Date: Sat, 2 Aug 2008 13:34:06 +0200 From: "=?ISO-8859-1?Q?Ermal_Lu=E7i?=" <ermal.luci@gmail.com> To: "Mike Makonnen" <mtm@wubethiopia.com> Cc: Patrick Tracanelli <eksffa@freebsdbrasil.com.br>, freebsd-net@freebsd.org Subject: Re: Application layer classifier for ipfw Message-ID: <9a542da30808020434w4954924dued75202ad34d44ba@mail.gmail.com> In-Reply-To: <489445F8.3080100@wubethiopia.com> References: <48918DB5.7020201@wubethiopia.com> <489224F2.3050508@yan.com.br> <4892E456.5080408@wubethiopia.com> <20080801094626.18943vxiypbkcts0@econet.encontacto.net> <48932D3E.7090709@freebsdbrasil.com.br> <489445F8.3080100@wubethiopia.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Aug 2, 2008 at 1:33 PM, Mike Makonnen <mtm@wubethiopia.com> wrote: > Patrick Tracanelli wrote: >> >> eculp escreveu: >>> >>> Quoting Mike Makonnen <mtm@wubethiopia.com>: >>> >>>> Daniel Dias Gon=E7alves wrote: >>>>> >>>>> You will go to develop a version to work with PF ? >>>>> >>>> I don't know what's needed to get it to work with pf, but if it's not >>>> too >>>> much work, sure. >>> >>> That would be great, Mike. I'm seeing more and more bandwidth being us= ed >>> with p2p that I haven't been able to control with pf. The thought has >>> entered my mind to change back to ipfw that I used for many years befor= e >>> changing to pf maybe 3 years ago. I also found dummynet to be easy and >>> practical to set up for both incoming and outgoing connections. Someth= ing >>> else I haven't figured out how to do the same with altq, if even possib= le. >>> In fact, if I am able to control p2p with pf I may not even need >>> bidirectional bandwidth limits. As for pf(4) i have mostly finished divert support on pf. The number on the protocol means a dummynet queue/pipe instead of a rule number for ipfw. Surely with dummynet(4) support into pf(4) too. I will polish the patch and post it later on. >>> >>> Thanks for sharing your very practical solution to a real world problem= . >>> Have a great weekend. >> >> If it could be rewritten as a netgaph node, maybe it could tag the >> classified packets, and tagging be compatible with both pf and ipfw (und= er >> discretionary user choice with configuration switchs), so both ipfw or p= f >> could be used. > This means doing regex in kernel or just a daemon as mpd on top of netgraph= ? > I'll look into this when I have time. >> >> However a lot of work has to be done before. It works better on i386 tha= n >> amd64 right now, wont compile on RELENG_6 without modifying some gcc twe= aks, >> etc. > > Do you have a patch :-) ? Barring that, can you email me a copy of the bu= ild > output? >> >> I hope enhacing it can be a GSoC project in the future, or we (community= ) >> can raise some funds to make it happen faster. It is really a long-time >> needed feature to FreeBSD. >> > > Cheers. > > -- > Mike Makonnen | GPG-KEY: http://people.freebsd.org/~mtm/mtm.asc > mtm @ FreeBSD.Org | AC7B 5672 2D11 F4D0 EBF8 5279 5359 2B82 7CD4 1F55 > FreeBSD | http://www.freebsd.org > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > --=20 Ermal
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9a542da30808020434w4954924dued75202ad34d44ba>