From owner-freebsd-net@FreeBSD.ORG  Wed Jun 23 21:30:38 2004
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 5A66B16A4CE
	for <freebsd-net@freebsd.org>; Wed, 23 Jun 2004 21:30:38 +0000 (GMT)
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 068D843D1F
	for <freebsd-net@freebsd.org>; Wed, 23 Jun 2004 21:30:38 +0000 (GMT)
	(envelope-from robert@fledge.watson.org)
Received: from fledge.watson.org (localhost [127.0.0.1])
	by fledge.watson.org (8.12.11/8.12.11) with ESMTP id i5NLS6Xo082080;
	Wed, 23 Jun 2004 17:28:06 -0400 (EDT)
	(envelope-from robert@fledge.watson.org)
Received: from localhost (robert@localhost)i5NLS6q9082077;
	Wed, 23 Jun 2004 17:28:06 -0400 (EDT)
	(envelope-from robert@fledge.watson.org)
Date: Wed, 23 Jun 2004 17:28:06 -0400 (EDT)
From: Robert Watson <rwatson@freebsd.org>
X-Sender: robert@fledge.watson.org
To: Paul Querna <chip@force-elite.com>
In-Reply-To: <1087961988.32333.48.camel@localhost>
Message-ID: <Pine.NEB.3.96L.1040623172623.79224E-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
cc: freebsd-net@freebsd.org
Subject: Re: Rate Limiting Per-Socket
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Jun 2004 21:30:38 -0000

On Tue, 22 Jun 2004, Paul Querna wrote:

> 	I am looking at methods to rate limit a single socket to a
> specific pipe or rate with FreeBSD.  I would like to make an Apache
> module that could do its outgoing rate limit *in* kernel, making the
> module very simple, and more accurate by using the kernel todo the rate
> limiting.
> 
> I have been looking at Dummynet and pfil_hooks, but these seem to
> operate only on an entire interface.  I would like to have these operate
> only on a socket fd that I designate.  Ie a special setsockopt() would
> put socket x into pipe a.  This pipe 'a' was setup ahead of time to only
> allow 512 kb/s.
> 
> Is this possible with FreeBSD?  Do you have any suggestions on the best
> way to proceed? 

You might well be interested in Trickle, which is a user space traffic
shaper that works via a library preload to rate limit arbitrary
(dynamically linked) applications. 

    http://monkey.org/~marius/pages/?page=trickle

I've never tried it, Marius told me about it at the last USENIX Security
(or maybe at LSM).  It sounds pretty neat.  Note that this is all in user
space, but if it works well perhaps that's OK. :-)

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert@fledge.watson.org      Senior Research Scientist, McAfee Research