From owner-freebsd-ipfw@FreeBSD.ORG  Thu Oct 22 12:20:03 2009
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 9CD40106566B
	for <freebsd-ipfw@hub.freebsd.org>;
	Thu, 22 Oct 2009 12:20:03 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 7291B8FC1B
	for <freebsd-ipfw@hub.freebsd.org>;
	Thu, 22 Oct 2009 12:20:03 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n9MCK2oC088859
	for <freebsd-ipfw@freefall.freebsd.org>; Thu, 22 Oct 2009 12:20:02 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n9MCK2eC088858;
	Thu, 22 Oct 2009 12:20:02 GMT (envelope-from gnats)
Date: Thu, 22 Oct 2009 12:20:02 GMT
Message-Id: <200910221220.n9MCK2eC088858@freefall.freebsd.org>
To: freebsd-ipfw@FreeBSD.org
From: Ian Smith <smithi@nimnet.asn.au>
Cc: 
Subject: Re: kern/139581: [ipfw] "ipfw pipe" not limiting bandwidth
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Ian Smith <smithi@nimnet.asn.au>
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Oct 2009 12:20:03 -0000

The following reply was made to PR kern/139581; it has been noted by GNATS.

From: Ian Smith <smithi@nimnet.asn.au>
To: alexus <alexus@alexus.org>
Cc: bug-followup@FreeBSD.org, freebsd@alexus.org
Subject: Re: kern/139581: [ipfw] "ipfw pipe" not limiting bandwidth
Date: Thu, 22 Oct 2009 23:17:23 +1100 (EST)

 On Mon, 19 Oct 2009, alexus wrote:
 
  > new set of rules
 
  > pipe 1 config bw 1Mbit/s mask src-port www
  > pipe 2 config bw 1Mbit/s mask src-port www
 
 Wrong mask syntax entirely.  You can see from your pipe masks as shown, 
 it's taken as meaning no mask at all:
 
  > mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000
 
 Anyway, masking pipes creates dynamic pipes per masked flow, each of 
 which gets ALL of the specified bandwidth.  If you want to limit total 
 bandwidth to 1Mbit/s, you likely want to use dynamic queues instead.
 
 ipfw(8) is a precise reference, but very terse.  Suggested reading:
 
  http://info.iet.unipi.it/~luigi/dummynet/
 
 and especially the last link from that page:
 
  http://info.iet.unipi.it/~luigi/ip_dummynet/original.html
 
 for clear examples of sharing evenly a single link - though noting 
 that page is outdated re the sysctls for dummynet, bridging etc.
 
 Still looking more like a usage issue than describing a bug, but: 
 
  > > If this is still an issue, please:
 
  > > . say whether the extra ~25% traffic shown is on the same interface
  > >   as the webserver, ie the interface MRTG monitors, or not?
  > > . the value of sysctl net.inet.ip.fw.one_pass ?
 
 cheers, Ian