Date: Sat, 17 Apr 1999 18:18:27 +0200 (MET DST) From: Luigi Rizzo <luigi@labinfo.iet.unipi.it> To: svetzal@cujo2.icom.ca (Steven Vetzal) Cc: freebsd-net@FreeBSD.ORG Subject: Re: Dummynet & Bridging Message-ID: <199904171618.SAA16929@labinfo.iet.unipi.it> In-Reply-To: <000601be88fd$0ed07b00$7ffea8c0@blazer.pr1.on.wave.home.com> from "Steven Vetzal" at Apr 17, 99 02:06:26 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> Greetings, > > I've been having some fun trying to get dummynet working on a bridging > configuration, and was wondering if what I'm trying to do is implemented. > I'm doing this on 3.1-RELEASE i am assuming that you did it on 3.1 stable because 3.1-R was missing some pieces in the device driver(s) etc. > 00600 1211 72660 allow ip from 192.168.254.1 to 192.168.254.132 out xmit > mx0 > 00620 1220 73200 allow ip from 192.168.254.132 to 192.168.254.1 out xmit > xl0 > > Now that I know traffic is working great through the rules, I try adding a > "pipe" rule higher up the chain to redirect the packets: > > ipfw add 500 pipe 1 ip from 192.168.254.1 to 192.168.254.132 out via mx0 > > The .132 host continues to ping, and tcpdump shows the packet hitting his > side of the bridge, hitting the other side of the bridge, the .1 host > response hitting the other side of the bridge, but the response doesn't get > carried through the bridge back to the source host. try sysctl -w net.inet.ip.firewall.one_pass=1 so that the pkt is not reinjected in the firewall after the pipe (should not happen with bridging, but still...) This said, there might be some bug somewhere, i could not test this code (interaction of bridging and dummynet) on the 3.x branch, only on 2.2.x. If you can, i suggest to put some diagnostic msg near the beginning of bdg_forward, in the place where a dummynet pkt is recognised, to understand what happens to the pkt. > Now dummynet(4) says that the ipfw filter is invoked only once on a bridge, > on the input path. But my attempt at: > > ipfw add 500 pipe 1 ip from 192.168.254.1 to 192.168.254.132 in via xl0 > > and all variations I can think of show no traffic flowing through the rule. > > Now I'm sure I've got this all confused, but can't find documentation > anywhere on how this stuff works... And I'm not even sure it's supposed to. > The reason I'm not sure it's supposed to work is because if I set up the > following rules: > > 00500 60 3600 pipe 1 ip from 192.168.254.8 to 192.168.254.132 out > 00510 16 960 pipe 2 ip from 192.168.254.132 to 192.168.254.8 in > > I can ping the _bridge host_ and receive a response and the two rule > counters increment as I figure they would. However, bridging has to be > working to some degree because the interface I ping is not the one connected > to this host! (the interfaced attached to my test host is unnumbered) well, that's only a thing done in the reception side. cheers luigi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199904171618.SAA16929>