Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 27 Sep 2010 22:42:29 +0530
From:      Paul Joe <apauljoe@gmail.com>
To:        John Nielsen <lists@jnielsen.net>
Cc:        freebsd-net@freebsd.org
Subject:   Re: Extending dummynet/ipfw
Message-ID:  <AANLkTimpSz=YaOZ-ZgXq399fhY_9uSeeG1S-B6zpg_MJ@mail.gmail.com>
In-Reply-To: <0A10F8F0-5BAB-4782-87CF-91E7661D805E@jnielsen.net>
References:  <AANLkTi=GozyQv%2BxuXS7xT6Kzaa7XaFxAOrihKdKdnCge@mail.gmail.com> <0A10F8F0-5BAB-4782-87CF-91E7661D805E@jnielsen.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Mon, Sep 27, 2010 at 9:25 PM, John Nielsen <lists@jnielsen.net> wrote:

> On Sep 27, 2010, at 11:20 AM, Paul Joe wrote:
>
> > I have attached a patch which allows to do flow classifications in
> userland
> > (e.g based on url categories, LDAP users)
> > and do bandwidth control in kernel(dummynet).
> >
> > The patch has
> >
> > a) a setsocketopt, to associate a pipe to the socket.
> >
> > b) an ipfw option(sockarg) to redirect flows to corresponding pipe.
> >
> > Moreover, a member uint32_t is added to struct socket to hold the pipe
> info.
> >
> > I guess this structure is not part of kernel userland ABI.
> >
> > Please let me know your comments, which I would be glad to incorporate
>
> This is something I have wished for in the past so I'm glad to see it. I'd
> love to test it but I'm not sure what to do, especially on the userland
> side. Could you post a simple ipfw ruleset that uses your patch along with
> directions or a simple example program for doing the userland
> classification?
>

1) Create some pipes using ipfw pipe command or directly using dummynet
socket option.

ipfw pipe 2 config bw 100KB/sec

2) Add the generic sockarg option to redirect the traffic
to pipe associated with the socket.

ipfw add 100 pipe tablearg ip from any to any sockarg out

3)  A sample python program could be

import socket
client_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

# Make the traffic flow through pipe 2.  You can use any userspace logic to
select any pipe you created.
# you can use SO_USER_COOKIE for 0x1015 after the patch is checked in

rest = client_socket.setsockopt(socket.SOL_SOCKET, 0x1015, 2);

client_socket.connect(("www.google.com",80))
s = "GET\r\n"
print client_socket.send(s);
r = client_socket.recv(512);
print r

Let me know if you face any issues in testing it.


Thanks,
Joe




> Thanks!
>
> JN
>
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTimpSz=YaOZ-ZgXq399fhY_9uSeeG1S-B6zpg_MJ>