Date: Thu, 30 May 2002 00:18:20 -0700 From: Luigi Rizzo <rizzo@icir.org> To: Jon Noack <noackjr@compgeek.com> Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: peer-to-peer asymmetric simulation Message-ID: <20020530001820.A27956@iguana.icir.org> In-Reply-To: <20020530004314.3217.cpmta@c015.snv.cp.net>; from noackjr@compgeek.com on Wed, May 29, 2002 at 05:43:14PM -0700 References: <20020530004314.3217.cpmta@c015.snv.cp.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, May 29, 2002 at 05:43:14PM -0700, Jon Noack wrote:
> I'm trying to simulate a peer-to-peer network of 8 clients connected via asymmetric links using dummynet. I have it up and running using a machine with 8 network interfaces running as a bridge. The only issue is that (as I've found reading older posts) when running in a bridge packets are only passed through ipfw once. This obviously prevents me from limiting both directions of the links.
it is true that _each_ packet goes through the firewall once, but
when you have bidirectional traffic nothing prevents you from
having different rules apply to packets in the two directions
e.g. basing on the receive interface
ipfw add pipe 1 ip from any to any in recv fxp0
ipfw add pipe 2 ip from any to any in recv fxp1
this particular example is probablu even on the ipfw manpage
or on the dummynet page http://info.iet.unipi.it/~luigi/ip_dummynet/
cheers
luigi
> Basic config for 8 56Kbit/s modem clients:
>
> #Upstream
> pipe 1 config mask src-ip 0x000000ff bw 32Kbit/s delay 100ms queue 4Kbytes
> add pipe 1 ip from any to any out
>
> #Downstream
> pipe 2 config mask dst-ip 0x000000ff bw 48Kbit/s delay 100ms queue 4Kbytes
> add pipe 2 ip from any to any in
>
> First of all, is this even correct (not sure about whether in and out are used correctly)? Second, I've seen that the following patch was proposed:
>
> it might be as simple as changing one line in bridge.c
>
> if (ip_fw_chk_ptr && bdg_ipfw != 0 && src != NULL) {
> struct ip *ip ;
> int i;
>
> - if (rule != NULL) /* dummynet packet, already partially processed */
> + if (rule != NULL && fw_one_pass)
> goto forward; /* HACK! I should obey the fw_one_pass */
>
> but i never had a chance to test it.
>
> Has anyone used this?
>
> If this doesn't work, how should I modify my setup to make this work (i.e. use router instead of bridge? settings necessary?)?
>
> Thanks,
> Jon Noack
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-ipfw" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020530001820.A27956>