From owner-freebsd-net@FreeBSD.ORG Mon Jan 29 13:18:07 2007 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 9C6B616A404 for ; Mon, 29 Jan 2007 13:18:07 +0000 (UTC) (envelope-from spadge@fromley.net) Received: from queue02-winn.ispmail.ntl.com (queue02-winn.ispmail.ntl.com [81.103.221.56]) by mx1.freebsd.org (Postfix) with ESMTP id 077A113C478 for ; Mon, 29 Jan 2007 13:18:02 +0000 (UTC) (envelope-from spadge@fromley.net) Received: from aamtaout04-winn.ispmail.ntl.com ([81.103.221.35]) by mtaout03-winn.ispmail.ntl.com with ESMTP id <20070129125536.RRWA1865.mtaout03-winn.ispmail.ntl.com@aamtaout04-winn.ispmail.ntl.com>; Mon, 29 Jan 2007 12:55:36 +0000 Received: from tobermory.home ([86.0.163.117]) by aamtaout04-winn.ispmail.ntl.com with ESMTP id <20070129125536.NNRM29112.aamtaout04-winn.ispmail.ntl.com@tobermory.home>; Mon, 29 Jan 2007 12:55:36 +0000 Received: from webmail.fromley.net (localhost.home [127.0.0.1]) by tobermory.home (Postfix) with ESMTP id C10C1A6CDD; Mon, 29 Jan 2007 12:55:29 +0000 (GMT) Received: from 213.123.179.188 (SquirrelMail authenticated user spadge) by webmail.fromley.net with HTTP; Mon, 29 Jan 2007 12:55:29 -0000 (UTC) Message-ID: <33457.213.123.179.188.1170075329.squirrel@webmail.fromley.net> In-Reply-To: <464814.62688.qm@web58605.mail.re3.yahoo.com> References: <464814.62688.qm@web58605.mail.re3.yahoo.com> Date: Mon, 29 Jan 2007 12:55:29 -0000 (UTC) From: "Spadge Fromley" To: "Arone Silimantia" User-Agent: SquirrelMail/1.4.9a MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Cc: freebsd-net@freebsd.org Subject: Re: ipfw pipe show ... help with output is needed, please. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Jan 2007 13:18:07 -0000 > > I see this: > > # ipfw pipe show 1 > 00001: 16.000 Mbit/s 0 ms 50 sl. 1 queues (1 buckets) droptail > mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 > BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes > Pkt/Byte Drp > 0 tcp 1.2.3.4/22 1.2.3.4/4333 2970975653 2649647615805 2 > 2992 10414733 > Second, there are seven headings (from BKT at the left to Drp on the > right) but underneath those seven headings are _9_ values. What I really > want to know is how many packets I am droppinig ... but I can't tell which > of the fields are the "dropped" - I assume it is the final number .. if > so, what is that measured in ? Packets ? I can't help you with the rest of it, as I am frequently just as baffled by ipfw/dummynet as the next man .. But the 7/9 thing I can explain. Tot_pkt: 2970975653 bytes: 2649647615805 Pkt: 2 Byte: 2992 Ideally, there'd be a '/' between pkts and bytes, like there is in the headers. Does it make a difference if you set up the ipfw rule before the dummynet one? Here's how I have mine: root@tobermory# ipfw list | grep pipe 01400 pipe 101 ip from any to any uid DLMonkey via fxp0 in 01500 pipe 102 ip from any to any uid DLMonkey via fxp0 out taken from: root@tobermory# grep pipe /etc/rc.firewall /sbin/ipfw -f pipe flush /sbin/ipfw add pipe 101 ip from any to any uid DLMonkey via $WAN in /sbin/ipfw add pipe 102 ip from any to any uid DLMonkey via $WAN out /sbin/ipfw pipe 101 config delay 100ms /sbin/ipfw pipe 102 config delay 100ms Gives the following info: root@tobermory# ipfw pipe list 00102: unlimited 100 ms 50 sl. 1 queues (1 buckets) droptail mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp 0 tcp {my.ip.address}/61676 59.127.165.138/4662 6557083 758428752 0 0 0 00101: unlimited 100 ms 50 sl. 1 queues (1 buckets) droptail mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp 0 udp 67.163.25.202/7871 {my.ip.address}/14298 8466595 1174764649 0 0 0 Trust me: there will be a lot more connections set up in those pipes than that. I think it's just showing a snapshot. Or I have got it all completely wrong and it's not actually working at all like I thought it ought. Who knows? :) -- Spadge 'Intoccabile'