Re: Dummynet AQM v0.1- CoDel and FQ-CoDel for FreeBSD's ipfw/dummynet

2016-03-09 Thread Don Lewis
On 10 Mar, Rasool Al-Saadi wrote: > > > On Wednesday, 9 March 2016, Don Lewis wrote: >> >> On 26 Feb, Rasool Al-Saadi wrote: >> > Dear all, >> > >> > I would like to announce that we (myself and Grenville Armitage) >> > released >> Dummynet AQM v0.1, which is an independent implementation of CoD

Re: ipwf dummynet vs. kernel NAT and firewall rules

2016-03-09 Thread Ian Smith
On Wed, 9 Mar 2016 15:02:18 -0800, Don Lewis wrote: > On 9 Mar, Don Lewis wrote: > > On 9 Mar, Don Lewis wrote: > >> On 9 Mar, Don Lewis wrote: > >>> On 9 Mar, Freddie Cash wrote: > > ?Do you have the sysctl net.inet.ip.fw.one_pass set to 0 or 1? > >>> > >>> Aha, I've got it

RE: Dummynet AQM v0.1- CoDel and FQ-CoDel for FreeBSD's ipfw/dummynet

2016-03-09 Thread Rasool Al-Saadi
On Wednesday, 9 March 2016, Don Lewis wrote: > > On 26 Feb, Rasool Al-Saadi wrote: > > Dear all, > > > > I would like to announce that we (myself and Grenville Armitage) released > Dummynet AQM v0.1, which is an independent implementation of CoDel and > FQ-CoDel for FreeBSD's ipfw/dummynet frame

Re: ipwf dummynet vs. kernel NAT and firewall rules

2016-03-09 Thread Don Lewis
On 9 Mar, Don Lewis wrote: > On 9 Mar, Don Lewis wrote: >> On 9 Mar, Don Lewis wrote: >>> On 9 Mar, Freddie Cash wrote: > ?Do you have the sysctl net.inet.ip.fw.one_pass set to 0 or 1? >>> >>> Aha, I've got it set to 1. >>> If set to 1, the a dummynet match ends the trip thro

Re: ipwf dummynet vs. kernel NAT and firewall rules

2016-03-09 Thread Don Lewis
On 9 Mar, Michael Sierchio wrote: > Rules will only match if all components match. So you seem to understand > that packets will be seen twice - once IN, once OUT. If you write > > in recv EXT_IP > out xmit EXT_IP > > the rule actions won't get executed twice on packets. That's what I'm using

Re: ipwf dummynet vs. kernel NAT and firewall rules

2016-03-09 Thread Don Lewis
On 9 Mar, Don Lewis wrote: > On 9 Mar, Don Lewis wrote: >> On 9 Mar, Freddie Cash wrote: >>> >>> ?Do you have the sysctl net.inet.ip.fw.one_pass set to 0 or 1? >> >> Aha, I've got it set to 1. >> >>> If set to 1, the a dummynet match ends the trip through the rules, and the >>> packet never

Re: ipwf dummynet vs. kernel NAT and firewall rules

2016-03-09 Thread Michael Sierchio
Rules will only match if all components match. So you seem to understand that packets will be seen twice - once IN, once OUT. If you write in recv EXT_IP out xmit EXT_IP the rule actions won't get executed twice on packets. On Wed, Mar 9, 2016 at 11:20 AM, Don Lewis wrote: > On 9 Mar, Fredd

Re: ipwf dummynet vs. kernel NAT and firewall rules

2016-03-09 Thread Don Lewis
On 9 Mar, Don Lewis wrote: > On 9 Mar, Freddie Cash wrote: >> On Wed, Mar 9, 2016 at 10:09 AM, Don Lewis wrote: >> >>> On 9 Mar, Franco Fichtner wrote: >>> > Hi Don, >>> > >>> > If you mean pf(4)-based NAT, there is a patch that originates from >>> > m0n0wall that handles the transition. We'r

Re: ipwf dummynet vs. kernel NAT and firewall rules

2016-03-09 Thread Don Lewis
On 9 Mar, Freddie Cash wrote: > On Wed, Mar 9, 2016 at 10:09 AM, Don Lewis wrote: > >> On 9 Mar, Franco Fichtner wrote: >> > Hi Don, >> > >> > If you mean pf(4)-based NAT, there is a patch that originates from >> > m0n0wall that handles the transition. We're using it in OPNsense >> > for that

Re: ipwf dummynet vs. kernel NAT and firewall rules

2016-03-09 Thread Freddie Cash
On Wed, Mar 9, 2016 at 10:09 AM, Don Lewis wrote: > On 9 Mar, Franco Fichtner wrote: > > Hi Don, > > > > If you mean pf(4)-based NAT, there is a patch that originates from > > m0n0wall that handles the transition. We're using it in OPNsense > > for that reason. Here is the patch for 10.x, mayb

Re: ipwf dummynet vs. kernel NAT and firewall rules

2016-03-09 Thread Don Lewis
On 9 Mar, Franco Fichtner wrote: > Hi Don, > > If you mean pf(4)-based NAT, there is a patch that originates from > m0n0wall that handles the transition. We're using it in OPNsense > for that reason. Here is the patch for 10.x, maybe that is what > you're looking for: Nope, I'm using ipfw in-k

Re: ipwf dummynet vs. kernel NAT and firewall rules

2016-03-09 Thread Franco Fichtner
Hi Don, If you mean pf(4)-based NAT, there is a patch that originates from m0n0wall that handles the transition. We're using it in OPNsense for that reason. Here is the patch for 10.x, maybe that is what you're looking for: https://github.com/fichtner/freebsd/commit/975130903f.patch We would v

ipwf dummynet vs. kernel NAT and firewall rules

2016-03-09 Thread Don Lewis
I'm trying to add FQ-CoDEL AQM to my FreeBSD 10 firewall box using this patch: , but I'm running into a problem that I think is caused by an interaction between in-kernel NAT and dummynet. I've set up two dummynet pipe/sched/queue instances using

ipfw

2016-03-09 Thread murillomoraleshg
Hey Sweety! Fabulous enchantress will come to you for an unforgettable pleasure that will be bright and colorful)) Your new world will seem completely different, beautiful and very colorful with me. How we can be excited together! I'll give you the fantastic moments in the bed. You'll be happy

Re: Dummynet AQM v0.1- CoDel and FQ-CoDel for FreeBSD's ipfw/dummynet

2016-03-09 Thread Franco Fichtner
> On 09 Mar 2016, at 8:58 AM, Don Lewis wrote: > > On 26 Feb, Rasool Al-Saadi wrote: >> Dear all, >> >> I would like to announce that we (myself and Grenville Armitage) released >> Dummynet AQM v0.1, which is an independent implementation of CoDel and >> FQ-CoDel for FreeBSD's ipfw/dummynet f