Date: Wed, 07 Oct 2009 15:40:33 -0700 From: Julian Elischer <julian@elischer.org> To: Guy Helmer <ghelmer@palisadesys.com> Cc: freebsd-ipfw@freebsd.org, Joe R <apauljoe@gmail.com> Subject: Re: Extension of dummynet/ipfw to support userspace packet classification Message-ID: <4ACD18E1.3040901@elischer.org> In-Reply-To: <4ACD04E5.50806@palisadesys.com> References: <286e18280910071246r33d33476ya9dd846cd1de6062@mail.gmail.com> <4ACD04E5.50806@palisadesys.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Guy Helmer wrote: > Joe R wrote: >> We at ironport have a requirement to do bandwidth management, but the >> traffic classification (and selection of bandwidth pipes) is done in >> userspace. The reason classification is done in userspace is because the >> traffic classifications are something like streaming audio traffic, video >> traffic, based on website categories etc. >> >> >> >> Our appliance is based on FreeBSD, and so we decided to look at >> dummynet to >> support our requirement. We could not use dummynet as such because it >> uses >> ipfw for packet classification, where packet classification (and pipe >> selection) is done in kernel based on tcp/ip parameters like IP and port. >> >> >> >> So we decided to extended dummynet/ipfw to support packet >> classification in >> userspace. >> >> Our idea is to extended socket structure to have a pipe number and have a >> setsockoption to associate the pipe number to a socket structure. Then >> have >> a new ipfw target (mappedpipe), which will pass the packet to dummynet >> (similar to pipe target) but with the pipe number in the socket >> structure if >> it is non-zero. >> >> >> >> I would like to know your comments on this proposal and if people are >> interested, I will be happy to submit a patch on this. >> >> > I think it would be a very useful capability to apply a dummynet pipe to > a stream. > > My thinking was that it would be nice to be able to build a dynamic > table of connections in ipfw and then ipfw could pass packets that > matched the dynamic connections list through a specified dummynet pipe. > I think that is different than your design, though -- as I understand > it, your design would apply dummynet to packets written to a socket. > > Guy What they want to do is what I was going to do before I "left" there .. which is to allow a userland process (e.g. proxy) classify the session using some un-named method , assign some session key to the socket that can be attached to the mbufs in some way as they are generated. an in-kernel flow control module (e.g. dummynet) could then be left to enforce the bandwidth usage by that session. When I originally laid this out I thought we'd need the following parts working to allow this to happen: * ioctl to add value to a new field in the socket. * a place to store a copy of the field in the mbuf, OR a way to reference the one in the socket. * a way to get such packets to the right dummynet pipe. e.g. a new ipfw rule type. * A frontend to set up the pipes (not our problem).
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4ACD18E1.3040901>