Date: Sun, 28 Apr 2002 13:15:50 +0200 From: Andre Albsmeier <andre.albsmeier@mchp.siemens.de> To: Luigi Rizzo <rizzo@icir.org> Cc: Andre Albsmeier <andre.albsmeier@mchp.siemens.de>, freebsd-ipfw@FreeBSD.ORG Subject: Re: bandwith shaping only for big tcp packets Message-ID: <20020428131550.A53001@curry.mchp.siemens.de> In-Reply-To: <20020427231528.B63189@iguana.icir.org>; from rizzo@icir.org on Sat, Apr 27, 2002 at 11:15:28PM -0700 References: <20020425095301.A18975@curry.mchp.siemens.de> <20020427231528.B63189@iguana.icir.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 27-Apr-2002 at 23:15:28 -0700, Luigi Rizzo wrote: > On Thu, Apr 25, 2002 at 09:53:01AM +0200, Andre Albsmeier wrote: > > I would like to do something like: > > > > ipfw add 2000 pipe 1 tcp from 192.168.128.4/32 to any len gt 100 > > ipfw pipe 1 config bw 4KBytes/s queue 4KBytes > > > > This would mean that only packets which are bigger than 100 bytes > > will be fed to pipe 1. > > > > Any ideas? > > well you'd need to write the necessary extensions in the > ipfw matching code to implement the "gt NN" part. Done so :-). For the reference, I have attached my changes below; they are ugly and infexible but they do what I want. Thanks, -Andre > I can partly see the point of what you are asking > (e.g. differentiating interactive ssh sessions from scp and > other bulk transfers-over-ssh stuff) but: > 1) i wonder if, for the time being, you cannot achieve the same by e.g. > looking at the PSH flag in TCP packets; > 2) it is probably about time that someone implements the ability to > run BPF code segments for packet matching in ipfw rules! > > cheers > luigi --- sys/netinet/ip_fw.c.ORI Thu Apr 25 11:14:40 2002 +++ sys/netinet/ip_fw.c Fri Apr 26 07:58:31 2002 @@ -1273,6 +1273,10 @@ if (f->fw_ipopt != f->fw_ipnopt && !ipopts_match(ip, f)) continue; + /* Check bigger */ + if (f->fw_bigger && (ip_len <= f->fw_bigger) ) + continue; + /* Check protocol; if wildcard, and no [ug]id, match */ if (f->fw_prot == IPPROTO_IP) { if (!(f->fw_flg & (IP_FW_F_UID|IP_FW_F_GID))) --- sys/netinet/ip_fw.h.ORI Thu Apr 25 11:12:34 2002 +++ sys/netinet/ip_fw.h Thu Apr 25 11:12:43 2002 @@ -155,6 +155,8 @@ #define DYN_DST_PORT 0x8 u_short conn_limit; /* # of connections for limit rule */ + + u_short fw_bigger; /* size to match against */ }; #define fw_divert_port fw_un.fu_divert_port --- sbin/ipfw/ipfw.c.ORI Thu Apr 25 10:15:12 2002 +++ sbin/ipfw/ipfw.c Thu Apr 25 11:23:19 2002 @@ -366,6 +366,10 @@ } } + if( chain->fw_bigger ) { + printf( " bigger %d", chain->fw_bigger); + } + if (chain->fw_flg & IP_FW_F_UID) { struct passwd *pwd = getpwuid(chain->fw_uid); @@ -1911,6 +1915,18 @@ " nonexistent", *av); rule.fw_gid = grp->gr_gid; ac--; av++; + } else if (!strncmp(*av, "bigger", strlen(*av))) { + char *end; + u_short len; + ac--; av++; + if (!ac) + errx(EX_USAGE, "``bigger'' requires argument"); + len = strtoul(*av, &end, 0); + ac--; av++; + if (*end != '\0') + errx(EX_DATAERR, "bigger \"%s\" is" + " no number", *av); + rule.fw_bigger = len; } else if (!strncmp(*av, "in", strlen(*av))) { rule.fw_flg |= IP_FW_F_IN; av++; ac--; To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020428131550.A53001>