From owner-freebsd-ipfw Mon Jan 29 16: 0:24 2001 Delivered-To: freebsd-ipfw@freebsd.org Received: from iguana.aciri.org (iguana.aciri.org [192.150.187.36]) by hub.freebsd.org (Postfix) with ESMTP id 84E1B37B69E; Mon, 29 Jan 2001 16:00:01 -0800 (PST) Received: (from rizzo@localhost) by iguana.aciri.org (8.11.1/8.11.1) id f0TNxOU48488; Mon, 29 Jan 2001 15:59:24 -0800 (PST) (envelope-from rizzo) From: Luigi Rizzo Message-Id: <200101292359.f0TNxOU48488@iguana.aciri.org> Subject: Re: bandwidth analyser In-Reply-To: <4.3.2.7.0.20010130000929.00c80a20@mail.bsdchicks.com> from "Rogier R. Mulhuijzen" at "Jan 30, 2001 0:15:34 am" To: drwilco@drwilco.nl (Rogier R. Mulhuijzen) Date: Mon, 29 Jan 2001 15:59:14 -0800 (PST) Cc: erwan@netvalue.com, roman@IPricot.com, freebsd-ipfw@FreeBSD.ORG, freebsd-net@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL43 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > There's one downside though. You can get statistics from the bridge node on > packets and octects passed through the different parts of the bridge > setyup, but it's not IP based. Also using that bridging code there's no > bandwidth throttling or IPFW rule matching yet. > > Vitaly Belekhov wrote BW throttling and ipfw netgraph nodes for 3.X, and I > will be porting those to 5.X-CURRENT over the next few weeks. > > Using those you could get statistics really quickly by using libnetgraph > and querying the nodes yourself with some C code instead of shell/perl > scripting. the real problem with any approach is that if you have very many flows, you have to fetch all the info every time you want to update your statistics. The ipfw implementation which is in the kernel now really does not help you there, because the stats are spread over lists and hash tables, and on top of this the data structure evolves dynamically as pkts come in, so you need to hold a lock while navigating on it. This is why you do not want to download the stats 10-20 times per second, at least with this architecture. I do not have a good solution in mind other than maybe change the data structures so that the flow descriptors (at least the part with the flow identifier and the stats) are in a contiguous chunk of memory whose only variable part is the size. This way you can either mmap the block, or copyout() it without having to get a lock. cheers luigi ----------------------------------+----------------------------------------- Luigi RIZZO, luigi@iet.unipi.it . ACIRI/ICSI (on leave from Univ. di Pisa) http://www.iet.unipi.it/~luigi/ . 1947 Center St, Berkeley CA 94704 Phone: (510) 666 2927 ----------------------------------+----------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message