Date: Fri, 9 May 2008 18:36:52 +0200 From: "=?ISO-8859-1?Q?Ermal_Lu=E7i?=" <ermal.luci@gmail.com> To: "Derek (freebsd-ipfw)" <482254ac@razorfever.net> Cc: freebsd-ipfw@freebsd.org, freebsd-net@freebsd.org Subject: Re: Dummynet, gif, and ipsec Message-ID: <9a542da30805090936l222a58bcy5b926cba01d62ce6@mail.gmail.com> In-Reply-To: <48247901.3000706@razorfever.net> References: <9a542da30805080844t395c8c81sd313fc2fd1780fcb@mail.gmail.com> <48247901.3000706@razorfever.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, May 9, 2008 at 6:17 PM, Derek (freebsd-ipfw) <482254ac@razorfever.net> wrote: > Ermal Lu=E7i wrote: >> >> Well this is a patch to shape IPSec tunnels with ALTQ and FreeBSD 6.3 >> as you are running. It is another alternative to dummynet though it >> have been tested with pf but should work with ipfw too since it knows >> about ALTQ. >> Hope it helps! >> > > Hi Ermal, > > Thanks for the response! > > I'm looking to roll this out on 5-7 machines, so I'm really looking for a > solution where we wouldn't have to make changes to the kernel code and wo= uld > be supported by the base system moving forward. > > Are you planning to submit a PR with this patch? > > Also are the m_tag, or altq_tag the same tags created with the ipfw tag > command? > As far as i am aware this should be transparent to ipfw. Meaning it should work since ipfw speaks ALTQ tags so no problems should arise. It is in use in production machines as a patch so you can be sure it works reliably. I can submit the PR but i think it is better if somebody with ipsec competence comments about its eligibility. I CC'd freebsd-net@ so somebody will speak for this more rather than place it on PR that nobody would look at. Ermal > -- Derek >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9a542da30805090936l222a58bcy5b926cba01d62ce6>