Date: Sat, 02 Aug 2008 14:33:12 +0300 From: Mike Makonnen <mtm@wubethiopia.com> To: Patrick Tracanelli <eksffa@freebsdbrasil.com.br> Cc: freebsd-net@freebsd.org Subject: Re: Application layer classifier for ipfw Message-ID: <489445F8.3080100@wubethiopia.com> In-Reply-To: <48932D3E.7090709@freebsdbrasil.com.br> References: <48918DB5.7020201@wubethiopia.com> <489224F2.3050508@yan.com.br> <4892E456.5080408@wubethiopia.com> <20080801094626.18943vxiypbkcts0@econet.encontacto.net> <48932D3E.7090709@freebsdbrasil.com.br>
next in thread | previous in thread | raw e-mail | index | archive | help
Patrick Tracanelli wrote: > eculp escreveu: >> Quoting Mike Makonnen <mtm@wubethiopia.com>: >> >>> Daniel Dias Gonçalves wrote: >>>> You will go to develop a version to work with PF ? >>>> >>> I don't know what's needed to get it to work with pf, but if it's >>> not too >>> much work, sure. >> >> That would be great, Mike. I'm seeing more and more bandwidth being >> used with p2p that I haven't been able to control with pf. The >> thought has entered my mind to change back to ipfw that I used for >> many years before changing to pf maybe 3 years ago. I also found >> dummynet to be easy and practical to set up for both incoming and >> outgoing connections. Something else I haven't figured out how to do >> the same with altq, if even possible. In fact, if I am able to >> control p2p with pf I may not even need bidirectional bandwidth limits. >> >> Thanks for sharing your very practical solution to a real world >> problem. Have a great weekend. > > If it could be rewritten as a netgaph node, maybe it could tag the > classified packets, and tagging be compatible with both pf and ipfw > (under discretionary user choice with configuration switchs), so both > ipfw or pf could be used. I'll look into this when I have time. > > However a lot of work has to be done before. It works better on i386 > than amd64 right now, wont compile on RELENG_6 without modifying some > gcc tweaks, etc. Do you have a patch :-) ? Barring that, can you email me a copy of the build output? > > I hope enhacing it can be a GSoC project in the future, or we > (community) can raise some funds to make it happen faster. It is > really a long-time needed feature to FreeBSD. > Cheers. -- Mike Makonnen | GPG-KEY: http://people.freebsd.org/~mtm/mtm.asc mtm @ FreeBSD.Org | AC7B 5672 2D11 F4D0 EBF8 5279 5359 2B82 7CD4 1F55 FreeBSD | http://www.freebsd.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?489445F8.3080100>