Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 9 May 2008 18:36:52 +0200
From:      "=?ISO-8859-1?Q?Ermal_Lu=E7i?=" <>
To:        "Derek (freebsd-ipfw)" <>
Subject:   Re: Dummynet, gif, and ipsec
Message-ID:  <>
In-Reply-To: <>
References:  <> <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On Fri, May 9, 2008 at 6:17 PM, Derek (freebsd-ipfw)
<> wrote:
> Ermal Lu=E7i wrote:
>> Well this is a patch to shape IPSec tunnels with ALTQ and FreeBSD 6.3
>> as you are running. It is another alternative to dummynet though it
>> have been tested with pf but should work with ipfw too since it knows
>> about ALTQ.
>> Hope it helps!
> Hi Ermal,
> Thanks for the response!
> I'm looking to roll this out on 5-7 machines, so I'm really looking for a
> solution where we wouldn't have to make changes to the kernel code and wo=
> be supported by the base system moving forward.
> Are you planning to submit a PR with this patch?
> Also are the m_tag, or altq_tag the same tags created with the ipfw tag
> command?

As far as i am aware this should be transparent to ipfw. Meaning it
should work since ipfw speaks ALTQ tags so no problems should arise.
It is in use in production machines as a patch so you can be sure it
works reliably.

I can submit the PR but i think it is better if somebody with ipsec
competence comments about its eligibility. I CC'd freebsd-net@ so
somebody will speak for this more rather than place it on PR that
nobody would look at.


> -- Derek

Want to link to this message? Use this URL: <>