Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 17 Sep 2002 00:16:53 -0700
From:      Luigi Rizzo <rizzo@icir.org>
To:        "Jacob S. Barrett" <jbarrett@amduat.net>
Cc:        freebsd-ipfw <freebsd-ipfw@FreeBSD.ORG>
Subject:   Re: MAC Layer Bandwidth Limiting
Message-ID:  <20020917001653.A52387@iguana.icir.org>
In-Reply-To: <3D86CEEB.2010100@amduat.net>; from jbarrett@amduat.net on Mon, Sep 16, 2002 at 11:42:51PM -0700
References:  <3D864865.2030607@amduat.net> <3D86C25C.50104@amduat.net> <20020916230259.A51851@iguana.icir.org> <3D86CEEB.2010100@amduat.net>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On Mon, Sep 16, 2002 at 11:42:51PM -0700, Jacob S. Barrett wrote:
...
> > yes... in fact, the implementation of masks should be slightly revised
> > so one can use more or less arbitrary fields instead of just the
> > ip addresses. Next feature i guess...
> 
> I would love for this to be a new feature soon.

well, if you like to spend time on it, my idea is to accumulate
bits from the packet into an opaque mask field (say a total of
128 bits) which is then used to identify the flow.

This should be done somewhere in ip_dummynet() when the processing
of the mask is done.

> Should I just take snapshots every so often and calculate deltas from 

yes, in userland. Make sure that the rulesets do not change from one
snapshot to the other (this includes dynamic rules) or that you
correctly match rules between the two snapshots.

> that.  I also need to be aware of counter roll over events.  What is the 
> max value of the byte counter in the rules and pipes stats?

they are 64 bit counters. It still takes "a few years" before they overflow,
even counting bits at gigabit speeds.

	cheers
	luigi

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?20020917001653.A52387>