From owner-freebsd-net@FreeBSD.ORG Fri Aug 1 15:36:29 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id ED1CC1065684 for ; Fri, 1 Aug 2008 15:36:29 +0000 (UTC) (envelope-from eksffa@freebsdbrasil.com.br) Received: from capeta.freebsdbrasil.com.br (capeta.freebsdbrasil.com.br [201.48.151.3]) by mx1.freebsd.org (Postfix) with SMTP id 40FC48FC14 for ; Fri, 1 Aug 2008 15:36:28 +0000 (UTC) (envelope-from eksffa@freebsdbrasil.com.br) Received: (qmail 23420 invoked from network); 1 Aug 2008 12:36:27 -0300 Received: by simscan 1.1.0 ppid: 23414, pid: 23415, t: 0.4314s scanners: clamav: 0.91.1/m: spam: 3.1.1 X-Spam-Checker-Version: SpamAssassin: -last, FreeBSD Brasil LTDA rulesets: Yes X-Spam-Status: No, hits=-2.1 required=3.7 Received: from unknown (HELO claire.bh.freebsdbrasil.com.br) (201.48.151.226) by capeta.freebsdbrasil.com.br with SMTP; 1 Aug 2008 12:36:27 -0300 Message-ID: <48932D3E.7090709@freebsdbrasil.com.br> Date: Fri, 01 Aug 2008 12:35:26 -0300 From: Patrick Tracanelli Organization: FreeBSD Brasil LTDA User-Agent: Thunderbird 2.0.0.0 (X11/20070612) MIME-Version: 1.0 To: freebsd-net@freebsd.org References: <48918DB5.7020201@wubethiopia.com> <489224F2.3050508@yan.com.br> <4892E456.5080408@wubethiopia.com> <20080801094626.18943vxiypbkcts0@econet.encontacto.net> In-Reply-To: <20080801094626.18943vxiypbkcts0@econet.encontacto.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit Subject: Re: Application layer classifier for ipfw X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Aug 2008 15:36:30 -0000 eculp escreveu: > Quoting Mike Makonnen : > >> Daniel Dias Gonçalves wrote: >>> You will go to develop a version to work with PF ? >>> >> I don't know what's needed to get it to work with pf, but if it's not too >> much work, sure. > > That would be great, Mike. I'm seeing more and more bandwidth being > used with p2p that I haven't been able to control with pf. The thought > has entered my mind to change back to ipfw that I used for many years > before changing to pf maybe 3 years ago. I also found dummynet to be > easy and practical to set up for both incoming and outgoing > connections. Something else I haven't figured out how to do the same > with altq, if even possible. In fact, if I am able to control p2p with > pf I may not even need bidirectional bandwidth limits. > > Thanks for sharing your very practical solution to a real world > problem. Have a great weekend. If it could be rewritten as a netgaph node, maybe it could tag the classified packets, and tagging be compatible with both pf and ipfw (under discretionary user choice with configuration switchs), so both ipfw or pf could be used. However a lot of work has to be done before. It works better on i386 than amd64 right now, wont compile on RELENG_6 without modifying some gcc tweaks, etc. I hope enhacing it can be a GSoC project in the future, or we (community) can raise some funds to make it happen faster. It is really a long-time needed feature to FreeBSD. -- Patrick Tracanelli