ipfw: Can't see other flows in pipe

Sebastian Mellmann sebastian.mellmann at net.t-labs.tu-berlin.de
Fri Mar 6 02:45:47 PST 2009 

Hi everyone!

I've got the following ipfw rules:


cmd="ipfw"
webclient_upload_bandwidth="1024kbit/s"
webclient_download_bandwidth="6144Kbit/s"
bottleneck_bandwidth="100Mbit/s"
client_rtt_delay=10
queue=50

client1_subnet="192.168.5.0/26"
server1_subnet="192.168.7.0/24"

$cmd pipe 100 config mask all bw $webclient_upload_bandwidth queue
queue_size delay $client_rtt_delay

$cmd pipe 200 config mask all bw $webclient_download_bandwidth queue
queue_size delay $client_rtt_delay

$cmd add pipe 100 all from $client1_subnet to $server1_subnet in recv $in_if

$cmd add pipe 200 all from $server1_subnet to $client1_subnet out xmit $in_if

$cmd pipe 500 config bw $bottleneck_bandwidth
$cmd add pipe 500 all from any to any via $in_if

$cmd pipe 510 config bw $bottleneck_bandwidth
$cmd add pipe 510 all from any to any via $out_if


For testing purposes I've got 4 concurrent downloads via scp from the
server1_subnet to the client1_subnet.

ipfw pipe show gives me the following:

00510: 100.000 Mbit/s    0 ms   50 sl. 1 queues (1 buckets) droptail
    mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000
BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes
Pkt/Byte Drp
  0 tcp      192.168.5.4/47753     192.168.7.1/22    610244 609078476  2
104   1
00100:   1.024 Mbit/s    0 ms   50 sl. 4 queues (64 buckets) droptail
    mask: 0xff 0xffffffff/0xffff -> 0xffffffff/0xffff
BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes
Pkt/Byte Drp
 18 tcp      192.168.5.4/47753     192.168.7.1/22    15067   820472  0
0   0
 29 tcp      192.168.5.1/59724     192.168.7.1/22    64519  3512539  0
0   0
 34 tcp      192.168.5.2/58805     192.168.7.1/22    64035  3481423  0
0   0
 54 tcp      192.168.5.3/40995     192.168.7.1/22    66705  3633640  0
0   0
00305: unlimited    0 ms   50 sl. 0 queues (1 buckets) droptail
00310: unlimited    0 ms   50 sl. 0 queues (1 buckets) droptail
00200:   6.144 Mbit/s    0 ms   50 sl. 4 queues (64 buckets) droptail
    mask: 0xff 0xffffffff/0xffff -> 0xffffffff/0xffff
BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes
Pkt/Byte Drp
  2 tcp      192.168.7.1/22        192.168.5.2/58805 121901 182399179 29
43124 234
 47 tcp      192.168.7.1/22        192.168.5.3/40995 126392 189093880 43
64124 241
 51 tcp      192.168.7.1/22        192.168.5.1/59724 122550 183349839 34
50624 251
 60 tcp      192.168.7.1/22        192.168.5.4/47753 28565 42735852  0
0  55
00315: unlimited    0 ms   50 sl. 0 queues (1 buckets) droptail
00500: 100.000 Mbit/s    0 ms   50 sl. 1 queues (1 buckets) droptail
    mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000
BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes
Pkt/Byte Drp
  0 tcp      192.168.5.4/47753     192.168.7.1/22    609337 607754332  2
1552   0
00300: unlimited    0 ms   50 sl. 0 queues (1 buckets) droptail


Why do I only see ONE connection inside the 500/510 pipe?
I thought I could see any connection going through that pipe.



Regards,
Sebastian


P.S.: Sorry for sending it on 'freebsd-questions' too, I've messed up my
address book :-(

More information about the freebsd-ipfw mailing list