From owner-freebsd-net Sat Apr 17 11:36:17 1999 Delivered-To: freebsd-net@freebsd.org Received: from labinfo.iet.unipi.it (labinfo.iet.unipi.it [131.114.9.5]) by hub.freebsd.org (Postfix) with SMTP id EAC2714D87 for ; Sat, 17 Apr 1999 11:36:14 -0700 (PDT) (envelope-from luigi@labinfo.iet.unipi.it) Received: from localhost (luigi@localhost) by labinfo.iet.unipi.it (8.6.5/8.6.5) id SAA16929; Sat, 17 Apr 1999 18:18:27 +0200 From: Luigi Rizzo Message-Id: <199904171618.SAA16929@labinfo.iet.unipi.it> Subject: Re: Dummynet & Bridging To: svetzal@cujo2.icom.ca (Steven Vetzal) Date: Sat, 17 Apr 1999 18:18:27 +0200 (MET DST) Cc: freebsd-net@FreeBSD.ORG In-Reply-To: <000601be88fd$0ed07b00$7ffea8c0@blazer.pr1.on.wave.home.com> from "Steven Vetzal" at Apr 17, 99 02:06:26 pm X-Mailer: ELM [version 2.4 PL23] Content-Type: text Content-Length: 2503 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Greetings, > > I've been having some fun trying to get dummynet working on a bridging > configuration, and was wondering if what I'm trying to do is implemented. > I'm doing this on 3.1-RELEASE i am assuming that you did it on 3.1 stable because 3.1-R was missing some pieces in the device driver(s) etc. > 00600 1211 72660 allow ip from 192.168.254.1 to 192.168.254.132 out xmit > mx0 > 00620 1220 73200 allow ip from 192.168.254.132 to 192.168.254.1 out xmit > xl0 > > Now that I know traffic is working great through the rules, I try adding a > "pipe" rule higher up the chain to redirect the packets: > > ipfw add 500 pipe 1 ip from 192.168.254.1 to 192.168.254.132 out via mx0 > > The .132 host continues to ping, and tcpdump shows the packet hitting his > side of the bridge, hitting the other side of the bridge, the .1 host > response hitting the other side of the bridge, but the response doesn't get > carried through the bridge back to the source host. try sysctl -w net.inet.ip.firewall.one_pass=1 so that the pkt is not reinjected in the firewall after the pipe (should not happen with bridging, but still...) This said, there might be some bug somewhere, i could not test this code (interaction of bridging and dummynet) on the 3.x branch, only on 2.2.x. If you can, i suggest to put some diagnostic msg near the beginning of bdg_forward, in the place where a dummynet pkt is recognised, to understand what happens to the pkt. > Now dummynet(4) says that the ipfw filter is invoked only once on a bridge, > on the input path. But my attempt at: > > ipfw add 500 pipe 1 ip from 192.168.254.1 to 192.168.254.132 in via xl0 > > and all variations I can think of show no traffic flowing through the rule. > > Now I'm sure I've got this all confused, but can't find documentation > anywhere on how this stuff works... And I'm not even sure it's supposed to. > The reason I'm not sure it's supposed to work is because if I set up the > following rules: > > 00500 60 3600 pipe 1 ip from 192.168.254.8 to 192.168.254.132 out > 00510 16 960 pipe 2 ip from 192.168.254.132 to 192.168.254.8 in > > I can ping the _bridge host_ and receive a response and the two rule > counters increment as I figure they would. However, bridging has to be > working to some degree because the interface I ping is not the one connected > to this host! (the interfaced attached to my test host is unnumbered) well, that's only a thing done in the reception side. cheers luigi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message