From owner-freebsd-net@FreeBSD.ORG Mon Sep 27 17:12:30 2010 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EB5FC106564A for ; Mon, 27 Sep 2010 17:12:30 +0000 (UTC) (envelope-from apauljoe@gmail.com) Received: from mail-gx0-f182.google.com (mail-gx0-f182.google.com [209.85.161.182]) by mx1.freebsd.org (Postfix) with ESMTP id A3CF08FC15 for ; Mon, 27 Sep 2010 17:12:30 +0000 (UTC) Received: by gxk8 with SMTP id 8so1970830gxk.13 for ; Mon, 27 Sep 2010 10:12:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type; bh=/2dP+qnuWMit9RfpQ/A7tF315cfqrRYnTw/nVrLYd2g=; b=mFpglaRBcqztJpEvaOTZM4Ebockv5wDpo2xgX5v0NBZ88NzLzAqKh/d8akjlGV2pr8 s/pvF2c0hAYHqctwNOK4adT/K1KxGz1Gt3c/tfV8KLUnu7+mqn4thQw8n36G4y9qatpd 0aOsrd5L8GkaJ3gkmJoUuHtr71jU1dsnO+pu4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=uBannAsyMHDyug7ZB2HdRkj6an+yZ915sIB1tvUmuqI2Jdjwoxu4N54QZeNd2stWhI cl2t84jBeDZv1g3Z2lhlZJtW4rGbcxg5QZqlEkrYP/qUM45nxjLGQl5o2BmVTC3ClxqW FCzp9hHI3MukUVRr+5H502gjHWf6o4K8IieVM= MIME-Version: 1.0 Received: by 10.150.161.9 with SMTP id j9mr9305200ybe.201.1285607549560; Mon, 27 Sep 2010 10:12:29 -0700 (PDT) Received: by 10.151.156.21 with HTTP; Mon, 27 Sep 2010 10:12:29 -0700 (PDT) In-Reply-To: <0A10F8F0-5BAB-4782-87CF-91E7661D805E@jnielsen.net> References: <0A10F8F0-5BAB-4782-87CF-91E7661D805E@jnielsen.net> Date: Mon, 27 Sep 2010 22:42:29 +0530 Message-ID: From: Paul Joe To: John Nielsen Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-net@freebsd.org Subject: Re: Extending dummynet/ipfw X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Sep 2010 17:12:31 -0000 On Mon, Sep 27, 2010 at 9:25 PM, John Nielsen wrote: > On Sep 27, 2010, at 11:20 AM, Paul Joe wrote: > > > I have attached a patch which allows to do flow classifications in > userland > > (e.g based on url categories, LDAP users) > > and do bandwidth control in kernel(dummynet). > > > > The patch has > > > > a) a setsocketopt, to associate a pipe to the socket. > > > > b) an ipfw option(sockarg) to redirect flows to corresponding pipe. > > > > Moreover, a member uint32_t is added to struct socket to hold the pipe > info. > > > > I guess this structure is not part of kernel userland ABI. > > > > Please let me know your comments, which I would be glad to incorporate > > This is something I have wished for in the past so I'm glad to see it. I'd > love to test it but I'm not sure what to do, especially on the userland > side. Could you post a simple ipfw ruleset that uses your patch along with > directions or a simple example program for doing the userland > classification? > 1) Create some pipes using ipfw pipe command or directly using dummynet socket option. ipfw pipe 2 config bw 100KB/sec 2) Add the generic sockarg option to redirect the traffic to pipe associated with the socket. ipfw add 100 pipe tablearg ip from any to any sockarg out 3) A sample python program could be import socket client_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) # Make the traffic flow through pipe 2. You can use any userspace logic to select any pipe you created. # you can use SO_USER_COOKIE for 0x1015 after the patch is checked in rest = client_socket.setsockopt(socket.SOL_SOCKET, 0x1015, 2); client_socket.connect(("www.google.com",80)) s = "GET\r\n" print client_socket.send(s); r = client_socket.recv(512); print r Let me know if you face any issues in testing it. Thanks, Joe > Thanks! > > JN > >