From owner-freebsd-net  Sun Nov  4 14: 0:15 2001
Delivered-To: freebsd-net@freebsd.org
Received: from server.kibernet.net (8-158.ta.cable.kks.net [213.161.8.158])
	by hub.freebsd.org (Postfix) with ESMTP id 0F32137B405
	for <freebsd-net@FreeBSD.ORG>; Sun,  4 Nov 2001 14:00:06 -0800 (PST)
Received: from spider.suxx.eu.org (unknown [194.249.141.2])
	by server.kibernet.net (Postfix) with ESMTP id B943F243AB
	for <freebsd-net@FreeBSD.ORG>; Sun,  4 Nov 2001 23:02:59 +0100 (CET)
Received: by spider.suxx.eu.org (Postfix, from userid 1000)
	id 732131748F; Sun,  4 Nov 2001 23:04:43 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
	by spider.suxx.eu.org (Postfix) with ESMTP
	id 0B79232632; Sun,  4 Nov 2001 23:04:42 +0100 (CET)
Date: Sun, 4 Nov 2001 23:04:39 +0100 (CET)
From: David Delibasic <maddave@suxx.eu.org>
To: "irado@nettaxi.com" <irado@nettaxi.com>
Cc: <freebsd-net@FreeBSD.ORG>
Subject: Re: dummynet (user confused)
In-Reply-To: <200111041206.fA4C6c614801@mail2.bigmailbox.com>
Message-ID: <20011104224755.E66562-100000@spider.suxx.eu.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

On Sun, 4 Nov 2001, irado@nettaxi.com wrote:

> Im my (mis)understanding, ipfw functions act in a 'hit and run' way, say: the first one which corresponds to 'this' packet will be the only to be followed, there are no new verification on this packet with the next rule.

This is not always true...in some cases packet is passed again to the
firewall code, starting from next rule.

> dummynet needs ipfw to build a pipe.. but if this rule is hit does it means that any other will have no effect at all??

When "pipe" action is found that correspondes with packet, it is passed to
dummynet code and then packet is passed to the forewalling code again
starting from next rule.

> machine 192.168.1.xa and machne 192.168.1.xb will have full bandwidth while
> machines in the 192.168.1.0/24 (except xa and xb) will have bandwidth limited to 8 kb/s.

Example 1:

ipfw pipe 1 config bw 8Kbit/s
ipfw pipe 2 config bw 8Kbit/s
ipfw add pipe 1 ip from any to 192.168.1.xa
ipfw add pipe 2 ip from any to 192.168.1.xb

This will only limit downloads from machine a and machine b to 8Kbit/s

Example 2:

Machines a and b share bandwidth of 8Kbit/s

ipfw pipe 1 config bw 8Kbit/s
ipfw add pipe 1 ip from any to 192.168.1.xa
ipfw add pipe 1 ip from any to 192.168.1.xb

Example 3 (this is what you wanted):

ipfw pipe 1 config bw 8Kbit/s mask dst-ip 0x000000ff
ipfw add accept ip from any to 192.168.1.xa
ipfw add accept ip from any to 192.168.1.xb
ipfw add pipe 1 ip from any to 192.168.1.0/24

With Regards,
D.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message