Date: Mon, 27 Sep 2010 22:42:29 +0530 From: Paul Joe <apauljoe@gmail.com> To: John Nielsen <lists@jnielsen.net> Cc: freebsd-net@freebsd.org Subject: Re: Extending dummynet/ipfw Message-ID: <AANLkTimpSz=YaOZ-ZgXq399fhY_9uSeeG1S-B6zpg_MJ@mail.gmail.com> In-Reply-To: <0A10F8F0-5BAB-4782-87CF-91E7661D805E@jnielsen.net> References: <AANLkTi=GozyQv%2BxuXS7xT6Kzaa7XaFxAOrihKdKdnCge@mail.gmail.com> <0A10F8F0-5BAB-4782-87CF-91E7661D805E@jnielsen.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Sep 27, 2010 at 9:25 PM, John Nielsen <lists@jnielsen.net> wrote: > On Sep 27, 2010, at 11:20 AM, Paul Joe wrote: > > > I have attached a patch which allows to do flow classifications in > userland > > (e.g based on url categories, LDAP users) > > and do bandwidth control in kernel(dummynet). > > > > The patch has > > > > a) a setsocketopt, to associate a pipe to the socket. > > > > b) an ipfw option(sockarg) to redirect flows to corresponding pipe. > > > > Moreover, a member uint32_t is added to struct socket to hold the pipe > info. > > > > I guess this structure is not part of kernel userland ABI. > > > > Please let me know your comments, which I would be glad to incorporate > > This is something I have wished for in the past so I'm glad to see it. I'd > love to test it but I'm not sure what to do, especially on the userland > side. Could you post a simple ipfw ruleset that uses your patch along with > directions or a simple example program for doing the userland > classification? > 1) Create some pipes using ipfw pipe command or directly using dummynet socket option. ipfw pipe 2 config bw 100KB/sec 2) Add the generic sockarg option to redirect the traffic to pipe associated with the socket. ipfw add 100 pipe tablearg ip from any to any sockarg out 3) A sample python program could be import socket client_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) # Make the traffic flow through pipe 2. You can use any userspace logic to select any pipe you created. # you can use SO_USER_COOKIE for 0x1015 after the patch is checked in rest = client_socket.setsockopt(socket.SOL_SOCKET, 0x1015, 2); client_socket.connect(("www.google.com",80)) s = "GET\r\n" print client_socket.send(s); r = client_socket.recv(512); print r Let me know if you face any issues in testing it. Thanks, Joe > Thanks! > > JN > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTimpSz=YaOZ-ZgXq399fhY_9uSeeG1S-B6zpg_MJ>