From owner-freebsd-questions@FreeBSD.ORG  Sun Mar 21 17:31:43 2010
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 3CAB9106566C
	for <freebsd-questions@freebsd.org>;
	Sun, 21 Mar 2010 17:31:43 +0000 (UTC)
	(envelope-from m.seaman@infracaninophile.co.uk)
Received: from smtp.infracaninophile.co.uk (gate6.infracaninophile.co.uk
	[IPv6:2001:8b0:151:1::1])
	by mx1.freebsd.org (Postfix) with ESMTP id A51D38FC17
	for <freebsd-questions@freebsd.org>;
	Sun, 21 Mar 2010 17:31:42 +0000 (UTC)
Received: from seedling.black-earth.co.uk (seedling.black-earth.co.uk
	[81.187.76.163]) (authenticated bits=0)
	by smtp.infracaninophile.co.uk (8.14.4/8.14.4) with ESMTP id
	o2LHVVhS035209
	(version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO)
	for <freebsd-questions@freebsd.org>; Sun, 21 Mar 2010 17:31:38 GMT
	(envelope-from m.seaman@infracaninophile.co.uk)
Message-ID: <4BA657F3.9060400@infracaninophile.co.uk>
Date: Sun, 21 Mar 2010 17:31:31 +0000
From: Matthew Seaman <m.seaman@infracaninophile.co.uk>
Organization: Infracaninophile
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-GB;
	rv:1.9.1.8) Gecko/20100227 Thunderbird/3.0.3
MIME-Version: 1.0
To: freebsd-questions@freebsd.org
References: <cf9b1ee01003210653l668377b7lc9002ebc68ff063d@mail.gmail.com>
In-Reply-To: <cf9b1ee01003210653l668377b7lc9002ebc68ff063d@mail.gmail.com>
X-Enigmail-Version: 1.0.1
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: clamav-milter 0.95.3 at
	happy-idiot-talk.infracaninophile.co.uk
X-Virus-Status: Clean
X-Spam-Status: No, score=-1.1 required=5.0 tests=BAYES_00,DKIM_ADSP_ALL,
	SPF_FAIL autolearn=no version=3.3.0
X-Spam-Checker-Version: SpamAssassin 3.3.0 (2010-01-18) on
	happy-idiot-talk.infracaninophile.co.uk
Subject: Re: sftp server with speed throttling
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 21 Mar 2010 17:31:43 -0000

On 21/03/2010 13:53:16, Dan Naumov wrote:
> What are my options if I want to run an sftp server with speed
> throttling? My understanding is that openssh (which includes sftp) in
> base does not support this directly, so I would have to either use a
> custom kernel with ALTQ (and I would really rather stick to GENERIC so
> I can use freebsd-update) which sounds like a bit too much
> configuration work or pass sftp traffic through PF and throttle it
> (ugly, would also affect ssh traffic).

That's not an either-or.  ALTQ is PF's traffic shaping mechanism.
Unfortunately, yes, ALTQ needs to be compiled into the kernel rather
than being loaded as a .ko.  Also, PF cannot distinguish sftp traffic
from other ssh traffic: all you can do is rate limit port 22 stuff.

	Cheers,

	Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                  Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey     Ramsgate
                                                  Kent, CT11 9PW