From owner-freebsd-ipfw@FreeBSD.ORG Mon Jul 27 11:06:56 2009 Return-Path: Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8688D106566C for ; Mon, 27 Jul 2009 11:06:56 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 73AA48FC1F for ; Mon, 27 Jul 2009 11:06:56 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n6RB6upi018984 for ; Mon, 27 Jul 2009 11:06:56 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n6RB6tgP018980 for freebsd-ipfw@FreeBSD.org; Mon, 27 Jul 2009 11:06:55 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 27 Jul 2009 11:06:55 GMT Message-Id: <200907271106.n6RB6tgP018980@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-ipfw@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-ipfw@FreeBSD.org X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Jul 2009 11:06:56 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/136695 ipfw [ipfw] [patch] fwd reached after skipto in dynamic rul o kern/135476 ipfw [ipfw] IPFW table breaks after adding a large number o o bin/134975 ipfw [patch] ipfw(8) can't work with set in rule file. o kern/132553 ipfw [ipfw] ipfw doesn't understand ftp-data port o kern/131817 ipfw [ipfw] blocks layer2 packets that should not be blocke o kern/131601 ipfw [ipfw] [panic] 7-STABLE panic in nat_finalise (tcp=0) o kern/131558 ipfw [ipfw] Inconsistent "via" ipfw behavior o bin/130132 ipfw [patch] ipfw(8): no way to get mask from ipfw pipe sho o kern/129103 ipfw [ipfw] IPFW check state does not work =( o kern/129093 ipfw [ipfw] ipfw nat must not drop packets o kern/129036 ipfw [ipfw] 'ipfw fwd' does not change outgoing interface n o kern/128260 ipfw [ipfw] [patch] ipfw_divert damages IPv6 packets o kern/127230 ipfw [ipfw] [patch] Feature request to add UID and/or GID l o kern/127209 ipfw [ipfw] IPFW table become corrupted after many changes o bin/125370 ipfw [ipfw] [patch] increase a line buffer limit o conf/123119 ipfw [patch] rc script for ipfw does not handle IPv6 o kern/122963 ipfw [ipfw] tcpdump does not show packets redirected by 'ip s kern/121807 ipfw [request] TCP and UDP port_table in ipfw o kern/121382 ipfw [dummynet]: 6.3-RELEASE-p1 page fault in dummynet (cor o kern/121122 ipfw [ipfw] [patch] add support to ToS IP PRECEDENCE fields o kern/118993 ipfw [ipfw] page fault - probably it's a locking problem o kern/117234 ipfw [ipfw] [patch] ipfw send_pkt() and ipfw_tick() don't s o bin/117214 ipfw ipfw(8) fwd with IPv6 treats input as IPv4 o kern/116009 ipfw [ipfw] [patch] Ignore errors when loading ruleset from p kern/115755 ipfw [ipfw] [patch] unify message and add a rule number whe o bin/115172 ipfw [patch] ipfw(8) list show some rules with a wrong form o docs/113803 ipfw [patch] ipfw(8) - don't get bitten by the fwd rule p kern/113388 ipfw [ipfw] [patch] Addition actions with rules within spec o kern/112708 ipfw [ipfw] ipfw is seems to be broken to limit number of c o kern/112561 ipfw [ipfw] ipfw fwd does not work with some TCP packets o kern/107305 ipfw [ipfw] ipfw fwd doesn't seem to work o kern/105330 ipfw [ipfw] [patch] ipfw (dummynet) does not allow to set q o bin/104921 ipfw [patch] ipfw(8) sometimes treats ipv6 input as ipv4 (a o kern/104682 ipfw [ipfw] [patch] Some minor language consistency fixes a o kern/103454 ipfw [ipfw] [patch] [request] add a facility to modify DF b o kern/103328 ipfw [ipfw] [request] sugestions about ipfw table o kern/102471 ipfw [ipfw] [patch] add tos and dscp support o kern/98831 ipfw [ipfw] ipfw has UDP hickups o kern/97951 ipfw [ipfw] [patch] ipfw does not tie interface details to o kern/97504 ipfw [ipfw] IPFW Rules bug o kern/95084 ipfw [ipfw] [regression] [patch] IPFW2 ignores "recv/xmit/v o kern/93300 ipfw [ipfw] ipfw pipe lost packets o kern/91847 ipfw [ipfw] ipfw with vlanX as the device o kern/88659 ipfw [modules] ipfw and ip6fw do not work properly as modul o kern/87032 ipfw [ipfw] [patch] ipfw ioctl interface implementation o kern/86957 ipfw [ipfw] [patch] ipfw mac logging o kern/82724 ipfw [ipfw] [patch] [request] Add setnexthop and defaultrou s kern/80642 ipfw [ipfw] [patch] ipfw small patch - new RULE OPTION o bin/78785 ipfw [patch] ipfw(8) verbosity locks machine if /etc/rc.fir o kern/74104 ipfw [ipfw] ipfw2/1 conflict not detected or reported, manp o kern/73910 ipfw [ipfw] serious bug on forwarding of packets after NAT o kern/72987 ipfw [ipfw] ipfw/dummynet pipe/queue 'queue [BYTES]KBytes ( o kern/71366 ipfw [ipfw] "ipfw fwd" sometimes rewrites destination mac a o kern/69963 ipfw [ipfw] install_state warning about already existing en o kern/60719 ipfw [ipfw] Headerless fragments generate cryptic error mes o kern/55984 ipfw [ipfw] [patch] time based firewalling support for ipfw o kern/51274 ipfw [ipfw] [patch] ipfw2 create dynamic rules with parent o kern/48172 ipfw [ipfw] [patch] ipfw does not log size and flags o kern/46159 ipfw [ipfw] [patch] [request] ipfw dynamic rules lifetime f a kern/26534 ipfw [ipfw] Add an option to ipfw to log gid/uid of who cau 60 problems total. From owner-freebsd-ipfw@FreeBSD.ORG Mon Jul 27 13:20:22 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 942C5106566C for ; Mon, 27 Jul 2009 13:20:22 +0000 (UTC) (envelope-from j.m.sandford@hotmail.co.uk) Received: from col0-omc1-s9.col0.hotmail.com (col0-omc1-s9.col0.hotmail.com [65.55.34.19]) by mx1.freebsd.org (Postfix) with ESMTP id 7367C8FC1C for ; Mon, 27 Jul 2009 13:20:22 +0000 (UTC) (envelope-from j.m.sandford@hotmail.co.uk) Received: from COL110-W10 ([65.55.34.8]) by col0-omc1-s9.col0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959); Mon, 27 Jul 2009 06:08:22 -0700 Message-ID: X-Originating-IP: [192.165.213.18] From: Mark Sandford To: Date: Mon, 27 Jul 2009 14:08:22 +0100 Importance: Normal MIME-Version: 1.0 X-OriginalArrivalTime: 27 Jul 2009 13:08:22.0390 (UTC) FILETIME=[51956960:01CA0EBB] Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Using dummynet to restrict bandwidth with more than 2 active pipes / queues X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Jul 2009 13:20:22 -0000 Hi all=2C =20 I've been using dummynet for a while to perform degraded network testing wh= ich has been really useful. =20 Recently=2C we wanted to measure the performance limits of it on our hardware. To do this we setup a machine with 8 interfaces paired into 4 ethernet bridges. =20 We are having throughput issues when more than 2 pipes are being used simultaneously. These issues appear to be independent of the bandwidths specified. For example: We set two traffic generators transmitting at 30Mbps across two of the brid= ges (pipes)=2C sending 1000 byte UDP packets (1042 bytes on the wire) for a= 20 second period. These are passed through dummynet pipes set up to restrict the bandwidth to= 20Mbps at the bridge and we can see from the ipfw counters that all the pa= ckets hit the right rules and only the right rules. We the capture on the far end and can see that bandwidth has been restricte= d to 20Mbps as specified. All good! :o) The problem comes when we add any extra flows. The above example is repeated but with two extra traffic generators transmi= tting at just one packet per second each across a further two pipes. Again we can see from the counters that the packets all arrive at ipfw=2C h= owever we only get 10Mbps at the receiving end (and we get a number of pack= et_drops logged at dummynet). We feel we must have missed something obvious but after over a week of read= ing / testing we're running out of ideas. Is anyone able / willing to help? ~~~~~~~~~~~~~~~~~~~~~~~~ Mark Sandford email: j.m.sandford@hotmail.co.uk mob: 07990 565976 ~~~~~~~~~~~~~~~~~~~~~~~~ _________________________________________________________________ Celebrate a decade of Messenger with free winks=2C emoticons=2C display pic= s=2C and more. http://clk.atdmt.com/UKM/go/157562755/direct/01/= From owner-freebsd-ipfw@FreeBSD.ORG Mon Jul 27 17:02:12 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DE5E7106566B; Mon, 27 Jul 2009 17:02:12 +0000 (UTC) (envelope-from raffaele.delorenzo@libero.it) Received: from cp-out8.libero.it (cp-out8.libero.it [212.52.84.108]) by mx1.freebsd.org (Postfix) with ESMTP id 58B7E8FC0A; Mon, 27 Jul 2009 17:02:11 +0000 (UTC) (envelope-from raffaele.delorenzo@libero.it) Received: from [10.0.0.2] (151.49.32.246) by cp-out8.libero.it (8.5.107) id 4A5EF7510128692E; Mon, 27 Jul 2009 19:02:10 +0200 Message-Id: <11956F97-0C87-456F-A769-70BEDBA351BE@libero.it> From: Raffaele De Lorenzo To: Willem Jan Withagen In-Reply-To: <4A672C79.3000006@digiware.nl> Content-Type: multipart/mixed; boundary=Apple-Mail-18--176010067 Mime-Version: 1.0 (Apple Message framework v935.3) Date: Mon, 27 Jul 2009 19:02:09 +0200 References: <3164304.442981248256119643.JavaMail.defaultUser@defaultHost> <4A672C79.3000006@digiware.nl> X-Mailer: Apple Mail (2.935.3) X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-ipfw@freebsd.org, net@freebsd.org Subject: Re: R: IPv6 and ipfw X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Jul 2009 17:02:13 -0000 --Apple-Mail-18--176010067 Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Hi all, I attached a patch that solve this problem. I will send a PR as soon as possible. Instructions: Patch the follow files: /usr/src/sbin/ipfw/ipfw2.c (patch is ipfw2.c.diff) /usr/src/sbin/ipfw/ipfw2.h (patch is ipfw2.h.diff) /usr/src/sbin/ipfw/ipv6.c (patch is ipv6.c.diff) This patch was tested on FreeBSD 8 Beta 2 AMD64 and official FreeBSD 8 BETA 2 Sources. Let me know any suggestion or problem. Regards Raffaele On Jul 22, 2009, at 5:12 PM, Willem Jan Withagen wrote: > Reply below, and an also reorganised the yours... > raffaele.delorenzo@libero.it wrote: >>> Hi, >>> >>> Running 7.2 I tried to insert >> this into my IPFW rules >>> # ipfw add allow udp from any to 2001:xxx:3:: --Apple-Mail-18--176010067 Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit >> 113,2001:xxxx:3::116 \ >>> dst-port 10001-10100 keep-state >>> ipfw: bad netmask >> ``xxxx:3::113'' >>> also: >>> # ipfw add allow udp from any to trixbox.ip6 dst-port >> 10001-10100 keep-state >>> ipfw: hostname ``trixbox.ip6'' unknown >>> Exit 68 >>> # host >> trixbox.ip6 >>> trixbox.ip6.digiware.nl has IPv6 address 2001:4cb8:3::116 >>> >>> So it >> looks like what is in the manual is overly optimistic: >>> ---- >>> addr6-list: >> ip6-addr[,addr6-list] >>> ip6-addr: >>> A host or subnet >> specified one of the following ways: >>> numeric-ip | hostname >>> Matches a single IPv6 address as allowed by >>> inet_pton(3) >>> or a hostname. Hostnames are resolved at the >>> time the >>> rule is added to the firewall list. >>> >>> >> addr/masklen >>> Matches all IPv6 addresses with base addr >> (specified as >>> allowed by inet_pton or a hostname) and >> mask width of >>> masklen bits. >>> >>> No support >> for sets of IPv6 addresses is provided because IPv6 >>> addresses >> are typically random past the initial prefix. >>> ---- >>> >>> Anybody else ran into >> this? >>> Or should I file this as a PR. > > > Hi all, > > You has found a parser bug. > > When the protocol is "ipv6" and you are a > > comma separated ipv6 addresses, the parser work fine because the > "add_srcip6" > > function is called and recognize all addresses. > > When the protocol is "!=ipv6" > > (like TCP,UDP,ICMP6) the "add_src" fuction is called and it cause > troubles > > because the "inet_pton()" fails and erroneously is called the > "add_srcip" > > function (see the code below). > > > > (from "ipfw2.c") > > add_src(ipfw_insn *cmd, char > > *av, u_char proto) > > { > > struct in6_addr a; > > char *host, *ch; > > ipfw_insn *ret = > > NULL; > > > > if ((host = strdup(av)) == NULL) > > return NULL; > > if ((ch = strrchr > > (host, '/')) != NULL) > > *ch = '\0'; > > > > if (proto == IPPROTO_IPV6 || strcmp(av, > > "me6") == 0 || > > inet_pton(AF_INET6, host, &a)) > > ret = add_srcip6(cmd, av); > > > > /* XXX: should check for IPv4, not !IPv6 */ > > if (ret == NULL && (proto == > > IPPROTO_IP || strcmp(av, "me") == 0 || > > !inet_pton(AF_INET6, host, &a))) > > > > ret = add_srcip(cmd, av); > > if (ret == NULL && strcmp(av, "any") != 0) > > ret = > > cmd; > > > > free(host); > > return ret; > > } > > > > I think that possibles solutions are the > > follows: > > > > 1) Create a new protocols types UPD6,TCP6 only for IPv6 rules to > > avoid parser confusions, and check about this protocol inside the > "add_src" > > fuction (easy to implement). > > 2) Check the comma separated ip/ipv6 addresses > > inside the "add_src" function (a little too hard to implement). > > > > I appreciate > > suggestions from the community experts about this problem. > > I would prefer not to make seperate tcp6 and udp6 items, since what > i would like to do is things like: > > hostlist="a.b.c.d,A:B:C:D::F" > > and then in the firewall something like > ipfw add allow tcp from any to ${hostlist} dst-port 80 setup > > and if tcp now goes into tcp and tcp6 I need to double my rules etc. > > Which raises one other point: > using a FQDN with more A and AAAA records also just inserts the > first reply in the list. > Now I don't use FQDN since most of the time in the Firewall DNS > is not quite up yet. > > --WjW > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw- > unsubscribe@freebsd.org" --Apple-Mail-18--176010067-- From owner-freebsd-ipfw@FreeBSD.ORG Tue Jul 28 06:15:33 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5B4F7106566C for ; Tue, 28 Jul 2009 06:15:33 +0000 (UTC) (envelope-from j.m.sandford@hotmail.co.uk) Received: from col0-omc1-s7.col0.hotmail.com (col0-omc1-s7.col0.hotmail.com [65.55.34.17]) by mx1.freebsd.org (Postfix) with ESMTP id 398BE8FC1F for ; Tue, 28 Jul 2009 06:15:32 +0000 (UTC) (envelope-from j.m.sandford@hotmail.co.uk) Received: from COL110-W11 ([65.55.34.8]) by col0-omc1-s7.col0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959); Mon, 27 Jul 2009 23:15:32 -0700 Message-ID: X-Originating-IP: [192.165.213.18] From: Mark Sandford To: Date: Tue, 28 Jul 2009 07:15:32 +0100 Importance: Normal In-Reply-To: References: MIME-Version: 1.0 X-OriginalArrivalTime: 28 Jul 2009 06:15:32.0787 (UTC) FILETIME=[D029B030:01CA0F4A] Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: RE: Using dummynet to restrict bandwidth with more than 2 active pipes / queues X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Jul 2009 06:15:33 -0000 Sorry if anyone's wasted time looking at this. The problem appears to be w= ith the traffic generator. Once we get above two generation processes we t= hink that the data is being sent in bursts so although it appears to be rig= ht averaged over a second at a finer granularity the burstiness is meaning = it's either exceeding the bandwidth or idle at each point. ~~~~~~~~~~~~~~~~~~~~~~~~ Mark Sandford email: j.m.sandford@hotmail.co.uk mob: 07990 565976 ~~~~~~~~~~~~~~~~~~~~~~~~ > From: j.m.sandford@hotmail.co.uk > To: freebsd-ipfw@freebsd.org > Date: Mon=2C 27 Jul 2009 14:08:22 +0100 > Subject: Using dummynet to restrict bandwidth with more than 2 active pip= es / queues >=20 >=20 > Hi all=2C >=20 > =20 >=20 > I've been using dummynet for a while to perform degraded network testing = which has been really useful. >=20 > =20 >=20 > Recently=2C we wanted to measure the performance limits of it on our > hardware. To do this we setup a machine with 8 interfaces paired into 4 > ethernet bridges. >=20 > =20 >=20 > We are having throughput issues when more than 2 pipes are being used > simultaneously. These issues appear to be independent of the bandwidths > specified. >=20 > For example: > We set two traffic generators transmitting at 30Mbps across two of the br= idges (pipes)=2C sending 1000 byte UDP packets (1042 bytes on the wire) for= a 20 second period. >=20 > These are passed through dummynet pipes set up to restrict the bandwidth = to 20Mbps at the bridge and we can see from the ipfw counters that all the = packets hit the right rules and only the right rules. >=20 > We the capture on the far end and can see that bandwidth has been restric= ted to 20Mbps as specified. All good! :o) >=20 > The problem comes when we add any extra flows. >=20 > The above example is repeated but with two extra traffic generators trans= mitting at just one packet per second each across a further two pipes. >=20 > Again we can see from the counters that the packets all arrive at ipfw=2C= however we only get 10Mbps at the receiving end (and we get a number of pa= cket_drops logged at dummynet). >=20 > We feel we must have missed something obvious but after over a week of re= ading / testing we're running out of ideas. >=20 > Is anyone able / willing to help? >=20 > ~~~~~~~~~~~~~~~~~~~~~~~~ > Mark Sandford >=20 > email: j.m.sandford@hotmail.co.uk > mob: 07990 565976 >=20 > ~~~~~~~~~~~~~~~~~~~~~~~~ >=20 >=20 >=20 >=20 >=20 > _________________________________________________________________ > Celebrate a decade of Messenger with free winks=2C emoticons=2C display p= ics=2C and more. > http://clk.atdmt.com/UKM/go/157562755/direct/01/_________________________= ______________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe=2C send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" _________________________________________________________________ Windows Live Messenger: Celebrate 10 amazing years with free winks and emot= icons. http://clk.atdmt.com/UKM/go/157562755/direct/01/= From owner-freebsd-ipfw@FreeBSD.ORG Tue Jul 28 06:36:35 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CA555106566C for ; Tue, 28 Jul 2009 06:36:35 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outL.internet-mail-service.net (outl.internet-mail-service.net [216.240.47.235]) by mx1.freebsd.org (Postfix) with ESMTP id B20588FC08 for ; Tue, 28 Jul 2009 06:36:35 +0000 (UTC) (envelope-from julian@elischer.org) Received: from idiom.com (mx0.idiom.com [216.240.32.160]) by out.internet-mail-service.net (Postfix) with ESMTP id 2926522FA; Mon, 27 Jul 2009 23:22:03 -0700 (PDT) X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e Received: from julian-mac.elischer.org (home.elischer.org [216.240.48.38]) by idiom.com (Postfix) with ESMTP id DCC352D600D; Mon, 27 Jul 2009 23:22:02 -0700 (PDT) Message-ID: <4A6E990E.6090800@elischer.org> Date: Mon, 27 Jul 2009 23:22:06 -0700 From: Julian Elischer User-Agent: Thunderbird 2.0.0.22 (Macintosh/20090605) MIME-Version: 1.0 To: Mark Sandford References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-ipfw@freebsd.org Subject: Re: Using dummynet to restrict bandwidth with more than 2 active pipes / queues X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Jul 2009 06:36:36 -0000 Mark Sandford wrote: > Sorry if anyone's wasted time looking at this. The problem appears > to be with the traffic generator. Once we get above two generation > processes we think that the data is being sent in bursts so although > it appears to be right averaged over a second at a finer granularity > the burstiness is meaning it's either exceeding the bandwidth or idle > at each point. > what are you using to generate traffic? and what kind of traffic? From owner-freebsd-ipfw@FreeBSD.ORG Tue Jul 28 06:44:35 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4A74A1065670 for ; Tue, 28 Jul 2009 06:44:35 +0000 (UTC) (envelope-from j.m.sandford@hotmail.co.uk) Received: from col0-omc4-s19.col0.hotmail.com (col0-omc4-s19.col0.hotmail.com [65.55.34.221]) by mx1.freebsd.org (Postfix) with ESMTP id 27E008FC0A for ; Tue, 28 Jul 2009 06:44:35 +0000 (UTC) (envelope-from j.m.sandford@hotmail.co.uk) Received: from COL110-W15 ([65.55.34.199]) by col0-omc4-s19.col0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959); Mon, 27 Jul 2009 23:44:35 -0700 Message-ID: X-Originating-IP: [192.165.213.18] From: Mark Sandford To: Date: Tue, 28 Jul 2009 07:44:34 +0100 Importance: Normal In-Reply-To: <4A6E990E.6090800@elischer.org> References: <4A6E990E.6090800@elischer.org> MIME-Version: 1.0 X-OriginalArrivalTime: 28 Jul 2009 06:44:35.0170 (UTC) FILETIME=[DEB43C20:01CA0F4E] Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-ipfw@freebsd.org Subject: RE: Using dummynet to restrict bandwidth with more than 2 active pipes / queues X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Jul 2009 06:44:35 -0000 It's a home grown tool using libnet. We've re-tested using one packet generation process to create 4 flows going= across the four pipes and see pretty much what we were expecting. In this case we were just firing 1000 byte udp packets (1042 bytes on the w= ire). ~~~~~~~~~~~~~~~~~~~~~~~~ Mark Sandford email: j.m.sandford@hotmail.co.uk mob: 07990 565976 ~~~~~~~~~~~~~~~~~~~~~~~~ > Date: Mon=2C 27 Jul 2009 23:22:06 -0700 > From: julian@elischer.org > To: j.m.sandford@hotmail.co.uk > CC: freebsd-ipfw@freebsd.org > Subject: Re: Using dummynet to restrict bandwidth with more than 2 active= pipes / queues >=20 > Mark Sandford wrote: > > Sorry if anyone's wasted time looking at this. The problem appears > > to be with the traffic generator. Once we get above two generation > > processes we think that the data is being sent in bursts so although > > it appears to be right averaged over a second at a finer granularity > > the burstiness is meaning it's either exceeding the bandwidth or idle > > at each point. > >=20 >=20 > what are you using to generate traffic? > and what kind of traffic? >=20 > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe=2C send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" _________________________________________________________________ Celebrate a decade of Messenger with free winks=2C emoticons=2C display pic= s=2C and more. http://clk.atdmt.com/UKM/go/157562755/direct/01/= From owner-freebsd-ipfw@FreeBSD.ORG Wed Jul 29 10:44:32 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C453F106566C; Wed, 29 Jul 2009 10:44:32 +0000 (UTC) (envelope-from wjw@digiware.nl) Received: from mail.digiware.nl (mail.ip6.digiware.nl [IPv6:2001:4cb8:1:106::2]) by mx1.freebsd.org (Postfix) with ESMTP id 6180F8FC34; Wed, 29 Jul 2009 10:44:32 +0000 (UTC) (envelope-from wjw@digiware.nl) Received: from localhost (localhost.digiware.nl [127.0.0.1]) by mail.digiware.nl (Postfix) with ESMTP id 50136153433; Wed, 29 Jul 2009 12:44:31 +0200 (CEST) X-Virus-Scanned: amavisd-new at digiware.nl Received: from mail.digiware.nl ([127.0.0.1]) by localhost (rack1.digiware.nl [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wxu3qgymh98m; Wed, 29 Jul 2009 12:44:29 +0200 (CEST) Received: from [192.168.10.67] (opteron [192.168.10.67]) by mail.digiware.nl (Postfix) with ESMTP id 447CD153434; Wed, 29 Jul 2009 12:44:29 +0200 (CEST) Message-ID: <4A702885.5080803@digiware.nl> Date: Wed, 29 Jul 2009 12:46:29 +0200 From: Willem Jan Withagen Organization: Digiware User-Agent: Thunderbird 2.0.0.22 (Windows/20090605) MIME-Version: 1.0 To: Raffaele De Lorenzo References: <3164304.442981248256119643.JavaMail.defaultUser@defaultHost> <4A672C79.3000006@digiware.nl> <11956F97-0C87-456F-A769-70BEDBA351BE@libero.it> In-Reply-To: <11956F97-0C87-456F-A769-70BEDBA351BE@libero.it> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-ipfw@freebsd.org, net@freebsd.org Subject: Re: R: IPv6 and ipfw X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Jul 2009 10:44:33 -0000 Raffaele De Lorenzo wrote: > Hi all, > I attached a patch that solve this problem. I will send a PR as soon as > possible. > > Instructions: > > Patch the follow files: > > /usr/src/sbin/ipfw/ipfw2.c (patch is ipfw2.c.diff) > /usr/src/sbin/ipfw/ipfw2.h (patch is ipfw2.h.diff) > /usr/src/sbin/ipfw/ipv6.c (patch is ipv6.c.diff) > > This patch was tested on FreeBSD 8 Beta 2 AMD64 and official FreeBSD 8 > BETA 2 Sources. > > Let me know any suggestion or problem. Patch worked fine on 7.2-stable as well. Multiple ipv6 addresses are now accepted in one go. But it still does not really works as well as I would like ;): ipfw add 11101 allow udp from any to 192.168.10.67,2001:dddd:c::67 dst-port 45457 keep-state ipfw: bad netmask ``dddd:c::67'' Which from your comment seems correct: + * Pre-Check multi address rules to avoid parser confusion about IPv4/IPv6 addresses. + * XXX I assume the first know address is the reference address (You cannot use both IPv4/IPv6 addresses inside + * a multi-addresses rule). But looking at the code, why not fist parse chunks seperated by ',' and then test them for all possible variants, because as far as I understand there are no ',''s allowed in the adresspec. Thanx for the work thusfar, --WjW From owner-freebsd-ipfw@FreeBSD.ORG Wed Jul 29 16:06:00 2009 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 90018106566B; Wed, 29 Jul 2009 16:06:00 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 65CFC8FC16; Wed, 29 Jul 2009 16:06:00 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (linimon@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n6TG60Do051528; Wed, 29 Jul 2009 16:06:00 GMT (envelope-from linimon@freefall.freebsd.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n6TG60kQ051524; Wed, 29 Jul 2009 16:06:00 GMT (envelope-from linimon) Date: Wed, 29 Jul 2009 16:06:00 GMT Message-Id: <200907291606.n6TG60kQ051524@freefall.freebsd.org> To: linimon@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-ipfw@FreeBSD.org From: linimon@FreeBSD.org Cc: Subject: Re: kern/137232: [ipfw] parser troubles X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Jul 2009 16:06:01 -0000 Synopsis: [ipfw] parser troubles Responsible-Changed-From-To: freebsd-bugs->freebsd-ipfw Responsible-Changed-By: linimon Responsible-Changed-When: Wed Jul 29 16:05:41 UTC 2009 Responsible-Changed-Why: Over to maintainer(s). http://www.freebsd.org/cgi/query-pr.cgi?pr=137232