Date: Sun, 25 May 2008 22:18:22 -0500 From: gerryw@compvia.com To: <freebsd-pf@freebsd.org> Subject: Misc PF +ALTQ questions Message-ID: <OF9FFA7A3A.2FAF31EC-ON86257455.0010400B-86257455.00125625@it-procorp.com>
next in thread | raw e-mail | index | archive | help
Hello All, I have been looking at the possibility of doing a project to create a C API library for PF + ALTQ and possibly a higher level C++ API. I am new to these components and fairly new to FreeBSD. I have been looking at the man pages and various other docs on the topic. It would seem I can glean most of the ioctl info from the pfctl source. However, I have a few question the I haven't been able to find answers to. I apologize if these have been answered before and I have missed them. 1. Most of the examples I've seen are oriented towards a home or small office user with a DSL or cable Internet connection. My focus is more in the ISP area. I want to support the ability to hard limit bandwidth by IP and/or MAC address. I have read somewhere that MAC addresses can be used as a source, but this can only be done in bridge mode. Is this correct? 2. I can see how a queue could be crated for each IP address and the traffic from that IP sent to the appropriate queue. This would result in quite a few queues when done for an entire /24 subnet. Is there a better way to do this? I have also read somewhere that table lookups are pretty fast. Is there a way to take advantage of this fact where bandwidth limiting is concerned? 3. Would I be better off using one of the existing queueing disciplines as an example and writing some code specifically designed to do what I'm wanting to do? 4. Is there any good info on the bandwidth usage statistics provided by PF + ALTQ? I would like to do as much through the ioctl interface as possible. 5. I am also looking for a way to enumerate the IPs and MACS that are being seen by a particular interface. Again, I would like to do as much through the ioctl interface as possible. The pflog component is not really a possibility because my application will be for embedded use. Comment: I must say I am very impressed with the fact that the ioctl interface is actually provided and documented to some degree. I am really enjoying the fact that there seems to be much more doc in general in this area than of Linux. Many thanks to the folks that took the time to do this work. Thanks in advance, -G
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?OF9FFA7A3A.2FAF31EC-ON86257455.0010400B-86257455.00125625>