Date: Sun, 5 Aug 2001 01:41:35 -0400 (EDT) From: protius <protius@www.solfire.com> To: freebsd-questions@freebsd.org Subject: ipfw and briding oddity Message-ID: <200108050541.f755fZ272366@www.solfire.com>
next in thread | raw e-mail | index | archive | help
I am attempting to build a link simulator using the bridging code,
ipfw and divert sockets. The packet delay, and packet dropping are
working fine, but heres the mystery. if I change the drop rules to
divert rules, so I can pretty-print them and say exactly which packets
got dropped, the diverted packets disappear from the network as
intended, but never arrive at the program listening on the divert socket.
ipfw add 80 divert 6975 ip from any to any via xl0
When I use a rule like "add 80 divert 6975 ip from any to any", then
packets are properly delivered to the divert socket program, so I
don't think thats the problem.
Is there some difference between packets that go through ipfw the
"normal" way, and packets that go through from the bridging code?
The ethernet interfaces I'm bridging between are completely un-ifconfiged.
If someone could tell me what I'm missing, I'd really appriciate it...
Thanks!
-Tommy
tjohnson@bobdbob.com
tjohnson@viacasting.com
Things in the kernel config file:
This is FreeBSD 4.3-RELEASE
# this is for dummynet:
options BRIDGE
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_FORWARD
options DUMMYNET
options IPDIVERT
options HZ=1000
options NMBCLUSTERS=102400
ipfw rules:
antuin# ipfw list
00100 pipe 10 ip from any to any in recv xl0
00101 pipe 11 ip from any to any in recv xl1
65530 allow ip from any to any
65535 deny ip from any to any
antuin# ipfw pipe list
00010: 1.024 Mbit/s 100 ms 50 sl. 1 queues (1 buckets) droptail
mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000
BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp
0 icmp 10.42.18.41/0 10.42.18.201/0 2580 252840 0 0 0
00011: 1.024 Mbit/s 100 ms 50 sl. 1 queues (1 buckets) droptail
mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000
BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp
0 icmp 10.42.18.201/0 10.42.18.41/0 2557 250586 0 0 0
antuin#
fragment of the script file which sets up the link:
sysctl -w net.link.ether.bridge_cfg="$updev:1,$backdev:1,"
sysctl -w net.link.ether.bridge=1
sysctl -w net.link.ether.bridge_ipfw=1
ipfw -q flush
ipfw -q pipe flush
ipfw pipe 10 config bw $upbw delay $uplat
ipfw pipe 11 config bw $backbw delay $backlat
ipfw add 90 prob $upplr drop ip from any to any via $updev in
ipfw add 91 prob $backplr drop ip from any to any via $backdev in
ipfw add 100 pipe 10 ip from any to any via $updev in
ipfw add 101 pipe 11 ip from any to any via $backdev in
ipfw add 65530 allow ip from any to any
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200108050541.f755fZ272366>