Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 9 May 2008 18:36:52 +0200
From:      "=?ISO-8859-1?Q?Ermal_Lu=E7i?=" <ermal.luci@gmail.com>
To:        "Derek (freebsd-ipfw)" <482254ac@razorfever.net>
Cc:        freebsd-ipfw@freebsd.org, freebsd-net@freebsd.org
Subject:   Re: Dummynet, gif, and ipsec
Message-ID:  <9a542da30805090936l222a58bcy5b926cba01d62ce6@mail.gmail.com>
In-Reply-To: <48247901.3000706@razorfever.net>
References:  <9a542da30805080844t395c8c81sd313fc2fd1780fcb@mail.gmail.com> <48247901.3000706@razorfever.net>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On Fri, May 9, 2008 at 6:17 PM, Derek (freebsd-ipfw)
<482254ac@razorfever.net> wrote:
> Ermal Lu=E7i wrote:
>>
>> Well this is a patch to shape IPSec tunnels with ALTQ and FreeBSD 6.3
>> as you are running. It is another alternative to dummynet though it
>> have been tested with pf but should work with ipfw too since it knows
>> about ALTQ.
>> Hope it helps!
>>
>
> Hi Ermal,
>
> Thanks for the response!
>
> I'm looking to roll this out on 5-7 machines, so I'm really looking for a
> solution where we wouldn't have to make changes to the kernel code and wo=
uld
> be supported by the base system moving forward.
>
> Are you planning to submit a PR with this patch?
>
> Also are the m_tag, or altq_tag the same tags created with the ipfw tag
> command?
>

As far as i am aware this should be transparent to ipfw. Meaning it
should work since ipfw speaks ALTQ tags so no problems should arise.
It is in use in production machines as a patch so you can be sure it
works reliably.

I can submit the PR but i think it is better if somebody with ipsec
competence comments about its eligibility. I CC'd freebsd-net@ so
somebody will speak for this more rather than place it on PR that
nobody would look at.

Ermal

> -- Derek
>



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?9a542da30805090936l222a58bcy5b926cba01d62ce6>