Date: Sun, 28 Apr 2002 13:15:50 +0200 From: Andre Albsmeier <andre.albsmeier@mchp.siemens.de> To: Luigi Rizzo <rizzo@icir.org> Cc: Andre Albsmeier <andre.albsmeier@mchp.siemens.de>, freebsd-ipfw@FreeBSD.ORG Subject: Re: bandwith shaping only for big tcp packets Message-ID: <20020428131550.A53001@curry.mchp.siemens.de> In-Reply-To: <20020427231528.B63189@iguana.icir.org>; from rizzo@icir.org on Sat, Apr 27, 2002 at 11:15:28PM -0700 References: <20020425095301.A18975@curry.mchp.siemens.de> <20020427231528.B63189@iguana.icir.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 27-Apr-2002 at 23:15:28 -0700, Luigi Rizzo wrote:
> On Thu, Apr 25, 2002 at 09:53:01AM +0200, Andre Albsmeier wrote:
> > I would like to do something like:
> >
> > ipfw add 2000 pipe 1 tcp from 192.168.128.4/32 to any len gt 100
> > ipfw pipe 1 config bw 4KBytes/s queue 4KBytes
> >
> > This would mean that only packets which are bigger than 100 bytes
> > will be fed to pipe 1.
> >
> > Any ideas?
>
> well you'd need to write the necessary extensions in the
> ipfw matching code to implement the "gt NN" part.
Done so :-). For the reference, I have attached my changes below;
they are ugly and infexible but they do what I want.
Thanks,
-Andre
> I can partly see the point of what you are asking
> (e.g. differentiating interactive ssh sessions from scp and
> other bulk transfers-over-ssh stuff) but:
> 1) i wonder if, for the time being, you cannot achieve the same by e.g.
> looking at the PSH flag in TCP packets;
> 2) it is probably about time that someone implements the ability to
> run BPF code segments for packet matching in ipfw rules!
>
> cheers
> luigi
--- sys/netinet/ip_fw.c.ORI Thu Apr 25 11:14:40 2002
+++ sys/netinet/ip_fw.c Fri Apr 26 07:58:31 2002
@@ -1273,6 +1273,10 @@
if (f->fw_ipopt != f->fw_ipnopt && !ipopts_match(ip, f))
continue;
+ /* Check bigger */
+ if (f->fw_bigger && (ip_len <= f->fw_bigger) )
+ continue;
+
/* Check protocol; if wildcard, and no [ug]id, match */
if (f->fw_prot == IPPROTO_IP) {
if (!(f->fw_flg & (IP_FW_F_UID|IP_FW_F_GID)))
--- sys/netinet/ip_fw.h.ORI Thu Apr 25 11:12:34 2002
+++ sys/netinet/ip_fw.h Thu Apr 25 11:12:43 2002
@@ -155,6 +155,8 @@
#define DYN_DST_PORT 0x8
u_short conn_limit; /* # of connections for limit rule */
+
+ u_short fw_bigger; /* size to match against */
};
#define fw_divert_port fw_un.fu_divert_port
--- sbin/ipfw/ipfw.c.ORI Thu Apr 25 10:15:12 2002
+++ sbin/ipfw/ipfw.c Thu Apr 25 11:23:19 2002
@@ -366,6 +366,10 @@
}
}
+ if( chain->fw_bigger ) {
+ printf( " bigger %d", chain->fw_bigger);
+ }
+
if (chain->fw_flg & IP_FW_F_UID) {
struct passwd *pwd = getpwuid(chain->fw_uid);
@@ -1911,6 +1915,18 @@
" nonexistent", *av);
rule.fw_gid = grp->gr_gid;
ac--; av++;
+ } else if (!strncmp(*av, "bigger", strlen(*av))) {
+ char *end;
+ u_short len;
+ ac--; av++;
+ if (!ac)
+ errx(EX_USAGE, "``bigger'' requires argument");
+ len = strtoul(*av, &end, 0);
+ ac--; av++;
+ if (*end != '\0')
+ errx(EX_DATAERR, "bigger \"%s\" is"
+ " no number", *av);
+ rule.fw_bigger = len;
} else if (!strncmp(*av, "in", strlen(*av))) {
rule.fw_flg |= IP_FW_F_IN;
av++; ac--;
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020428131550.A53001>