From owner-freebsd-pf@FreeBSD.ORG Fri Sep 8 06:43:13 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7857A16A4DE for ; Fri, 8 Sep 2006 06:43:13 +0000 (UTC) (envelope-from rajkumars@gmail.com) Received: from nz-out-0102.google.com (nz-out-0102.google.com [64.233.162.195]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0C91543D45 for ; Fri, 8 Sep 2006 06:43:12 +0000 (GMT) (envelope-from rajkumars@gmail.com) Received: by nz-out-0102.google.com with SMTP id 13so229906nzn for ; Thu, 07 Sep 2006 23:43:12 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=VUzpKiyp0BzEPAU69F7uPhfbcjnf5Fy+hu1LAcL5KWQHyfN2VobuPqABph9h0IkK0SCalTr3B9aiOmrcQHW9LxKevEymse71kKuisMBF4L5Cq1jzZmPHEqPEoqPkMNxps5JHd4ltE/uc5oE+XLp0G1iVlkzgsirxGy4RxqcaUmg= Received: by 10.65.112.5 with SMTP id p5mr1865703qbm; Thu, 07 Sep 2006 23:43:12 -0700 (PDT) Received: by 10.65.248.1 with HTTP; Thu, 7 Sep 2006 23:43:12 -0700 (PDT) Message-ID: <64de5c8b0609072343h19cc40aaked48adb4d9a0b48e@mail.gmail.com> Date: Fri, 8 Sep 2006 12:13:12 +0530 From: "Rajkumar S" To: freebsd-pf@freebsd.org In-Reply-To: <200609072125.25957.max@love2party.net> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <19710703252.20060907212112@yandex.ru> <200609072125.25957.max@love2party.net> Subject: Re: NEW IDEAS X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Sep 2006 06:43:13 -0000 On 9/8/06, Max Laier wrote: > On Thursday 07 September 2006 20:21, KES wrote: > > Archie Cobbs wrote: > > >>KES wrote: > > >> How about 'ALTQ' node? or may be 'queue' node > > >> for packets scheduling > The problem is, how do you classify your traffic for queueing? i.e. where > and how do you decide whether to put a given packet into queue A or B? Is it possible to have a netgraph hook for pf also? Some thing like queue in on dc0 from 192.168.0.0/24 to 192.168.0.1 Where the packet will be passed to a netgraph node with full state information about the TCP stream. If the packet is dropped in netgraph then it's as good as a block, other wise it's a pass. The idea is to have some sort of userspace processing for things like blocking p2p. I can already take packets from ethernet interfaces, but getting packets from pf has some advantages like: Ability to select which packets I want to pass to userspace Take advantage of tcp reassembly and state tracking of pf. The state tracking is important because that can help in identifying patters that span multiple packets in userspace easily. The pf netgraph node can set tags as well as assign the packet to a particular queue, for example slow down kazaa. I am not sure how much of this is feasible or even desirable, but just thinking out loud. raj