From owner-freebsd-ipfw  Wed May 29 17:43:27 2002
Delivered-To: freebsd-ipfw@freebsd.org
Received: from c015.snv.cp.net (h003.c015.snv.cp.net [209.228.35.118])
	by hub.freebsd.org (Postfix) with SMTP id 2338B37B407
	for <freebsd-ipfw@freebsd.org>; Wed, 29 May 2002 17:43:15 -0700 (PDT)
Received: (cpmta 3218 invoked from network); 29 May 2002 17:43:14 -0700
Date: 29 May 2002 17:43:14 -0700
Message-ID: <20020530004314.3217.cpmta@c015.snv.cp.net>
X-Sent: 30 May 2002 00:43:14 GMT
Received: from [65.16.158.66] by mail.compgeek.com with HTTP;
    29 May 2002 17:43:14 PDT
Content-Type: text/plain
Content-Disposition: inline
Mime-Version: 1.0
To: freebsd-ipfw@freebsd.org
From: Jon Noack <noackjr@compgeek.com>
X-Mailer: Web Mail 3.9.3.11
X-Sent-From: noackjr@compgeek.com
Subject: peer-to-peer asymmetric simulation
Sender: owner-freebsd-ipfw@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-ipfw.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-ipfw>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-ipfw>
X-Loop: FreeBSD.ORG

I'm trying to simulate a peer-to-peer network of 8 clients connected via asymmetric links using dummynet.  I have it up and running using a machine with 8 network interfaces running as a bridge.  The only issue is that (as I've found reading older posts) when running in a bridge packets are only passed through ipfw once.  This obviously prevents me from limiting both directions of the links.

Basic config for 8 56Kbit/s modem clients:

#Upstream
pipe 1 config mask src-ip 0x000000ff bw 32Kbit/s delay 100ms queue 4Kbytes
add pipe 1 ip from any to any out

#Downstream
pipe 2 config mask dst-ip 0x000000ff bw 48Kbit/s delay 100ms queue 4Kbytes
add pipe 2 ip from any to any in

First of all, is this even correct (not sure about whether in and out are used correctly)?  Second, I've seen that the following patch was proposed:

it might be as simple as changing one line in bridge.c

   if (ip_fw_chk_ptr && bdg_ipfw != 0 && src != NULL) {
       struct ip *ip ;
       int i;   

-       if (rule != NULL) /* dummynet packet, already partially processed */
+       if (rule != NULL && fw_one_pass)
           goto forward; /* HACK! I should obey the fw_one_pass */

but i never had a chance to test it.

Has anyone used this?

If this doesn't work, how should I modify my setup to make this work (i.e. use router instead of bridge?  settings necessary?)?

Thanks,
Jon Noack

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message