can you be more specific and provide configurations that exhibit the
problems you report ?
Also i assume you are using ipfw2 on 4.8 too...
cheers
luigi
On Mon, May 09, 2005 at 01:31:06PM +0200, Martin wrote:
Dear all,
Based on the amount of still outstanding (serious) bugs
On Thu, Jul 21, 2005 at 11:42:42PM +0200, Alex de Kruijff wrote:
Hi,
I was wrondering is man ipfw wrong here?
man ipfw tells: divert port -
Divert packets that match this rule to the divert(4) socket
bound to port port. The search terminates.
...
I think man ipfw should
ok, so the problem is the following: when i implemented ipfw2
i thought that 'recv any' or 'xmit any' were effectively NOPs
so the parser erroneously removes them, together with any 'not' prefix
(which is processed before).
To fix this one should
- patch the function ipfw2.c:fill_iface()
so
, Luigi Rizzo wrote:
there are internally generated packets which do not have
a rcvif (which is what really 'recv' means);
and any packet in the input path does not have an output-if
(which is wht really 'xmit' means).
well, means that any rule using IF here is not catching anything
On Tue, Sep 20, 2005 at 07:20:26PM +0300, vladone wrote:
I know what is WF2Q, but still dont see what is the problem for wich
dont't exist a possibility to limit bandwidth that is given to a
queue, with queue settings.
it not implemented because there is an equivalently efficient
mechanism
you are passing traffic through the pipe twice.
you have to decide if your rules should apply tto
layer2 or not and write the rules accordingly
luigi
On Mon, Oct 03, 2005 at 01:07:56PM -0300, Patrick Tracanelli wrote:
Hello,
I am doing some simple tests in a specific enviroment where
:
Luigi Rizzo wrote:
you are passing traffic through the pipe twice.
you have to decide if your rules should apply tto
layer2 or not and write the rules accordingly
Why are they going twice through the pipe? When net.link.ether.ipfw=1
you pass it through all rules twice? first match wins
172.20.1.23 to any in via int
65535 allow ip from any to any
Cheers
Alex
-Message d'origine-
De : [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] la part de Luigi Rizzo
Envoye : mercredi 29 juin 2005 18:33
A : Alexandre D.
Cc : freebsd-ipfw@freebsd.org
Objet : Re: strange
On Sun, Nov 20, 2005 at 07:40:01PM -0200, AT Matik wrote:
On Sunday 20 November 2005 19:25, Luigi Rizzo wrote:
On Sun, Nov 20, 2005 at 07:16:40PM +0100, Alexandre DELAY wrote:
Interresting. I didn't find anythong about that.
Where can I learn more about this priorities?
well, dummynet
On Fri, May 19, 2006 at 09:05:49PM +0300, vladone wrote:
Know anybody if dummynet use an queuing discipline when congestion is
anticipated, to alert the sender to slow down?
Or a little explain about how to work dummynet?
dummynet can use FIFO or RED queueing disciplines,
see the 'ipfw'
trimming the thing...
On Fri, Aug 25, 2006 at 01:41:03PM +0200, Ian FREISLICH wrote:
...
the problem i see above is that the 'delta' is really an attribute
of the 'vlanA-B' instruction.
Say you have this rule:
skipto 1000 recv vlan1002-vlan1264
does it mean 'skip to 1000 plus
On Fri, Aug 25, 2006 at 03:27:17PM +0200, Ian FREISLICH wrote:
Luigi Rizzo wrote:
i am basically ok with this except, as i said, that there is
no point in replicating the interface name i.e. why re0-re5
instead of just re0-5 ? you just open up to possible mistakes
and the need for extra
On Sat, Dec 02, 2006 at 09:00:13PM +0100, Max Laier wrote:
On Saturday 02 December 2006 19:00, James Halstead wrote:
Ok, the obvious part that I think I was missing while it was late,
was that these must be keep-alive packets generated by the firewall as
the dynamic rules are about to
On Wed, Dec 06, 2006 at 04:51:51AM +0100, Max Laier wrote:
On Wednesday 06 December 2006 01:17, Luigi Rizzo wrote:
...
First, this proposal, with 36 multiplies and one division, the
function seems rather expensive for e.g. a low end cpu (arm or
soekris) as you might find on network
On Wed, Dec 06, 2006 at 10:56:42AM +, David Malone wrote:
On Wed, Dec 06, 2006 at 04:51:51AM +0100, Max Laier wrote:
I tried the reference machines (see hacked up attachment):
78x ia64
40x amd64
60x p3
16x p4
I don't have my Soekris set up, so if somebody could give it a try.
On Wed, Dec 06, 2006 at 11:38:47AM +, David Malone wrote:
On Wed, Dec 06, 2006 at 01:29:31AM -0800, Luigi Rizzo wrote:
the top forwarding performance of a soekris is around 30-35kpps if
i remember well - this translates in around 30us/packet all included.
Is that the peak with ipfw2
On Sat, Mar 03, 2007 at 09:50:43AM +0800, John Mok wrote:
Hi,
I am new to Dummynet. I would like to setup a FreeBSD QoS box to replace
the one using Linux IMQ. However, I have the following questions :-
1. Is it possible to cascade pipes, such that the bandwidth management
could be
On Sat, Mar 03, 2007 at 08:16:37PM +0800, John Mok wrote:
...
Without hierarchical control, would it be possible to make a dummynet
model for the example situation to work? If separate pipes are used to
set the bandwidth limit :-
ipfw pipe 110 config bw 16 Kbps
ipfw pipe 120 config bw 256
On Fri, Mar 30, 2007 at 08:49:19AM +0200, Dave Raven wrote:
Hi all,
I've been looking at the ipfw (dummynet) ability to do delay and
have a few questions - I hope this is the right list. I want to simulate a
1000ms RTT on a satellite link. To do that I've created an inbound and
outbound
-based protocol
the max throughtput is 1 window per rtt, where the window is
upper bounded by the min of socket buffer, tcp buffers, negotiated
tcp window
luigi
Thanks so much for the help - I know its going a bit off topic
Dave
-Original Message-
From: 'Luigi Rizzo' [mailto:[EMAIL
On Wed, Apr 18, 2007 at 02:52:43PM -0700, Julian Elischer wrote:
Chuck Swiger wrote:
On Apr 18, 2007, at 1:58 PM, Julian Elischer wrote:
I'm contemplating the following changes to functionality:
I'd like suggestions and comments...
1/ Commit capability
In this change you declare a
On Tue, Sep 04, 2007 at 12:50:36AM +0700, Vadim Goncharov wrote:
03.09.07 @ 23:48 Andrey V. Elsukov wrote:
I got a trace for this fault.
dummynet reinject packet to the ip_input through netisr_dispath.
This procedure was done success several times, but in the next time
it's fault.
...
On Mon, Mar 03, 2008 at 11:17:19AM +0100, Paolo Pisati wrote:
On Sun, Mar 02, 2008 at 03:58:50PM +0100, Luigi Rizzo wrote:
The SI_ORDER_* definitions in /sys/sys/kernel.h are enumerated on a
large range, so if the existing code does not have races,
you can safely move the non-leaf
On Tue, May 06, 2008 at 03:34:23PM -0400, Matthew Pope wrote:
I must correct my test parameters: In one of the two pipes, the bw was
4K, not 48K as stated.
When I just now moved it up to 48K to match the other pipe size, my ping
times plummeted to 129-139ms throughout the Queue sizes listed
On Wed, Mar 04, 2009 at 10:05:53PM +0100, Sebastian Mellmann wrote:
On Wed, Mar 04, 2009 at 08:17:05PM +0100, Sebastian Mellmann wrote:
Hi everyone!
I hope this is the right place to ask.
I've got a IPFW ruleset that looks like this:
cmd=ipfw
bottleneck_bandwidth=100Mbit/s
On Wed, Mar 04, 2009 at 08:17:05PM +0100, Sebastian Mellmann wrote:
Hi everyone!
I hope this is the right place to ask.
I've got a IPFW ruleset that looks like this:
cmd=ipfw
bottleneck_bandwidth=100Mbit/s
in_if=em0
$cmd pipe 500 config bw $bottleneck_bandwidth
$cmd add pipe 500
On Fri, Mar 06, 2009 at 08:06:50AM +0100, Sebastian Mellmann wrote:
Secondly, apropos Sebastian's experience, should this say The value
(even if 0) is rounded to the next multiple of the clock tick .. ?
^^^
0 is rounded to 0 so that's not an issue.
The delay Sebastian is
On Fri, Mar 13, 2009 at 10:46:48PM +0200, Dmitriy Demidov wrote:
Hi list.
I'm using DNS cache server Unbound-1.2.1. I want to start using DNSSEC via
DLV (unbound gracefully allows it).
My system is FreeBSD7-STABLE. I'm using ipfw.
Original ipfw configuration:
add check-state
add deny
On Sun, Mar 15, 2009 at 12:38:37PM +0300, Sergey Matveychuk wrote:
Dmitriy Demidov wrote:
Hi Luigi. Thank you for answer.
It is a big surprise for me that reassembling of IP datagrams is done
not *before* they go into firewall, but *after* :(
But what's wrong with it? A fragment got from
On Tue, Mar 17, 2009 at 11:02:48PM +0100, Paolo Pisati wrote:
Luigi Rizzo wrote:
Thinking more about it, i believe that calling reass as an explicit
firewall action is useless, because if ip_reass fails due to lack of
all fragments you are back to square one:
what do I do
On Tue, Mar 17, 2009 at 03:39:45PM -0700, Julian Elischer wrote:
...
Ok then we may have a plan:
you could do is implement REASS as an action (not as a microinstruction),
with the following behaviour:
- if the packet is a complete one, the rule behaves as a count
(i.e. the firewall
On Wed, Mar 18, 2009 at 08:52:18AM -0700, Julian Elischer wrote:
Luigi Rizzo wrote:
On Tue, Mar 17, 2009 at 03:39:45PM -0700, Julian Elischer wrote:
...
Ok then we may have a plan:
you could do is implement REASS as an action (not as a microinstruction),
with the following behaviour
On Fri, Mar 20, 2009 at 04:53:26PM +0100, Sebastian Mellmann wrote:
Hi!
I'm using pipe masks for defining multiple queues per traffic flow, e.g.
$cmd pipe 100 config mask all bw $webclient_upload_bandwidth queue
$queue_size delay $client_rtt_delay
$cmd pipe 200 config mask all bw
On Thu, Apr 02, 2009 at 01:00:59PM +0200, Paolo Pisati wrote:
Luigi Rizzo wrote:
Ok then we may have a plan:
you could do is implement REASS as an action (not as a microinstruction),
with the following behaviour:
- if the packet is a complete one, the rule behaves as a count
(i.e
On Thu, May 21, 2009 at 08:49:30AM -0700, Freddie Cash wrote:
On Thu, May 21, 2009 at 8:01 AM, Luigi Rizzo ri...@iet.unipi.it wrote:
On Thu, May 21, 2009 at 04:20:48PM +0200, Ermal Lu?i wrote:
can ipfw use somehow interface groups as pf(4) can?
From a quick glance at documentation
On Wed, Sep 09, 2009 at 11:17:50PM -0700, mkarjal wrote:
Hi,
I'm trying to catch SCTP packets with IPFW by SCTP port numbers, should it
be working or not?
Or is there some different syntax for this?
ipfw add count sctp from any to any works, counts all SCTP packets.
ipfw add count
On Sat, Sep 12, 2009 at 03:32:54PM +0800, Cypher Wu wrote:
I want to build a transparent firewall based on IPFW. For static rules
this is fine, but for dynamic rules, ipfw uses keepalive packet to
avoid deleting a dynamic rule that both ends are still alive but don't
issue any traffic for a
On Sat, Sep 12, 2009 at 09:51:04PM +0800, Cypher Wu wrote:
It's seems fine, but I still have some questions:
1. The endpoint will response to the keepalive TCP segment and the
destination will be the other endpoint, will IPFW just let it though
like the usual IP packet, or try to figure it out
Hi,
there is no bug, the 'pipe profile' code is working correctly.
In your mail below you are comparing two different things.
pipe config bw 10Mbit/s delay 25ms
means that _after shaping_ at 10Mbps, all traffic will
be subject to an additional delay of 25ms.
Each
Hi,
in the next weeks i am going to slowly push into -head (and when
possible also in RELENG_8) several restructuring and cleanup changes
in dummynet and ipfw. This is the result of work we have been doing
in Pisa in the last few months with Riccardo Panicucci and Marta
Carbone.
I am trying to
Hi,
I would like to discuss some new features that I am going to add to ipfw.
1. A new option lookup search-key T[,V] where
search-key ::= {src-ip|dst-ip|src-port|dst-port|proto|jail|...}
This extends the existing '{dst-ip|src-ip} table(T[,V])' options,
and allows a lookup of other
On Thu, Dec 17, 2009 at 12:31:32PM -0500, David Horn wrote:
Luigi --
I am seeing a kldload failure for ipfw.ko after the latest -current commits
(fails for r200580 - r200633 inclusive) for ipfw:
link_elf_obj: symbol ipfw_dyn_attach undefined
not surprising, as i forgot to put the new
On Mon, Jan 11, 2010 at 03:27:13AM +0900, Hajimu UMEMOTO wrote:
Hi,
On Sat, 2 Jan 2010 20:36:45 -0500
David Horn dhorn2...@gmail.com said:
dhorn2000 Yes, me matching either ipv4/ipv6 would certainly simplify the
default
dhorn2000 rc.firewall flow.
Here is my proposed patch.
On Sun, Jan 10, 2010 at 11:55:54PM -0800, Julian Elischer wrote:
Maxim Ignatenko wrote:
2009/12/9 Luigi Rizzo ri...@iet.unipi.it:
3. a hash version of 'table's
Right now ipfw tables are implented as routing tables, which is
great if you have to lookup a longest matching prefix
On Sun, Jan 17, 2010 at 05:42:58PM +0900, Hajimu UMEMOTO wrote:
Hi,
On Sun, 10 Jan 2010 19:52:32 +0100
Luigi Rizzo ri...@iet.unipi.it said:
rizzo We only need one 'me' option that matches v4 and v6, because the
rizzo other two can be implemented as 'ip4 me' and 'ip6 me' at no extra
On Fri, Jan 22, 2010 at 07:42:46PM +0300, Evgenii Davidov wrote:
,
On Fri, Jan 22, 2010 at 02:46:28PM +0100, Luigi Rizzo ?:
On Fri, Jan 22, 2010 at 04:35:35PM +0300, Evgenii Davidov wrote:
...
my problem is that dummynet cpu usage jumps from 0 to 99
On Tue, Mar 09, 2010 at 03:36:15PM +0100, Oliver Fromme wrote:
Hi,
Just a question: Is the output from ipfw list supposed
to be in the same rule format that is accepted as input?
it is not, partly due to backward compatibility.
If you try ipfw -c show then you might have better luck though.
On Wed, Mar 10, 2010 at 12:20:33PM +0100, Oliver Fromme wrote:
Luigi Rizzo wrote:
On Tue, Mar 09, 2010 at 03:36:15PM +0100, Oliver Fromme wrote:
Just a question: Is the output from ipfw list supposed
to be in the same rule format that is accepted as input?
it is not, partly due
On Fri, Mar 12, 2010 at 06:34:29PM +0300, Evgenii Davidov wrote:
Dear Luigi,
i've moved from RELENG_8 to RELENG_8_0 and now have a lot of idle cpu again:
0 root -680 0K72K - 0 0:31 0.00% {dummynet}
00030 2671994 474106017 pipe 6 ip from table(111) to any out
On Tue, Mar 09, 2010 at 03:36:15PM +0100, Oliver Fromme wrote:
Hi,
Just a question: Is the output from ipfw list supposed
to be in the same rule format that is accepted as input?
If that's the case, then there is a small bug:
# ipfw add 100 allow ip from any to '{' 1.1.1.1 or 2.2.2.2 '}'
On Mon, Mar 15, 2010 at 07:57:24PM +0100, Oliver Fromme wrote:
Luigi Rizzo wrote:
On Tue, Mar 09, 2010 at 03:36:15PM +0100, Oliver Fromme wrote:
Hi,
Just a question: Is the output from ipfw list supposed
to be in the same rule format that is accepted as input?
If that's
On Wed, Mar 24, 2010 at 10:48:07AM -0400, Alexander Wittig wrote:
Hello
Since the r205511 commit to 8-Stable my kernel can't load ipfw.ko any
more. The error message in dmsg is:
kernel: link_elf_obj: symbol ipfw_dyn_attach undefined
kernel: linker_load_file: Unsupported file type
A
On Wed, Mar 24, 2010 at 03:22:40PM -0700, Michael Sierchio wrote:
I'm really distressed about the state of ipfw development. Is there no test
harness? Rather than becoming more mature and stable, I think it's in the
weeds these days.
Yeah, really disgusting :)
I am sorry, there is no
On Thu, Mar 25, 2010 at 03:00:01PM -0300, Adailton Milhorini wrote:
Hi,
i use this rules for my bandwidth control, and after update my freebsd
in last days, show any error for me..
my rule
# ipfw pipe 10 config mask dst-ip 0x bw 900Kbit/s queue 90Kbit/s
errors in dmesg
On Wed, Mar 31, 2010 at 03:47:49PM -0300, Ass.Tec. Matik wrote:
it means that you are probably using a new kernel and an old /sbin/ipfw.
The new ipfw/dummynet has a different kernel/userland API to accommodate
some new features, and the kernel has a compatibility layer to translate
Just in case you are interested, Murray Stokely was very kind in
organizing a talk at Google on recent ipfw and dummynet work. A
recording is available on the GoogleTechTalks channel:
http://www.youtube.com/watch?v=r8vBmybeKlE
BTW there is plenty of interesting talks on that channel so
configuration IPerf can?t push more
than a fraction of the configured bandwidth with lots of packets queuing and
dropping.
Your patience is appreciated.
Sincerely,
___
Nuno Diogo
Luigi
times in milli-seconds:
Minimum = 42ms, Maximum = 72ms, Average = 46ms
___
Nuno Diogo
-Original Message-
From: Luigi Rizzo [mailto:ri...@iet.unipi.it]
Sent: Friday, May 21, 2010 3:36 AM
To: Nuno
On Wed, Jun 02, 2010 at 09:53:18PM +0300, Dmitry Pryanishnikov wrote:
Hello!
In RELENG_6 loading dummynet.ko from /boot/loader.conf
dummynet_load=YES
works correctly. However in fresh RELENG_8 it results in strange
behaviour: loader shows /boot/kernel/dummynet.ko getting loaded, then
On Thu, Jun 03, 2010 at 09:29:20AM -0700, bored to death wrote:
hello,
i'm trying to limit my input traffic bandwidth on freebsd. i used
ipfw+dummynet. without limitation, i have almost 1Gbit/s input traffic
on my system. when i try to limit the bandwidth, it works fine on low
to normal
On Fri, Jun 04, 2010 at 01:19:32AM -0700, bored to death wrote:
thank you luigi for your reply, it helped.
i changed the hz parameter to 1000 and then 4000 and then 8000 in my
/boot/loader.conf. the result got much better.
i configured my system as a router and i send 1GB traffic rate
luigi
i checked limitations with various values between 400Mbits/s to more than
1000Mbits/s and it works like a charm.
(the problem was when i set queue to 80MBytes, queue value was actually set
to 80 slots)
thanks again luigi.
From: Luigi
On Thu, Nov 25, 2010 at 03:31:16PM +, nangergong wrote:
Hi, all:
1 relationship between dummynet and wireshark
I have a question on the relationship between dummynet and wireshark. Does
wireshark capture packets before dummynet starts working or after? Which of
the following charts
On Fri, Nov 26, 2010 at 02:43:12PM +, nangergong wrote:
Hi???
Thank you so much for your reply. I used the windows version of
dummynet/IPFW, so is it the same that wireshark will intercept
incoming traffic before dummynet, and outgoing traffic after dummynet? Coz
it all depends on
On Mon, Jan 03, 2011 at 06:22:54PM +, nangergong wrote:
Hi, all:
As far as I know, in dummynet, plr is prabability-based, namely, when a
packet is processed, it will be discarded according to the probability. So,
if I have 100 packets and the plr is 5%, eventually I may just discard 3
On Thu, Feb 10, 2011 at 12:09:09AM +, nangergong wrote:
Hi, all:
I want to use profile to simulate delays according to a empirical delay
distribution ( the profile argument can be found in
http://fuse4bsd.creo.hu/localcgi/man-cgi.cgi?ipfw+8)
I use the following command lines and
On Sun, Feb 20, 2011 at 11:50:28PM +0100, Pawel Tyll wrote:
...
This machine is only doing dummynet traffic shaping from significant
things (otherwise it runs a dhcpd, ntpd and named). It's pretty
straight-forward routing, packets come in, packets come out via static
routes - there are
On Fri, Mar 04, 2011 at 05:55:38AM +0200, Eugene Perevyazko wrote:
Hi
I've stumbled on a pretty strange issue in combination of ipfw fwd rules
with multicast.
The system is 7-Stable.
It runs ospf, that uses MC groups 224.0.0.5 and 224.0.0.6. Normally those
groups use dst mac addresses
On Mon, Mar 28, 2011 at 06:14:20AM +, lini...@freebsd.org wrote:
Old Synopsis: Ipfw stops to check bags for compliance with the rules, letting
everything Rules
New Synopsis: [ipfw] ipfw stops to check bags for compliance with the rules,
letting everything Rules
On Tue, Apr 05, 2011 at 09:30:14PM +, Gleb Smirnoff wrote:
The following reply was made to PR kern/156180; it has been noted by GNATS.
From: Gleb Smirnoff gleb...@freebsd.org
To: bug-follo...@freebsd.org
Cc: a...@freebsd.org
Subject: kern/156180
Date: Wed, 6 Apr 2011 01:07:29 +0400
Hey guys,
I'm currently running some custom C code ,via an output plugin for
Snort, which takes an IP and sticks it in an ipfw table. Once the
packet enters the box, I'm using dummynet to delay the packet while
snort analyzes it and inserts the IP into a table, after the piping
delay is
On Tue, Dec 27, 2011 at 03:00:47PM +0100, Pawel Tyll wrote:
IPFW seems to add more or less constant overhead per rule. In our setup,
~20 rules increase load by 100% (one core). We are able to reach 10GE
(1.1mpps) on some routers with most packets travelling 8-10 ipfw rules.
However, even
On Tue, Dec 27, 2011 at 03:18:04PM +0100, Pawel Tyll wrote:
plans, yes - not sure how long it will take. I have compiled
ipfw+dummynet as a standalone module (outside the kernel)
but have not yet hooked the code to netmap to figure out how fast
it can run.
If I understand correctly,
On Wed, Dec 28, 2011 at 10:26:44AM +0400, Lev Serebryakov wrote:
Hello, Luigi.
You wrote 27 ??? 2011 ?., 18:26:00:
plans, yes - not sure how long it will take. I have compiled
ipfw+dummynet as a standalone module (outside the kernel)
but have not yet hooked the code to netmap to
On Wed, Dec 28, 2011 at 10:28:44AM +0400, Lev Serebryakov wrote:
Hello, Adrian.
You wrote 28 ??? 2011 ?., 10:04:13:
Maybe someone should write one and open source it this time.. :)
In presence of LLVM in the base, it looks, that we should generate
native code from IPFW bytecodes,
On Sat, Jan 28, 2012 at 04:00:28PM +, ??? ??? wrote:
The following reply was made to PR kern/156770; it has been noted by GNATS.
From: =?windows-1251?B?yu7t/Oru4iDF4uPl7ejp?= kes-...@yandex.ru
To: bug-follo...@freebsd.org, al...@alter.org.ua
Cc:
Subject: Re: kern/156770:
On Mon, Apr 23, 2012 at 12:35:37PM +0400, Sergey Yaroshevskiy wrote:
Hello
I've got some warnings from my freebsd 9 box:
...
Apr 23 12:06:10 pipe kernel: copy_obj (WARN) type 4 inst 65612 have 92 need
96
Apr 23 12:06:10 pipe kernel: copy_obj (WARN) type 4 inst 65612 have 60 need
On Fri, Apr 27, 2012 at 10:50:17AM +, Javier - wrote:
I want to leave at cable speed n bytes, after n bytes apply the queue bw
limit...
and what are you seeing instead ? Do you have a trace or
something that shows that it does not work like this ?
cheers
luigi
In Linux with htb this
On Fri, Apr 27, 2012 at 12:40:05PM +, Javier - wrote:
OK, but with increased burst to 5mbytes i have same results.
the issue is the bandwidth, not the burst.
it is possible that the system has a bottleneck
similar to the 125k you are configuring.
Besides, the tcp window or socket buffer
On Sun, Jul 01, 2012 at 03:54:35PM +, melif...@freebsd.org wrote:
Synopsis: [ipfw] [dummynet] [patch]: performance improvement and several
extensions
Responsible-Changed-From-To: freebsd-ipfw-melifaro
Responsible-Changed-By: melifaro
Responsible-Changed-When: Sun Jul 1 15:54:17 UTC
On Mon, Jul 02, 2012 at 01:24:09PM +0200, Alter wrote:
Hello Luigi,
Seems, Alex answered most of you questions
LR On the negative side:
LR - documentation on new features is completely absent. Just a brief mention
LR in the manpage of ftag/funtag, a short comment in a C source code.
On Wed, Jul 25, 2012 at 10:34:39PM -0700, Julian Elischer wrote:
On 7/25/12 11:41 AM, Luigi Rizzo wrote:
First and foremost: this is just a preview, only usable for testing now,
but very very close to working.
http://info.iet.unipi.it/~luigi/netmap/20120725-ipfw-user.tgz
On Sun, Sep 16, 2012 at 10:39:36PM -0500, Soren Dreijer wrote:
Some more updates:
I went ahead and disabled a few options on the ixgbe network interface
today (most notably rxcsum and txcsum), which improved ping times to
the FreeBSD box. I'm now able to reliably ping it with ~40ms from my
On Thu, Jan 03, 2013 at 09:19:05AM +0200, Sami Halabi wrote:
Hi,
I wan t to configure bandwidth limits in the folowing scenario:
limit a specific IP to ,say 10MB, but also limit each Session to, say 1MB.
so max concurrent sessions of that same IP can with full bandwidth would be
10, each
the options very welll... maybe
I'm wrong?
Sami
On Thu, Jan 3, 2013 at 12:46 PM, ?zkan KIRIK ozkan.ki...@gmail.com wrote:
I think there is a mistake at the sched config line. it should be as
ipfw sched 789 config mask all pipe 456
On Thu, Jan 3, 2013 at 10:29 AM, Luigi Rizzo
On Sat, Apr 13, 2013 at 03:34:39PM +0200, Spil Oss wrote:
Hi All,
I can't use ipfw with natd with my ASIX AX88772B USB NIC
...
Found an older PR kern/170081 about fxp having trouble with nat when
rxcsum/txcsum was enabled, that is why I started fiddling with
rxcsum/txcsum and found that the
On Wed, Apr 24, 2013 at 08:01:23PM +0400, Alexander V. Chernikov wrote:
Hello list!
Currently ipfw uses strncmp() function to do interface matching which is
quite slow.
Additionally, ipfw_insn_if opcode is quite big and given that struct
ip_fw occupy 48 bytes
(without first instruction)
On Wed, Apr 24, 2013 at 08:46:01PM +0400, Alexander V. Chernikov wrote:
On 24.04.2013 20:23, Luigi Rizzo wrote:
...
vesrion) in the middle of the next week.
hmmm this is quite a large change, and from the description it
is a bit unclear to me how the opcode rewriting thing relates
On Wed, Apr 24, 2013 at 11:50:48PM +0400, Alexander V. Chernikov wrote:
On 24.04.2013 23:09, Luigi Rizzo wrote:
On Wed, Apr 24, 2013 at 08:46:01PM +0400, Alexander V. Chernikov wrote:
On 24.04.2013 20:23, Luigi Rizzo wrote:
...
Well, actually I'm thinking of the next 2 steps:
1) making
The following reply was made to PR kern/178317; it has been noted by GNATS.
From: Luigi Rizzo ri...@iet.unipi.it
To: Kirill Diduk kirill.di...@gmail.com
Cc: bug-follo...@freebsd.org, jens.kas...@aptilo.com, lu...@freebsd.org
Subject: Re: misc/178317: IPFW options need to specifed in specific
On Wed, Nov 13, 2013 at 6:06 AM, Ahmed Hamza ahmed@gmail.com wrote:
On Tue, Nov 12, 2013 at 8:50 PM, Julian Elischer jul...@freebsd.org
wrote:
On 11/12/13, 6:35 PM, Ahmed Hamza wrote:
Hi All,
I'm trying to use Dummynet to test the behaviour of my video streaming
application in
On Wed, Apr 30, 2014 at 6:02 PM, bycn82 byc...@gmail.com wrote:
fjwc...@gmail.com mailto:fjwc...@gmail.com
Thanks for your reply, and it is good to know the sysctl for ICMP.
finally it works.I just added a new `action` in firewall and it is called
`pps`, that means it can be generic
On Thu, May 08, 2014 at 09:09:21AM +0800, bycn82 wrote:
On 5/8/14 8:35, bycn82 wrote:
On 5/4/14 1:19, Luigi Rizzo wrote:
On Sat, May 3, 2014 at 2:27 PM, bycn82 byc...@gmail.com
mailto:byc...@gmail.com wrote:
On 5/2/14 16:59, Luigi Rizzo wrote:
On Wed, Apr 30, 2014
On Fri, May 09, 2014 at 12:11:16AM +0800, bycn82 wrote:
On 5/8/14 15:38, Luigi Rizzo wrote:
...
If i were to implement the feature i would add two parameters
(burst, I_max) with reasonable defaults and compute the internal
interval and max_count as follows
if (burst
On Mon, May 12, 2014 at 7:01 PM, bycn82 byc...@gmail.com wrote:
On 5/9/14 0:11, bycn82 wrote:
...
Done ,submitted.
http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/189721
can you clean up the formatting and style
(including some gratuitous whitespace changes).
Also there are several things
On Fri, May 23, 2014 at 03:53:18PM +0200, Patrick Zwickl wrote:
Dear all,
I am currently experimenting with ipfw dummynet features (coming rather from
the netem tc corner; so being new to dummynet and apologise for these kind of
questions) and was wondering how to syntactically achieve
The following reply was made to PR kern/189720; it has been noted by GNATS.
From: Luigi Rizzo ri...@iet.unipi.it
To: bug-follo...@freebsd.org, byc...@gmail.com
Cc:
Subject: kern/189720: [ipfw] [patch] pps action for ipfw
Date: Thu, 29 May 2014 16:12:16 +0200
Hi,
I have looked at the update
The following reply was made to PR kern/189720; it has been noted by GNATS.
From: 'Luigi Rizzo' ri...@iet.unipi.it
To: bycn82 byc...@gmail.com
Cc: bug-follo...@freebsd.org
Subject: Re: kern/189720: [ipfw] [patch] pps action for ipfw
Date: Thu, 29 May 2014 17:17:59 +0200
On Thu, May 29, 2014
The following reply was made to PR kern/189720; it has been noted by GNATS.
From: Luigi Rizzo ri...@iet.unipi.it
To: bycn82 byc...@gmail.com
Cc: bug-follo...@freebsd.org
Subject: Re: kern/189720: [ipfw] [patch] pps action for ipfw
Date: Fri, 30 May 2014 19:16:10 +0200
On Sat, May 31, 2014 at 12
...@freebsd.org
--
-+---
Prof. Luigi RIZZO, ri...@iet.unipi.it . Dip. di Ing. dell'Informazione
http://www.iet.unipi.it/~luigi/. Universita` di Pisa
TEL +39-050-2211611 . via Diotisalvi 2
Mobile +39-338
1 - 100 of 113 matches
Mail list logo
