Date: Fri, 08 Sep 2000 10:48:27 -0700 From: Julian Elischer <julian@elischer.org> To: Luigi Rizzo <luigi@info.iet.unipi.it> Cc: Paul Herman <pherman@frenchfries.net>, Ramses Smeyers <fatman@khk.org>, freebsd-net@FreeBSD.ORG Subject: Re: useripacct Message-ID: <39B9266B.41C67EA6@elischer.org> References: <200009081126.NAA33256@info.iet.unipi.it>
next in thread | previous in thread | raw e-mail | index | archive | help
Luigi Rizzo wrote:
>
> > ipfw doesn't implement quotas, but yes you would have to have a
> > separate rule for each uid/gid -- agreed, not so efficient for ipfw to
> > do.
>
> Not really.
> There are several pieces now in ipfw/dummynet which can generate
> rules and pipes from a template, (see the keep-state rules and the
> "mask" specifier in dummynet pipes), so the implementation of
> per-uid quotas would be efficient and rather trivial (basically a
> small modification to dynamic pipes where you just check the quota).
>
> > Other than that, I can imagine an optional external daemon similar to
> > natd(8) which enforces network quotas via a "divert" ipfw rule.
>
> killing performance in the meantime...
write a netgraph module to do it..
>
> cheers
> luigi
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-net" in the body of the message
--
__--_|\ Julian Elischer
/ \ julian@elischer.org
( OZ ) World tour 2000
---> X_.---._/ presently in: Perth
v
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?39B9266B.41C67EA6>