nested ipfw dummynet pipes
'Luigi Rizzo'
rizzo at icir.org
Sun Jun 22 15:10:16 PDT 2003
On Fri, Jun 20, 2003 at 02:58:07PM -0400, Don Bowman wrote:
...
> Is there a benefit to having the single wide pipe first, or
> the many narrow pipes first, in the ruleset?
i'd probably put the narrow pipes first, so that any
single flow will not be able to monopolize the entire
fat pipe. Still no guarantees of fairness, for that
you need to use ipfw "queues" (WF2Q+ )
cheers
luigi
> $ cvs diff -U5 ipfw.8
> Index: ipfw.8
> ===================================================================
> RCS file: /usr/cvs/src/sbin/ipfw/ipfw.8,v
> retrieving revision 1.63.2.28
> diff -U5 -r1.63.2.28 ipfw.8
> --- ipfw.8 30 Sep 2002 20:57:05 -0000 1.63.2.28
> +++ ipfw.8 20 Jun 2003 18:49:02 -0000
> @@ -1587,14 +1587,10 @@
> When set, the packet exiting from the
> .Xr dummynet 4
> pipe is not passed though the firewall again.
> Otherwise, after a pipe action, the packet is
> reinjected into the firewall at the next rule.
> -.Pp
> -Note: bridged and layer 2 packets coming out of a pipe
> -are never reinjected in the firewall irrespective of the
> -value of this variable.
> .It Em net.inet.ip.fw.verbose : No 1
> Enables verbose messages.
> .It Em net.inet.ip.fw.verbose_limit : No 0
> Limits the number of messages produced by a verbose firewall.
> .It Em net.link.ether.ipfw : No 0
>
More information about the freebsd-net
mailing list