ipfw pipe show output - clarification needed please

I set up a dummynet pipe with this sequence of commands:

sysctl -w net.inet.ip.fw.one_pass=0
ipfw pipe 1 config bw 16Mbit/s
ipfw add 10000 pipe 1 all from any to any

So far so good. Works great. However, when I look at the pipe itself, with this command:

ipfw pipe show 1

I see this:

# ipfw pipe show 1
00001: 16.000 Mbit/s 0 ms 50 sl. 1 queues (1 buckets) droptail
mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000
BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp
0 tcp 2970975653 2649647615805 2 2992 10414733

I would like to clarify a few things...

First, the ipfw pipe creation command I ran is not (as far as I can tell) TCP specific, and further, my ipfw rule says "any to any" - but when I look at the pipe, it has a protocol specified (TCP) and further, has a port number (22). I want to throttle ALL IP traffic, not just TCP, and certainly not just port 22.

What am I doing wrong ?

Second, there are seven headings (from BKT at the left to Drp on the right) but underneath those seven headings are _9_ values. What I really want to know is how many packets I am droppinig ... but I can't tell which of the fields are the "dropped" - I assume it is the final number .. if so, what is that measured in ? Packets ?

Finally, why am I dropping any packets ? My total traffic is 5-7 Mbits/s on average ... I don't see why I would be dropping any packets at all ... are they being dropped because the system can't keep up, or are they being dropped because I am hitting the throttle limit and it drops everything above that ?

Many thanks.

Now that's room service! Choose from over 150,000 hotels
in 45,000 destinations on Yahoo! Travel to find your fit.

Sucker-punch spam with award-winning protection.
Try the free Yahoo! Mail Beta.
freebsd-questions@xxxxxxxxxxx mailing list
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"