Rate Limiting Per-Socket
Robert Watson
rwatson at freebsd.org
Wed Jun 23 21:30:38 GMT 2004
On Tue, 22 Jun 2004, Paul Querna wrote:
> I am looking at methods to rate limit a single socket to a
> specific pipe or rate with FreeBSD. I would like to make an Apache
> module that could do its outgoing rate limit *in* kernel, making the
> module very simple, and more accurate by using the kernel todo the rate
> limiting.
>
> I have been looking at Dummynet and pfil_hooks, but these seem to
> operate only on an entire interface. I would like to have these operate
> only on a socket fd that I designate. Ie a special setsockopt() would
> put socket x into pipe a. This pipe 'a' was setup ahead of time to only
> allow 512 kb/s.
>
> Is this possible with FreeBSD? Do you have any suggestions on the best
> way to proceed?
You might well be interested in Trickle, which is a user space traffic
shaper that works via a library preload to rate limit arbitrary
(dynamically linked) applications.
http://monkey.org/~marius/pages/?page=trickle
I've never tried it, Marius told me about it at the last USENIX Security
(or maybe at LSM). It sounds pretty neat. Note that this is all in user
space, but if it works well perhaps that's OK. :-)
Robert N M Watson FreeBSD Core Team, TrustedBSD Projects
robert at fledge.watson.org Senior Research Scientist, McAfee Research
More information about the freebsd-net
mailing list