Extension of dummynet/ipfw to support userspace
packet classification
Guy Helmer
ghelmer at palisadesys.com
Wed Oct 7 21:55:23 UTC 2009
Joe R wrote:
> We at ironport have a requirement to do bandwidth management, but the
> traffic classification (and selection of bandwidth pipes) is done in
> userspace. The reason classification is done in userspace is because the
> traffic classifications are something like streaming audio traffic, video
> traffic, based on website categories etc.
>
>
>
> Our appliance is based on FreeBSD, and so we decided to look at dummynet to
> support our requirement. We could not use dummynet as such because it uses
> ipfw for packet classification, where packet classification (and pipe
> selection) is done in kernel based on tcp/ip parameters like IP and port.
>
>
>
> So we decided to extended dummynet/ipfw to support packet classification in
> userspace.
>
> Our idea is to extended socket structure to have a pipe number and have a
> setsockoption to associate the pipe number to a socket structure. Then have
> a new ipfw target (mappedpipe), which will pass the packet to dummynet
> (similar to pipe target) but with the pipe number in the socket structure if
> it is non-zero.
>
>
>
> I would like to know your comments on this proposal and if people are
> interested, I will be happy to submit a patch on this.
>
>
I think it would be a very useful capability to apply a dummynet pipe to
a stream.
My thinking was that it would be nice to be able to build a dynamic
table of connections in ipfw and then ipfw could pass packets that
matched the dynamic connections list through a specified dummynet pipe.
I think that is different than your design, though -- as I understand
it, your design would apply dummynet to packets written to a socket.
Guy
More information about the freebsd-ipfw
mailing list