From owner-freebsd-ipfw@FreeBSD.ORG Wed Jan 24 00:37:14 2007 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 0A57F16A403 for ; Wed, 24 Jan 2007 00:37:14 +0000 (UTC) (envelope-from aronesimi@yahoo.com) Received: from web58610.mail.re3.yahoo.com (web58610.mail.re3.yahoo.com [68.142.236.208]) by mx1.freebsd.org (Postfix) with SMTP id C475613C467 for ; Wed, 24 Jan 2007 00:37:13 +0000 (UTC) (envelope-from aronesimi@yahoo.com) Received: (qmail 34982 invoked by uid 60001); 24 Jan 2007 00:37:13 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; b=glIY66vIdunvHPripru4ewn4g9VcwX/DNlj4wzpiYk5S1O+2rKpXB2UDEhbpEgYI7o4jEmh9n3V3thmsjWH73qu+8doSH8HKzLzoPEKG85SrUENmbLvoRkxLaf+aDYOf/Ol//zszoo6E8wYdP38x8M0hviK0CN/d//u5lWbOqVE=; Received: from [72.160.59.100] by web58610.mail.re3.yahoo.com via HTTP; Tue, 23 Jan 2007 16:37:13 PST Date: Tue, 23 Jan 2007 16:37:13 -0800 (PST) From: Arone Silimantia To: freebsd-ipfw@freebsd.org MIME-Version: 1.0 Message-ID: <108951.34916.qm@web58610.mail.re3.yahoo.com> X-Mailman-Approved-At: Wed, 24 Jan 2007 03:35:45 +0000 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: ipfw pipe show .... clarification, please ... X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Jan 2007 00:37:14 -0000 I set up a dummynet pipe with this sequence of commands: sysctl -w net.inet.ip.fw.one_pass=0 ipfw pipe 1 config bw 16Mbit/s ipfw add 10000 pipe 1 all from any to any So far so good. Works great. However, when I look at the pipe itself, with this command: ipfw pipe show 1 I see this: # ipfw pipe show 1 00001: 16.000 Mbit/s 0 ms 50 sl. 1 queues (1 buckets) droptail mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp 0 tcp 1.2.3.4/22 1.2.3.4/4333 2970975653 2649647615805 2 2992 10414733 I would like to clarify a few things... First, the ipfw pipe creation command I ran is not (as far as I can tell) TCP specific, and further, my ipfw rule says "any to any" - but when I look at the pipe, it has a protocol specified (TCP) and further, has a port number (22). I want to throttle ALL IP traffic, not just TCP, and certainly not just port 22. What am I doing wrong ? Second, there are seven headings (from BKT at the left to Drp on the right) but underneath those seven headings are _9_ values. What I really want to know is how many packets I am droppinig ... but I can't tell which of the fields are the "dropped" - I assume it is the final number .. if so, what is that measured in ? Packets ? Finally, why am I dropping any packets ? My total traffic is 5-7 Mbits/s on average ... I don't see why I would be dropping any packets at all ... are they being dropped because the system can't keep up, or are they being dropped because I am hitting the throttle limit and it drops everything above that ? Many thanks. --------------------------------- Food fight? Enjoy some healthy debate in the Yahoo! Answers Food & Drink Q&A. --------------------------------- Don't be flakey. Get Yahoo! Mail for Mobile and always stay connected to friends.