nested ipfw dummynet pipes

From: Don Bowman (don_at_sandvine.com)
Date: 06/20/03

  • Next message: Luigi Rizzo: "Re: nested ipfw dummynet pipes" 
    To: "'freebsd-net@freebsd.org'" <freebsd-net@freebsd.org>
Date: Fri, 20 Jun 2003 13:41:21 -0400

    is there any way, in a bridging config, to have nested pipes?

    In particular, what i would like to achieve is a rule that
    allows e.g. 64kbps per host (src-mask 0xffffffff), but
    that all these hosts are in an overall 10Mbps pipe. The idea
    will be that @ some times of the day the pipe is less than
    full, so everyone gets 64kbps, but @ other times of the day
    the pipe is full, and I don't want more than 10Mbps flowing.

    net.inet.ip.fw.one_pass looks to do what i want but:
    "Note: bridged and layer 2 packets coming out of a pipe are never
    reinjected in the firewall irrespective of the value of this
    variable."

    suggests this is not the case.

    Is there some technique using e.g. netgraph? Or can someone suggest
    why the note is there and if it might be easily removed?

    e.g. what i have is a system with

       em0 <--> em1
    net.link.ether.bridge_cfg="em0 em1"
    net.link.ether.bridge=1
    net.link.ether.bridge_ipfw=1
    net.inet.ip.fw.one_pass=1

    --don
    _______________________________________________
    freebsd-net@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-net
    To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

  • Next message: Luigi Rizzo: "Re: nested ipfw dummynet pipes"