From owner-freebsd-net@FreeBSD.ORG Wed Jun 23 15:10:03 2004 Return-Path: <owner-freebsd-net@FreeBSD.ORG> Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 819DE16A4CE for <freebsd-net@freebsd.org>; Wed, 23 Jun 2004 15:10:03 +0000 (GMT) Received: from odin.ac.hmc.edu (Odin.AC.HMC.Edu [134.173.32.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id 60A3F43D4C for <freebsd-net@freebsd.org>; Wed, 23 Jun 2004 15:10:03 +0000 (GMT) (envelope-from brdavis@odin.ac.hmc.edu) Received: from odin.ac.hmc.edu (IDENT:brdavis@localhost.localdomain [127.0.0.1]) by odin.ac.hmc.edu (8.12.10/8.12.10) with ESMTP id i5NF9uOF015797; Wed, 23 Jun 2004 08:09:56 -0700 Received: (from brdavis@localhost) by odin.ac.hmc.edu (8.12.10/8.12.3/Submit) id i5NF9u71015796; Wed, 23 Jun 2004 08:09:56 -0700 Date: Wed, 23 Jun 2004 08:09:56 -0700 From: Brooks Davis <brooks@one-eyed-alien.net> To: Takashi Okumura <taka@cs.pitt.edu> Message-ID: <20040623150955.GA15320@Odin.AC.HMC.Edu> References: <40D8FF41.6392C8F7@cs.pitt.edu> <1087973537.32330.58.camel@localhost> <40D92F33.7B54B5C4@cs.pitt.edu> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="envbJBWh7q8WU6mo" Content-Disposition: inline In-Reply-To: <40D92F33.7B54B5C4@cs.pitt.edu> User-Agent: Mutt/1.5.4i cc: Paul Querna <chip@force-elite.com> cc: freebsd-net@freebsd.org Subject: Re: Rate Limiting Per-Socket X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org> List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>, <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net> List-Post: <mailto:freebsd-net@freebsd.org> List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help> List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>, <mailto:freebsd-net-request@freebsd.org?subject=subscribe> X-List-Received-Date: Wed, 23 Jun 2004 15:10:03 -0000 --envbJBWh7q8WU6mo Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jun 23, 2004 at 03:20:19AM -0400, Takashi Okumura wrote: > hi, >=20 >=20 > Paul Querna wrote: > >=20 > > On Tue, 2004-06-22 at 23:55 -0400, Takashi Okumura wrote: > > > hi, > > > > > > please take a look at mod_netnice. it uses netnice, another in-kernel > > > traffic control primitive on the platform. since you can control each > > > socket with netnice, i think it's easy to extend the module to meet > > > your needs. > > > > > > http://www.netnice.org/app_modnetnice.html > > > > >=20 > > Wow, that is a very neat project! > >=20 > > Is there any chance of netnice being added to mainstream FreeBSD, > > perhaps in the 5.x tree? >=20 > we are currently preparing to port the module to Linux, NetBSD, MacOS X, > and OpenBSD, as well as to 5.x. but, since the workforce is quite limited, > it will take several months to finish the porting to 5.x. it should be > easy, but, i realized that somebody has totally changed its procfs > implementation, which the API of netnice relies upon. so, it will take > a bit longer than it should be. if some of you might help us, that would > be great. >=20 > regarding the contribution to the mainstream FreeBSD, yes, we would love = to. > but, i'm a bit pessimistic about that option, simply because it looks too > radical, at this point. maybe after we finish the porting to the major > platforms, and the communities realize its scope and advantage, of having > a multi-platform primitive for end-host oriented network control, we may > start pursuing the option. but, that will be a future story. we still > need to translate many documents for developers, and need to provide > many netnice applications. so... I think netnice looks really neat. Use of /proc would definaly limit the utility of integrating the code. We don't enable procfs by default because it's too hard to get procfs code right as the list of procfs security advisories demonstrates (not just on FreeBSD, but Linux, Solaris, etc.). -- Brooks --=20 Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 --envbJBWh7q8WU6mo Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFA2Z1DXY6L6fI4GtQRAr5QAJ4+Zah42pbdvjYJSMNguxxGHZRIfQCdFduy Ndef6ydqXoUrMxIZU1SWO+4= =VwRA -----END PGP SIGNATURE----- --envbJBWh7q8WU6mo--