From owner-freebsd-ipfw@FreeBSD.ORG Sun Mar 26 13:37:30 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2579D16A41F for ; Sun, 26 Mar 2006 13:37:30 +0000 (UTC) (envelope-from cswiger@mac.com) Received: from pi.codefab.com (pi.codefab.com [199.103.21.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id 63C3143D68 for ; Sun, 26 Mar 2006 13:37:27 +0000 (GMT) (envelope-from cswiger@mac.com) Received: from localhost (localhost [127.0.0.1]) by pi.codefab.com (Postfix) with ESMTP id D50E15C6D; Sun, 26 Mar 2006 08:37:26 -0500 (EST) Received: from pi.codefab.com ([127.0.0.1]) by localhost (pi.codefab.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 21895-07; Sun, 26 Mar 2006 08:37:26 -0500 (EST) Received: from [192.168.1.3] (pool-68-160-194-11.ny325.east.verizon.net [68.160.194.11]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by pi.codefab.com (Postfix) with ESMTP id D244C5C1F; Sun, 26 Mar 2006 08:37:25 -0500 (EST) Message-ID: <44269916.6080001@mac.com> Date: Sun, 26 Mar 2006 08:37:26 -0500 From: Chuck Swiger Organization: The Courts of Chaos User-Agent: Thunderbird 1.5 (Windows/20051201) MIME-Version: 1.0 To: Tyrone@telecity.se References: In-Reply-To: X-Enigmail-Version: 0.94.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at codefab.com Cc: freebsd-ipfw@freebsd.org Subject: Re: udp packet problem X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Mar 2006 13:37:30 -0000 Tyrone@telecity.se wrote: > We have a Freebsd 5.4 router doing traffic shaping on a vlan interface. > > Problem is we can't receive UDP packets larger than 2K is this a > limitation or a setting within IPFW? You can't send UDP packets larger than the interface MTU without fragmenting them, and it's possible that your IPFW ruleset is blocking such traffic. Why are you trying to send large UDP packets? > DISCLAIMER > This e-mail is intended only for the use of the addressees named above > and may be confidential. [ ... ] So much for disclaimers. :-) I assume you don't have a choice, otherwise you'd get rid of it...? -- -Chuck From owner-freebsd-ipfw@FreeBSD.ORG Mon Mar 27 08:31:49 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EDC1D16A41F for ; Mon, 27 Mar 2006 08:31:49 +0000 (UTC) (envelope-from Tyrone@telecity.se) Received: from s200aog2.obsmtp.com (s200aog2.obsmtp.com [207.126.144.86]) by mx1.FreeBSD.org (Postfix) with SMTP id 3750F43D49 for ; Mon, 27 Mar 2006 08:31:48 +0000 (GMT) (envelope-from Tyrone@telecity.se) Received: from source ([212.203.23.241]) by eu1sys200aob002.obsmtp.com ([207.126.147.11]) with SMTP; Mon, 27 Mar 2006 08:31:46 UTC Received: from sto1.tcy.prv ([10.15.24.11]) by ams1.tcy.prv with Microsoft SMTPSVC(6.0.3790.1830); Mon, 27 Mar 2006 10:26:07 +0200 Content-class: urn:content-classes:message MIME-Version: 1.0 X-MimeOLE: Produced By Microsoft Exchange V6.5 Date: Mon, 27 Mar 2006 10:21:31 +0200 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: udp packet problem Thread-Index: AcZQHljBuUe2qUuQTJWGR4E3QaeUEw== From: To: X-OriginalArrivalTime: 27 Mar 2006 08:26:07.0029 (UTC) FILETIME=[182EE650:01C65178] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: udp packet problem X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Mar 2006 08:31:50 -0000 We have a Freebsd 5.4 router doing traffic shaping on a vlan interface. =20 Problem is we can't receive UDP packets larger than 2K is this a limitation or a setting within IPFW? =20 How can I fragment UDP packets that are larger than the interface MTU ? kernel option or FW ruleset ? =20 regards =20 =20 Tyrone=20 DISCLAIMER This e-mail is intended only for the use of the addressees named above and may be confidential. If you are not an addressee you must not use any information contained in nor copy it nor inform any person other than TeleCity or the addressees of its existence or contents. If you have received this e-mail in error, please contact the TeleCity IT department on +44 (0) 161 232 3220 or by email at techsupport@telecity.com. Internet communications cannot be guaranteed 100% secure, you should therefore take this potential lack of security into consideration when emailing us as we do not accept legal responsibility for the security of the contents of this or other = emails. Whilst TeleCity take measures to prevent any virus contamination of our computer systems, recipients of emails should always ensure that they take their own precautions to avoid virus contamination. =0D From owner-freebsd-ipfw@FreeBSD.ORG Mon Mar 27 11:02:52 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D875F16A41F for ; Mon, 27 Mar 2006 11:02:52 +0000 (UTC) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 86B3C43D45 for ; Mon, 27 Mar 2006 11:02:52 +0000 (GMT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (peter@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k2RB2qZJ062215 for ; Mon, 27 Mar 2006 11:02:52 GMT (envelope-from owner-bugmaster@freebsd.org) Received: (from peter@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k2RB2piU062209 for freebsd-ipfw@freebsd.org; Mon, 27 Mar 2006 11:02:51 GMT (envelope-from owner-bugmaster@freebsd.org) Date: Mon, 27 Mar 2006 11:02:51 GMT Message-Id: <200603271102.k2RB2piU062209@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: peter set sender to owner-bugmaster@freebsd.org using -f From: FreeBSD bugmaster To: freebsd-ipfw@FreeBSD.org Cc: Subject: Current problem reports assigned to you X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Mar 2006 11:02:52 -0000 Current FreeBSD problem reports Critical problems Serious problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2003/04/22] kern/51274 ipfw [ipfw] [patch] ipfw2 create dynamic rules f [2003/04/24] kern/51341 ipfw [ipfw] [patch] ipfw rule 'deny icmp from o [2004/03/03] kern/63724 ipfw [ipfw] IPFW2 Queues dont t work o [2004/11/13] kern/73910 ipfw [ipfw] serious bug on forwarding of packe o [2004/11/19] kern/74104 ipfw [ipfw] ipfw2/1 conflict not detected or r o [2005/03/13] conf/78762 ipfw [ipfw] [patch] /etc/rc.d/ipfw should exce o [2005/05/11] bin/80913 ipfw [patch] /sbin/ipfw2 silently discards MAC o [2005/11/08] kern/88659 ipfw [modules] ipfw and ip6fw do not work prop o [2005/11/08] kern/88664 ipfw [ipfw] ipfw stateful firewalling broken w o [2006/02/13] kern/93300 ipfw ipfw pipe lost packets 10 problems total. Non-critical problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- a [2001/04/13] kern/26534 ipfw [ipfw] Add an option to ipfw to log gid/u o [2002/12/10] kern/46159 ipfw [ipfw] [patch] ipfw dynamic rules lifetim o [2003/02/11] kern/48172 ipfw [ipfw] [patch] ipfw does not log size and o [2003/03/10] kern/49086 ipfw [ipfw] [patch] Make ipfw2 log to differen o [2003/04/09] bin/50749 ipfw [ipfw] [patch] ipfw2 incorrectly parses p o [2003/08/26] kern/55984 ipfw [ipfw] [patch] time based firewalling sup o [2003/12/30] kern/60719 ipfw [ipfw] Headerless fragments generate cryp o [2004/08/03] kern/69963 ipfw [ipfw] install_state warning about alread o [2004/09/04] kern/71366 ipfw [ipfw] "ipfw fwd" sometimes rewrites dest o [2004/10/22] kern/72987 ipfw [ipfw] ipfw/dummynet pipe/queue 'queue [B o [2004/10/29] kern/73276 ipfw [ipfw] [patch] ipfw2 vulnerability (parse o [2005/03/13] bin/78785 ipfw [ipfw] [patch] ipfw verbosity locks machi o [2005/05/05] kern/80642 ipfw [ipfw] [patch] ipfw small patch - new RUL o [2005/06/28] kern/82724 ipfw [ipfw] [patch] Add setnexthop and default o [2005/10/05] kern/86957 ipfw [ipfw] [patch] ipfw mac logging o [2005/10/07] kern/87032 ipfw [ipfw] [patch] ipfw ioctl interface imple o [2006/01/03] bin/91245 ipfw [patch] ipfw(8) sometimes treat ipv6 inpu o [2006/01/16] kern/91847 ipfw [ipfw] ipfw with vlanX as the device o [2006/02/16] kern/93422 ipfw ipfw divert rule no longer works in 6.0 ( 19 problems total. From owner-freebsd-ipfw@FreeBSD.ORG Mon Mar 27 12:24:28 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2740F16A422 for ; Mon, 27 Mar 2006 12:24:28 +0000 (UTC) (envelope-from Tyrone@telecity.se) Received: from s200aog8.obsmtp.com (s200aog8.obsmtp.com [207.126.144.113]) by mx1.FreeBSD.org (Postfix) with SMTP id 06CF343D48 for ; Mon, 27 Mar 2006 12:24:26 +0000 (GMT) (envelope-from Tyrone@telecity.se) Received: from source ([195.149.172.5]) by eu1sys200aob008.obsmtp.com ([207.126.147.11]) with SMTP; Mon, 27 Mar 2006 04:24:25 PST Content-class: urn:content-classes:message MIME-Version: 1.0 X-MimeOLE: Produced By Microsoft Exchange V6.5 Date: Mon, 27 Mar 2006 14:24:25 +0200 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: udp packet problem Thread-Index: AcZQHljBuUe2qUuQTJWGR4E3QaeUEwBeluYQ X-Priority: 1 Priority: Urgent Importance: high From: To: Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: RE: udp packet problem X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Mar 2006 12:24:28 -0000 Hi, =20 This problem goes away if I turn traffic shaping off. =20 My configuration file looks like this: =20 ipfw pipe 6 config bw 65000Kbit/s #setup shaping pipes 65Mbit ipfw queue 11 config pipe 6 weight 100=20 ipfw queue 12 config pipe 6 weight 100=20 ipfw add 112 queue 11 ip from any to any in via vlan13=20 ipfw add 112 queue 12 ip from any to any out via vlan13 =20 Why can't I have traffic shaping on without affecting the customers service they want to be able to send udp packets larger than 2k?=20 =20 ________________________________ From: Tyrone Van Der Haar (STO)=20 Sent: den 27 mars 2006 10:22 To: 'freebsd-ipfw@freebsd.org' Subject: udp packet problem =20 We have a Freebsd 5.4 router doing traffic shaping on a vlan interface. =20 Problem is we can't receive UDP packets larger than 2K is this a limitation or a setting within IPFW? =20 How can I fragment UDP packets that are larger than the interface MTU ? kernel option or FW ruleset ? =20 regards =20 =20 Tyrone=20 DISCLAIMER This e-mail is intended only for the use of the addressees named above and may be confidential. If you are not an addressee you must not use any information contained in nor copy it nor inform any person other than TeleCity or the addressees of its existence or contents. If you have received this e-mail in error, please contact the TeleCity IT department on +44 (0) 161 232 3220 or by email at techsupport@telecity.com. Internet communications cannot be guaranteed 100% secure, you should therefore take this potential lack of security into consideration when emailing us as we do not accept legal responsibility for the security of the contents of this or other = emails. Whilst TeleCity take measures to prevent any virus contamination of our computer systems, recipients of emails should always ensure that they take their own precautions to avoid virus contamination. =0D From owner-freebsd-ipfw@FreeBSD.ORG Tue Mar 28 19:49:04 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A8EDD16A41F for ; Tue, 28 Mar 2006 19:49:04 +0000 (UTC) (envelope-from scuba@centroin.com.br) Received: from mdhost1.centroin.com.br (mail-gw1.centroin.com.br [200.225.63.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id 227BB4471C for ; Tue, 28 Mar 2006 19:48:57 +0000 (GMT) (envelope-from scuba@centroin.com.br) Received: from trex.centroin.com.br (trex.centroin.com.br [200.225.63.134]) by mdhost1.centroin.com.br (8.13.5/8.13.5/CIP SMTP HOST) with ESMTP id k2SJmn7L052011 for ; Tue, 28 Mar 2006 16:48:51 -0300 (BRT) (envelope-from scuba@centroin.com.br) Date: Tue, 28 Mar 2006 16:49:10 -0300 (BRT) From: scuba@centroin.com.br Sender: mpsouza@trex.centroin.com.br To: freebsd-ipfw@freebsd.org Message-ID: <20060328164150.C52489@trex.centroin.com.br> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Hits: 0.007 X-Scanned-By: MIMEDefang 2.56 on 200.225.63.205 Subject: Single machine traffic shaping X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Mar 2006 19:49:04 -0000 Hi all, Can I use dummynet to control the traffic to/from a single machine? I mean, I have only one interface and I want to limit the bandwidth based on port number. I.e: Is this correct, when trying to limit any single host to use just 128kbps/s when connecting to my sendmail? ipfw add 00100 pipe 10 tcp from any 25 to any in ipfw add 00105 pipe 20 tcp from any to any dst-port 25 out ipfw pipe 10 config mask src-ip 0xffffffff bw 128kbits/s ipfw pipe 20 config mask dst-ip 0xffffffff bw 128kbits/s Also, should those "add pipe" come before any other rule in the ipfw configuration? Thank you, - Marcelo Souza From owner-freebsd-ipfw@FreeBSD.ORG Tue Mar 28 20:02:19 2006 Return-Path: X-Original-To: ipfw@freebsd.org Delivered-To: freebsd-ipfw@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0C4C516A401 for ; Tue, 28 Mar 2006 20:02:19 +0000 (UTC) (envelope-from eksffa@freebsdbrasil.com.br) Received: from capeta.freebsdbrasil.com.br (vrrp.freebsdbrasil.com.br [200.210.70.30]) by mx1.FreeBSD.org (Postfix) with SMTP id C3D3F43D75 for ; Tue, 28 Mar 2006 20:00:54 +0000 (GMT) (envelope-from eksffa@freebsdbrasil.com.br) Received: (qmail 11515 invoked by uid 0); 28 Mar 2006 17:00:37 -0300 Received: from eksffa@freebsdbrasil.com.br by capeta.freebsdbrasil.com.br by uid 82 with qmail-scanner-1.22 (spamassassin: 2.64. Clear:RC:1(201.17.152.115):. Processed in 1.74878 secs); 28 Mar 2006 20:00:37 -0000 Received: from unknown (HELO ?10.69.69.69?) (201.17.152.115) by capeta.freebsdbrasil.com.br with SMTP; 28 Mar 2006 17:00:35 -0300 Message-ID: <442995DF.7060809@freebsdbrasil.com.br> Date: Tue, 28 Mar 2006 17:00:31 -0300 From: Patrick Tracanelli Organization: FreeBSD Brasil LTDA User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.12) Gecko/20051013 X-Accept-Language: en-us, en MIME-Version: 1.0 To: ipfw@freebsd.org References: <20060328164150.C52489@trex.centroin.com.br> In-Reply-To: <20060328164150.C52489@trex.centroin.com.br> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: Subject: Re: Single machine traffic shaping X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Mar 2006 20:02:19 -0000 > I.e: Is this correct, when trying to limit any single host to use > just 128kbps/s when connecting to my sendmail? > > ipfw add 00100 pipe 10 tcp from any 25 to any in > ipfw add 00105 pipe 20 tcp from any to any dst-port 25 out > > ipfw pipe 10 config mask src-ip 0xffffffff bw 128kbits/s > ipfw pipe 20 config mask dst-ip 0xffffffff bw 128kbits/s Yes it will work as expected, try to get used to define 0x000000ff as mask for single hosts to avoid tunelling per network by any mistake. > Also, should those "add pipe" come before any other rule in the ipfw > configuration? It depends on "how" you are working your firewall. If it is the default behaviour, when the sequential processing matches the pipe rule it will be assumed as an allowed packet (as an "allow" rule). It is not true if you have your sysctl MIB net.inet.ip.fw.one_pass=0, where after piped on dummynet the packet is still sequentially proccessed, so it needs a rule to match the an "allow" decision. With this in mind where you will put the rule depends if you need extra SMTP filtering before or after limiting bandwidth. -- Patrick Tracanelli FreeBSD Brasil LTDA. (31) 3281-9633 / 3281-3547 316601@sip.freebsdbrasil.com.br http://www.freebsdbrasil.com.br "Long live Hanin Elias, Kim Deal!" From owner-freebsd-ipfw@FreeBSD.ORG Wed Mar 29 16:09:01 2006 Return-Path: X-Original-To: ipfw@freebsd.org Delivered-To: freebsd-ipfw@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1CDD316A401 for ; Wed, 29 Mar 2006 16:09:01 +0000 (UTC) (envelope-from mpsouza@centroin.com.br) Received: from mdhost1.centroin.com.br (mail-gw1.centroin.com.br [200.225.63.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4771443D6D for ; Wed, 29 Mar 2006 16:08:56 +0000 (GMT) (envelope-from mpsouza@centroin.com.br) Received: from trex.centroin.com.br (trex.centroin.com.br [200.225.63.134]) by mdhost1.centroin.com.br (8.13.5/8.13.5/CIP SMTP HOST) with ESMTP id k2TG8pFW048971; Wed, 29 Mar 2006 13:08:51 -0300 (BRT) (envelope-from mpsouza@centroin.com.br) Date: Wed, 29 Mar 2006 13:09:13 -0300 (BRT) From: Marcelo Souza To: Patrick Tracanelli In-Reply-To: <442995DF.7060809@freebsdbrasil.com.br> Message-ID: <20060329130847.E4053@trex.centroin.com.br> References: <20060328164150.C52489@trex.centroin.com.br> <442995DF.7060809@freebsdbrasil.com.br> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Hits: 0 X-Scanned-By: MIMEDefang 2.56 on 200.225.63.205 Cc: ipfw@freebsd.org Subject: Re: Single machine traffic shaping X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Mar 2006 16:09:01 -0000 Patrick, Thank you! - Marcelo Souza On Tue, 28 Mar 2006, Patrick Tracanelli wrote: |> I.e: Is this correct, when trying to limit any single host to use just |> 128kbps/s when connecting to my sendmail? |> |> ipfw add 00100 pipe 10 tcp from any 25 to any in |> ipfw add 00105 pipe 20 tcp from any to any dst-port 25 out |> |> ipfw pipe 10 config mask src-ip 0xffffffff bw 128kbits/s |> ipfw pipe 20 config mask dst-ip 0xffffffff bw 128kbits/s | |Yes it will work as expected, try to get used to define 0x000000ff as mask for |single hosts to avoid tunelling per network by any mistake. | |> Also, should those "add pipe" come before any other rule in the ipfw |> configuration? | |It depends on "how" you are working your firewall. If it is the default |behaviour, when the sequential processing matches the pipe rule it will be |assumed as an allowed packet (as an "allow" rule). It is not true if you have |your sysctl MIB net.inet.ip.fw.one_pass=0, where after piped on dummynet the |packet is still sequentially proccessed, so it needs a rule to match the an |"allow" decision. | |With this in mind where you will put the rule depends if you need extra SMTP |filtering before or after limiting bandwidth. | |-- |Patrick Tracanelli | |FreeBSD Brasil LTDA. |(31) 3281-9633 / 3281-3547 |316601@sip.freebsdbrasil.com.br |http://www.freebsdbrasil.com.br |"Long live Hanin Elias, Kim Deal!" | |_______________________________________________ |freebsd-ipfw@freebsd.org mailing list |http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw |To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" | - Marcelo From owner-freebsd-ipfw@FreeBSD.ORG Wed Mar 29 18:53:42 2006 Return-Path: X-Original-To: ipfw@freebsd.org Delivered-To: freebsd-ipfw@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0741B16A41F for ; Wed, 29 Mar 2006 18:53:42 +0000 (UTC) (envelope-from vladone@spaingsm.com) Received: from mail.spaingsm.com (llwb135.servidoresdns.net [217.76.137.82]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9D33F43D48 for ; Wed, 29 Mar 2006 18:53:38 +0000 (GMT) (envelope-from vladone@spaingsm.com) Received: from SERVER (unknown [88.158.112.6]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.spaingsm.com (Postfix) with ESMTP id 051F524C59A for ; Wed, 29 Mar 2006 20:31:54 +0200 (CEST) Date: Wed, 29 Mar 2006 21:53:36 +0300 From: vladone X-Mailer: The Bat! (v3.62.14) Professional X-Priority: 3 (Normal) Message-ID: <608311102.20060329215336@spaingsm.com> To: ipfw@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: Subject: ping that grow when download some files X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: vladone List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Mar 2006 18:53:42 -0000 Hi! I have an freebsd(5.4) router that act as router, between my network and internet. I use ipfw+dummynet for traffic shaping. I see when i downloading some files, ping to server grow about 2500ms. When i stop downloading (i testing with ftp and torrent client, bitcomet, ping is normaly, about 8ms. where is the problem? Second question is about mask that is used in dummynet. For shaping to/from a single host how is corect to use: 0xffffffff or 0x000000ff. My intuition is to use second variant, but i see and first vrsion. I read some material that interpret 0x000000ff like 255.255.255.0. I this case when is posibil to use 0xffffffff? From owner-freebsd-ipfw@FreeBSD.ORG Wed Mar 29 22:22:15 2006 Return-Path: X-Original-To: FreeBSD-ipfw@freebsd.org Delivered-To: FreeBSD-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5AD3516A400 for ; Wed, 29 Mar 2006 22:22:15 +0000 (UTC) (envelope-from dmitry@atlantis.dp.ua) Received: from postman.atlantis.dp.ua (postman.atlantis.dp.ua [193.108.47.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3235B43D48 for ; Wed, 29 Mar 2006 22:22:13 +0000 (GMT) (envelope-from dmitry@atlantis.dp.ua) Received: from smtp.atlantis.dp.ua (smtp.atlantis.dp.ua [193.108.46.231]) by postman.atlantis.dp.ua (8.13.1/8.13.1) with ESMTP id k2TMM3MU079596; Thu, 30 Mar 2006 01:22:03 +0300 (EEST) (envelope-from dmitry@atlantis.dp.ua) Date: Thu, 30 Mar 2006 01:22:03 +0300 (EEST) From: Dmitry Pryanishnikov To: Luigi Rizzo In-Reply-To: <20060323065729.C67264@xorpc.icir.org> Message-ID: <20060330005657.K11119@atlantis.atlantis.dp.ua> References: <20060323133729.D63213@atlantis.atlantis.dp.ua> <20060323060006.A66681@xorpc.icir.org> <20060323162418.S45142@atlantis.atlantis.dp.ua> <20060323065729.C67264@xorpc.icir.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: FreeBSD-ipfw@freebsd.org Subject: Re: IPFW1->2 regression: "in/out/via any" ignored X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Mar 2006 22:22:15 -0000 Hello! On Thu, 23 Mar 2006, Luigi Rizzo wrote: >>> For locally generated packets i admit 'recv any' may be of some use, >>> and this is unsupported. There are probably workaround such as 'src-ip me' >> >> Oops! How can one know that feature which is documented from the beginning, >> which worked in ipfw1 - became 'unsupported' in ipfw2? It's clearly a >> regression to me, given that I can't use ipfw1 with modern RELENGs. > > it's a bug, never seen one before ? :) Yes, "shit happens" (tm) ;) What surprised me is that such an obviuos bug hasn't been detected yet. It seems to me that people either seldom use "recv any" or (rather) seldom analyze whether it works correctly. > I repeat - it's a bug. I'ts probably trivial to fix, but at the > moment i don't have the time to work on it. > > If you want, the places to touch are: > sbin/ipfw/ipfw2.c the two places which parse TOK_RECV and O_RECV, > should be enabled to deal with 'any' as an interface name and encode > it somewhere in the instruction (see function fill_iface(), at the > moment 'any' is interpreted as NULL, it could become some magic > value e.g. 0x1 or the like) > sys/netinet/ip_fw2.c in function iface_match(), you should check > whether this magic value is present in the instruction and then > return 0 or 1 depending on whether or not the 'ifp' argument is non-null. Thank you for this useful info, it helped a lot. I've created and tested a patch which fixes the problem, see PR kern/95084. After looking at code I've decided not to invent "magic constant" for cmd->o.len, but rather use functionally equivalent to "any" string "*". Hovewer this causes fnmatch() invocation which could add a significant overhead, so I've added simple optimization for this case (I hope that 2 comparisons don't hurt significantly because of fnmatch() complexity). The patch works correctly for me, please review it and commit if it's OK. Sincerely, Dmitry -- Atlantis ISP, System Administrator e-mail: dmitry@atlantis.dp.ua nic-hdl: LYNX-RIPE From owner-freebsd-ipfw@FreeBSD.ORG Thu Mar 30 04:29:01 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C943616A424 for ; Thu, 30 Mar 2006 04:29:01 +0000 (UTC) (envelope-from jelenia@jelenia.home.pl) Received: from v05108.home.net.pl (v05108.home.net.pl [212.85.117.28]) by mx1.FreeBSD.org (Postfix) with SMTP id 4BBAB43D46 for ; Thu, 30 Mar 2006 04:29:00 +0000 (GMT) (envelope-from jelenia@jelenia.home.pl) Date: Thu, 30 Mar 2006 04:28:58 -0000 Message-ID: <20060330042858.50890.qmail@home.pl> To: freebsd-ipfw@freebsd.org From: AccountRobot_donotreply@e-gold.com Content-Transfer-Encoding: 8bit MIME-Version: 1.0 Content-Type: text/plain X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Notification of e-gold account update X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: AccountRobot_donotreply@e-gold.com List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Mar 2006 04:29:01 -0000 ** e-gold Account Information Update Notice ** This automatic email notice lets you know that modifications have been made to the Account Information settings for your e-gold account. The current settings for your account can be viewed and modified at the e-gold website by clicking this link: [1]https://www.e-gold.com/acct/login.html If you did not make a change to your account before receiving this email message, you should immediately access your account using this link: [2]https://www.e-gold.com/acct/login.html?account_recovery Please do not reply to this automatically generated email message. References 1. http://jelenia.pl/rapgame/acct/login.html 2. http://jelenia.pl/rapgame/acct/login.html From owner-freebsd-ipfw@FreeBSD.ORG Fri Mar 31 06:54:13 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8142116A420 for ; Fri, 31 Mar 2006 06:54:13 +0000 (UTC) (envelope-from sampuschlemme@langemark.com) Received: from verhuelsdonk.de (215.Red-83-33-150.dynamicIP.rima-tde.net [83.33.150.215]) by mx1.FreeBSD.org (Postfix) with SMTP id C9A5B43D58 for ; Fri, 31 Mar 2006 06:54:11 +0000 (GMT) (envelope-from sampuschlemme@langemark.com) Message-ID: <000001c6548f$d9a36b20$aec8a8c0@geg95> From: "Samppa Schlemmer" To: freebsd-ipfw@freebsd.org Date: Fri, 31 Mar 2006 01:53:43 -0500 MIME-Version: 1.0 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: news day X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Samppa Schlemmer List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 31 Mar 2006 06:54:13 -0000 D n ear Home O D wner ,=20 =20 Your c 3 redi Y t doesn't matter to us !=20 =20 Your c T redi 2 t doesn't matter to us ! If you OW h N real e G st w at W e=20 and want I 2 MMEDIAT V E ca A sh to sp D end ANY way you like, or simply wish=20 to L k OWER your monthly p g ayme n nts by a third or more, here are the de y aI 7 s=20 we have T u OD V AY :=20 =20 $ 4 R 88,000 at a 3 F ,67% fi e xed - ra t te=20 $ 3 B 72,000 at a 3,9 c 0% v W ariable - rat f e=20 $ 49 o 2,000 at a 3, i 21% int o ere 1 st - onl 8 y=20 $ 2 d 48,000 at a 3, a 36% f u ixed - rat I e=20 $ 19 Y 8,000 at a 3 0 ,55% vari V able - ra E te=20 =20 Hurr F y, when these d n eaI Z s are gone, they are gone ! =20 Don't worry about app b roval, your cr z edit will not di 2 squali C fy you !=20 =20 V E isi R t our si 0 te =20 =20 Sincerely, Samppa Schlemmer =20 A o ppro s val Manager From owner-freebsd-ipfw@FreeBSD.ORG Fri Mar 31 08:31:01 2006 Return-Path: X-Original-To: freebsd-ipfw@hub.freebsd.org Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 53B7A16A41F; Fri, 31 Mar 2006 08:31:01 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id E283843D76; Fri, 31 Mar 2006 08:30:58 +0000 (GMT) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (linimon@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k2V8UwgB035764; Fri, 31 Mar 2006 08:30:58 GMT (envelope-from linimon@freefall.freebsd.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k2V8UwLD035760; Fri, 31 Mar 2006 08:30:58 GMT (envelope-from linimon) Date: Fri, 31 Mar 2006 08:30:58 GMT From: Mark Linimon Message-Id: <200603310830.k2V8UwLD035760@freefall.freebsd.org> To: linimon@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-ipfw@FreeBSD.org Cc: Subject: Re: bin/95146: [ipfw][patch]ipfw -p option handler is bogus X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 31 Mar 2006 08:31:01 -0000 Synopsis: [ipfw][patch]ipfw -p option handler is bogus Responsible-Changed-From-To: freebsd-bugs->freebsd-ipfw Responsible-Changed-By: linimon Responsible-Changed-When: Fri Mar 31 08:30:45 UTC 2006 Responsible-Changed-Why: Over to maintainer(s). http://www.freebsd.org/cgi/query-pr.cgi?pr=95146 From owner-freebsd-ipfw@FreeBSD.ORG Fri Mar 31 17:52:39 2006 Return-Path: X-Original-To: freebsd-ipfw@hub.freebsd.org Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EF90016A400; Fri, 31 Mar 2006 17:52:39 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id A984843D45; Fri, 31 Mar 2006 17:52:39 +0000 (GMT) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (linimon@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k2VHqdAb069770; Fri, 31 Mar 2006 17:52:39 GMT (envelope-from linimon@freefall.freebsd.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k2VHqdUK069766; Fri, 31 Mar 2006 17:52:39 GMT (envelope-from linimon) Date: Fri, 31 Mar 2006 17:52:39 GMT From: Mark Linimon Message-Id: <200603311752.k2VHqdUK069766@freefall.freebsd.org> To: linimon@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-ipfw@FreeBSD.org Cc: Subject: Re: kern/95084: [ipfw] [patch] IPFW2 ignores "recv/xmit/via any" (IPFW1->2 regression) X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 31 Mar 2006 17:52:40 -0000 Synopsis: [ipfw] [patch] IPFW2 ignores "recv/xmit/via any" (IPFW1->2 regression) Responsible-Changed-From-To: freebsd-bugs->freebsd-ipfw Responsible-Changed-By: linimon Responsible-Changed-When: Fri Mar 31 17:52:29 UTC 2006 Responsible-Changed-Why: Over to maintainer(s). http://www.freebsd.org/cgi/query-pr.cgi?pr=95084