On Thu, Apr 9, 2020 at 2:18 AM Özkan KIRIK wrote:
>
> Hello,
>
> I wonder if it is possible to update dummynet code multi-threading capable
> practically?
> My idea is below:
> - A new sysctl tunable will be defined as
> "net.inet.ip.dummynet.thread_count" (default 1)
> - To distribute tasks
On Thu, Apr 9, 2020 at 2:18 AM Özkan KIRIK wrote:
>
> Hello,
>
> I wonder if it is possible to update dummynet code multi-threading capable
> practically?
> My idea is below:
> - A new sysctl tunable will be defined as
> "net.inet.ip.dummynet.thread_count" (default 1)
> - To distribute tasks
> mask: 0x00 0x/0x -> 0x00ff/0x
>
--
---------+---
Prof. Luigi RIZZO, ri...@iet.unipi.it . Dip. di Ing. dell'Informazione
http://www.iet.unipi.it/~luigi/. Universita` di Pisa
TEL +39-050-2217533 . via Diotis
;>> to
>>>>
>>>>> perform the desired work. This option is going to take some time. Maybe
>>>>>
>>>> up
>>>>
>>>>> to a year.
>>>>>
>>>&g
they will apply to the Windows version, you could
> post them here.
>
> Regards,
> Ben
>
>
> --
>
> --
> From: Benjamin Woods
> woods...@gmail.com
> ___
> freebsd-ipfw@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
>
On Thu, Aug 13, 2015 at 5:18 PM, Julian Elischer jul...@freebsd.org wrote:
On 8/13/15 10:41 PM, Ian Smith wrote:
On Thu, 13 Aug 2015 16:30:15 +0200, Luigi Rizzo wrote:
On Thu, Aug 13, 2015 at 4:00 PM, Ian Smith smi...@nimnet.asn.au
wrote:
On Thu, 13 Aug 2015 12:24:31 +0800, Julian
--
-+---
Prof. Luigi RIZZO, ri...@iet.unipi.it . Dip. di Ing. dell'Informazione
http://www.iet.unipi.it/~luigi/. Universita` di Pisa
TEL +39-050-2217533 . via Diotisalvi 2
Mobile +39-338-6809875
--
-+---
Prof. Luigi RIZZO, ri...@iet.unipi.it . Dip. di Ing. dell'Informazione
http://www.iet.unipi.it/~luigi/. Universita` di Pisa
TEL +39-050-2211611 . via Diotisalvi 2
Mobile +39-338-6809875 . 56122 PISA (Italy
On Mon, Jan 5, 2015 at 2:41 PM, Olivier Cochard-Labbé oliv...@cochard.me
wrote:
On Mon, Jan 5, 2015 at 1:28 PM, Willy Offermans wi...@offermans.rompen.nl
wrote:
Hello Luigi and FreeBSD friends,
I do top posting.
So there might be a chance that someting slips through the firewall
between
On Wed, Aug 13, 2014 at 10:11 PM, Alexander V. Chernikov
melif...@yandex-team.ru wrote:
Hello list.
I've been hacking ipfw for a while and It seems there is something ready
to test/review in projects/ipfw branch.
this is a fantastic piece of work, thanks for doing it and for
integrating
On Thu, Aug 14, 2014 at 11:57 AM, Alexander V. Chernikov
melif...@yandex-team.ru wrote:
On 14.08.2014 13:23, Luigi Rizzo wrote:
On Wed, Aug 13, 2014 at 10:11 PM, Alexander V. Chernikov
melif...@yandex-team.ru wrote:
Hello list.
I've been hacking ipfw for a while and It seems
On Thu, Aug 14, 2014 at 12:57 PM, Alexander V. Chernikov
melif...@yandex-team.ru wrote:
On 14.08.2014 14:44, Luigi Rizzo wrote:
On Thu, Aug 14, 2014 at 11:57 AM, Alexander V. Chernikov
melif...@yandex-team.ru wrote:
On 14.08.2014 13:23, Luigi Rizzo wrote:
On Wed, Aug 13, 2014
On Mon, Aug 04, 2014 at 01:44:26PM +0400, Alexander V. Chernikov wrote:
On 02.08.2014 12:33, Alexander V. Chernikov wrote:
On 02.08.2014 10:33, Luigi Rizzo wrote:
On Fri, Aug 1, 2014 at 11:08 PM, Alexander V. Chernikov
melif...@freebsd.org mailto:melif...@freebsd.org wrote
...@freebsd.org
--
-+---
Prof. Luigi RIZZO, ri...@iet.unipi.it . Dip. di Ing. dell'Informazione
http://www.iet.unipi.it/~luigi/. Universita` di Pisa
TEL +39-050-2211611 . via Diotisalvi 2
Mobile +39-338
The following reply was made to PR kern/189720; it has been noted by GNATS.
From: Luigi Rizzo ri...@iet.unipi.it
To: bycn82 byc...@gmail.com
Cc: bug-follo...@freebsd.org
Subject: Re: kern/189720: [ipfw] [patch] pps action for ipfw
Date: Fri, 30 May 2014 19:16:10 +0200
On Sat, May 31, 2014 at 12
The following reply was made to PR kern/189720; it has been noted by GNATS.
From: Luigi Rizzo ri...@iet.unipi.it
To: bug-follo...@freebsd.org, byc...@gmail.com
Cc:
Subject: kern/189720: [ipfw] [patch] pps action for ipfw
Date: Thu, 29 May 2014 16:12:16 +0200
Hi,
I have looked at the update
The following reply was made to PR kern/189720; it has been noted by GNATS.
From: 'Luigi Rizzo' ri...@iet.unipi.it
To: bycn82 byc...@gmail.com
Cc: bug-follo...@freebsd.org
Subject: Re: kern/189720: [ipfw] [patch] pps action for ipfw
Date: Thu, 29 May 2014 17:17:59 +0200
On Thu, May 29, 2014
On Fri, May 23, 2014 at 03:53:18PM +0200, Patrick Zwickl wrote:
Dear all,
I am currently experimenting with ipfw dummynet features (coming rather from
the netem tc corner; so being new to dummynet and apologise for these kind of
questions) and was wondering how to syntactically achieve
On Mon, May 12, 2014 at 7:01 PM, bycn82 byc...@gmail.com wrote:
On 5/9/14 0:11, bycn82 wrote:
...
Done ,submitted.
http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/189721
can you clean up the formatting and style
(including some gratuitous whitespace changes).
Also there are several things
On Thu, May 08, 2014 at 09:09:21AM +0800, bycn82 wrote:
On 5/8/14 8:35, bycn82 wrote:
On 5/4/14 1:19, Luigi Rizzo wrote:
On Sat, May 3, 2014 at 2:27 PM, bycn82 byc...@gmail.com
mailto:byc...@gmail.com wrote:
On 5/2/14 16:59, Luigi Rizzo wrote:
On Wed, Apr 30, 2014
On Fri, May 09, 2014 at 12:11:16AM +0800, bycn82 wrote:
On 5/8/14 15:38, Luigi Rizzo wrote:
...
If i were to implement the feature i would add two parameters
(burst, I_max) with reasonable defaults and compute the internal
interval and max_count as follows
if (burst
On Wed, Apr 30, 2014 at 6:02 PM, bycn82 byc...@gmail.com wrote:
fjwc...@gmail.com mailto:fjwc...@gmail.com
Thanks for your reply, and it is good to know the sysctl for ICMP.
finally it works.I just added a new `action` in firewall and it is called
`pps`, that means it can be generic
On Wed, Nov 13, 2013 at 6:06 AM, Ahmed Hamza ahmed@gmail.com wrote:
On Tue, Nov 12, 2013 at 8:50 PM, Julian Elischer jul...@freebsd.org
wrote:
On 11/12/13, 6:35 PM, Ahmed Hamza wrote:
Hi All,
I'm trying to use Dummynet to test the behaviour of my video streaming
application in
The following reply was made to PR kern/178317; it has been noted by GNATS.
From: Luigi Rizzo ri...@iet.unipi.it
To: Kirill Diduk kirill.di...@gmail.com
Cc: bug-follo...@freebsd.org, jens.kas...@aptilo.com, lu...@freebsd.org
Subject: Re: misc/178317: IPFW options need to specifed in specific
On Wed, Apr 24, 2013 at 08:01:23PM +0400, Alexander V. Chernikov wrote:
Hello list!
Currently ipfw uses strncmp() function to do interface matching which is
quite slow.
Additionally, ipfw_insn_if opcode is quite big and given that struct
ip_fw occupy 48 bytes
(without first instruction)
On Wed, Apr 24, 2013 at 08:46:01PM +0400, Alexander V. Chernikov wrote:
On 24.04.2013 20:23, Luigi Rizzo wrote:
...
vesrion) in the middle of the next week.
hmmm this is quite a large change, and from the description it
is a bit unclear to me how the opcode rewriting thing relates
On Wed, Apr 24, 2013 at 11:50:48PM +0400, Alexander V. Chernikov wrote:
On 24.04.2013 23:09, Luigi Rizzo wrote:
On Wed, Apr 24, 2013 at 08:46:01PM +0400, Alexander V. Chernikov wrote:
On 24.04.2013 20:23, Luigi Rizzo wrote:
...
Well, actually I'm thinking of the next 2 steps:
1) making
On Sat, Apr 13, 2013 at 03:34:39PM +0200, Spil Oss wrote:
Hi All,
I can't use ipfw with natd with my ASIX AX88772B USB NIC
...
Found an older PR kern/170081 about fxp having trouble with nat when
rxcsum/txcsum was enabled, that is why I started fiddling with
rxcsum/txcsum and found that the
the options very welll... maybe
I'm wrong?
Sami
On Thu, Jan 3, 2013 at 12:46 PM, ?zkan KIRIK ozkan.ki...@gmail.com wrote:
I think there is a mistake at the sched config line. it should be as
ipfw sched 789 config mask all pipe 456
On Thu, Jan 3, 2013 at 10:29 AM, Luigi Rizzo
On Thu, Jan 03, 2013 at 09:19:05AM +0200, Sami Halabi wrote:
Hi,
I wan t to configure bandwidth limits in the folowing scenario:
limit a specific IP to ,say 10MB, but also limit each Session to, say 1MB.
so max concurrent sessions of that same IP can with full bandwidth would be
10, each
On Sun, Sep 16, 2012 at 10:39:36PM -0500, Soren Dreijer wrote:
Some more updates:
I went ahead and disabled a few options on the ixgbe network interface
today (most notably rxcsum and txcsum), which improved ping times to
the FreeBSD box. I'm now able to reliably ping it with ~40ms from my
On Wed, Jul 25, 2012 at 10:34:39PM -0700, Julian Elischer wrote:
On 7/25/12 11:41 AM, Luigi Rizzo wrote:
First and foremost: this is just a preview, only usable for testing now,
but very very close to working.
http://info.iet.unipi.it/~luigi/netmap/20120725-ipfw-user.tgz
On Mon, Jul 02, 2012 at 01:24:09PM +0200, Alter wrote:
Hello Luigi,
Seems, Alex answered most of you questions
LR On the negative side:
LR - documentation on new features is completely absent. Just a brief mention
LR in the manpage of ftag/funtag, a short comment in a C source code.
On Sun, Jul 01, 2012 at 03:54:35PM +, melif...@freebsd.org wrote:
Synopsis: [ipfw] [dummynet] [patch]: performance improvement and several
extensions
Responsible-Changed-From-To: freebsd-ipfw-melifaro
Responsible-Changed-By: melifaro
Responsible-Changed-When: Sun Jul 1 15:54:17 UTC
On Fri, Apr 27, 2012 at 10:50:17AM +, Javier - wrote:
I want to leave at cable speed n bytes, after n bytes apply the queue bw
limit...
and what are you seeing instead ? Do you have a trace or
something that shows that it does not work like this ?
cheers
luigi
In Linux with htb this
On Fri, Apr 27, 2012 at 12:40:05PM +, Javier - wrote:
OK, but with increased burst to 5mbytes i have same results.
the issue is the bandwidth, not the burst.
it is possible that the system has a bottleneck
similar to the 125k you are configuring.
Besides, the tcp window or socket buffer
On Mon, Apr 23, 2012 at 12:35:37PM +0400, Sergey Yaroshevskiy wrote:
Hello
I've got some warnings from my freebsd 9 box:
...
Apr 23 12:06:10 pipe kernel: copy_obj (WARN) type 4 inst 65612 have 92 need
96
Apr 23 12:06:10 pipe kernel: copy_obj (WARN) type 4 inst 65612 have 60 need
On Sat, Jan 28, 2012 at 04:00:28PM +, ??? ??? wrote:
The following reply was made to PR kern/156770; it has been noted by GNATS.
From: =?windows-1251?B?yu7t/Oru4iDF4uPl7ejp?= kes-...@yandex.ru
To: bug-follo...@freebsd.org, al...@alter.org.ua
Cc:
Subject: Re: kern/156770:
On Wed, Dec 28, 2011 at 10:26:44AM +0400, Lev Serebryakov wrote:
Hello, Luigi.
You wrote 27 ??? 2011 ?., 18:26:00:
plans, yes - not sure how long it will take. I have compiled
ipfw+dummynet as a standalone module (outside the kernel)
but have not yet hooked the code to netmap to
On Wed, Dec 28, 2011 at 10:28:44AM +0400, Lev Serebryakov wrote:
Hello, Adrian.
You wrote 28 ??? 2011 ?., 10:04:13:
Maybe someone should write one and open source it this time.. :)
In presence of LLVM in the base, it looks, that we should generate
native code from IPFW bytecodes,
On Tue, Dec 27, 2011 at 03:00:47PM +0100, Pawel Tyll wrote:
IPFW seems to add more or less constant overhead per rule. In our setup,
~20 rules increase load by 100% (one core). We are able to reach 10GE
(1.1mpps) on some routers with most packets travelling 8-10 ipfw rules.
However, even
On Tue, Dec 27, 2011 at 03:18:04PM +0100, Pawel Tyll wrote:
plans, yes - not sure how long it will take. I have compiled
ipfw+dummynet as a standalone module (outside the kernel)
but have not yet hooked the code to netmap to figure out how fast
it can run.
If I understand correctly,
Hey guys,
I'm currently running some custom C code ,via an output plugin for
Snort, which takes an IP and sticks it in an ipfw table. Once the
packet enters the box, I'm using dummynet to delay the packet while
snort analyzes it and inserts the IP into a table, after the piping
delay is
On Tue, Apr 05, 2011 at 09:30:14PM +, Gleb Smirnoff wrote:
The following reply was made to PR kern/156180; it has been noted by GNATS.
From: Gleb Smirnoff gleb...@freebsd.org
To: bug-follo...@freebsd.org
Cc: a...@freebsd.org
Subject: kern/156180
Date: Wed, 6 Apr 2011 01:07:29 +0400
On Mon, Mar 28, 2011 at 06:14:20AM +, lini...@freebsd.org wrote:
Old Synopsis: Ipfw stops to check bags for compliance with the rules, letting
everything Rules
New Synopsis: [ipfw] ipfw stops to check bags for compliance with the rules,
letting everything Rules
On Fri, Mar 04, 2011 at 05:55:38AM +0200, Eugene Perevyazko wrote:
Hi
I've stumbled on a pretty strange issue in combination of ipfw fwd rules
with multicast.
The system is 7-Stable.
It runs ospf, that uses MC groups 224.0.0.5 and 224.0.0.6. Normally those
groups use dst mac addresses
On Sun, Feb 20, 2011 at 11:50:28PM +0100, Pawel Tyll wrote:
...
This machine is only doing dummynet traffic shaping from significant
things (otherwise it runs a dhcpd, ntpd and named). It's pretty
straight-forward routing, packets come in, packets come out via static
routes - there are
On Thu, Feb 10, 2011 at 12:09:09AM +, nangergong wrote:
Hi, all:
I want to use profile to simulate delays according to a empirical delay
distribution ( the profile argument can be found in
http://fuse4bsd.creo.hu/localcgi/man-cgi.cgi?ipfw+8)
I use the following command lines and
On Mon, Jan 03, 2011 at 06:22:54PM +, nangergong wrote:
Hi, all:
As far as I know, in dummynet, plr is prabability-based, namely, when a
packet is processed, it will be discarded according to the probability. So,
if I have 100 packets and the plr is 5%, eventually I may just discard 3
On Fri, Nov 26, 2010 at 02:43:12PM +, nangergong wrote:
Hi???
Thank you so much for your reply. I used the windows version of
dummynet/IPFW, so is it the same that wireshark will intercept
incoming traffic before dummynet, and outgoing traffic after dummynet? Coz
it all depends on
On Thu, Nov 25, 2010 at 03:31:16PM +, nangergong wrote:
Hi, all:
1 relationship between dummynet and wireshark
I have a question on the relationship between dummynet and wireshark. Does
wireshark capture packets before dummynet starts working or after? Which of
the following charts
On Fri, Jun 04, 2010 at 01:19:32AM -0700, bored to death wrote:
thank you luigi for your reply, it helped.
i changed the hz parameter to 1000 and then 4000 and then 8000 in my
/boot/loader.conf. the result got much better.
i configured my system as a router and i send 1GB traffic rate
luigi
i checked limitations with various values between 400Mbits/s to more than
1000Mbits/s and it works like a charm.
(the problem was when i set queue to 80MBytes, queue value was actually set
to 80 slots)
thanks again luigi.
From: Luigi
On Wed, Jun 02, 2010 at 09:53:18PM +0300, Dmitry Pryanishnikov wrote:
Hello!
In RELENG_6 loading dummynet.ko from /boot/loader.conf
dummynet_load=YES
works correctly. However in fresh RELENG_8 it results in strange
behaviour: loader shows /boot/kernel/dummynet.ko getting loaded, then
On Thu, Jun 03, 2010 at 09:29:20AM -0700, bored to death wrote:
hello,
i'm trying to limit my input traffic bandwidth on freebsd. i used
ipfw+dummynet. without limitation, i have almost 1Gbit/s input traffic
on my system. when i try to limit the bandwidth, it works fine on low
to normal
times in milli-seconds:
Minimum = 42ms, Maximum = 72ms, Average = 46ms
___
Nuno Diogo
-Original Message-
From: Luigi Rizzo [mailto:ri...@iet.unipi.it]
Sent: Friday, May 21, 2010 3:36 AM
To: Nuno
configuration IPerf can?t push more
than a fraction of the configured bandwidth with lots of packets queuing and
dropping.
Your patience is appreciated.
Sincerely,
___
Nuno Diogo
Luigi
Just in case you are interested, Murray Stokely was very kind in
organizing a talk at Google on recent ipfw and dummynet work. A
recording is available on the GoogleTechTalks channel:
http://www.youtube.com/watch?v=r8vBmybeKlE
BTW there is plenty of interesting talks on that channel so
On Wed, Mar 31, 2010 at 03:47:49PM -0300, Ass.Tec. Matik wrote:
it means that you are probably using a new kernel and an old /sbin/ipfw.
The new ipfw/dummynet has a different kernel/userland API to accommodate
some new features, and the kernel has a compatibility layer to translate
On Thu, Mar 25, 2010 at 03:00:01PM -0300, Adailton Milhorini wrote:
Hi,
i use this rules for my bandwidth control, and after update my freebsd
in last days, show any error for me..
my rule
# ipfw pipe 10 config mask dst-ip 0x bw 900Kbit/s queue 90Kbit/s
errors in dmesg
On Wed, Mar 24, 2010 at 10:48:07AM -0400, Alexander Wittig wrote:
Hello
Since the r205511 commit to 8-Stable my kernel can't load ipfw.ko any
more. The error message in dmsg is:
kernel: link_elf_obj: symbol ipfw_dyn_attach undefined
kernel: linker_load_file: Unsupported file type
A
On Wed, Mar 24, 2010 at 03:22:40PM -0700, Michael Sierchio wrote:
I'm really distressed about the state of ipfw development. Is there no test
harness? Rather than becoming more mature and stable, I think it's in the
weeds these days.
Yeah, really disgusting :)
I am sorry, there is no
On Tue, Mar 09, 2010 at 03:36:15PM +0100, Oliver Fromme wrote:
Hi,
Just a question: Is the output from ipfw list supposed
to be in the same rule format that is accepted as input?
If that's the case, then there is a small bug:
# ipfw add 100 allow ip from any to '{' 1.1.1.1 or 2.2.2.2 '}'
On Mon, Mar 15, 2010 at 07:57:24PM +0100, Oliver Fromme wrote:
Luigi Rizzo wrote:
On Tue, Mar 09, 2010 at 03:36:15PM +0100, Oliver Fromme wrote:
Hi,
Just a question: Is the output from ipfw list supposed
to be in the same rule format that is accepted as input?
If that's
On Fri, Mar 12, 2010 at 06:34:29PM +0300, Evgenii Davidov wrote:
Dear Luigi,
i've moved from RELENG_8 to RELENG_8_0 and now have a lot of idle cpu again:
0 root -680 0K72K - 0 0:31 0.00% {dummynet}
00030 2671994 474106017 pipe 6 ip from table(111) to any out
On Wed, Mar 10, 2010 at 12:20:33PM +0100, Oliver Fromme wrote:
Luigi Rizzo wrote:
On Tue, Mar 09, 2010 at 03:36:15PM +0100, Oliver Fromme wrote:
Just a question: Is the output from ipfw list supposed
to be in the same rule format that is accepted as input?
it is not, partly due
On Tue, Mar 09, 2010 at 03:36:15PM +0100, Oliver Fromme wrote:
Hi,
Just a question: Is the output from ipfw list supposed
to be in the same rule format that is accepted as input?
it is not, partly due to backward compatibility.
If you try ipfw -c show then you might have better luck though.
On Fri, Jan 22, 2010 at 07:42:46PM +0300, Evgenii Davidov wrote:
,
On Fri, Jan 22, 2010 at 02:46:28PM +0100, Luigi Rizzo ?:
On Fri, Jan 22, 2010 at 04:35:35PM +0300, Evgenii Davidov wrote:
...
my problem is that dummynet cpu usage jumps from 0 to 99
On Sun, Jan 17, 2010 at 05:42:58PM +0900, Hajimu UMEMOTO wrote:
Hi,
On Sun, 10 Jan 2010 19:52:32 +0100
Luigi Rizzo ri...@iet.unipi.it said:
rizzo We only need one 'me' option that matches v4 and v6, because the
rizzo other two can be implemented as 'ip4 me' and 'ip6 me' at no extra
On Sun, Jan 10, 2010 at 11:55:54PM -0800, Julian Elischer wrote:
Maxim Ignatenko wrote:
2009/12/9 Luigi Rizzo ri...@iet.unipi.it:
3. a hash version of 'table's
Right now ipfw tables are implented as routing tables, which is
great if you have to lookup a longest matching prefix
On Mon, Jan 11, 2010 at 03:27:13AM +0900, Hajimu UMEMOTO wrote:
Hi,
On Sat, 2 Jan 2010 20:36:45 -0500
David Horn dhorn2...@gmail.com said:
dhorn2000 Yes, me matching either ipv4/ipv6 would certainly simplify the
default
dhorn2000 rc.firewall flow.
Here is my proposed patch.
On Thu, Dec 17, 2009 at 12:31:32PM -0500, David Horn wrote:
Luigi --
I am seeing a kldload failure for ipfw.ko after the latest -current commits
(fails for r200580 - r200633 inclusive) for ipfw:
link_elf_obj: symbol ipfw_dyn_attach undefined
not surprising, as i forgot to put the new
Hi,
I would like to discuss some new features that I am going to add to ipfw.
1. A new option lookup search-key T[,V] where
search-key ::= {src-ip|dst-ip|src-port|dst-port|proto|jail|...}
This extends the existing '{dst-ip|src-ip} table(T[,V])' options,
and allows a lookup of other
Hi,
in the next weeks i am going to slowly push into -head (and when
possible also in RELENG_8) several restructuring and cleanup changes
in dummynet and ipfw. This is the result of work we have been doing
in Pisa in the last few months with Riccardo Panicucci and Marta
Carbone.
I am trying to
Hi,
there is no bug, the 'pipe profile' code is working correctly.
In your mail below you are comparing two different things.
pipe config bw 10Mbit/s delay 25ms
means that _after shaping_ at 10Mbps, all traffic will
be subject to an additional delay of 25ms.
Each
On Sat, Sep 12, 2009 at 03:32:54PM +0800, Cypher Wu wrote:
I want to build a transparent firewall based on IPFW. For static rules
this is fine, but for dynamic rules, ipfw uses keepalive packet to
avoid deleting a dynamic rule that both ends are still alive but don't
issue any traffic for a
On Sat, Sep 12, 2009 at 09:51:04PM +0800, Cypher Wu wrote:
It's seems fine, but I still have some questions:
1. The endpoint will response to the keepalive TCP segment and the
destination will be the other endpoint, will IPFW just let it though
like the usual IP packet, or try to figure it out
On Wed, Sep 09, 2009 at 11:17:50PM -0700, mkarjal wrote:
Hi,
I'm trying to catch SCTP packets with IPFW by SCTP port numbers, should it
be working or not?
Or is there some different syntax for this?
ipfw add count sctp from any to any works, counts all SCTP packets.
ipfw add count
On Thu, May 21, 2009 at 08:49:30AM -0700, Freddie Cash wrote:
On Thu, May 21, 2009 at 8:01 AM, Luigi Rizzo ri...@iet.unipi.it wrote:
On Thu, May 21, 2009 at 04:20:48PM +0200, Ermal Lu?i wrote:
can ipfw use somehow interface groups as pf(4) can?
From a quick glance at documentation
On Thu, Apr 02, 2009 at 01:00:59PM +0200, Paolo Pisati wrote:
Luigi Rizzo wrote:
Ok then we may have a plan:
you could do is implement REASS as an action (not as a microinstruction),
with the following behaviour:
- if the packet is a complete one, the rule behaves as a count
(i.e
On Fri, Mar 20, 2009 at 04:53:26PM +0100, Sebastian Mellmann wrote:
Hi!
I'm using pipe masks for defining multiple queues per traffic flow, e.g.
$cmd pipe 100 config mask all bw $webclient_upload_bandwidth queue
$queue_size delay $client_rtt_delay
$cmd pipe 200 config mask all bw
On Wed, Mar 18, 2009 at 08:52:18AM -0700, Julian Elischer wrote:
Luigi Rizzo wrote:
On Tue, Mar 17, 2009 at 03:39:45PM -0700, Julian Elischer wrote:
...
Ok then we may have a plan:
you could do is implement REASS as an action (not as a microinstruction),
with the following behaviour
On Tue, Mar 17, 2009 at 11:02:48PM +0100, Paolo Pisati wrote:
Luigi Rizzo wrote:
Thinking more about it, i believe that calling reass as an explicit
firewall action is useless, because if ip_reass fails due to lack of
all fragments you are back to square one:
what do I do
On Tue, Mar 17, 2009 at 03:39:45PM -0700, Julian Elischer wrote:
...
Ok then we may have a plan:
you could do is implement REASS as an action (not as a microinstruction),
with the following behaviour:
- if the packet is a complete one, the rule behaves as a count
(i.e. the firewall
On Sun, Mar 15, 2009 at 12:38:37PM +0300, Sergey Matveychuk wrote:
Dmitriy Demidov wrote:
Hi Luigi. Thank you for answer.
It is a big surprise for me that reassembling of IP datagrams is done
not *before* they go into firewall, but *after* :(
But what's wrong with it? A fragment got from
On Fri, Mar 13, 2009 at 10:46:48PM +0200, Dmitriy Demidov wrote:
Hi list.
I'm using DNS cache server Unbound-1.2.1. I want to start using DNSSEC via
DLV (unbound gracefully allows it).
My system is FreeBSD7-STABLE. I'm using ipfw.
Original ipfw configuration:
add check-state
add deny
On Fri, Mar 06, 2009 at 08:06:50AM +0100, Sebastian Mellmann wrote:
Secondly, apropos Sebastian's experience, should this say The value
(even if 0) is rounded to the next multiple of the clock tick .. ?
^^^
0 is rounded to 0 so that's not an issue.
The delay Sebastian is
On Wed, Mar 04, 2009 at 10:05:53PM +0100, Sebastian Mellmann wrote:
On Wed, Mar 04, 2009 at 08:17:05PM +0100, Sebastian Mellmann wrote:
Hi everyone!
I hope this is the right place to ask.
I've got a IPFW ruleset that looks like this:
cmd=ipfw
bottleneck_bandwidth=100Mbit/s
On Wed, Mar 04, 2009 at 08:17:05PM +0100, Sebastian Mellmann wrote:
Hi everyone!
I hope this is the right place to ask.
I've got a IPFW ruleset that looks like this:
cmd=ipfw
bottleneck_bandwidth=100Mbit/s
in_if=em0
$cmd pipe 500 config bw $bottleneck_bandwidth
$cmd add pipe 500
On Tue, May 06, 2008 at 03:34:23PM -0400, Matthew Pope wrote:
I must correct my test parameters: In one of the two pipes, the bw was
4K, not 48K as stated.
When I just now moved it up to 48K to match the other pipe size, my ping
times plummeted to 129-139ms throughout the Queue sizes listed
On Mon, Mar 03, 2008 at 11:17:19AM +0100, Paolo Pisati wrote:
On Sun, Mar 02, 2008 at 03:58:50PM +0100, Luigi Rizzo wrote:
The SI_ORDER_* definitions in /sys/sys/kernel.h are enumerated on a
large range, so if the existing code does not have races,
you can safely move the non-leaf
On Tue, Sep 04, 2007 at 12:50:36AM +0700, Vadim Goncharov wrote:
03.09.07 @ 23:48 Andrey V. Elsukov wrote:
I got a trace for this fault.
dummynet reinject packet to the ip_input through netisr_dispath.
This procedure was done success several times, but in the next time
it's fault.
...
On Wed, Apr 18, 2007 at 02:52:43PM -0700, Julian Elischer wrote:
Chuck Swiger wrote:
On Apr 18, 2007, at 1:58 PM, Julian Elischer wrote:
I'm contemplating the following changes to functionality:
I'd like suggestions and comments...
1/ Commit capability
In this change you declare a
On Fri, Mar 30, 2007 at 08:49:19AM +0200, Dave Raven wrote:
Hi all,
I've been looking at the ipfw (dummynet) ability to do delay and
have a few questions - I hope this is the right list. I want to simulate a
1000ms RTT on a satellite link. To do that I've created an inbound and
outbound
-based protocol
the max throughtput is 1 window per rtt, where the window is
upper bounded by the min of socket buffer, tcp buffers, negotiated
tcp window
luigi
Thanks so much for the help - I know its going a bit off topic
Dave
-Original Message-
From: 'Luigi Rizzo' [mailto:[EMAIL
On Sat, Mar 03, 2007 at 09:50:43AM +0800, John Mok wrote:
Hi,
I am new to Dummynet. I would like to setup a FreeBSD QoS box to replace
the one using Linux IMQ. However, I have the following questions :-
1. Is it possible to cascade pipes, such that the bandwidth management
could be
On Sat, Mar 03, 2007 at 08:16:37PM +0800, John Mok wrote:
...
Without hierarchical control, would it be possible to make a dummynet
model for the example situation to work? If separate pipes are used to
set the bandwidth limit :-
ipfw pipe 110 config bw 16 Kbps
ipfw pipe 120 config bw 256
On Wed, Dec 06, 2006 at 04:51:51AM +0100, Max Laier wrote:
On Wednesday 06 December 2006 01:17, Luigi Rizzo wrote:
...
First, this proposal, with 36 multiplies and one division, the
function seems rather expensive for e.g. a low end cpu (arm or
soekris) as you might find on network
On Wed, Dec 06, 2006 at 10:56:42AM +, David Malone wrote:
On Wed, Dec 06, 2006 at 04:51:51AM +0100, Max Laier wrote:
I tried the reference machines (see hacked up attachment):
78x ia64
40x amd64
60x p3
16x p4
I don't have my Soekris set up, so if somebody could give it a try.
On Wed, Dec 06, 2006 at 11:38:47AM +, David Malone wrote:
On Wed, Dec 06, 2006 at 01:29:31AM -0800, Luigi Rizzo wrote:
the top forwarding performance of a soekris is around 30-35kpps if
i remember well - this translates in around 30us/packet all included.
Is that the peak with ipfw2
1 - 100 of 113 matches
Mail list logo