Date: Thu, 30 Mar 2006 14:06:36 -0800 From: Luigi Rizzo <rizzo@icir.org> To: Mikhail Teterin <mi+mx@aldan.algebra.com> Cc: net@freebsd.org, ugen@worldbank.org, archie@dellroad.org, ugen@netvision.net.il Subject: Re: Is there an API for ipfw? Message-ID: <20060330140636.A98058@xorpc.icir.org> In-Reply-To: <200603301657.43218.mi%2Bmx@aldan.algebra.com>; from mi%2Bmx@aldan.algebra.com on Thu, Mar 30, 2006 at 04:57:42PM -0500 References: <200603301657.43218.mi%2Bmx@aldan.algebra.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Mar 30, 2006 at 04:57:42PM -0500, Mikhail Teterin wrote:
> Hi!
>
> I'm writing an application that, needs to be able to quickly alter the
> bandwidth between another machine and the host.
>
> The only way I can do that -- without another machine's cooperation -- is by
> using the firewall, such as the dummynet functionality of ipfw.
>
> Is there any way to create/alter such a pipe from a C-program without using
> system("ipfw ....")?
you can surely use the setsockopt/ioctl interface that is used
by ipfw2.c - however, before doing that, i suggest that
you look at the actual time consumed by system("ipfw ....") and
how often you need to do it - if it turns out that you are
using for the task only 5% or less of the available CPU time,
in my opinion it is not worth the effort.
If you are doing it a lot more often, you should probably
also consider the effect of such frequent changes to the
pipe's configuration - e.g. pipes respond with a delay
which is inversely proportional to the bandwidth, so in
many cases still doesn't make sense to change the pipe's
rate 100 times per second.
cheers
luigi
> If not ipfw, perhaps, other firewall modules in FreeBSD-6.x?
>
> Thanks a lot!
>
> -mi
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060330140636.A98058>