From owner-freebsd-net@FreeBSD.ORG Fri Jun 20 10:41:27 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 308F737B401 for ; Fri, 20 Jun 2003 10:41:27 -0700 (PDT) Received: from mail.sandvine.com (sandvine.com [199.243.201.138]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7C23A43F93 for ; Fri, 20 Jun 2003 10:41:26 -0700 (PDT) (envelope-from don@sandvine.com) Received: by mail.sandvine.com with Internet Mail Service (5.5.2653.19) id ; Fri, 20 Jun 2003 13:41:25 -0400 Message-ID: From: Don Bowman To: "'freebsd-net@freebsd.org'" Date: Fri, 20 Jun 2003 13:41:21 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Subject: nested ipfw dummynet pipes X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Jun 2003 17:41:27 -0000 is there any way, in a bridging config, to have nested pipes? In particular, what i would like to achieve is a rule that allows e.g. 64kbps per host (src-mask 0xffffffff), but that all these hosts are in an overall 10Mbps pipe. The idea will be that @ some times of the day the pipe is less than full, so everyone gets 64kbps, but @ other times of the day the pipe is full, and I don't want more than 10Mbps flowing. net.inet.ip.fw.one_pass looks to do what i want but: "Note: bridged and layer 2 packets coming out of a pipe are never reinjected in the firewall irrespective of the value of this variable." suggests this is not the case. Is there some technique using e.g. netgraph? Or can someone suggest why the note is there and if it might be easily removed? e.g. what i have is a system with em0 <--> em1 net.link.ether.bridge_cfg="em0 em1" net.link.ether.bridge=1 net.link.ether.bridge_ipfw=1 net.inet.ip.fw.one_pass=1 --don