# ipfw+shaper, rate in pipe less than indicated



## salam4ik (Apr 5, 2011)

Hi to All!
I use rtorrent on my home server for three users, and ipfw for filter ip not from my ISP. And now I want to separate traffic between 3 users who run rtorrent (julietta, mama and rtorrent, all of them in torrent group) using ipfw pipes and queue. But rates in pipes doesn't reach rate 180KBytes/s for download and 70KBytes/s for uplod as indicated, real rate is 150KBytes/s for download and 60KBytes/s for upload . Guys, how can I diagnose reason of it, and solve this problem.
Thank you!

```
FreeBSD salam4ik 8.1-RELEASE FreeBSD 8.1-RELEASE #0: Mon Jul 19 02:55:53 UTC 2010     root@almeida.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  i386
```

Here ipfw.rules listing:

```
#!/bin/sh

ipfw -q -f flush

netif="ale0"
dnsservice="192.168.2.1"
cmd="ipfw -q add "

## Pipes
# 
ipfw pipe 1 config bw 180KBytes/s
# 
ipfw pipe 2 config bw 70KBytes/s
# 
ipfw queue 1 config pipe 1 weight 30
ipfw queue 2 config pipe 1 weight 35
ipfw queue 3 config pipe 1 weight 35
ipfw queue 11 config pipe 2 weight 40
ipfw queue 12 config pipe 2 weight 30
ipfw queue 13 config pipe 2 weight 30

ipfw table 1 flush 
ipfw table 2 flush 

## Megaline traffic
ipfw table 1 add 212.19.128.0/19
ipfw table 1 add 212.154.128.0/17
ipfw table 1 add 82.200.128.0/17
ipfw table 1 add 88.204.128.0/17
ipfw table 1 add 89.218.0.0/16
ipfw table 1 add 92.46.0.0/15
ipfw table 1 add 95.56.0.0/14
ipfw table 1 add 178.88.0.0/14

## LAN traffic
ipfw table 2 add 10.0.0.0/8
ipfw table 2 add 172.16.0.0/12
ipfw table 2 add 192.168.0.0/16

$cmd allow all from any to any via lo0
$cmd deny all from any to 127.0.0.0/8
$cmd deny all from 127.0.0.0/8 to any

$cmd check-state

## Allow outgoing dht traffic
$cmd allow udp from me to any via $netif out gid torrent

## Allow incoming dht traffic
$cmd allow udp from any to me 4681-4683 via $netif in gid torrent

## Allow incoming kz torrent traffic
#$cmd allow tcp from table\(1\) to me 4672-4680 via $netif gid torrent setup keep-state
ipfw add queue 1 tcp from table\(1\) to me 4672-4680 via $netif uid rtorrent
ipfw add queue 2 tcp from table\(1\) to me 4672-4680 via $netif uid mama
ipfw add queue 3 tcp from table\(1\) to me 4672-4680 via $netif uid julietta 

## Allow outgoing kz torrent traffic
#$cmd allow tcp from me to table\(1\) via $netif via $netif gid torrent setup keep-state
ipfw add queue 11 tcp from me to table\(1\) via $netif uid rtorrent
ipfw add queue 12 tcp from me to table\(1\) via $netif uid mama
ipfw add queue 13 tcp from me to table\(1\) via $netif uid julietta

## Allow incoming LAN torrent traffic
$cmd allow tcp from table\(2\) to me 4672-4680 via $netif gid torrent setup keep-state
## Allow outgoing LAN torrent traffic
$cmd allow tcp from me to table\(2\) via $netif via $netif gid torrent setup keep-state
## Allow outgoing anounce tracker traffic
$cmd allow tcp from me to any 80,2710 via $netif gid torrent setup keep-state
## Allow dns service for torrent group users
#$cmd allow udp from any to any 53 via $netif gid torrent
$cmd allow udp from $dnsservice 53 to me via $netif gid torrent
$cmd deny log all from any to any gid torrent
$cmd allow all from any to any
```


```
net.inet.ip.dummynet.io_pkt_drop: 12853597
net.inet.ip.dummynet.io_pkt_fast: 1821183
net.inet.ip.dummynet.io_pkt: 34031276
net.inet.ip.dummynet.queue_count: 3
net.inet.ip.dummynet.fsk_count: 8
net.inet.ip.dummynet.si_count: 2
net.inet.ip.dummynet.schk_count: 4
net.inet.ip.dummynet.tick_lost: 0
net.inet.ip.dummynet.tick_diff: -2469301
net.inet.ip.dummynet.tick_adjustment: 2469872
net.inet.ip.dummynet.tick_delta_sum: -295
net.inet.ip.dummynet.tick_delta: -1
net.inet.ip.dummynet.red_max_pkt_size: 1500
net.inet.ip.dummynet.red_avg_pkt_size: 512
net.inet.ip.dummynet.red_lookup_depth: 256
net.inet.ip.dummynet.expire_cycle: 0
net.inet.ip.dummynet.expire: 1
net.inet.ip.dummynet.debug: 0
net.inet.ip.dummynet.io_fast: 0
net.inet.ip.dummynet.pipe_byte_limit: 1048576
net.inet.ip.dummynet.pipe_slot_limit: 100
net.inet.ip.dummynet.hash_size: 64
```


----------



## DutchDaemon (Apr 5, 2011)

Do you see the 150KBytes/60Kbyte rates inside rtorrent? Then you're probably seeing the traffic _without_ tcp overhead and ACKs. So those numbers are likely the 'net payload'.


----------



## salam4ik (Apr 9, 2011)

*DutchDaemon*, you are right rtorrent shows net payload, I had checked it with *iftop*. Thank you!


----------

