From owner-freebsd-net@FreeBSD.ORG Sat Aug 2 11:27:18 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 00CB9106567B for ; Sat, 2 Aug 2008 11:27:18 +0000 (UTC) (envelope-from mtm@wubethiopia.com) Received: from dire.wubethiopia.com (j071.v.rootbsd.net [208.79.82.223]) by mx1.freebsd.org (Postfix) with ESMTP id CBAC78FC12 for ; Sat, 2 Aug 2008 11:27:17 +0000 (UTC) (envelope-from mtm@wubethiopia.com) Received: from rogue.mike.lan (unknown [213.55.65.29]) by dire.wubethiopia.com (Postfix) with ESMTPSA id 967254FDA214; Sat, 2 Aug 2008 11:27:05 +0000 (UTC) Message-ID: <489445F8.3080100@wubethiopia.com> Date: Sat, 02 Aug 2008 14:33:12 +0300 From: Mike Makonnen User-Agent: Thunderbird 2.0.0.12 (X11/20080323) MIME-Version: 1.0 To: Patrick Tracanelli References: <48918DB5.7020201@wubethiopia.com> <489224F2.3050508@yan.com.br> <4892E456.5080408@wubethiopia.com> <20080801094626.18943vxiypbkcts0@econet.encontacto.net> <48932D3E.7090709@freebsdbrasil.com.br> In-Reply-To: <48932D3E.7090709@freebsdbrasil.com.br> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit Cc: freebsd-net@freebsd.org Subject: Re: Application layer classifier for ipfw X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 02 Aug 2008 11:27:18 -0000 Patrick Tracanelli wrote: > eculp escreveu: >> Quoting Mike Makonnen : >> >>> Daniel Dias Gonçalves wrote: >>>> You will go to develop a version to work with PF ? >>>> >>> I don't know what's needed to get it to work with pf, but if it's >>> not too >>> much work, sure. >> >> That would be great, Mike. I'm seeing more and more bandwidth being >> used with p2p that I haven't been able to control with pf. The >> thought has entered my mind to change back to ipfw that I used for >> many years before changing to pf maybe 3 years ago. I also found >> dummynet to be easy and practical to set up for both incoming and >> outgoing connections. Something else I haven't figured out how to do >> the same with altq, if even possible. In fact, if I am able to >> control p2p with pf I may not even need bidirectional bandwidth limits. >> >> Thanks for sharing your very practical solution to a real world >> problem. Have a great weekend. > > If it could be rewritten as a netgaph node, maybe it could tag the > classified packets, and tagging be compatible with both pf and ipfw > (under discretionary user choice with configuration switchs), so both > ipfw or pf could be used. I'll look into this when I have time. > > However a lot of work has to be done before. It works better on i386 > than amd64 right now, wont compile on RELENG_6 without modifying some > gcc tweaks, etc. Do you have a patch :-) ? Barring that, can you email me a copy of the build output? > > I hope enhacing it can be a GSoC project in the future, or we > (community) can raise some funds to make it happen faster. It is > really a long-time needed feature to FreeBSD. > Cheers. -- Mike Makonnen | GPG-KEY: http://people.freebsd.org/~mtm/mtm.asc mtm @ FreeBSD.Org | AC7B 5672 2D11 F4D0 EBF8 5279 5359 2B82 7CD4 1F55 FreeBSD | http://www.freebsd.org