From owner-freebsd-net@FreeBSD.ORG Sat Jul 16 15:40:43 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EEEF816A41C; Sat, 16 Jul 2005 15:40:42 +0000 (GMT) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.188]) by mx1.FreeBSD.org (Postfix) with ESMTP id 10EA243D48; Sat, 16 Jul 2005 15:40:42 +0000 (GMT) (envelope-from max@love2party.net) Received: from p54A3D1A6.dip.t-dialin.net [84.163.209.166] (helo=donor.laier.local) by mrelayeu.kundenserver.de with ESMTP (Nemesis), id 0ML29c-1DtomO2H3o-0004xu; Sat, 16 Jul 2005 17:40:40 +0200 From: Max Laier To: freebsd-ipfw@freebsd.org, Chris Dionissopoulos Date: Sat, 16 Jul 2005 17:40:32 +0200 User-Agent: KMail/1.8 References: <001c01c58a17$5dbe4a40$0100000a@R3B> In-Reply-To: <001c01c58a17$5dbe4a40$0100000a@R3B> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1851428.8rYmtsePCh"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200507161740.38234.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de login:61c499deaeeba3ba5be80f48ecc83056 Cc: freebsd-net@freebsd.org Subject: Re: Traffic quota features in IPFW X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 Jul 2005 15:40:43 -0000 --nextPart1851428.8rYmtsePCh Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Saturday 16 July 2005 17:02, Chris Dionissopoulos wrote: > Hi ppl, ( and sorry for cross posting) > > I review Andrey's Elsukov patch for adding "bound" support in ipfw, and i > decide to push a little forward this feature. Sorry to be blunt, but I don't see the point in this feature nor do I think= =20 it's a good idea. All it does is adding overhead to every packet that is=20 processed by IPFW. You might argue that this overhead is fairly little, bu= t=20 if you combine the last ten "neat to have though not really necessary"=20 features this adds up. Also the code is getting more and more hacked up. = =20 Your feature might be nicely done, but it adds to the main switch-loops=20 making them more and more unreadable until it all falls over and nobody is= =20 willing to touch the code anymore. I have seen (too) much ipfw code lately= =20 while tieing together lose ends in the IPv6-import and it's already messy=20 enough. I urge you to reconsider if we really need this. If you think we can't liv= e=20 without it, it'd be nice if you could come up with a clean(er) way to exten= d=20 IPFW with additional stuff like this without impact to performance and=20 maintainability for the common case (without the magic foobar-option of the= =20 day). Thanks. BTW: This function can be done with a three line awk-skript without any eff= ect=20 on performance. Of course you will lose some precision, but I don't see=20 applications where you have to be *that* percise. > You can see the whole picture in there: > http://www.freebsd.org/cgi/query-pr.cgi?pr=3D80642 > and there: > http://butcher.heavennet.ru/ > > In my patch, 3 new options are added: > 1. "below " (which is the same option as Andrey's "bound" option, I > just rename it) 2. "above " which is the oposite option of "below". > Match rules when the counter is above 3. "check-quota" (which is > the same option as Andrey's "check-bound" , but now applies to both "abov= e" > and "below" options). > > Notes: > 1. Patch is against releng_6. > 2. I also include a more compicated example which is (IMHO) a complete > traffic quota+shaping solution for a small (or not so small) ISP. > 3. For installation, follow the instructions Adrey publish in his webspac= e: > http://butcher.heavennet.ru/ > 4. Patch doesn't breaks ipfw ABI (today) , because adds new options at t= he > end of list. If you apply this patch in a month or so, I cannot guarantee > success. > 5. Please test, and send me your feedbacks. > > > I 'll be happy if you find usefull these features and if any developer > commits this patch in current or releng_6 branch. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart1851428.8rYmtsePCh Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) iD8DBQBC2Sp2XyyEoT62BG0RArgxAJ0ZAB+WwLvgiDOEP3Wc7pf2nbO4/gCfUkW5 1bXjQ6ki49j111y8WoclRNo= =uE28 -----END PGP SIGNATURE----- --nextPart1851428.8rYmtsePCh--