Date: Wed, 19 Apr 2000 15:02:30 +0200 (CEST) From: Luigi Rizzo <luigi@info.iet.unipi.it> To: Jaye Mathisen <mrcpu@internetcds.com> Cc: freebsd-net@FreeBSD.ORG Subject: Re: IPFW comments, and a question... Message-ID: <200004191302.PAA04241@info.iet.unipi.it> In-Reply-To: <Pine.BSF.4.21.0004190337580.7199-100000@schizo.cdsnet.net> from Jaye Mathisen at "Apr 19, 2000 03:43:23 am"
next in thread | previous in thread | raw e-mail | index | archive | help
> Any reason the rule increment # can't be changed to something smaller like > 10, or 20, rather than 100? If you add a lot of rules, you can burn up > good size chunk of the available space in a hurry, even though it's pretty > sparsely used. you should just not rely on automatic numbering, especially for very large rulesets where you most likely want to use "skipto" rules and thus you need to number rules yourself. > 1) Everything passing through dummynet seems Peachy keeno, except ICMP > traffic seems to pick up 40-50ms of delay, yet there's no delay configured > on anything icmp related. Normal TCP/UDP traffic is going through fine. not sure what you mean but remember that passing packets through a bandwidth limiter implicitly causes a delay proportional to pkt_size/bandwidth. ping -s <some size> will show the effect (and if you don't have options HZ=1000 in your kernel, you will have these times rounded to the 10ms timer tick. > 2) Are all pipe rules scanned before pass/deny rules? Because when > configuring a lot of pipes, there seems to be no way to assign rule > numbers to a pipe, which makes figuring out where pass/deny rules should > go if the number of pipes change. rules are scanned in the order they are written (modulo skipto rules). Pipe numbers are just "names" assigned to the pipes. i don't understand what you mean by "assign rule numbers to a pipe", the logic is exactly the contrary, it is rules which forward packets to a given pipe whose name just happens to be a string of digits. cheers luigi -----------------------------------+------------------------------------- Luigi RIZZO, luigi@iet.unipi.it . Dip. di Ing. dell'Informazione http://www.iet.unipi.it/~luigi/ . Universita` di Pisa TEL/FAX: +39-050-568.533/522 . via Diotisalvi 2, 56126 PISA (Italy) Mobile +39-347-0373137 -----------------------------------+------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200004191302.PAA04241>