From owner-freebsd-questions@FreeBSD.ORG  Mon Mar 22 09:30:54 2010
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 855FC106566B
	for <freebsd-questions@freebsd.org>;
	Mon, 22 Mar 2010 09:30:54 +0000 (UTC)
	(envelope-from nvass9573@gmx.com)
Received: from mailout-eu.gmx.com (mailout-eu.gmx.com [213.165.64.42])
	by mx1.freebsd.org (Postfix) with SMTP id CED698FC18
	for <freebsd-questions@freebsd.org>;
	Mon, 22 Mar 2010 09:30:53 +0000 (UTC)
Received: (qmail invoked by alias); 22 Mar 2010 09:30:51 -0000
Received: from unknown (EHLO moby.local) [91.140.121.144]
	by mail.gmx.com (mp-eu004) with SMTP; 22 Mar 2010 10:30:51 +0100
X-Authenticated: #46156728
X-Provags-ID: V01U2FsdGVkX18TSTgYZmMTLQxIedHfmByB6Pp/lAF1fV6Vz0PuNA
	YDOqNkwhPCBBDT
Message-ID: <4BA738C8.9080407@gmx.com>
Date: Mon, 22 Mar 2010 11:30:48 +0200
From: Nikos Vassiliadis <nvass9573@gmx.com>
User-Agent: Thunderbird 2.0.0.23 (X11/20100313)
MIME-Version: 1.0
To: Dan Naumov <dan.naumov@gmail.com>
References: <cf9b1ee01003210653l668377b7lc9002ebc68ff063d@mail.gmail.com>
In-Reply-To: <cf9b1ee01003210653l668377b7lc9002ebc68ff063d@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Y-GMX-Trusted: 0
X-FuHaFi: 0.60999999999999999
Cc: freebsd-questions@freebsd.org
Subject: Re: sftp server with speed throttling
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Mar 2010 09:30:54 -0000

Dan Naumov wrote:
> What are my options if I want to run an sftp server with speed
> throttling? My understanding is that openssh (which includes sftp) in
> base does not support this directly, so I would have to either use a
> custom kernel with ALTQ (and I would really rather stick to GENERIC so
> I can use freebsd-update) which sounds like a bit too much
> configuration work or pass sftp traffic through PF and throttle it
> (ugly, would also affect ssh traffic).

You could examine the possibility of using ipfw and dummynet:
1) ipfw and dummynet are availabe in the GENERIC kernel.
2) Most of the time you can classify bulk/interactive traffic
	by examining the packet's length. IP packets carrying
	sftp traffic tend to be limited by MTU size or PMTU
	discovery. IP packets carrying ssh traffic tend to be
	much smaller.

Nikos