From owner-freebsd-questions@FreeBSD.ORG Mon Mar 22 09:30:54 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 855FC106566B for ; Mon, 22 Mar 2010 09:30:54 +0000 (UTC) (envelope-from nvass9573@gmx.com) Received: from mailout-eu.gmx.com (mailout-eu.gmx.com [213.165.64.42]) by mx1.freebsd.org (Postfix) with SMTP id CED698FC18 for ; Mon, 22 Mar 2010 09:30:53 +0000 (UTC) Received: (qmail invoked by alias); 22 Mar 2010 09:30:51 -0000 Received: from unknown (EHLO moby.local) [91.140.121.144] by mail.gmx.com (mp-eu004) with SMTP; 22 Mar 2010 10:30:51 +0100 X-Authenticated: #46156728 X-Provags-ID: V01U2FsdGVkX18TSTgYZmMTLQxIedHfmByB6Pp/lAF1fV6Vz0PuNA YDOqNkwhPCBBDT Message-ID: <4BA738C8.9080407@gmx.com> Date: Mon, 22 Mar 2010 11:30:48 +0200 From: Nikos Vassiliadis User-Agent: Thunderbird 2.0.0.23 (X11/20100313) MIME-Version: 1.0 To: Dan Naumov References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Y-GMX-Trusted: 0 X-FuHaFi: 0.60999999999999999 Cc: freebsd-questions@freebsd.org Subject: Re: sftp server with speed throttling X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Mar 2010 09:30:54 -0000 Dan Naumov wrote: > What are my options if I want to run an sftp server with speed > throttling? My understanding is that openssh (which includes sftp) in > base does not support this directly, so I would have to either use a > custom kernel with ALTQ (and I would really rather stick to GENERIC so > I can use freebsd-update) which sounds like a bit too much > configuration work or pass sftp traffic through PF and throttle it > (ugly, would also affect ssh traffic). You could examine the possibility of using ipfw and dummynet: 1) ipfw and dummynet are availabe in the GENERIC kernel. 2) Most of the time you can classify bulk/interactive traffic by examining the packet's length. IP packets carrying sftp traffic tend to be limited by MTU size or PMTU discovery. IP packets carrying ssh traffic tend to be much smaller. Nikos