From owner-freebsd-net@FreeBSD.ORG Fri May 9 16:36:52 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B03BA1065672 for ; Fri, 9 May 2008 16:36:52 +0000 (UTC) (envelope-from ermal.luci@gmail.com) Received: from rv-out-0506.google.com (rv-out-0506.google.com [209.85.198.233]) by mx1.freebsd.org (Postfix) with ESMTP id 83B228FC0C for ; Fri, 9 May 2008 16:36:52 +0000 (UTC) (envelope-from ermal.luci@gmail.com) Received: by rv-out-0506.google.com with SMTP id b25so2169262rvf.43 for ; Fri, 09 May 2008 09:36:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=O2FZVl01MnieqbXpDbcj11E69G0cXc3MHJEY5DJG9DI=; b=W/jVpaJRBI1ZmexjKmkbzjKSv8vaxsiiOiF78/tXA51i7Cre4SiOHyC1jheSeGSy8t7/9ZICeYuucfxY6y72RrcphBVY6LfDssy2lpvXpeuiMvp1P/1bRTjHl3r/F4dzIZ3vLF6fLIlcD/mdWIc9Rh3v02nx/PcQyvGEuKBOt9o= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=wTITpz8W70BbAvvy+0xSEs3WsrTiQSgPuWNWU2wTfBE5Cyurm/64l0jPwI9FfTLGW0+3WdXs8TLK9M6y0YwhetU6MM7h6O1/MJvH5B7i1EfLrhrcP8RxkfYoLmzqDyebDmJ/N6QmzKnjbMsA5GfoXGRTRHxERU+apuGvWmaJfgU= Received: by 10.141.76.21 with SMTP id d21mr2249445rvl.242.1210351012287; Fri, 09 May 2008 09:36:52 -0700 (PDT) Received: by 10.140.135.3 with HTTP; Fri, 9 May 2008 09:36:52 -0700 (PDT) Message-ID: <9a542da30805090936l222a58bcy5b926cba01d62ce6@mail.gmail.com> Date: Fri, 9 May 2008 18:36:52 +0200 From: "=?ISO-8859-1?Q?Ermal_Lu=E7i?=" To: "Derek (freebsd-ipfw)" <482254ac@razorfever.net> In-Reply-To: <48247901.3000706@razorfever.net> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <9a542da30805080844t395c8c81sd313fc2fd1780fcb@mail.gmail.com> <48247901.3000706@razorfever.net> Cc: freebsd-ipfw@freebsd.org, freebsd-net@freebsd.org Subject: Re: Dummynet, gif, and ipsec X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 May 2008 16:36:52 -0000 On Fri, May 9, 2008 at 6:17 PM, Derek (freebsd-ipfw) <482254ac@razorfever.net> wrote: > Ermal Lu=E7i wrote: >> >> Well this is a patch to shape IPSec tunnels with ALTQ and FreeBSD 6.3 >> as you are running. It is another alternative to dummynet though it >> have been tested with pf but should work with ipfw too since it knows >> about ALTQ. >> Hope it helps! >> > > Hi Ermal, > > Thanks for the response! > > I'm looking to roll this out on 5-7 machines, so I'm really looking for a > solution where we wouldn't have to make changes to the kernel code and wo= uld > be supported by the base system moving forward. > > Are you planning to submit a PR with this patch? > > Also are the m_tag, or altq_tag the same tags created with the ipfw tag > command? > As far as i am aware this should be transparent to ipfw. Meaning it should work since ipfw speaks ALTQ tags so no problems should arise. It is in use in production machines as a patch so you can be sure it works reliably. I can submit the PR but i think it is better if somebody with ipsec competence comments about its eligibility. I CC'd freebsd-net@ so somebody will speak for this more rather than place it on PR that nobody would look at. Ermal > -- Derek >