Dummynet is a system facility that permits the control of traffic going through
the various network interfaces, by applying bandwidth and queue size
limitations, implementing different scheduling and queue management policies,
and emulating delays and losses. The user interface for dummynet is implemented
by the ipfw program, so the reader is referred to the ipfw
manpage for a complete description of the capabilities of dummynet and on
how to use it.
Here is the code to use TCPdump in conjunction with Dummynet, to log the packets that get dropped by Dummynet when the pipe overflows. In order to log layer 2 packets, you need to have the sysctl variable net.link.ether.ipfw=1, so that the packets are passed to IPFW to be filtered. The patch creates the Dummynet Discard Interface, dd0, to catch the packets that are discarded by dummynet when the pipe overflows and tcpdump, to view the packets that are dropped.
The following are the commands I used in ipfw to filter the traffic at IP_IN, IP_OUT, ETH_DEMUX, and ETH_OUT.
# ipfw show
This shows the ipfw rules configured on the machine.
# ipfw pipe 1 config bw 1Kbit/s queue 3
Configures a pipe (labelled 1) with a bandwidth of 1 kbit/s and a queue size of 3. The default queue value is 50.
# ipfw pipe show
This shows the pipes configured.
# ipfw add 350 pipe 1 all from any to 10.0.0.1 out
Adds a rule to pass all traffic from anywhere out to 10.0.0.1 to pipe 1.
# ipfw add 50 pipe 2 icmp from any to 127.0.0.1 in
Adds a rule to pass all ICMP traffic from anywhere in to the loopback interface, to pipe 2.
# ipfw add 370 pipe 3 all from machine1 to me layer2
Adds a rule to pass all layer 2 traffic (ethernet packets) from another machine to my machine, to pipe 3.
# ipfw add allow all from any to any layer2
Allows all layer2 traffic on my machine.
This rule comes just before the last rule in my list of ipfw add deny ip from any to any. The order of the rules, relative to your other rules, is important so that the traffic you are generating for dummynet doesn't get filtered by another rule first.
To use tcpdump on the Dummynet Discard Interface, you must first bring up the interface dd0:
ifconfig up dd0
The you specify the interface like this:
tcpdump -X -i dd0
The -X tells tcpdump to print the output in hexidecimal format, like so:
16:25:50.730945 machine1.cnri.dit.ie > mymachine.cnri.dit.ie: icmp: echo request
0x0000 4500 0054 4689 0000 4001 b5d8 93fc 2b05 E..TF...@.....+.
0x0010 93fc 2b4a 0800 096c c828 00a2 0e34 1940 ..+J...l.(...4.@
0x0020 0852 0b00 0809 0a0b 0c0d 0e0f 1011 1213 .R..............
0x0030 1415 1617 1819 1a1b 1c1d 1e1f 2021 2223 .............!"#
0x0040 2425 2627 2829 2a2b 2c2d 2e2f 3031 3233 $%&'()*+,-./0123
0x0050 3435 3637 4567
Ping can be used to generate traffic for your dummynet pipes by using the -f "flood" option. This can only be used in Super User mode.
# ping -f 127.0.0.1