From owner-freebsd-ipfw Tue Sep 17 0:16:58 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 51FC137B400 for ; Tue, 17 Sep 2002 00:16:57 -0700 (PDT) Received: from iguana.icir.org (iguana.icir.org [192.150.187.36]) by mx1.FreeBSD.org (Postfix) with ESMTP id F394D43E4A for ; Tue, 17 Sep 2002 00:16:56 -0700 (PDT) (envelope-from rizzo@iguana.icir.org) Received: from iguana.icir.org (localhost [127.0.0.1]) by iguana.icir.org (8.12.3/8.11.3) with ESMTP id g8H7GrIb052426; Tue, 17 Sep 2002 00:16:53 -0700 (PDT) (envelope-from rizzo@iguana.icir.org) Received: (from rizzo@localhost) by iguana.icir.org (8.12.3/8.12.3/Submit) id g8H7Grtr052425; Tue, 17 Sep 2002 00:16:53 -0700 (PDT) (envelope-from rizzo) Date: Tue, 17 Sep 2002 00:16:53 -0700 From: Luigi Rizzo To: "Jacob S. Barrett" Cc: freebsd-ipfw Subject: Re: MAC Layer Bandwidth Limiting Message-ID: <20020917001653.A52387@iguana.icir.org> References: <3D864865.2030607@amduat.net> <3D86C25C.50104@amduat.net> <20020916230259.A51851@iguana.icir.org> <3D86CEEB.2010100@amduat.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <3D86CEEB.2010100@amduat.net>; from jbarrett@amduat.net on Mon, Sep 16, 2002 at 11:42:51PM -0700 Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Mon, Sep 16, 2002 at 11:42:51PM -0700, Jacob S. Barrett wrote: ... > > yes... in fact, the implementation of masks should be slightly revised > > so one can use more or less arbitrary fields instead of just the > > ip addresses. Next feature i guess... > > I would love for this to be a new feature soon. well, if you like to spend time on it, my idea is to accumulate bits from the packet into an opaque mask field (say a total of 128 bits) which is then used to identify the flow. This should be done somewhere in ip_dummynet() when the processing of the mask is done. > Should I just take snapshots every so often and calculate deltas from yes, in userland. Make sure that the rulesets do not change from one snapshot to the other (this includes dynamic rules) or that you correctly match rules between the two snapshots. > that. I also need to be aware of counter roll over events. What is the > max value of the byte counter in the rules and pipes stats? they are 64 bit counters. It still takes "a few years" before they overflow, even counting bits at gigabit speeds. cheers luigi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message