为什么这些 ipfw 延迟管道没有效果?

tag-icon tag-icon mac-osx latency ipfw
为什么这些 ipfw 延迟管道没有效果?

我在 OSX 10.7.5 上,并尝试使用 ipfw 为我的个人域连接添加一些延迟,使用请参阅本文作为指南。正常延迟:

> ping -c5 troutwine.us                                 
PING troutwine.us (198.101.227.131): 56 data bytes
64 bytes from 198.101.227.131: icmp_seq=0 ttl=56 time=92.714 ms
64 bytes from 198.101.227.131: icmp_seq=1 ttl=56 time=91.436 ms
64 bytes from 198.101.227.131: icmp_seq=2 ttl=56 time=91.218 ms
64 bytes from 198.101.227.131: icmp_seq=3 ttl=56 time=91.451 ms
64 bytes from 198.101.227.131: icmp_seq=4 ttl=56 time=91.243 ms

--- troutwine.us ping statistics ---
5 packets transmitted, 5 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 91.218/91.612/92.714/0.559 ms

启用 ipfw:

> sudo sysctl -w net.inet.ip.fw.enable=0
net.inet.ip.fw.enable: 1 -> 0

> sudo sysctl -w net.inet.ip.fw.enable=1
net.inet.ip.fw.enable: 0 -> 1

管道的配置:

> sudo ipfw add pipe 1 ip from any to 198.101.227.131   
00200 pipe 1 ip from any to any dst-ip 198.101.227.131

> sudo ipfw add pipe 2 ip from 198.101.227.131 to any
00500 pipe 2 ip from 198.101.227.131 to any

> sudo ipfw pipe 1 config delay 250ms bw 1Mbit/s plr 0.1

> sudo ipfw pipe 2 config delay 250ms bw 1Mbit/s plr 0.1

管道已就位并配置完毕:

> sudo ipfw -a list                                  
00100      166       14178 fwd 127.0.0.1,20559 tcp from any to me dst-port 80 in
00200        0           0 pipe 1 ip from any to 198.101.227.131
00300        0           0 pipe 2 ip from 198.101.227.131 to any
65535 37452525 32060610029 allow ip from any to any

> sudo ipfw pipe list                                
00001:   1.000 Mbit/s  250 ms   50 sl.plr 0.100000 0 queues (1 buckets) droptail
    mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000
00002:   1.000 Mbit/s  250 ms   50 sl.plr 0.100000 0 queues (1 buckets) droptail
    mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000

但这并没有什么效果:

> ping -c5 troutwine.us                              
PING troutwine.us (198.101.227.131): 56 data bytes
64 bytes from 198.101.227.131: icmp_seq=0 ttl=56 time=100.920 ms
64 bytes from 198.101.227.131: icmp_seq=1 ttl=56 time=91.648 ms
64 bytes from 198.101.227.131: icmp_seq=2 ttl=56 time=91.777 ms
64 bytes from 198.101.227.131: icmp_seq=3 ttl=56 time=91.466 ms
64 bytes from 198.101.227.131: icmp_seq=4 ttl=56 time=93.209 ms

--- troutwine.us ping statistics ---
5 packets transmitted, 5 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 91.466/93.804/100.920/3.612 ms

怎么回事?我知道 ipfw 已经过时了,但手册页没有提到它被禁用。另外,我没有使用网络链路控制器,因为我想影响单个主机。

答案1

由于 ping 使用 IP,因此除了 IP 之外,您还必须通过管道发送 ICMP。

尝试这个:

sudo ipfw add pipe 1 icmp from any to 198.101.227.131
sudo ipfw add pipe 2 icmp from 198.101.227.131 to any

我确信有更简洁的方式来编写这些规则。今晚晚些时候我会尝试一下并更新此内容。

相关内容