Date: Tue, 22 Oct 2002 11:56:24 -0700 From: Luigi Rizzo <rizzo@icir.org> To: "Marc G. Fournier" <scrappy@hub.org> Cc: freebsd-net@FreeBSD.ORG Subject: Re: determining "originator/source" of connection ... Message-ID: <20021022115624.A34249@carp.icir.org> In-Reply-To: <20021022154730.K25737-100000@hub.org>; from scrappy@hub.org on Tue, Oct 22, 2002 at 03:48:13PM -0300 References: <20021022113249.C33933@carp.icir.org> <20021022154730.K25737-100000@hub.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Oct 22, 2002 at 03:48:13PM -0300, Marc G. Fournier wrote: > On Tue, 22 Oct 2002, Luigi Rizzo wrote: ... > > Or if you are just happy to aggregate by IP, one solution i often > > use is the following (based on dummynet's dynamic pipes): > > > > # do not expire pipes even if they have no pending traffic > > sysctl net.inet.ip.dummynet.expire=0 > > > > # create separate pipes for src and dst masks > > ipfw pipe 20 config mask src-ip 0xffffffff buckets 256 > > ipfw pipe 21 config mask dst-ip 0xffffffff buckets 256 > > > > ipfw add pipe 20 ip from $my_subnet to any > > ipfw add pipe 21 ip from any to $my subnet > > I don't believe I could do this with ipfw ... $my_subnet == 131.162.0.0 :( > I fear the machin would strat to smoke, no? :( as long as you have enough memory and set the number of buckets large enough (probably more in the 2-4k range), i do not see problems. Yes, each flow consumes a bit of memory (i think some 128 bytes) but for 64k flows this is still bearable. You'll actually save the work of copying every packet to userland which all bpf-based solutions must do. cheers luigi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021022115624.A34249>