Date: Wed, 23 Jun 2004 17:28:06 -0400 (EDT) From: Robert Watson <rwatson@freebsd.org> To: Paul Querna <chip@force-elite.com> Cc: freebsd-net@freebsd.org Subject: Re: Rate Limiting Per-Socket Message-ID: <Pine.NEB.3.96L.1040623172623.79224E-100000@fledge.watson.org> In-Reply-To: <1087961988.32333.48.camel@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 22 Jun 2004, Paul Querna wrote: > I am looking at methods to rate limit a single socket to a > specific pipe or rate with FreeBSD. I would like to make an Apache > module that could do its outgoing rate limit *in* kernel, making the > module very simple, and more accurate by using the kernel todo the rate > limiting. > > I have been looking at Dummynet and pfil_hooks, but these seem to > operate only on an entire interface. I would like to have these operate > only on a socket fd that I designate. Ie a special setsockopt() would > put socket x into pipe a. This pipe 'a' was setup ahead of time to only > allow 512 kb/s. > > Is this possible with FreeBSD? Do you have any suggestions on the best > way to proceed? You might well be interested in Trickle, which is a user space traffic shaper that works via a library preload to rate limit arbitrary (dynamically linked) applications. http://monkey.org/~marius/pages/?page=trickle I've never tried it, Marius told me about it at the last USENIX Security (or maybe at LSM). It sounds pretty neat. Note that this is all in user space, but if it works well perhaps that's OK. :-) Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Senior Research Scientist, McAfee Research
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1040623172623.79224E-100000>