I'm on OSX 10.7.5 and am attempting to add some latency to the connection to my personal domain with ipfw, using this article as a guide. Normal latency:
> ping -c5 troutwine.us
PING troutwine.us (198.101.227.131): 56 data bytes
64 bytes from 198.101.227.131: icmp_seq=0 ttl=56 time=92.714 ms
64 bytes from 198.101.227.131: icmp_seq=1 ttl=56 time=91.436 ms
64 bytes from 198.101.227.131: icmp_seq=2 ttl=56 time=91.218 ms
64 bytes from 198.101.227.131: icmp_seq=3 ttl=56 time=91.451 ms
64 bytes from 198.101.227.131: icmp_seq=4 ttl=56 time=91.243 ms
--- troutwine.us ping statistics ---
5 packets transmitted, 5 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 91.218/91.612/92.714/0.559 ms
Enabling ipfw:
> sudo sysctl -w net.inet.ip.fw.enable=0
net.inet.ip.fw.enable: 1 -> 0
> sudo sysctl -w net.inet.ip.fw.enable=1
net.inet.ip.fw.enable: 0 -> 1
The configuration of the pipe:
> sudo ipfw add pipe 1 ip from any to 198.101.227.131
00200 pipe 1 ip from any to any dst-ip 198.101.227.131
> sudo ipfw add pipe 2 ip from 198.101.227.131 to any
00500 pipe 2 ip from 198.101.227.131 to any
> sudo ipfw pipe 1 config delay 250ms bw 1Mbit/s plr 0.1
> sudo ipfw pipe 2 config delay 250ms bw 1Mbit/s plr 0.1
The pipes are in place and configured:
> sudo ipfw -a list
00100 166 14178 fwd 127.0.0.1,20559 tcp from any to me dst-port 80 in
00200 0 0 pipe 1 ip from any to 198.101.227.131
00300 0 0 pipe 2 ip from 198.101.227.131 to any
65535 37452525 32060610029 allow ip from any to any
> sudo ipfw pipe list
00001: 1.000 Mbit/s 250 ms 50 sl.plr 0.100000 0 queues (1 buckets) droptail
mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000
00002: 1.000 Mbit/s 250 ms 50 sl.plr 0.100000 0 queues (1 buckets) droptail
mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000
Yet, this has had no effect:
> ping -c5 troutwine.us
PING troutwine.us (198.101.227.131): 56 data bytes
64 bytes from 198.101.227.131: icmp_seq=0 ttl=56 time=100.920 ms
64 bytes from 198.101.227.131: icmp_seq=1 ttl=56 time=91.648 ms
64 bytes from 198.101.227.131: icmp_seq=2 ttl=56 time=91.777 ms
64 bytes from 198.101.227.131: icmp_seq=3 ttl=56 time=91.466 ms
64 bytes from 198.101.227.131: icmp_seq=4 ttl=56 time=93.209 ms
--- troutwine.us ping statistics ---
5 packets transmitted, 5 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 91.466/93.804/100.920/3.612 ms
What gives? I understand that ipfw is depreciated, but the manpage does not mention it being disabled. Also, I am not using Network Link Controller as I want to affect a single host.
You're going to have to send ICMP through the pipe in addition to IP, since ping uses IP.
Try this:
I'm sure that there's a more succinct way to write these rules. I'll play around with it later tonight and update this.