Date: Mon, 29 Jan 2007 12:55:29 -0000 (UTC) From: "Spadge Fromley" <spadge@fromley.net> To: "Arone Silimantia" <aronesimi@yahoo.com> Cc: freebsd-net@freebsd.org Subject: Re: ipfw pipe show ... help with output is needed, please. Message-ID: <33457.213.123.179.188.1170075329.squirrel@webmail.fromley.net> In-Reply-To: <464814.62688.qm@web58605.mail.re3.yahoo.com> References: <464814.62688.qm@web58605.mail.re3.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> > I see this: > > # ipfw pipe show 1 > 00001: 16.000 Mbit/s 0 ms 50 sl. 1 queues (1 buckets) droptail > mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 > BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes > Pkt/Byte Drp > 0 tcp 1.2.3.4/22 1.2.3.4/4333 2970975653 2649647615805 2 > 2992 10414733 > Second, there are seven headings (from BKT at the left to Drp on the > right) but underneath those seven headings are _9_ values. What I really > want to know is how many packets I am droppinig ... but I can't tell which > of the fields are the "dropped" - I assume it is the final number .. if > so, what is that measured in ? Packets ? I can't help you with the rest of it, as I am frequently just as baffled by ipfw/dummynet as the next man .. But the 7/9 thing I can explain. Tot_pkt: 2970975653 bytes: 2649647615805 Pkt: 2 Byte: 2992 Ideally, there'd be a '/' between pkts and bytes, like there is in the headers. Does it make a difference if you set up the ipfw rule before the dummynet one? Here's how I have mine: root@tobermory# ipfw list | grep pipe 01400 pipe 101 ip from any to any uid DLMonkey via fxp0 in 01500 pipe 102 ip from any to any uid DLMonkey via fxp0 out taken from: root@tobermory# grep pipe /etc/rc.firewall /sbin/ipfw -f pipe flush /sbin/ipfw add pipe 101 ip from any to any uid DLMonkey via $WAN in /sbin/ipfw add pipe 102 ip from any to any uid DLMonkey via $WAN out /sbin/ipfw pipe 101 config delay 100ms /sbin/ipfw pipe 102 config delay 100ms Gives the following info: root@tobermory# ipfw pipe list 00102: unlimited 100 ms 50 sl. 1 queues (1 buckets) droptail mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp 0 tcp {my.ip.address}/61676 59.127.165.138/4662 6557083 758428752 0 0 0 00101: unlimited 100 ms 50 sl. 1 queues (1 buckets) droptail mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp 0 udp 67.163.25.202/7871 {my.ip.address}/14298 8466595 1174764649 0 0 0 Trust me: there will be a lot more connections set up in those pipes than that. I think it's just showing a snapshot. Or I have got it all completely wrong and it's not actually working at all like I thought it ought. Who knows? :) -- Spadge 'Intoccabile'
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?33457.213.123.179.188.1170075329.squirrel>