From owner-freebsd-net@FreeBSD.ORG Fri Jun 20 10:46:39 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DF7A737B401 for ; Fri, 20 Jun 2003 10:46:39 -0700 (PDT) Received: from xorpc.icir.org (xorpc.icir.org [192.150.187.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3048243F85 for ; Fri, 20 Jun 2003 10:46:39 -0700 (PDT) (envelope-from rizzo@xorpc.icir.org) Received: from xorpc.icir.org (localhost [127.0.0.1]) by xorpc.icir.org (8.12.8p1/8.12.3) with ESMTP id h5KHkcQg084252; Fri, 20 Jun 2003 10:46:38 -0700 (PDT) (envelope-from rizzo@xorpc.icir.org) Received: (from rizzo@localhost) by xorpc.icir.org (8.12.8p1/8.12.3/Submit) id h5KHkcW0084251; Fri, 20 Jun 2003 10:46:38 -0700 (PDT) (envelope-from rizzo) Date: Fri, 20 Jun 2003 10:46:38 -0700 From: Luigi Rizzo To: Don Bowman Message-ID: <20030620104638.A84204@xorpc.icir.org> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: ; from don@sandvine.com on Fri, Jun 20, 2003 at 01:41:21PM -0400 cc: "'freebsd-net@freebsd.org'" Subject: Re: nested ipfw dummynet pipes X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Jun 2003 17:46:40 -0000 On Fri, Jun 20, 2003 at 01:41:21PM -0400, Don Bowman wrote: > is there any way, in a bridging config, to have nested pipes? net.inet.ip.fw.one_pass=0 should do the job, i think the comment in the manpage is now incorrect and the code (in net/bridge.c) has been fixed (one-line) to implement this. Check the commit logs, i don't have them handy at the moment. cheers luigi > In particular, what i would like to achieve is a rule that > allows e.g. 64kbps per host (src-mask 0xffffffff), but > that all these hosts are in an overall 10Mbps pipe. The idea > will be that @ some times of the day the pipe is less than > full, so everyone gets 64kbps, but @ other times of the day > the pipe is full, and I don't want more than 10Mbps flowing. > > net.inet.ip.fw.one_pass looks to do what i want but: > "Note: bridged and layer 2 packets coming out of a pipe are never > reinjected in the firewall irrespective of the value of this > variable." > > suggests this is not the case. > > Is there some technique using e.g. netgraph? Or can someone suggest > why the note is there and if it might be easily removed? > > e.g. what i have is a system with > > em0 <--> em1 > net.link.ether.bridge_cfg="em0 em1" > net.link.ether.bridge=1 > net.link.ether.bridge_ipfw=1 > net.inet.ip.fw.one_pass=1 > > --don > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"