Date: Thu, 20 May 2010 10:18:47 +0200 From: "Spenst, Aleksej" <Aleksej.Spenst@harman.com> To: "'freebsd-pf@freebsd.org'" <freebsd-pf@freebsd.org> Subject: Ingress traffic shaping Message-ID: <20290C577F743240B5256C89EFA753810C3CC9FE50@HIKAWSEX01.ad.harman.com>
next in thread | raw e-mail | index | archive | help
Hi All, If I understand it correctly, ingress traffic shaping is not possible with pf/altq. Are there any tricks to do it? I suppose that if incoming traffic is sent out by the router further to the LAN, the incoming traffic can be considered as outcoming traffic and therefore can be easily shaped. ---- incoming traffic ---> <ext_if> ROUTER <int_if with altq> ---- shaped outcoming traffic ----> So, in this case one can say that ingress traffic can be shaped. In this manner it should be possible to limit TCP download traffic. What if traffic is not forwarded further? ---- incoming traffic ---> <ext_if> END HOST Is it possible to do anything to slow down for example TCP download traffic? Drop incoming packets? Drop or slow down outgoing ACKs? I've tried to put outgoing ACKs in the queue with the lowest priority, but that doesn't help when there is no much other outbound traffic. I also was trying to figure out whether it is possible to forward the incoming traffic to the loopback interface and then back to ext_if, so that incoming traffic can be considered as outcoming at the loopback interface. ---- incoming traffic ---> <ext_if> ----> <lo0> ---- shaped outcoming traffic ----><back to ext_if> but I couldn't configure pf.conf such that this would be possible... Is this theoretically possible? Thanks a lot for any tips! Aleksej.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20290C577F743240B5256C89EFA753810C3CC9FE50>