From owner-freebsd-net@FreeBSD.ORG Sat Aug 2 11:34:09 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D787E1065676 for ; Sat, 2 Aug 2008 11:34:09 +0000 (UTC) (envelope-from ermal.luci@gmail.com) Received: from ik-out-1112.google.com (ik-out-1112.google.com [66.249.90.181]) by mx1.freebsd.org (Postfix) with ESMTP id 6A3A28FC12 for ; Sat, 2 Aug 2008 11:34:07 +0000 (UTC) (envelope-from ermal.luci@gmail.com) Received: by ik-out-1112.google.com with SMTP id c30so2654274ika.3 for ; Sat, 02 Aug 2008 04:34:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:cc:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=ohHNjznX582X2+Vw3hW3BzYS39R3d+pD+YpkXZTgGys=; b=O8fIV01wjYuJQZyY4PSJ7AFr6NTiLc86bo69K3/OOofC1zz/vgtcDJVj/C/hG5hg5i ndmlD43CzZHRnaLK+7hSv2R5ecaUXiMxeOihYWmLi80/GnIBdzCGxWCl+7BLm5tVNQMd 8LDl1BDAjvUBEKdaGIL+WzhppSaCLl1Oc0AY8= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=o4/EsCDDQMDhRWx80lFXiZaCgUn/D5X9Xd40DD8eOS9QOzcoVoYvhiPJmaIp4fMWMV TFHaR16+c00BMIP0Mv0LS9joVXOanzvlaxetCoAXZOtFZUoqkGGkYmaUjZfGHFkYdaje fvCj0SPC6a9B2mh7YIgfEKTEEHWBkakX53+xQ= Received: by 10.210.75.6 with SMTP id x6mr14090204eba.120.1217676846369; Sat, 02 Aug 2008 04:34:06 -0700 (PDT) Received: by 10.210.116.17 with HTTP; Sat, 2 Aug 2008 04:34:06 -0700 (PDT) Message-ID: <9a542da30808020434w4954924dued75202ad34d44ba@mail.gmail.com> Date: Sat, 2 Aug 2008 13:34:06 +0200 From: "=?ISO-8859-1?Q?Ermal_Lu=E7i?=" To: "Mike Makonnen" In-Reply-To: <489445F8.3080100@wubethiopia.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <48918DB5.7020201@wubethiopia.com> <489224F2.3050508@yan.com.br> <4892E456.5080408@wubethiopia.com> <20080801094626.18943vxiypbkcts0@econet.encontacto.net> <48932D3E.7090709@freebsdbrasil.com.br> <489445F8.3080100@wubethiopia.com> Cc: Patrick Tracanelli , freebsd-net@freebsd.org Subject: Re: Application layer classifier for ipfw X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 02 Aug 2008 11:34:10 -0000 On Sat, Aug 2, 2008 at 1:33 PM, Mike Makonnen wrote: > Patrick Tracanelli wrote: >> >> eculp escreveu: >>> >>> Quoting Mike Makonnen : >>> >>>> Daniel Dias Gon=E7alves wrote: >>>>> >>>>> You will go to develop a version to work with PF ? >>>>> >>>> I don't know what's needed to get it to work with pf, but if it's not >>>> too >>>> much work, sure. >>> >>> That would be great, Mike. I'm seeing more and more bandwidth being us= ed >>> with p2p that I haven't been able to control with pf. The thought has >>> entered my mind to change back to ipfw that I used for many years befor= e >>> changing to pf maybe 3 years ago. I also found dummynet to be easy and >>> practical to set up for both incoming and outgoing connections. Someth= ing >>> else I haven't figured out how to do the same with altq, if even possib= le. >>> In fact, if I am able to control p2p with pf I may not even need >>> bidirectional bandwidth limits. As for pf(4) i have mostly finished divert support on pf. The number on the protocol means a dummynet queue/pipe instead of a rule number for ipfw. Surely with dummynet(4) support into pf(4) too. I will polish the patch and post it later on. >>> >>> Thanks for sharing your very practical solution to a real world problem= . >>> Have a great weekend. >> >> If it could be rewritten as a netgaph node, maybe it could tag the >> classified packets, and tagging be compatible with both pf and ipfw (und= er >> discretionary user choice with configuration switchs), so both ipfw or p= f >> could be used. > This means doing regex in kernel or just a daemon as mpd on top of netgraph= ? > I'll look into this when I have time. >> >> However a lot of work has to be done before. It works better on i386 tha= n >> amd64 right now, wont compile on RELENG_6 without modifying some gcc twe= aks, >> etc. > > Do you have a patch :-) ? Barring that, can you email me a copy of the bu= ild > output? >> >> I hope enhacing it can be a GSoC project in the future, or we (community= ) >> can raise some funds to make it happen faster. It is really a long-time >> needed feature to FreeBSD. >> > > Cheers. > > -- > Mike Makonnen | GPG-KEY: http://people.freebsd.org/~mtm/mtm.asc > mtm @ FreeBSD.Org | AC7B 5672 2D11 F4D0 EBF8 5279 5359 2B82 7CD4 1F55 > FreeBSD | http://www.freebsd.org > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > --=20 Ermal