Re: nested ipfw dummynet pipes

• Previous message: Don Bowman: "nested ipfw dummynet pipes"
• In reply to: Don Bowman: "nested ipfw dummynet pipes"
• Next in thread: Don Bowman: "RE: nested ipfw dummynet pipes"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 20 Jun 2003 10:46:38 -0700
To: Don Bowman <don@sandvine.com>

On Fri, Jun 20, 2003 at 01:41:21PM -0400, Don Bowman wrote:
> is there any way, in a bridging config, to have nested pipes?

net.inet.ip.fw.one_pass=0 should do the job, i think the comment
in the manpage is now incorrect and the code (in net/bridge.c)
has been fixed (one-line) to implement this.

Check the commit logs, i don't have them handy at the moment.

        cheers
        luigi

> In particular, what i would like to achieve is a rule that
> allows e.g. 64kbps per host (src-mask 0xffffffff), but
> that all these hosts are in an overall 10Mbps pipe. The idea
> will be that @ some times of the day the pipe is less than
> full, so everyone gets 64kbps, but @ other times of the day
> the pipe is full, and I don't want more than 10Mbps flowing.
>
> net.inet.ip.fw.one_pass looks to do what i want but:
> "Note: bridged and layer 2 packets coming out of a pipe are never
> reinjected in the firewall irrespective of the value of this
> variable."
>
> suggests this is not the case.
>
> Is there some technique using e.g. netgraph? Or can someone suggest
> why the note is there and if it might be easily removed?
>
> e.g. what i have is a system with
>
> em0 <--> em1
> net.link.ether.bridge_cfg="em0 em1"
> net.link.ether.bridge=1
> net.link.ether.bridge_ipfw=1
> net.inet.ip.fw.one_pass=1
>
> --don
> _______________________________________________
> freebsd-net@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

• Previous message: Don Bowman: "nested ipfw dummynet pipes"
• In reply to: Don Bowman: "nested ipfw dummynet pipes"
• Next in thread: Don Bowman: "RE: nested ipfw dummynet pipes"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: dd behaving inconsistently ... >> is why there is the specific mention of the situation on the manpage for ... Guess what happens if the source data has a '\n' anywhere in the actual ... The 'obvious' option is to uncompress the file, *TO*DISK*, and then have ... pipe full. ... (comp.unix.shell) Re: ipfw & fBSD 4.11 ... I wonder why pipe 13 is not used, ... But reading the ipfwmanpage and this page ... You can run ping -f 192.168.10.99 (ping flood), nfs file transfer, anything ... that generate network trafic and look at the ipfw pipe show 'live' to see ... (comp.unix.bsd.freebsd.misc) Re: mkisofs with mkfifo question ... It returns almost immediately and the cpio/gz pipe ... > found no help in the mkisofs manpage... ... What about just piping the output of gzip to mkisofs? ... (comp.os.linux.misc) nested ipfw dummynet pipes ... is there any way, in a bridging config, to have nested pipes? ... that all these hosts are in an overall 10Mbps pipe. ... Is there some technique using e.g. netgraph? ... (freebsd-net) Re: mkisofs with mkfifo question ... > containing the pipe. ... >> found no help in the mkisofs manpage... ... > also an example towards the end of the manpage). ... > be necessary in the gzip example I gave above. ... (comp.os.linux.misc)