Hi,
Recently I had to move from Ultimate and Perfect pf (because it's not
the Ultimate and Perfect when it comes to gigabit/s speeds, due to
legacy TX in Intel drivers and associated problems) [back] to ipfw. I
was terribly disappointed, because after 10 years with pf I felt myself
like being traveled to a stone age, with relic and unuseable spears and
arrows instead of pulse rifles and railguns. Seems like nothing changed
for 10 years there:
- "ipfw pipe show" still isn't documented. Like at all.
- "ipfw pipe show" output is weird and cryptic and nobody understands it
without reading sources. Even after reading sources few understand it (I
don't). Our local FreeBSD guru is able to explain the output field
meaning, but first time he explains it wrong, then he consult the
sources (and does it each time), then he explains again, correcting the
mistakes (and the guy really rocks, I mean - if it's not intuitive to
him, who could understand it).
Looks like nobody of the ipfw developers haven't seen "pfctl -vvvs queue
show" output (which is a state of the art, really), so everyone who's
using ipfw pipes have to cut and torture themselves. I asked same local
FreeBSD guru "How can I prove to myself that this thing even works ?"
and I've been told to just .... measure the traffic after it has flown
through the shaper ! Same thing with drops measuring. "ipfw pipe show"
shows zero drops (although I expect some), so I've been told to add the
counter rules after pipe ones, and to switch the net.inet.ip.fw.one_pass
to 0. Just to count the drops (it really counts it, so it's a mystery
why the "ipfw pipe show" does show nothing). Furthermore, "ipfw pipe
show" shows almost nothing when there's no traffic going through the
pipe - and it really would be just logical to store the cumulative
statistics there.
Concluding, ipfw dummynet interface resembles an unfinished student
work, it's stuck in early 2000's, and it really does not look like
something of a production-ready system. I know that nobody owes noone
anything, bit it really looks like both "modern" FreeBSD packet filters
are lying in ruins, and people using ipfw had to scavenge some long ago
broken instruments on the junkyards (like in Mad max series) and use sun
and stars just to determine whether it's working or not.
I didn't mention that both still use 32-bit integers, thus limiting the
actual bandwidth to 4 Gigs/sec. Jesus.
Eugene.
_______________________________________________
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
