From owner-freebsd-questions Sat Aug 4 22:36:54 2001 Delivered-To: freebsd-questions@freebsd.org Received: from www.solfire.com (unknown [161.58.160.41]) by hub.freebsd.org (Postfix) with ESMTP id 6787937B401 for ; Sat, 4 Aug 2001 22:36:49 -0700 (PDT) (envelope-from protius@www.solfire.com) Received: (from protius@localhost) by www.solfire.com (8.11.4/8.11.1) id f755fZ272366 for freebsd-questions@freebsd.org; Sun, 5 Aug 2001 01:41:35 -0400 (EDT) (envelope-from protius) Date: Sun, 5 Aug 2001 01:41:35 -0400 (EDT) From: protius Message-Id: <200108050541.f755fZ272366@www.solfire.com> To: freebsd-questions@freebsd.org Subject: ipfw and briding oddity Reply-To: protius@bobdbob.com Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I am attempting to build a link simulator using the bridging code, ipfw and divert sockets. The packet delay, and packet dropping are working fine, but heres the mystery. if I change the drop rules to divert rules, so I can pretty-print them and say exactly which packets got dropped, the diverted packets disappear from the network as intended, but never arrive at the program listening on the divert socket. ipfw add 80 divert 6975 ip from any to any via xl0 When I use a rule like "add 80 divert 6975 ip from any to any", then packets are properly delivered to the divert socket program, so I don't think thats the problem. Is there some difference between packets that go through ipfw the "normal" way, and packets that go through from the bridging code? The ethernet interfaces I'm bridging between are completely un-ifconfiged. If someone could tell me what I'm missing, I'd really appriciate it... Thanks! -Tommy tjohnson@bobdbob.com tjohnson@viacasting.com Things in the kernel config file: This is FreeBSD 4.3-RELEASE # this is for dummynet: options BRIDGE options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_FORWARD options DUMMYNET options IPDIVERT options HZ=1000 options NMBCLUSTERS=102400 ipfw rules: antuin# ipfw list 00100 pipe 10 ip from any to any in recv xl0 00101 pipe 11 ip from any to any in recv xl1 65530 allow ip from any to any 65535 deny ip from any to any antuin# ipfw pipe list 00010: 1.024 Mbit/s 100 ms 50 sl. 1 queues (1 buckets) droptail mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp 0 icmp 10.42.18.41/0 10.42.18.201/0 2580 252840 0 0 0 00011: 1.024 Mbit/s 100 ms 50 sl. 1 queues (1 buckets) droptail mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp 0 icmp 10.42.18.201/0 10.42.18.41/0 2557 250586 0 0 0 antuin# fragment of the script file which sets up the link: sysctl -w net.link.ether.bridge_cfg="$updev:1,$backdev:1," sysctl -w net.link.ether.bridge=1 sysctl -w net.link.ether.bridge_ipfw=1 ipfw -q flush ipfw -q pipe flush ipfw pipe 10 config bw $upbw delay $uplat ipfw pipe 11 config bw $backbw delay $backlat ipfw add 90 prob $upplr drop ip from any to any via $updev in ipfw add 91 prob $backplr drop ip from any to any via $backdev in ipfw add 100 pipe 10 ip from any to any via $updev in ipfw add 101 pipe 11 ip from any to any via $backdev in ipfw add 65530 allow ip from any to any To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message