From owner-freebsd-ipfw@FreeBSD.ORG Sun Jul 20 05:33:37 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7C6E21065673 for ; Sun, 20 Jul 2008 05:33:37 +0000 (UTC) (envelope-from kazi.sharif@aonb.com.bd) Received: from mail.aonb.com.bd (mail.aonbd.net [117.58.240.30]) by mx1.freebsd.org (Postfix) with ESMTP id 6B6828FC0A for ; Sun, 20 Jul 2008 05:33:35 +0000 (UTC) (envelope-from kazi.sharif@aonb.com.bd) Received: (qmail 7421 invoked by uid 509); 20 Jul 2008 11:12:51 +0600 Received: from 117.58.240.42 by mail.aonb.com.bd (envelope-from , uid 508) with qmail-scanner-1.25-st-qms (clamdscan: 0.91.1/3762. spamassassin: 2.x. perlscan: 1.25-st-qms. Clear:RC:1(117.58.240.42):. Processed in 0.084368 secs); 20 Jul 2008 05:12:51 -0000 X-Antivirus-MYDOMAIN-Mail-From: kazi.sharif@aonb.com.bd via mail.aonb.com.bd X-Antivirus-MYDOMAIN: 1.25-st-qms (Clear:RC:1(117.58.240.42):. Processed in 0.084368 secs Process 7414) Received: from sharif.aonbd.net (HELO ?127.0.0.1?) (kazi.sharif@aonbd.net@117.58.240.42) by mail.aonb.com.bd with SMTP; 20 Jul 2008 11:12:51 +0600 Message-ID: <4882C7E6.8010604@aonb.com.bd> Date: Sun, 20 Jul 2008 11:06:46 +0600 From: "Kazi A. Sharif" Organization: Always On Network Bangladesh Ltd. User-Agent: Thunderbird 2.0.0.14 (Windows/20080421) MIME-Version: 1.0 To: freebsd-ipfw@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: IPFW+Dummynet Capability X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Jul 2008 05:33:37 -0000 Hello Guys, I was planning to install a heavy duty bandwidth manager for my ISP. I went through some documentation and installed IPFW and Dummynet in FreeBSD 7.0. Before I spent so much time on this I need to know the limitations that are already noticed: 1. If we compare IPFW+Dummynet with Allot or Emerging Technologies Bandwidth manager, how efficient is the IPFW+Dummynet? 2. Is it possible to control/throttle 800/900Mbps bandwidth using recommended hardware? 3. Can I shape bandwidth for 3000 to 5000 clients with Dummynet where concurrent connectivity would be 2000 to 3000? 4. If I can serve 5000 users then what would be the performance decreasing ratio? 5. If I can not use Dummynet for my requirement then what are the recommendations? Thanks in advance. Sharif From owner-freebsd-ipfw@FreeBSD.ORG Sun Jul 20 12:41:51 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EFED61065671 for ; Sun, 20 Jul 2008 12:41:51 +0000 (UTC) (envelope-from freebsdlists@bsdunix.ch) Received: from conversation.bsdunix.ch (ns1.bsdunix.ch [82.220.1.90]) by mx1.freebsd.org (Postfix) with ESMTP id AC1E58FC14 for ; Sun, 20 Jul 2008 12:41:51 +0000 (UTC) (envelope-from freebsdlists@bsdunix.ch) Received: from localhost (localhost.bsdunix.ch [127.0.0.1]) by conversation.bsdunix.ch (Postfix) with ESMTP id 869875CFF; Sun, 20 Jul 2008 14:22:03 +0200 (CEST) X-Virus-Scanned: by amavisd-new at mail.bsdunix.ch Received: from conversation.bsdunix.ch ([127.0.0.1]) by localhost (conversation.bsdunix.ch [127.0.0.1]) (amavisd-new, port 10024) with LMTP id HGXTwnFesGHf; Sun, 20 Jul 2008 14:22:02 +0200 (CEST) Received: from [192.168.1.101] (home.bsdunix.ch [82.220.17.23]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by conversation.bsdunix.ch (Postfix) with ESMTP id E910F5E12; Sun, 20 Jul 2008 14:22:01 +0200 (CEST) Message-Id: <03690B01-2B1A-4AC0-88BC-3C0504C5B9B3@bsdunix.ch> From: Thomas Vogt To: Kazi A. Sharif In-Reply-To: <4882C7E6.8010604@aonb.com.bd> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v926) Date: Sun, 20 Jul 2008 08:22:01 -0400 References: <4882C7E6.8010604@aonb.com.bd> X-Mailer: Apple Mail (2.926) Cc: freebsd-ipfw@freebsd.org Subject: Re: IPFW+Dummynet Capability X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Jul 2008 12:41:52 -0000 Hello Am 20.07.2008 um 01:06 schrieb Kazi A. Sharif: > Hello Guys, > I was planning to install a heavy duty bandwidth manager for my ISP. > I went through some documentation and installed IPFW and Dummynet in > FreeBSD 7.0. Before I spent so much time on this I need to know the > limitations that are already noticed: > > 1. If we compare IPFW+Dummynet with Allot or Emerging Technologies > Bandwidth manager, how efficient is the IPFW+Dummynet? > 2. Is it possible to control/throttle 800/900Mbps bandwidth using > recommended hardware? We use something similiar to make sure that certain ip ranges always get the best performance. Simulating some kind of QoS and set a max bandwidth for everything. We figured out that the limit with this Xeon is somewhere between 200-300Mbps with a few IPFW+Dummynet rules. We also tested a slower quad cores but the performance was even worse. UP systems with fast CPU where the best choice so far for us. At the moment our system runs with 6.2 but to be honest i don't belive that the performance gets trippled with FreeBSD 7. Our hardware: Intel(R) Xeon(TM) CPU 3.20GHz (3199.10-MHz 686-class CPU) and intel em cards ( Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A505A1065674 for ; Sun, 20 Jul 2008 15:39:44 +0000 (UTC) (envelope-from kazi.sharif@aonb.com.bd) Received: from mail.aonb.com.bd (ns1.aonbd.net [117.58.240.30]) by mx1.freebsd.org (Postfix) with ESMTP id 8E20B8FC0A for ; Sun, 20 Jul 2008 15:39:42 +0000 (UTC) (envelope-from kazi.sharif@aonb.com.bd) Received: (qmail 13625 invoked by uid 509); 20 Jul 2008 21:45:39 +0600 Received: from 117.58.240.42 by mail.aonb.com.bd (envelope-from , uid 508) with qmail-scanner-1.25-st-qms (clamdscan: 0.91.1/3762. spamassassin: 2.x. perlscan: 1.25-st-qms. Clear:RC:1(117.58.240.42):. Processed in 0.066207 secs); 20 Jul 2008 15:45:39 -0000 X-Antivirus-MYDOMAIN-Mail-From: kazi.sharif@aonb.com.bd via mail.aonb.com.bd X-Antivirus-MYDOMAIN: 1.25-st-qms (Clear:RC:1(117.58.240.42):. Processed in 0.066207 secs Process 13618) Received: from sharif.aonbd.net (HELO ?127.0.0.1?) (kazi.sharif@aonbd.net@117.58.240.42) by mail.aonb.com.bd with SMTP; 20 Jul 2008 21:45:39 +0600 Message-ID: <48835C35.3010707@aonb.com.bd> Date: Sun, 20 Jul 2008 21:39:33 +0600 From: "Kazi A. Sharif" Organization: Always On Network Bangladesh Ltd. User-Agent: Thunderbird 2.0.0.14 (Windows/20080421) MIME-Version: 1.0 To: Thomas Vogt References: <4882C7E6.8010604@aonb.com.bd> <03690B01-2B1A-4AC0-88BC-3C0504C5B9B3@bsdunix.ch> In-Reply-To: <03690B01-2B1A-4AC0-88BC-3C0504C5B9B3@bsdunix.ch> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-ipfw@freebsd.org Subject: Re: IPFW+Dummynet Capability X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Jul 2008 15:39:44 -0000 Hello Thomas, Thanks for the reply. It seems I am not in the right track. I used Emerging Technologies commercial bandwidth manager. It was tested with 2000 rules and the total traffic was 25Mbps. It is build on UNIX OS. I heard that Allot is also able to use many rules. In Mikrotik we can create Queue/Queue group/Firewall/IP based MRTG Graph/Time-based QoS and they say that it is tested with Gigabit traffic. My current requirement is bellow 100Mbps but there will have at least 4000 clients that means 4000 IPs. We use the packages 64, 96, 128, 256, 512, 1024/1024kbps and so on. We used to create 2 rules for each user, one for bandwidth and another for firewall or MAC binding with IP. After a lot of searching on IPFW+Dummynet I didn't find a good IP based in/out traffic graphing way through SNMP or something like that, I checked for Time-based QoS on IPFW+Dummynet and saw a patch but its not granted, I wanted to use name with rule number but I don't think uid/gid is what I was looking for. So do you think there is a way to use IPFW+Dummynet using table to reduce number of rules and for at least 100Mbps traffic? You may have other suggestions to use Altq+PF or something similar. I think I should spent time on this if my above requirements are achievable. Thanking Sharif Thomas Vogt wrote: > Hello > > Am 20.07.2008 um 01:06 schrieb Kazi A. Sharif: >> Hello Guys, >> I was planning to install a heavy duty bandwidth manager for my ISP. >> I went through some documentation and installed IPFW and Dummynet in >> FreeBSD 7.0. Before I spent so much time on this I need to know the >> limitations that are already noticed: >> >> 1. If we compare IPFW+Dummynet with Allot or Emerging Technologies >> Bandwidth manager, how efficient is the IPFW+Dummynet? >> 2. Is it possible to control/throttle 800/900Mbps bandwidth using >> recommended hardware? > > We use something similiar to make sure that certain ip ranges always > get the best performance. Simulating some kind of QoS and set a max > bandwidth for everything. > > > We figured out that the limit with this Xeon is somewhere between > 200-300Mbps with a few IPFW+Dummynet rules. We also tested a slower > quad cores but the performance was even worse. UP systems with fast > CPU where the best choice so far for us. At the moment our system runs > with 6.2 but to be honest i don't belive that the performance gets > trippled with FreeBSD 7. > > Our hardware: > Intel(R) Xeon(TM) CPU 3.20GHz (3199.10-MHz 686-class CPU) and intel em > cards ( > In the past Ian Freislich mentioned at performance@ that AMD Opterons > are maybe faster because of the bigger L1 cache. You will get less > cache misses with it. > > We could squeeze a bit more speed with ipfw table keyword. In > gerneral, the less rule you have the better performance you will get. > > There is also an dummynet issue with FreeBSD 7.0. We just used > dummynet to limit a ftp server to 500Mpbs and had a lot of kernel > panics. Oleg Bulyzhin wrote a patch: > http://www.freebsd.org/cgi/query-pr.cgi?prp=113548-3-diff > > As far as i know this patch is not included in 7.0-Release and i'm not > sure if it was ever commited to -stable or -head. > > Regards, > Thomas Vogt > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" > > From owner-freebsd-ipfw@FreeBSD.ORG Sun Jul 20 18:21:28 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8C895106567D for ; Sun, 20 Jul 2008 18:21:28 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outV.internet-mail-service.net (outv.internet-mail-service.net [216.240.47.245]) by mx1.freebsd.org (Postfix) with ESMTP id 7F3758FC08 for ; Sun, 20 Jul 2008 18:21:28 +0000 (UTC) (envelope-from julian@elischer.org) Received: from idiom.com (mx0.idiom.com [216.240.32.160]) by out.internet-mail-service.net (Postfix) with ESMTP id 4D87D2491; Sun, 20 Jul 2008 11:21:28 -0700 (PDT) Received: from julian-mac.elischer.org (localhost [127.0.0.1]) by idiom.com (Postfix) with ESMTP id C534B2D6042; Sun, 20 Jul 2008 11:21:25 -0700 (PDT) Message-ID: <48838230.40608@elischer.org> Date: Sun, 20 Jul 2008 11:21:36 -0700 From: Julian Elischer User-Agent: Thunderbird 2.0.0.14 (Macintosh/20080421) MIME-Version: 1.0 To: "Kazi A. Sharif" References: <4882C7E6.8010604@aonb.com.bd> In-Reply-To: <4882C7E6.8010604@aonb.com.bd> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-ipfw@freebsd.org Subject: Re: IPFW+Dummynet Capability X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Jul 2008 18:21:28 -0000 Kazi A. Sharif wrote: > Hello Guys, > I was planning to install a heavy duty bandwidth manager for my ISP. I > went through some documentation and installed IPFW and Dummynet in > FreeBSD 7.0. Before I spent so much time on this I need to know the > limitations that are already noticed: > 1. If we compare IPFW+Dummynet with Allot or Emerging Technologies > Bandwidth manager, how efficient is the IPFW+Dummynet? probably not as efficient.. > 2. Is it possible to control/throttle 800/900Mbps bandwidth using > recommended hardware? It'll be pushing hard to do that. > 3. Can I shape bandwidth for 3000 to 5000 clients with Dummynet where > concurrent connectivity would be 2000 to 3000? "maybe" > 4. If I can serve 5000 users then what would be the performance > decreasing ratio? no idea > 5. If I can not use Dummynet for my requirement then what are the > recommendations? a dedicated load controlling device. You are going to have to do significant tuning with FreeBSD to be able to do this, and if you do not want to become a guru in ipfw and network processing in the BSD kernel then it is a much better use of your time to research some dedicated hardware. If my boss told me I had to do this, I'd say, "I don't know if it's possible with FreeBSD.. I'll need to do some testing" and if it was close I'd consider doing it because I have confidencein my knowledge of the networking code, that I cold probably hack the kernel enough to give me a specdial purpose kernel that could do it, but if it wasn't close I wouldn't bother. My suspicion is that it won't be "close" at this time, but the only thing you can try is to simulate it. > Thanks in advance. > Sharif > > > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" From owner-freebsd-ipfw@FreeBSD.ORG Mon Jul 21 03:11:04 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1529C106564A for ; Mon, 21 Jul 2008 03:11:04 +0000 (UTC) (envelope-from ganbold@micom.mng.net) Received: from publicd.ub.mng.net (publicd.ub.mng.net [202.179.0.88]) by mx1.freebsd.org (Postfix) with ESMTP id BE1EA8FC0C for ; Mon, 21 Jul 2008 03:11:03 +0000 (UTC) (envelope-from ganbold@micom.mng.net) Received: from [202.179.0.164] (helo=daemon.micom.mng.net) by publicd.ub.mng.net with esmtpa (Exim 4.69 (FreeBSD)) (envelope-from ) id 1KKlB2-0001Eu-HB; Mon, 21 Jul 2008 10:31:04 +0800 Message-ID: <4883F4E8.30909@micom.mng.net> Date: Mon, 21 Jul 2008 10:31:04 +0800 From: Ganbold User-Agent: Thunderbird 2.0.0.12 (X11/20080415) MIME-Version: 1.0 To: "Kazi A. Sharif" References: <4882C7E6.8010604@aonb.com.bd> <03690B01-2B1A-4AC0-88BC-3C0504C5B9B3@bsdunix.ch> <48835C35.3010707@aonb.com.bd> In-Reply-To: <48835C35.3010707@aonb.com.bd> X-Enigmail-Version: 0.95.6 OpenPGP: id=78F6425E Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-ipfw@freebsd.org, Thomas Vogt Subject: Re: IPFW+Dummynet Capability X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Jul 2008 03:11:04 -0000 Kazi A. Sharif wrote: > Hello Thomas, > Thanks for the reply. It seems I am not in the right track. I used > Emerging Technologies commercial bandwidth manager. It was tested with > 2000 rules and the total traffic was 25Mbps. It is build on UNIX OS. Emerging technologies use FreeBSD. See the FAQ: http://www.etinc.com/index.php?page=bwmgrfaq.htm > I heard that Allot is also able to use many rules. In Mikrotik we can > create Queue/Queue group/Firewall/IP based MRTG Graph/Time-based QoS > and they say that it is tested with Gigabit traffic. > My current requirement is bellow 100Mbps but there will have at least > 4000 clients that means 4000 IPs. We use the packages 64, 96, 128, > 256, 512, 1024/1024kbps and so on. We used to create 2 rules for each > user, one for bandwidth and another for firewall or MAC binding with IP. > After a lot of searching on IPFW+Dummynet I didn't find a good IP > based in/out traffic graphing way through SNMP or something like that, > I checked for Time-based QoS on IPFW+Dummynet and saw a patch but its > not granted, I wanted to use name with rule number but I don't think > uid/gid is what I was looking for. > So do you think there is a way to use IPFW+Dummynet using table to > reduce number of rules and for at least 100Mbps traffic? You may have > other suggestions to use Altq+PF or something similar. > I think I should spent time on this if my above requirements are > achievable. > Thanking > Sharif > > > > Thomas Vogt wrote: >> Hello >> >> Am 20.07.2008 um 01:06 schrieb Kazi A. Sharif: >>> Hello Guys, >>> I was planning to install a heavy duty bandwidth manager for my ISP. >>> I went through some documentation and installed IPFW and Dummynet in >>> FreeBSD 7.0. Before I spent so much time on this I need to know the >>> limitations that are already noticed: >>> >>> 1. If we compare IPFW+Dummynet with Allot or Emerging Technologies >>> Bandwidth manager, how efficient is the IPFW+Dummynet? >>> 2. Is it possible to control/throttle 800/900Mbps bandwidth using >>> recommended hardware? >> >> We use something similiar to make sure that certain ip ranges always >> get the best performance. Simulating some kind of QoS and set a max >> bandwidth for everything. >> >> >> We figured out that the limit with this Xeon is somewhere between >> 200-300Mbps with a few IPFW+Dummynet rules. We also tested a slower >> quad cores but the performance was even worse. UP systems with fast >> CPU where the best choice so far for us. At the moment our system >> runs with 6.2 but to be honest i don't belive that the performance >> gets trippled with FreeBSD 7. >> >> Our hardware: >> Intel(R) Xeon(TM) CPU 3.20GHz (3199.10-MHz 686-class CPU) and intel >> em cards (> >> In the past Ian Freislich mentioned at performance@ that AMD >> Opterons are maybe faster because of the bigger L1 cache. You will >> get less cache misses with it. >> >> We could squeeze a bit more speed with ipfw table keyword. In >> gerneral, the less rule you have the better performance you will get. >> >> There is also an dummynet issue with FreeBSD 7.0. We just used >> dummynet to limit a ftp server to 500Mpbs and had a lot of kernel >> panics. Oleg Bulyzhin wrote a patch: >> http://www.freebsd.org/cgi/query-pr.cgi?prp=113548-3-diff >> >> As far as i know this patch is not included in 7.0-Release and i'm >> not sure if it was ever commited to -stable or -head. >> >> Regards, >> Thomas Vogt >> _______________________________________________ >> freebsd-ipfw@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw >> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" >> >> > > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" > > > -- ONE THING KIDS LIKE is to be tricked. For instance, I was going to take my little nephew to Disneyland, but instead I drove him to a burned-out warehouse. "Oh, oh," I said. "Disneyland burned down." He cried and cried, but I think that deep down he thought it was a pretty good joke. I started to drive over to the real Disneyland, but it was getting pretty late. -- Jack Handey, The New Mexican, 1988 From owner-freebsd-ipfw@FreeBSD.ORG Mon Jul 21 11:06:57 2008 Return-Path: Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 757061065673 for ; Mon, 21 Jul 2008 11:06:57 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 53E9E8FC08 for ; Mon, 21 Jul 2008 11:06:57 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m6LB6vdn031904 for ; Mon, 21 Jul 2008 11:06:57 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m6LB6uwS031900 for freebsd-ipfw@FreeBSD.org; Mon, 21 Jul 2008 11:06:56 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 21 Jul 2008 11:06:56 GMT Message-Id: <200807211106.m6LB6uwS031900@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-ipfw@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-ipfw@FreeBSD.org X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Jul 2008 11:06:57 -0000 Current FreeBSD problem reports Critical problems Serious problems S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/51274 ipfw [ipfw] [patch] ipfw2 create dynamic rules with parent o kern/73910 ipfw [ipfw] serious bug on forwarding of packets after NAT o kern/74104 ipfw [ipfw] ipfw2/1 conflict not detected or reported, manp o kern/88659 ipfw [modules] ipfw and ip6fw do not work properly as modul o kern/93300 ipfw [ipfw] ipfw pipe lost packets o kern/95084 ipfw [ipfw] [regression] [patch] IPFW2 ignores "recv/xmit/v o kern/97504 ipfw [ipfw] IPFW Rules bug o kern/97951 ipfw [ipfw] [patch] ipfw does not tie interface details to o kern/98831 ipfw [ipfw] ipfw has UDP hickups o kern/102471 ipfw [ipfw] [patch] add tos and dscp support o kern/103454 ipfw [ipfw] [patch] [request] add a facility to modify DF b o kern/112708 ipfw [ipfw] ipfw is seems to be broken to limit number of c o kern/117234 ipfw [ipfw] [patch] ipfw send_pkt() and ipfw_tick() don't s o kern/118993 ipfw [ipfw] page fault - probably it's a locking problem o conf/123119 ipfw [patch] rc script for ipfw does not handle IPv6 15 problems total. Non-critical problems S Tracker Resp. Description -------------------------------------------------------------------------------- a kern/26534 ipfw [ipfw] Add an option to ipfw to log gid/uid of who cau o kern/46159 ipfw [ipfw] [patch] [request] ipfw dynamic rules lifetime f o kern/48172 ipfw [ipfw] [patch] ipfw does not log size and flags o kern/55984 ipfw [ipfw] [patch] time based firewalling support for ipfw o kern/60719 ipfw [ipfw] Headerless fragments generate cryptic error mes o kern/69963 ipfw [ipfw] install_state warning about already existing en o kern/71366 ipfw [ipfw] "ipfw fwd" sometimes rewrites destination mac a o kern/72987 ipfw [ipfw] ipfw/dummynet pipe/queue 'queue [BYTES]KBytes ( o bin/78785 ipfw [patch] ipfw(8) verbosity locks machine if /etc/rc.fir s kern/80642 ipfw [ipfw] [patch] ipfw small patch - new RULE OPTION o kern/82724 ipfw [ipfw] [patch] [request] Add setnexthop and defaultrou o kern/86957 ipfw [ipfw] [patch] ipfw mac logging o kern/87032 ipfw [ipfw] [patch] ipfw ioctl interface implementation o kern/91847 ipfw [ipfw] ipfw with vlanX as the device o kern/103328 ipfw [ipfw] [request] sugestions about ipfw table o kern/104682 ipfw [ipfw] [patch] Some minor language consistency fixes a o bin/104921 ipfw [patch] ipfw(8) sometimes treats ipv6 input as ipv4 (a o kern/105330 ipfw [ipfw] [patch] ipfw (dummynet) does not allow to set q o kern/107305 ipfw [ipfw] ipfw fwd doesn't seem to work o kern/112561 ipfw [ipfw] ipfw fwd does not work with some TCP packets p kern/113388 ipfw [ipfw][patch] Addition actions with rules within speci o docs/113803 ipfw [patch] ipfw(8) - don't get bitten by the fwd rule o bin/115172 ipfw [patch] ipfw(8) list show some rules with a wrong form p kern/115755 ipfw [ipfw][patch] unify message and add a rule number wher o kern/116009 ipfw [ipfw] [patch] Ignore errors when loading ruleset from o kern/121122 ipfw [ipfw] [patch] add support to ToS IP PRECEDENCE fields o kern/121382 ipfw [dummynet]: 6.3-RELEASE-p1 page fault in dummynet (cor s kern/121807 ipfw [request] TCP and UDP port_table in ipfw o kern/122963 ipfw [ipfw] tcpdump does not show packets redirected by 'ip o bin/125370 ipfw [ipfw] [patch] increase a line buffer limit 30 problems total.