipfw fwd does not work with some TCP packets o kern/105330 ipfw [ipfw] [patch] ipfw (dummynet) does not allow to set q o bin/104921 ipfw [patch] ipfw(8) sometimes treats ipv6 input as ipv4 (a o kern/104682 ipfw [ipfw] [patch] Some minor language consistency fixes a o kern/103454 ipfw [ipfw] [patch] [request] add a facility to modify DF b o kern/103328 ipfw [ipfw] [request] sugestions about ipfw table o kern/102471 ipfw [ipfw] [patch] add tos and dscp support o kern/98831 ipfw [ipfw] ipfw has UDP hickups o kern/97951 ipfw [ipfw] [patch] ipfw does not tie interface details to o kern/95084 ipfw [ipfw] [regression] [patch] IPFW2 ignores "recv/xmit/v o kern/93300 ipfw [ipfw] ipfw pipe lost packets o kern/91847 ipfw [ipfw] ipfw with vlanX as the device o kern/88659 ipfw [modules] ipfw and ip6fw do not work properly as modul o kern/87032 ipfw [ipfw] [patch] ipfw ioctl interface implementation o kern/86957 ipfw [ipfw] [patch] ipfw mac logging o bin/83046 ipfw [ipfw] ipfw2 error: "setup" is allowed for icmp, but s o kern/82724 ipfw [ipfw] [patch] [request] Add setnexthop and defaultrou o bin/78785 ipfw [patch] ipfw(8) verbosity locks machine if /etc/rc.fir o kern/74104 ipfw [ipfw] ipfw2/1 conflict not detected or reported, manp o kern/73910 ipfw [ipfw] serious bug on forwarding of packets after NAT o kern/72987 ipfw [ipfw] ipfw/dummynet pipe/queue 'queue [BYTES]KBytes ( o kern/71366 ipfw [ipfw] "ipfw fwd" sometimes rewrites destination mac a o kern/69963 ipfw [ipfw] install_state warning about already existing en o kern/60719 ipfw [ipfw] Headerless fragments generate cryptic error mes o kern/55984 ipfw [ipfw] [patch] time based firewalling support for ipfw o kern/51274 ipfw [ipfw] [patch] ipfw2 create dynamic rules with parent o kern/48172 ipfw [ipfw] [patch] ipfw does not log size and flags o kern/46159 ipfw [ipfw] [patch] [request] ipfw dynamic rules lifetime f a kern/26534 ipfw [ipfw] Add an option to ipfw to log gid/uid of who cau 78 problems total. From owner-freebsd-ipfw@FreeBSD.ORG Thu Feb 10 00:34:08 2011 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D86451065672 for ; Thu, 10 Feb 2011 00:34:08 +0000 (UTC) (envelope-from nangergong@gmail.com) Received: from mail-iw0-f182.google.com (mail-iw0-f182.google.com [209.85.214.182]) by mx1.freebsd.org (Postfix) with ESMTP id A11888FC14 for ; Thu, 10 Feb 2011 00:34:08 +0000 (UTC) Received: by iwn39 with SMTP id 39so733263iwn.13 for ; Wed, 09 Feb 2011 16:34:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:date:message-id:subject:from:to :content-type; bh=y02tQU6ATDUeOCrd0sf3E2uQhJWHp6pyAfUjEhu7NHQ=; b=rME/27Jt9mM3fbPbPFWL7o7DGiBQMYFy2xvT2iFIk/v2ffrv+0CJbL+3PbV+m7QTFD nxyRV/q+pa3T5EIjEf8zcK96N4RLC3nzH9RTj51FIZq+Wj3QkrI7NR1a2fhv+uJRq+21 f2h0MX8CV0ipOZnDT5cQX2cAJQYyargxkCaHs= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=oIi8ERam3x+VlhPBYA8ZrUXa56FQ/AB+wWwwQpAuIbDIJaL1RwaPbe7b0X7JTgLzYB P6vbnHPuf1VIa5UYKQvvEFIGMSlub06138Ab1029po/nQQHfejN3QUTRDwtRpntMzhCR U3qI6b6iOc/dordEhh4n/OqqoYAyyUHEElJgw= MIME-Version: 1.0 Received: by 10.42.169.9 with SMTP id z9mr7183754icy.457.1297296549930; Wed, 09 Feb 2011 16:09:09 -0800 (PST) Received: by 10.42.122.4 with HTTP; Wed, 9 Feb 2011 16:09:09 -0800 (PST) Date: Thu, 10 Feb 2011 00:09:09 +0000 Message-ID: From: nangergong To: freebsd-ipfw@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: about "profile" in IPFW/dummynet X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Feb 2011 00:34:09 -0000 Hi, all: I want to use "profile" to simulate delays according to a empirical delay distribution ( the "profile" argument can be found in http://fuse4bsd.creo.hu/localcgi/man-cgi.cgi?ipfw+8) I use the following command lines and distribution.txt, and find that these command lines seem not to function. when I ping 9.161.148.72, the RTT<1ms My question is 1) can "profile" be used in windows platform 2) are there any problems in my procedures? my command lines are: ipfw pipe 1 config profile distribution.txt ipfw add 100 pipe 1 ip from 9.161.150.55 to 9.161.148.72 -------------------------------------------------------------------------------------- if I input: ipfw pipe show the result is: 00001: unlimited 0 ms burst 0 profile: name "distribution" loss 0.850000 samples 100 q131073 50 sl. 0 flows (1 buckets) sched 65537 weight 0 lmax 0 pri 0 droptail sched 65537 type FIFO flags 0x0 0 buckets 0 active the content of distribution.txt is: name distribution samples 100 loss-level 0.86 prob delay 0 200 # minimum overhead is 200ms 0.5 200 0.5 300 0.8 1000 0.9 1300 1 1300 #configuration file end From owner-freebsd-ipfw@FreeBSD.ORG Thu Feb 10 07:30:15 2011 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 25599106566C for ; Thu, 10 Feb 2011 07:30:15 +0000 (UTC) (envelope-from luigi@onelab2.iet.unipi.it) Received: from onelab2.iet.unipi.it (onelab2.iet.unipi.it [131.114.59.238]) by mx1.freebsd.org (Postfix) with ESMTP id DED0E8FC14 for ; Thu, 10 Feb 2011 07:30:14 +0000 (UTC) Received: by onelab2.iet.unipi.it (Postfix, from userid 275) id C3B20730A1; Thu, 10 Feb 2011 08:28:11 +0100 (CET) Date: Thu, 10 Feb 2011 08:28:11 +0100 From: Luigi Rizzo To: nangergong Message-ID: <20110210072811.GA41597@onelab2.iet.unipi.it> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2.3i Cc: freebsd-ipfw@freebsd.org Subject: Re: about "profile" in IPFW/dummynet X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Feb 2011 07:30:15 -0000 On Thu, Feb 10, 2011 at 12:09:09AM +0000, nangergong wrote: > Hi, all: > > I want to use "profile" to simulate delays according to a empirical delay > distribution ( the "profile" argument can be found in > http://fuse4bsd.creo.hu/localcgi/man-cgi.cgi?ipfw+8) > I use the following command lines and distribution.txt, and find that these > command lines seem not to function. when I ping 9.161.148.72, the RTT<1ms > > My question is > 1) can "profile" be used in windows platform > 2) are there any problems in my procedures? you need a non-zero bandwidth if you want to use "profile". Also, "profile" emulates an additional transmission time (think of channel arbitration and mac overheads) not propagation delay. Finally I believe profile works on all supported platforms. In general, the differences between FreeBSD/linux/windows are only in areas where certain kernel features are implemented in different ways on different platforms -- e.g. sysctl, reinjection, matching on pid/gid or other credentials, divert. cheers luigi > > > my command lines are: > > ipfw pipe 1 config profile distribution.txt > ipfw add 100 pipe 1 ip from 9.161.150.55 to 9.161.148.72 > -------------------------------------------------------------------------------------- > if I input: ipfw pipe show > > the result is: > > 00001: unlimited 0 ms burst 0 > profile: name "distribution" loss 0.850000 samples 100 > q131073 50 sl. 0 flows (1 buckets) sched 65537 weight 0 lmax 0 pri 0 > droptail > sched 65537 type FIFO flags 0x0 0 buckets 0 active > > > the content of distribution.txt is: > > name distribution > samples 100 > loss-level 0.86 > prob delay > 0 200 # minimum overhead is 200ms > 0.5 200 > 0.5 300 > 0.8 1000 > 0.9 1300 > 1 1300 > #configuration file end > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" From owner-freebsd-ipfw@FreeBSD.ORG Thu Feb 10 14:35:49 2011 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DC3DE106566B for ; Thu, 10 Feb 2011 14:35:48 +0000 (UTC) (envelope-from nangergong@gmail.com) Received: from mail-iy0-f182.google.com (mail-iy0-f182.google.com [209.85.210.182]) by mx1.freebsd.org (Postfix) with ESMTP id 8FB2B8FC1B for ; Thu, 10 Feb 2011 14:35:48 +0000 (UTC) Received: by iyb26 with SMTP id 26so1367403iyb.13 for ; Thu, 10 Feb 2011 06:35:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=uWeZdzz7BgbXrQTdo3CzmHPxq5/FvbIXFa+i2TKQWys=; b=L6vhmwmgQ4Mam1hLTAXl9qrIPLivN7kymMdU8XwEN7ggLKhtoEt4wJwELuAZ8KS6iz zXIriXYQkiuJniEU3zuF0uCjxKFE6bYAcsh9TOmKBApIpUkdUGiPtR7vhmNqAsmrg+OL kuAX5p2/Aeszk4JuNWLI9clSLffrHBeq8AunE= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=JBKOmR5dCghdshd4TDegjFZqKVQmpTS+l/eSckU5mDQd0KgKsFVLASLrZT3Rh41SEO 3zVa2g/7A4sE66FqVrK0fy77GE79aMULIMEK12fRwl/nj7nXWbLwioZEj00glq57A5lB y5FhX7wkattFLqTdefTrZWP+5qq5x31AEXLxM= MIME-Version: 1.0 Received: by 10.42.230.137 with SMTP id jm9mr23784237icb.256.1297348547645; Thu, 10 Feb 2011 06:35:47 -0800 (PST) Received: by 10.42.122.4 with HTTP; Thu, 10 Feb 2011 06:35:47 -0800 (PST) In-Reply-To: <20110210072811.GA41597@onelab2.iet.unipi.it> References: <20110210072811.GA41597@onelab2.iet.unipi.it> Date: Thu, 10 Feb 2011 14:35:47 +0000 Message-ID: From: nangergong To: Luigi Rizzo Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-ipfw@freebsd.org Subject: Re: about "profile" in IPFW/dummynet X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Feb 2011 14:35:49 -0000 thank you! I add "bw" in the distribution.txt. However, the problem remains. when I ping 9.161.148.72 from 9.161.150.55, the RTT<1ms are there any other problems? ----------------------------------------------------------- name distribution bw 2Mbit/s samples 100 loss-level 0.86 prob delay 0 200 # minimum overhead is 200ms 0.5 200 0.5 300 0.8 1000 0.9 1300 1 1300 #configuration file end On Thu, Feb 10, 2011 at 7:28 AM, Luigi Rizzo wrote: > On Thu, Feb 10, 2011 at 12:09:09AM +0000, nangergong wrote: > > Hi, all: > > > > I want to use "profile" to simulate delays according to a empirical > delay > > distribution ( the "profile" argument can be found in > > http://fuse4bsd.creo.hu/localcgi/man-cgi.cgi?ipfw+8) > > I use the following command lines and distribution.txt, and find that > these > > command lines seem not to function. when I ping 9.161.148.72, the > RTT<1ms > > > > My question is > > 1) can "profile" be used in windows platform > > 2) are there any problems in my procedures? > > you need a non-zero bandwidth if you want to use "profile". > Also, "profile" emulates an additional transmission time > (think of channel arbitration and mac overheads) > not propagation delay. > > Finally I believe profile works on all supported platforms. > In general, the differences between FreeBSD/linux/windows are > only in areas where certain kernel features are implemented > in different ways on different platforms -- e.g. sysctl, > reinjection, matching on pid/gid or other credentials, divert. > > cheers > luigi > > > > > > my command lines are: > > > > ipfw pipe 1 config profile distribution.txt > > ipfw add 100 pipe 1 ip from 9.161.150.55 to 9.161.148.72 > > > -------------------------------------------------------------------------------------- > > if I input: ipfw pipe show > > > > the result is: > > > > 00001: unlimited 0 ms burst 0 > > profile: name "distribution" loss 0.850000 samples 100 > > q131073 50 sl. 0 flows (1 buckets) sched 65537 weight 0 lmax 0 pri 0 > > droptail > > sched 65537 type FIFO flags 0x0 0 buckets 0 active > > > > > > the content of distribution.txt is: > > > > name distribution > > samples 100 > > loss-level 0.86 > > prob delay > > 0 200 # minimum overhead is 200ms > > 0.5 200 > > 0.5 300 > > 0.8 1000 > > 0.9 1300 > > 1 1300 > > #configuration file end > > _______________________________________________ > > freebsd-ipfw@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" > From owner-freebsd-ipfw@FreeBSD.ORG Thu Feb 10 15:47:48 2011 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DBF9C1065693 for ; Thu, 10 Feb 2011 15:47:47 +0000 (UTC) (envelope-from esolvepolito@gmail.com) Received: from mail-fx0-f54.google.com (mail-fx0-f54.google.com [209.85.161.54]) by mx1.freebsd.org (Postfix) with ESMTP id 732D78FC24 for ; Thu, 10 Feb 2011 15:47:47 +0000 (UTC) Received: by fxm16 with SMTP id 16so1608392fxm.13 for ; Thu, 10 Feb 2011 07:47:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:date:message-id:subject:from:to :content-type; bh=EDCwIyIz1eJ5HT4Ap5L41fF2pgUTcD042L99cKwSE/0=; b=FmNsvf/N8TH4ZNzenSDV+rlyOKU4/KCDp/3ePnrt9PhbJP2oNKQWh8AK5dRa6dThHm EzTaJOWY25lXGEv+MYFtnb+xgSQ4bpoU/dQuo2eguWkJc4VWI/AZxJZrmAaKIJ0Orhq2 VMEN4kMuZNwHEeSjm70cqQkd7g5tx7ES7W/dU= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=hUZgfCgpnEurysUn+T8kR1Ccm2TOZJ8hm7mGOutXc9COA4ps/A20hJ1HevWMb4yHLI 10ARZg530G1jg3TS59LNSSPpP/JovBfTVjXZP3DrYGei8fqIuMv5iRHboX+yxvSbwiTi wFaC23ndue8v+Fib6C4HKwvTswgX8oImNoLVM= MIME-Version: 1.0 Received: by 10.223.101.199 with SMTP id d7mr19121020fao.65.1297351110053; Thu, 10 Feb 2011 07:18:30 -0800 (PST) Received: by 10.223.86.80 with HTTP; Thu, 10 Feb 2011 07:18:29 -0800 (PST) Date: Thu, 10 Feb 2011 15:18:29 +0000 Message-ID: From: esolve esolve To: freebsd-ipfw@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: about installation of Dummynet X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Feb 2011 15:47:48 -0000 Hi,all; I have problem in installing Dummynet, can anyone give me some instruction. I want to install dummynet on a remote machine, whose version is as follows: ----------------------------------------------------------- suttas1:~ # lsb_release -a LSB Version: core-2.0-noarch:core-3.0-noarch:core-2.0-ia32:core-3.0-ia32:desktop-3.1-ia32:desktop-3.1-noarch:graphics-2.0-ia32:graphics-2.0-noarch:graphics-3.1-ia32:graphics-3.1-noarch Distributor ID: SUSE LINUX Description: SUSE Linux Enterprise Server 10 (i586) Release: 10 Codename: n/a suttas1:~ # cat /etc/issue Welcome to SUSE Linux Enterprise Server 10 SP2 (i586) - Kernel \r (\l). -------------------------------------------------------------- I want to install dummynet using the following command lines: insmod ./dummynet2/ipfw_mod.ko cp ipfw/ipfw /usr/local/sbin REMOVE: rmmod ipfw_mod.ko I downloaded Source code and tools, 20100319 however, I can't find ipfw_mod.ko and then I download Linux modulerev. 20100218 for Debian GNU/Linux 5.0 lenny (2.6.26-1-686) and the results are: ---------------------------------------------------------------- suttas1:/esolve/dummynet # sudo insmod ipfw_mod.ko insmod: error inserting 'ipfw_mod.ko': -1 Invalid module format ----------------------------------------------------------------- From owner-freebsd-ipfw@FreeBSD.ORG Sat Feb 12 03:02:12 2011 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 012681065670 for ; Sat, 12 Feb 2011 03:02:12 +0000 (UTC) (envelope-from jmattax@storytotell.org) Received: from mail.clanspum.net (twopir-2-pt.tunnel.tserv9.chi1.ipv6.he.net [IPv6:2001:470:1f10:1b9::2]) by mx1.freebsd.org (Postfix) with ESMTP id A81A28FC15 for ; Sat, 12 Feb 2011 03:02:11 +0000 (UTC) Received: from [192.168.0.15] (71-37-153-101.albq.qwest.net [71.37.153.101]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mail.clanspum.net (Postfix) with ESMTPSA id 40F1F17C2CF for ; Fri, 11 Feb 2011 21:03:35 -0600 (CST) Message-ID: <4D55F832.7010604@storytotell.org> Date: Fri, 11 Feb 2011 20:02:10 -0700 From: Jason Mattax User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20110108 Lightning/1.0b3pre Thunderbird/3.1.7 MIME-Version: 1.0 To: freebsd-ipfw@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Strange problem X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Feb 2011 03:02:12 -0000 I'm currently running 8.1-RELEASE-p2 and attempting to set up a firewall with natd and ipfw. I was trying a more complicated ipfw script and had some problems. I reduced my rule set to the smallest sets I could manage to find the exact rule that causes problems. xl0 is my world facing interface and re0 faces my internal network. The working ruleset is $ipfw list 00050 allow ip from any to any via lo0 00100 divert 8668 log ip from any to any in via xl0 10000 divert 8668 log ip from any to any out via xl0 10005 allow ip from any to any 65535 allow ip from any to any With this I get a log containing $tail ipfw.log Feb 10 20:37:53 stilgar kernel: ipfw: 100 Divert 8668 TCP 192.168.0.15:60569 192.168.0.10:22 in via xl0 Feb 10 20:37:54 stilgar kernel: ipfw: 100 Divert 8668 TCP 192.168.0.15:60569 192.168.0.10:22 in via xl0 Feb 10 20:37:54 stilgar kernel: ipfw: 10000 Divert 8668 TCP 192.168.0.10:22 192.168.0.15:60569 out via xl0 Feb 10 20:37:54 stilgar kernel: ipfw: 100 Divert 8668 TCP 192.168.0.15:60569 192.168.0.10:22 in via xl0 Feb 10 20:37:54 stilgar kernel: ipfw: 100 Divert 8668 TCP 192.168.0.15:60569 192.168.0.10:22 in via xl0 Feb 10 20:37:54 stilgar kernel: ipfw: 10000 Divert 8668 TCP 192.168.0.10:22 192.168.0.15:60569 out via xl0 Feb 10 20:37:54 stilgar kernel: ipfw: 100 Divert 8668 TCP 192.168.0.15:60569 192.168.0.10:22 in via xl0 Feb 10 20:37:54 stilgar kernel: ipfw: 100 Divert 8668 TCP 192.168.0.15:60569 192.168.0.10:22 in via xl0 Feb 10 20:37:54 stilgar kernel: ipfw: 10000 Divert 8668 TCP 192.168.0.10:22 192.168.0.15:60569 out via xl0 Feb 10 20:37:54 stilgar kernel: ipfw: 100 Divert 8668 TCP 192.168.0.15:60569 192.168.0.10:22 in via xl0 Both of the diverts are working and machines attached to the internal nic can communicate through the computer. Now because I would like to be able to drop some packets I'm going to add a skip, since eventually that will get me where I want to be. This just adds rule 00310 which skips over no rules all the time $ipfw list 00050 allow ip from any to any via lo0 00100 divert 8668 log ip from any to any in via xl0 00310 skipto 9999 log ip from any to any 10000 divert 8668 log ip from any to any out via xl0 10005 allow ip from any to any 65535 allow ip from any to any Now the log contains $tail ipfw.log Feb 10 20:36:45 stilgar kernel: ipfw: 100 Divert 8668 TCP 192.168.0.15:60569 192.168.0.10:22 in via xl0 Feb 10 20:36:45 stilgar kernel: ipfw: 310 SkipTo 9999 TCP 192.168.0.15:60569 192.168.0.10:22 in via xl0 Feb 10 20:36:45 stilgar kernel: ipfw: 310 SkipTo 9999 TCP 192.168.0.10:22 192.168.0.15:60569 out via xl0 Feb 10 20:36:45 stilgar kernel: ipfw: 100 Divert 8668 TCP 192.168.0.15:60569 192.168.0.10:22 in via xl0 Feb 10 20:36:45 stilgar kernel: ipfw: 310 SkipTo 9999 TCP 192.168.0.15:60569 192.168.0.10:22 in via xl0 Feb 10 20:36:45 stilgar kernel: ipfw: 100 Divert 8668 TCP 192.168.0.15:60569 192.168.0.10:22 in via xl0 Feb 10 20:36:45 stilgar kernel: ipfw: 310 SkipTo 9999 TCP 192.168.0.15:60569 192.168.0.10:22 in via xl0 Feb 10 20:36:45 stilgar kernel: ipfw: 310 SkipTo 9999 TCP 192.168.0.10:22 192.168.0.15:60569 out via xl0 Feb 10 20:36:45 stilgar kernel: ipfw: 100 Divert 8668 TCP 192.168.0.15:60569 192.168.0.10:22 in via xl0 Feb 10 20:36:45 stilgar kernel: ipfw: 310 SkipTo 9999 TCP 192.168.0.15:60569 192.168.0.10:22 in via xl0 Rules 100 and 310 are being hit, but rule 10000 is no longer triggering. This means that my outgoing packets aren't having their source address rewritten so I don't get responses (and put unrouteable traffic on the internet.) Can anyone explain to me what I'm doing wrong here? Jason Mattax -- Jason Mattax 575-418-1791 jmattax@storytotell.org From owner-freebsd-ipfw@FreeBSD.ORG Sat Feb 12 05:00:18 2011 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E6A64106564A for ; Sat, 12 Feb 2011 05:00:17 +0000 (UTC) (envelope-from nuno@diogonet.com) Received: from mail-fx0-f54.google.com (mail-fx0-f54.google.com [209.85.161.54]) by mx1.freebsd.org (Postfix) with ESMTP id 7CAEB8FC0A for ; Sat, 12 Feb 2011 05:00:16 +0000 (UTC) Received: by fxm16 with SMTP id 16so3708722fxm.13 for ; Fri, 11 Feb 2011 21:00:16 -0800 (PST) MIME-Version: 1.0 Received: by 10.223.86.13 with SMTP id q13mr6659029fal.53.1297383832619; Thu, 10 Feb 2011 16:23:52 -0800 (PST) Received: by 10.223.107.19 with HTTP; Thu, 10 Feb 2011 16:23:52 -0800 (PST) In-Reply-To: References: <20110210072811.GA41597@onelab2.iet.unipi.it> Date: Thu, 10 Feb 2011 19:23:52 -0500 Message-ID: From: Nuno Diogo To: nangergong Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: freebsd-ipfw@freebsd.org, Luigi Rizzo Subject: Re: about "profile" in IPFW/dummynet X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Feb 2011 05:00:18 -0000 Just wanted to highlight Luigis point that the profile method of adding delay, refers to MAC overhead delay not latency/RTT. I asked him about this a while ago when I was trying to do doing what you are doing, and what you'll find is that application performance with 200-1300ms profile delay will be MUCH worse than with 200-1300 propagation delay. This is because with profile, the delay is applied before the packet gets queued in the pipe, making the hop unavailable for that amount of time, while the 'normal' delay setting is applied after the packet is queued in the pipe, simulating delays that occur after the packet leaves the bottleneck. Unfortunately I still haven't found a good way to emulate variable RTT with dummynet. On Thu, Feb 10, 2011 at 9:35 AM, nangergong wrote: > thank you! > I add "bw" in the distribution.txt. However, the problem remains. > when I ping 9.161.148.72 from 9.161.150.55, the RTT<1ms > are there any other problems? > > > ----------------------------------------------------------- > name =A0 =A0distribution > bw 2Mbit/s > samples 100 > loss-level 0.86 > prob =A0 =A0delay > 0 =A0 =A0 =A0 200 =A0 =A0 # minimum overhead is 200ms > 0.5 =A0 =A0 200 > 0.5 =A0 =A0 300 > 0.8 =A0 =A0 1000 > 0.9 =A0 =A0 1300 > 1 =A0 =A0 =A0 1300 > #configuration file end > > > > > On Thu, Feb 10, 2011 at 7:28 AM, Luigi Rizzo wrote: > >> On Thu, Feb 10, 2011 at 12:09:09AM +0000, nangergong wrote: >> > Hi, all: >> > >> > =A0 =A0I want to use "profile" to simulate delays according to a empir= ical >> delay >> > distribution ( the "profile" argument can be found in >> > http://fuse4bsd.creo.hu/localcgi/man-cgi.cgi?ipfw+8) >> > I use the following command lines and distribution.txt, and find that >> these >> > command lines seem not to =A0function. when I ping 9.161.148.72, the >> RTT<1ms >> > >> > My question is >> > 1) can "profile" be used in windows platform >> > 2) are there any problems in my procedures? >> >> you need a non-zero bandwidth if you want to use "profile". >> Also, "profile" emulates an additional transmission time >> (think of channel arbitration and mac overheads) >> not propagation delay. >> >> Finally I believe profile works on all supported platforms. >> In general, the differences between FreeBSD/linux/windows are >> only in areas where certain kernel features are implemented >> in different ways on different platforms -- e.g. sysctl, >> reinjection, matching on pid/gid or other credentials, divert. >> >> cheers >> luigi >> > >> > >> > my command lines are: >> > >> > ipfw pipe 1 config profile distribution.txt >> > ipfw add 100 pipe 1 ip from 9.161.150.55 to 9.161.148.72 >> > >> ------------------------------------------------------------------------= -------------- >> > if I input: ipfw pipe show >> > >> > the result is: >> > >> > 00001: unlimited =A0 =A0 =A0 =A0 0 ms burst 0 >> > =A0 =A0 =A0 =A0 =A0profile: name "distribution" loss 0.850000 samples = 100 >> > q131073 =A050 sl. 0 flows (1 buckets) sched 65537 weight 0 lmax 0 pri = 0 >> > droptail >> > =A0sched 65537 type FIFO flags 0x0 0 buckets 0 active >> > >> > >> > the content of distribution.txt is: >> > >> > name =A0 =A0distribution >> > samples 100 >> > loss-level =A0 =A00.86 >> > prob =A0 =A0delay >> > 0 =A0 =A0 =A0 200 =A0 =A0 # minimum overhead is 200ms >> > 0.5 =A0 =A0 200 >> > 0.5 =A0 =A0 300 >> > 0.8 =A0 =A0 1000 >> > 0.9 =A0 =A0 1300 >> > 1 =A0 =A0 =A0 1300 >> > #configuration file end >> > _______________________________________________ >> > freebsd-ipfw@freebsd.org mailing list >> > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw >> > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org= " >> > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" > --=20 ---------------------------------------------------------------------------= ---------------------- Nuno Diogo From owner-freebsd-ipfw@FreeBSD.ORG Sat Feb 12 06:39:44 2011 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 44B261065670 for ; Sat, 12 Feb 2011 06:39:44 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16]) by mx1.freebsd.org (Postfix) with ESMTP id 23C2B8FC19 for ; Sat, 12 Feb 2011 06:39:43 +0000 (UTC) Received: from julian-mac.elischer.org (home-nat.elischer.org [67.100.89.137]) (authenticated bits=0) by vps1.elischer.org (8.14.4/8.14.4) with ESMTP id p1C6de4i072863 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Fri, 11 Feb 2011 22:39:42 -0800 (PST) (envelope-from julian@freebsd.org) Message-ID: <4D562B37.7000402@freebsd.org> Date: Fri, 11 Feb 2011 22:39:51 -0800 From: Julian Elischer User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.4; en-US; rv:1.9.2.13) Gecko/20101207 Thunderbird/3.1.7 MIME-Version: 1.0 To: Jason Mattax References: <4D55F832.7010604@storytotell.org> In-Reply-To: <4D55F832.7010604@storytotell.org> Content-Type: text/plain; charset=windows-1251; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-ipfw@freebsd.org Subject: Re: Strange problem X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Feb 2011 06:39:44 -0000 On 2/11/11 7:02 PM, Jason Mattax wrote: > I'm currently running 8.1-RELEASE-p2 and attempting to set up a firewall > with natd and ipfw. I was trying a more complicated ipfw script and had > some problems. I reduced my rule set to the smallest sets I could manage > to find the exact rule that causes problems. xl0 is my world facing > interface and re0 faces my internal network. The working ruleset is > > $ipfw list > > 00050 allow ip from any to any via lo0 > 00100 divert 8668 log ip from any to any in via xl0 > 10000 divert 8668 log ip from any to any out via xl0 > 10005 allow ip from any to any > 65535 allow ip from any to any > > With this I get a log containing > > $tail ipfw.log > Feb 10 20:37:53 stilgar kernel: ipfw: 100 Divert 8668 TCP > 192.168.0.15:60569 192.168.0.10:22 in via xl0 > Feb 10 20:37:54 stilgar kernel: ipfw: 100 Divert 8668 TCP > 192.168.0.15:60569 192.168.0.10:22 in via xl0 > Feb 10 20:37:54 stilgar kernel: ipfw: 10000 Divert 8668 TCP > 192.168.0.10:22 192.168.0.15:60569 out via xl0 > Feb 10 20:37:54 stilgar kernel: ipfw: 100 Divert 8668 TCP > 192.168.0.15:60569 192.168.0.10:22 in via xl0 > Feb 10 20:37:54 stilgar kernel: ipfw: 100 Divert 8668 TCP > 192.168.0.15:60569 192.168.0.10:22 in via xl0 > Feb 10 20:37:54 stilgar kernel: ipfw: 10000 Divert 8668 TCP > 192.168.0.10:22 192.168.0.15:60569 out via xl0 > Feb 10 20:37:54 stilgar kernel: ipfw: 100 Divert 8668 TCP > 192.168.0.15:60569 192.168.0.10:22 in via xl0 > Feb 10 20:37:54 stilgar kernel: ipfw: 100 Divert 8668 TCP > 192.168.0.15:60569 192.168.0.10:22 in via xl0 > Feb 10 20:37:54 stilgar kernel: ipfw: 10000 Divert 8668 TCP > 192.168.0.10:22 192.168.0.15:60569 out via xl0 > Feb 10 20:37:54 stilgar kernel: ipfw: 100 Divert 8668 TCP > 192.168.0.15:60569 192.168.0.10:22 in via xl0 > > Both of the diverts are working and machines attached to the internal nic can communicate through the computer. Now because I would like to be able to drop some packets I'm going to add a skip, since eventually that will get me where I want to be. This just adds rule 00310 which skips over no rules all the time > > $ipfw list > 00050 allow ip from any to any via lo0 > 00100 divert 8668 log ip from any to any in via xl0 > 00310 skipto 9999 log ip from any to any > 10000 divert 8668 log ip from any to any out via xl0 > 10005 allow ip from any to any > 65535 allow ip from any to any > > Now the log contains > $tail ipfw.log > Feb 10 20:36:45 stilgar kernel: ipfw: 100 Divert 8668 TCP > 192.168.0.15:60569 192.168.0.10:22 in via xl0 > Feb 10 20:36:45 stilgar kernel: ipfw: 310 SkipTo 9999 TCP > 192.168.0.15:60569 192.168.0.10:22 in via xl0 > Feb 10 20:36:45 stilgar kernel: ipfw: 310 SkipTo 9999 TCP > 192.168.0.10:22 192.168.0.15:60569 out via xl0 > Feb 10 20:36:45 stilgar kernel: ipfw: 100 Divert 8668 TCP > 192.168.0.15:60569 192.168.0.10:22 in via xl0 > Feb 10 20:36:45 stilgar kernel: ipfw: 310 SkipTo 9999 TCP > 192.168.0.15:60569 192.168.0.10:22 in via xl0 > Feb 10 20:36:45 stilgar kernel: ipfw: 100 Divert 8668 TCP > 192.168.0.15:60569 192.168.0.10:22 in via xl0 > Feb 10 20:36:45 stilgar kernel: ipfw: 310 SkipTo 9999 TCP > 192.168.0.15:60569 192.168.0.10:22 in via xl0 > Feb 10 20:36:45 stilgar kernel: ipfw: 310 SkipTo 9999 TCP > 192.168.0.10:22 192.168.0.15:60569 out via xl0 > Feb 10 20:36:45 stilgar kernel: ipfw: 100 Divert 8668 TCP > 192.168.0.15:60569 192.168.0.10:22 in via xl0 > Feb 10 20:36:45 stilgar kernel: ipfw: 310 SkipTo 9999 TCP > 192.168.0.15:60569 192.168.0.10:22 in via xl0 > > Rules 100 and 310 are being hit, but rule 10000 is no longer triggering. This means that my outgoing packets aren't having their source address rewritten so I don't get responses (and put unrouteable traffic on the internet.) Can anyone explain to me what I'm doing wrong here? that is rather odd.. BTW I tend to never use VIA be explicit and say recv or xmit. via may trigger in places you don't expect I also always use skipto to split my rules into comletely separate receive and transmit sections e.g. (very simplistic set).. 100 skipto 1000 ip from any to any in recv xl0 110 skipto 2000 ip from any to any out xmit xl0 # allow unfettered access for packets from the inside, 120 allow ip from any to any # # Now we handle incoming packets only 1000 drop ip from any to not $localIP 1010 divert 8668 ip from any to any # packets here have been translated.. # make explicit rules for services on this machine 1020 allow tcp from any to me 22 1030 drip ip from any to $localIP # assumign natd did its job allow translated packets out. 1040 allow ip from any to any # # Now do outgoing packets 2000 divert 8668 ip from any to any #packets are all translated now 2010 allow ip from any to any > Jason Mattax > > > > > > > >