If I boot into a Live CD image from FreeBSD-9.3-RELEASE
and issue the following commands:
ifconfig bridge create
ifconfig bridge0 addm igb0 addm igb1 up
ifconfig igb0 up
ifconfig igb1 up
sysctl -w net.link.bridge.ipfw=1
ipfw -q 10 add pipe 100 ip from any to any
ipfw -q pipe 100 config bw 1Mb/s delay 100ms
I end up with a traffic shaped network (bandwidth is limited and delay is inserted) as expected between igb0 and igb1.
Following those exact same commands but with FreeBSD-10.0-RELEASE, FreeBSD-10.1-RELEASE, or FreeBSD-11.0-CURRENT, all the commands are accepted without any errors or warnings, however there is no bandwidth limiting and no delay inserted when passing traffic across the bridge.
It appears that dummynet is broken, at least for bridges, since at least 10.0-RELEASE.
Could this be fixed?
Images used were:
I ran into the same thing. I believe there is a problem in the order in which ipfw and dummynet modules are loaded.
Try kldunload dummynet ; kldunload ipfw ; kldload ipfw ; kldload dummynet
And then create rules and see if that works. (It does for me.)
Look at sysctl net.inet.ip.dummynet to see if dummynet is seeing packets go through.
https://lists.freebsd.org/pipermail/freebsd-ipfw/2015-July/005892.html where I ran into a similar issue.
I have the same problem (FreeBSD 10.2).
I've tried Hiren Panchasara's suggestion in Comment 1, but that doesn't fix the problem.
Note that traffic to and from either of the adapters that form part of the bridge DOES go via the pipe. It's just traffic that gets bridged that doesn't go through the pipe.
After a lot of recompiling, it looks like the bug crept in with r240099 (committed by 'melifaro').
Hiren's case of configuring any to any and pinging doesn't seem to still be a problem. I cannot reproduce here based on the steps in his email.
I don't see in your configuration anything that depends on bridge, i.e. you are restricting on the bridge interface. Due to the age of this report and I am going to close this issue.
If it still holds please reopen or create a new bug with specifics and tag me and I will investigate.
I still had this issue at the in January 2020, using the setup specified by James Rice in the bug description.
The issue is that the bridged traffic does not seem to get sent through the pipe, despite the firewall rule.
I tried with 10, 11, and 12 releases - I don't remember the exact versions - but I could only get James's configuration working with FBSD 9 releases.
I don't currently have access to the system that I used to test this, but I could organise to test any configurations that you have in mind, and send other debug information, a few weeks from now when I will hopefully have access the hardware again.