ipfw pipe show ... help with output is needed, please.

Spadge Fromley spadge at fromley.net
Mon Jan 29 13:18:07 UTC 2007 

>
> I see this:
>
> # ipfw pipe show 1
> 00001:  16.000 Mbit/s    0 ms   50 sl. 1 queues (1 buckets) droptail
>     mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000
> BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes
> Pkt/Byte Drp
>   0 tcp      1.2.3.4/22        1.2.3.4/4333  2970975653 2649647615805  2
> 2992 10414733


> Second, there are seven headings (from BKT at the left to Drp on the
> right) but underneath those seven headings are _9_ values.  What I really
> want to know is how many packets I am droppinig ... but I can't tell which
> of the fields are the "dropped" - I assume it is the final number .. if
> so, what is that measured in ?  Packets ?

I can't help you with the rest of it, as I am frequently just as baffled
by ipfw/dummynet as the next man ..

But the 7/9 thing I can explain.

Tot_pkt: 2970975653
bytes: 2649647615805

Pkt: 2
Byte: 2992

Ideally, there'd be a '/' between pkts and bytes, like there is in the
headers.


Does it make a difference if you set up the ipfw rule before the dummynet
one?

Here's how I have mine:

root at tobermory# ipfw list | grep pipe
01400 pipe 101 ip from any to any uid DLMonkey via fxp0 in
01500 pipe 102 ip from any to any uid DLMonkey via fxp0 out

taken from:

root at tobermory# grep pipe /etc/rc.firewall
/sbin/ipfw -f pipe flush
/sbin/ipfw add pipe 101 ip from any to any uid DLMonkey via $WAN in
/sbin/ipfw add pipe 102 ip from any to any uid DLMonkey via $WAN out
/sbin/ipfw pipe 101 config delay 100ms
/sbin/ipfw pipe 102 config delay 100ms

Gives the following info:

root at tobermory# ipfw pipe list
00102: unlimited  100 ms   50 sl. 1 queues (1 buckets) droptail
    mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000
BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes
Pkt/Byte Drp
  0 tcp     {my.ip.address}/61676  59.127.165.138/4662  6557083 758428752 
0    0   0
00101: unlimited  100 ms   50 sl. 1 queues (1 buckets) droptail
    mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000
BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes
Pkt/Byte Drp
  0 udp    67.163.25.202/7871     {my.ip.address}/14298 8466595 1174764649
 0    0   0

Trust me: there will be a lot more connections set up in those pipes than
that. I think it's just showing a snapshot. Or I have got it all
completely wrong and it's not actually working at all like I thought it
ought.

Who knows?

:)



-- 
Spadge
'Intoccabile'

More information about the freebsd-net mailing list