# dummynet / ipfw plr config issue: double plr for UL compared to DL



## arusan (Sep 7, 2011)

On a machine acting as a bridge, I have only one dummynet pipe configured with PLR.
I add two rules, hoping that I will generate symmetric packet loss on UL & DL for a single host behind the bridge.

However, I end up with double the packet loss in UL, while in DL the packet loss is exacty what I configured. And I can't figure out at all where my mistake lies...

my config:

```
ipfw pipe 7 config plr 0.004                #--> 0.4%, right?
ipfw add 300 pipe 7 out dst-ip 10.x.y.z/30  #--> I also tried only IP@ 10.x.x.2, for the
                                            # specific host. it's anyway alone in that subnet
ipfw add 400 pipe 7 out src-ip 10.x.y.z/30  # obviously x,y,z identical to the above ones
```

I test with iperf, one linux and one windows machine (first command line for the server, second line for client):

```
iperf -s -u -l 1400
iperf -c 10.x.y.z -f m -u -i 5 -b 3m -l 1400 -t 100
```

(tried with other values for bandwidth, no difference. need -t 100 for a good average since my PLR is very low).

-when running this in one direction, my PLR is the desired one: ~0.4% (0.39% to 0.41%).
-when running this in the other direction (I switch my iperf commands and adjust the IP@ for the server, the machines remain on the same side of the bridge, just the iperf server/client are switched) I get double the packet loss: ~0.8% (0.76%-0.85%).

same result if I run iperf with the -r command (also for reversed direction testing).
*If I put prob 0.5 to the 400 rule* (which is the problematic one), I get the correct result of 0.4% --> which is strange...

I checked that only one rule is matched when running the iperf test (via ipfw show, I see what rule increments packet count) and also that the pipe is configured with the correct value (ipfw pipe show).

if I change rule 400 to:

```
ipfw add 400 pipe 7 [B]in[/B] src-ip 10.x.y.z/30
```

it is not matched at all... which is again weird. I get then PLR 0% and no packets hit the rule.

I use a dual port Intel card (em0, em1) configured as a bridge, no IP@ for any of the ports.
sysctl.conf:

```
net.link.ether.ipfw=0
net.link.bridge.ipfw=1
```

It must be smtg obvious, but I cannot see it.


----------

