Date: Sat, 13 Dec 2014 16:02:52 -0200 From: eksffa@freebsdbrasil.com.br To: "Luigi Rizzo" <rizzo@iet.unipi.it>, "Brett Glass" <brett@lariat.net> Cc: John Nielsen <lists@jnielsen.net>, "freebsd-net@freebsd.org" <net@freebsd.org> Subject: Re: Can DUMMYNET handle weighting of traffic according to firewall rules? Message-ID: <028d142b3a17cd5ffd5f21c6f9b9d6daaa8e2780@webmail.freebsdbrasil.com.br> In-Reply-To: <CA%2BhQ2%2BgNZmMbo0-2fgS49mCNV7nTFDkBpHAzUDg8JoiUfsY5tg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
----- Menssagem Original -----=0ADe: "Luigi Rizzo" =0APara:"Brett Glass"= =0AC=C3=B3pia:"John Nielsen" , "freebsd-net@freebsd.org" =0AEnviado:Sat= , 13 Dec 2014 19:15:52 +1100=0AAssunto:Can DUMMYNET handle weighting of= traffic according to firewall=0Arules?=0A=0A On Saturday, December 13,= 2014, Brett Glass wrote:=0A=0A > At 10:35 AM 12/12/2014, John Nielsen= wrote:=0A >=0A > Is there a reason you can't use a separate pipe for ea= ch direction?=0A >>=0A >=0A > We want to limit the total amount of bandw= idth consumed, based on=0Athe=0A > formula 2U + D track of the sum.=0A= >=0A > What I need (and am not sure if DUMMYNET can currently supply) i= s a=0Apipe=0A > that allows you to feed it a packet and say, "Count this= X times=0Atoward the=0A > bandwidth limit."=0A=0A >=0A No, as it is now= dummynet cannot do what you ask. It would be a=0Aone-line=0A change in= the kernel, plus the part to handle passing the extra=0Aparameter=0A (w= e could call it "cost") to the queue's configuration.=0A=0A As usual, th= e UI is 10+ times bigger than the code doing the actual=0Awork=0A (thoug= h one could rightly blame the existing UI for not being=0Adesigned for= =0A extensibility).=0A=0A Cheers=0A Luigi=0A=0A -- =0A -----------------= ------------------------+-------------------------------=0A Prof. Luigi= RIZZO, rizzo@iet.unipi.it . Dip. di Ing.=0Adell'Informazione=0A http://= www.iet.unipi.it/~luigi/ . Universita` di Pisa=0A TEL +39-050-2211611 .= via Diotisalvi 2=0A Mobile +39-338-6809875 . 56122 PISA (Italy)=0A ----= -------------------------------------+-------------------------------=0A= =0AAs I understand the problem, there are many ways to do this without= =0Aactually using any special feature on dummynet. From tagging a traffi= c=0Atwice and feeding both tagged flows to the same pipe, to the easiest= =0Aand possibily lighter approach of disabling one pass and feeding the= =0Atraffic twice to the same pipe.=0A=0AI did a simple lazy experiment:= =0A=0A# ipfw disable one_pass=0A# ipfw add 1 pipe 1 all from any 22 to m= e=0A00001 pipe 1 ip from any 22 to me=0A# ipfw add 2 pipe 1 all from any= 22 to me=0A00002 pipe 1 ip from any 22 to me=0A# ipfw pipe 1 config bw= 256Kbit/s=0A=0A# scp proapps@serveruL800:/tmp/teste.bin /dev/null=0A=0A= Password for proapps@serveruL800:=0Ateste.bin=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=0A0%=C2=A0 976KB=C2=A0 16.4KB/s 3:27:02 ETA=0A^C= =0AKilled by signal 2.=0A=0ASo we have 16KB, (*8 =3D 128Kb, half the pip= e configured bw since=0Apackets were injected twice).=0A=0A# ipfw delete= 2=0A# scp proapps@serveruL800:/tmp/teste.bin /dev/null=0APassword for p= roapps@serveruL800:=0Ateste.bin=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=0A1% 3408KB=C2=A0 31.4KB/s 1:54:00 ETA^CKilled by signal 2.=0A= =0AAnd now you have 31.4M, roughly 256Kbit/s (configured pipe bw).=0A=0A= So may you should try something like that:=0A=0Aipfw delete 1-2=0Aipfw a= dd 1 queue 1 all from any 22 to me=0Aipfw add 2 queue 1 all from any 22= to me=0Aipfw add 3 queue 2 all from me to any 22=0A=0Aipfw queue 1 conf= ig pipe 1 weight 5=0Aipfw queue 2 config pipe 1 weight 5=0Aipfw pipe 1 c= onfig bw 256Kbit/s=0Aipfw sched 1 config type QFQ=0A=0A# ipfw sched 1 sh= ow=0A00001: 256.000 Kbit/s=C2=A0=C2=A0=C2=A0 0 ms burst 0=0A=C2=A0sched= 1 type QFQ flags 0x0 0 buckets 0 active=0A=C2=A0=C2=A0 Children flowset= s: 2 1=0A=0A# ipfw queue 1-2 show=0Aq00001=C2=A0 50 sl. 0 flows (1 bucke= ts) sched 1 weight 5 lmax 1500 pri 0=0Adroptail=0Aq00002=C2=A0 50 sl. 0= flows (1 buckets) sched 1 weight 5 lmax 1500 pri 0=0Adroptail=0A=0ASo t= here's a single pipe, two flowsets, but flowset 1 is injected=0Atwice.= =0A=0AIs that what you wanted?=0A=0A--=0APatrick Tracanelli=0A=0A-------= ------------------=0AEmail sent using ProApps
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?028d142b3a17cd5ffd5f21c6f9b9d6daaa8e2780>