Application layer classifier for ipfw
Patrick Tracanelli
eksffa at freebsdbrasil.com.br
Fri Aug 1 15:36:30 UTC 2008
eculp escreveu:
> Quoting Mike Makonnen <mtm at wubethiopia.com>:
>
>> Daniel Dias Gonçalves wrote:
>>> You will go to develop a version to work with PF ?
>>>
>> I don't know what's needed to get it to work with pf, but if it's not too
>> much work, sure.
>
> That would be great, Mike. I'm seeing more and more bandwidth being
> used with p2p that I haven't been able to control with pf. The thought
> has entered my mind to change back to ipfw that I used for many years
> before changing to pf maybe 3 years ago. I also found dummynet to be
> easy and practical to set up for both incoming and outgoing
> connections. Something else I haven't figured out how to do the same
> with altq, if even possible. In fact, if I am able to control p2p with
> pf I may not even need bidirectional bandwidth limits.
>
> Thanks for sharing your very practical solution to a real world
> problem. Have a great weekend.
If it could be rewritten as a netgaph node, maybe it could tag the
classified packets, and tagging be compatible with both pf and ipfw
(under discretionary user choice with configuration switchs), so both
ipfw or pf could be used.
However a lot of work has to be done before. It works better on i386
than amd64 right now, wont compile on RELENG_6 without modifying some
gcc tweaks, etc.
I hope enhacing it can be a GSoC project in the future, or we
(community) can raise some funds to make it happen faster. It is really
a long-time needed feature to FreeBSD.
--
Patrick Tracanelli
More information about the freebsd-net
mailing list