traffic shaping freebsd
Michael Sierchio
kudzu at tenebras.com
Mon Sep 12 01:19:12 UTC 2011
amending my remark... UID matching is problematic. Why are you trying to
classify packets based on that?
On Sunday, September 11, 2011, Michael Sierchio <kudzu at tenebras.com> wrote:
> You don't seem to have any rules that match packets. This won't work.
>
> On Sunday, September 11, 2011, alexus <alexus at gmail.com> wrote:
>> su-4.2# grep pipe /etc/ipfw.rules
>> pipe flush
>> pipe 1 config bw 1Mbit/s mask dst-port www
>> pipe 2 config bw 1Mbit/s mask src-port www
>> pipe 3 config bw 1Mbit/s mask dst-port 3128
>> add 3128 pipe 3 tcp from any to any src-port 3128 uid root
>> add 8381 pipe 1 tcp from any to any dst-port www uid daemon
>> add 8382 pipe 2 tcp from any to any src-port www uid daemon
>> su-4.2#
>>
>>
>> su-4.2# ipfw show | grep -E 'pipe 1|pipe 2' && ipfw pipe show 1 ; ipfw
>> pipe show 2
>> 08381 11190 815447 pipe 1 tcp from any to any dst-port 80 uid daemon
>> 08382 14394 16926849 pipe 2 tcp from any 80 to any uid daemon
>> 00001: 1.000 Mbit/s 0 ms 50 sl. 1 queues (1 buckets) droptail
>> mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000
>> BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes
Pkt/Byte Drp
>> 0 tcp 64.237.55.83/64730 69.10.58.25/80 11190 815447 0
0 0
>> 00002: 1.000 Mbit/s 0 ms 50 sl. 1 queues (1 buckets) droptail
>> mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000
>> BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes
Pkt/Byte Drp
>> 0 tcp 69.10.58.25/80 64.237.55.83/64730 14394 16926849 0
0 10
>> su-4.2# ipfw show | grep -E 'pipe 1|pipe 2' && ipfw pipe show 1 ; ipfw
>> pipe show 2
>> 08381 11218 817225 pipe 1 tcp from any to any dst-port 80 uid daemon
>> 08382 14434 16979213 pipe 2 tcp from any 80 to any uid daemon
>> 00001: 1.000 Mbit/s 0 ms 50 sl. 1 queues (1 buckets) droptail
>> mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000
>> BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes
Pkt/Byte Drp
>> 0 tcp 64.237.55.83/64730 69.10.58.25/80 11218 817225 0
0 0
>> 00002: 1.000 Mbit/s 0 ms 50 sl. 1 queues (1 buckets) droptail
>> mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000
>> BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes
Pkt/Byte Drp
>> 0 tcp 69.10.58.25/80 64.237.55.83/64730 14434 16979213 0
0 10
>> su-4.2#
>>
>> as you see ipfw rules matches as count is increasing, yet pipe i'm not
>> seeing any difference at all, its like it matched first time and
>> that's it...
>>
>> yet pipe shows different output
>>
>> su-4.2# ipfw show | grep 'pipe 3' && ipfw pipe show 3
>> 03128 37483 71276160 pipe 3 tcp from any 3128 to any uid root
>> 00003: 1.000 Mbit/s 0 ms 50 sl. 4 queues (64 buckets) droptail
>> mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0c38
>> BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes
Pkt/Byte Drp
>> 0 ip 0.0.0.0/0 0.0.0.0/1056 16 2383 0 0
0
>> 16 ip 0.0.0.0/0 0.0.0.0/1032 8 9398 0
0 0
>> 32 ip 0.0.0.0/0 0.0.0.0/2096 41 43167 0
0 0
>> 48 ip 0.0.0.0/0 0.0.0.0/56 2 7074 0
0 0
>> su-4.2# !!
>> ipfw show | grep 'pipe 3' && ipfw pipe show 3
>> 03128 39285 74616912 pipe 3 tcp from any 3128 to any uid root
>> 00003: 1.000 Mbit/s 0 ms 50 sl. 4 queues (64 buckets) droptail
>> mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0c38
>> BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes
Pkt/Byte Drp
>> 0 ip 0.0.0.0/0 0.0.0.0/1056 19 20651 0 0
0
>> 16 ip 0.0.0.0/0 0.0.0.0/1064 36 41781 0
0
More information about the freebsd-questions
mailing list