Date: Sun, 25 Jul 2021 17:57:59 +0200 From: "Kristof Provost" <kp@FreeBSD.org> To: ipfw@FreeBSD.org Subject: Re: dummynet configuration for automated tests Message-ID: <441AA0FF-9693-4FDD-A4DB-BA443773C630@FreeBSD.org> In-Reply-To: <4403D1A2-5162-4639-B6BB-5369EAA3E645@FreeBSD.org> References: <4403D1A2-5162-4639-B6BB-5369EAA3E645@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--=_MailMate_C8B5B53A-0B9D-4242-B2B4-5D095E02337F_= Content-Type: text/plain; charset="UTF-8"; format=flowed; markup=markdown Content-Transfer-Encoding: 8bit Perhaps a different question would also be helpful: Can anyone share a functional example configuration using dummynet to prioritise traffic? Thanks, Kristof On 20 Jul 2021, at 9:15, Kristof Provost wrote: > Hi, > > I’ve been trying (and failing) to write a few basic test cases for > dummynet (with ipfw for now). > > The full test script can be found here: > https://people.freebsd.org/~kp/dummynet.sh but the relevant bit is > this: > > queue_v6_body() > { > fw=$1 > firewall_init $fw > dummynet_init $fw > > epair=$(vnet_mkepair) > epair_link=$(vnet_mkepair) > vnet_mkjail alcatraz ${epair}b ${epair_link}a > vnet_mkjail srv ${epair_link}b > > set -x > > ifconfig ${epair}a inet6 2001:db8:42::1/64 no_dad up > route add -6 2001:db8:43::/64 2001:db8:42::2 > > jexec alcatraz ifconfig ${epair}b inet6 2001:db8:42::2 no_dad > up > jexec alcatraz ifconfig ${epair_link}a inet6 2001:db8:43::2 > no_dad up > jexec alcatraz sysctl net.inet6.ip6.forwarding=1 > > jexec srv ifconfig ${epair_link}b inet6 2001:db8:43::1 no_dad > up > jexec srv route add -6 default 2001:db8:43::2 > jexec srv /usr/sbin/inetd -p inetd-alcatraz.pid \ > $(atf_get_srcdir)/../pf/echo_inetd.conf > > # Sanity check > atf_check -s exit:0 -o ignore ping6 -i .1 -c 3 -s 1200 > 2001:db8:42::2 > atf_check -s exit:0 -o ignore ping6 -i .1 -c 3 -s 1200 > 2001:db8:43::2 > atf_check -s exit:0 -o ignore ping6 -i .1 -c 3 -s 1200 > 2001:db8:43::1 > > reply=$(echo "foo" | nc -w 5 -N 2001:db8:43::1 7) > if [ "$reply" != "foo" ]; > then > atf_fail "Echo sanity check failed" > fi > > jexec alcatraz dnctl pipe 1 config bw 300Byte/s queue 5 mask > proto 0xff > jexec alcatraz dnctl sched 1 config pipe 1 type wf2q+ mask > proto 0xff > jexec alcatraz dnctl queue 1 config sched 1 weight 99 queue 5 > mask proto 0xff > jexec alcatraz dnctl queue 2 config sched 1 weight 1 queue 5 > mask proto 0xff > > firewall_config alcatraz ${fw} \ > "ipfw" \ > "ipfw add queue 2 ipv6-icmp from any to any > icmp6types 128,129" \ > "ipfw add queue 1 tcp from any to any" > > # Single ping succeeds > atf_check -s exit:0 -o ignore ping6 -c 3 2001:db8:43::1 > # Unsaturated TCP succeeds > reply=$(echo "foo" | nc -w 5 -N 2001:db8:43::1 7) > if [ "$reply" != "foo" ]; > then > atf_fail "Unsaturated echo failed" > fi > > # Saturate the link > ping6 -i .01 -s 1200 2001:db8:43::1 & > > # Give that a chance to fill the queue & pipe > sleep 1 > > jexec alcatraz ipfw show > > # We should now be hitting the limits and get this packet > dropped. > atf_check -s exit:2 -o ignore ping6 -c 1 -W 1 -s 1200 > 2001:db8:43::1 > > # TCP should still just pass > for i in `seq 0 4` > do > reply=$(echo "foo $i" | nc -w 10 -N 2001:db8:43::1 7) > if [ "$reply" != "foo $i" ]; > then > atf_fail "Failed to prioritise traffic on > interation $i" > fi > sleep 1 > done > > jexec alcatraz ipfw flush > # This will fail if we don't differentiate the traffic > firewall_config alcatraz ${fw} \ > "ipfw" \ > "ipfw add queue 1 ipv6-icmp from any to any > icmp6types 128,129" \ > "ipfw add queue 2 tcp from any to any" > > # Carry over state? > killall ping6 > ping6 -i .01 -s 1200 2001:db8:43::1 & > sleep 1 > > reply=$(echo "baz" | nc -w 10 -N 2001:db8:43::1 7) > if [ "$reply" == "baz" ]; > then > jexec alcatraz ipfw show > atf_fail "TCP still made it through, even when not > prioritised" > fi > } > > The idea is to set up a very slow link (using a pipe), and then to > send both ICMP echo and TCP traffic through it. There’s vastly more > ICMP traffic than TCP, and the expectation is that without > prioritisation the ICMP traffic will drown out TCP and cause the > connection to fail. > We then try to use dummynet to give TCP priority over ICMP, so that > the TCP connections do succeed. > > However, I simply cannot get it to behave in any sort of predictable > or consistent way. Sometimes the TCP connection succeeds, despite > attempts to prioritise ICMP, or vice versa. > > Clearly I’m misconfiguring something, but at this point I do not > understand what. Does anyone see my mistake, or have any relevant > configuration examples to share? > > Thanks, > Kristof --=_MailMate_C8B5B53A-0B9D-4242-B2B4-5D095E02337F_=--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?441AA0FF-9693-4FDD-A4DB-BA443773C630>