Ok, one problem I found was that I was looking at the dummynet man page.
Apparently its out of date and inaccurate.. however, looking at the
dummynet features on ipfw's man page gives more information.
I'm trying to prioritize traffic on my line, and push interactive and voice
traffic above bulk/batch traffic. I understand the general pipe
configuration and the queues attached to the pipes to enforce specific
queueing policies, so I'm trying something like this, just illustrating SSH
ipfw pipe 1 config bw 384Kbit/s
ipfw add 10 pipe 1 ip from any to any via xl0
ipfw queue 1 config pipe 1 weight 10
ipfw add 15 queue 1 ip from any to any via xl0
ipfw queue 2 config pipe 1 weight 80
ipfw add 17 queue 2 tcp from any to any 22 via xl0
ipfw add 18 queue 2 tcp from any 22 to any via xl0
ipfw add 20 pipe 2 icmp from any to any via xl0
ipfw pipe 2 config bw 20Kbit/s
(note that after these pipes and queues comes the normal firewall
configuration, so I have the kernel set to net.inet.ip.fw.enable=0)
So, on a basic level, only running the pipe configuration (without the queue
lines above) works without a problem. My ICMP traffic is successfully
limited and constrained, so that sort of config seems good. However, I'm
trying to weight my bandwidth, not entirely constrict it, so I added the
queues on the first pipe. When I configure the queues, queue 1 configures
fine, but queue 2 returns an error, as shown:
keet# ipfw queue 1 config pipe 1 weight 10
keet# ipfw queue 2 config pipe 1 weight 80
ipfw: setsockopt(IP_DUMMYNET_CONFIGURE): Invalid argument
In the examples I've seen though, you should be able to attach multiple
queues to a single pipe. I don't see why the argument would be a problem.
In addition, I'm assuming the ordering of the rules matters, since the
processing will continue after triggering a rule, so I'm ordering them from
broadest to narrowest. Is that what should happen, or does the weight get
reset as it goes from queue to queue?