From owner-freebsd-net Tue Oct 22 11:56:27 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B243737B401 for ; Tue, 22 Oct 2002 11:56:25 -0700 (PDT) Received: from carp.icir.org (carp.icir.org [192.150.187.71]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5EDC643E7B for ; Tue, 22 Oct 2002 11:56:25 -0700 (PDT) (envelope-from rizzo@carp.icir.org) Received: from carp.icir.org (localhost [127.0.0.1]) by carp.icir.org (8.12.3/8.12.3) with ESMTP id g9MIuPpJ034289; Tue, 22 Oct 2002 11:56:25 -0700 (PDT) (envelope-from rizzo@carp.icir.org) Received: (from rizzo@localhost) by carp.icir.org (8.12.3/8.12.3/Submit) id g9MIuOOI034288; Tue, 22 Oct 2002 11:56:24 -0700 (PDT) (envelope-from rizzo) Date: Tue, 22 Oct 2002 11:56:24 -0700 From: Luigi Rizzo To: "Marc G. Fournier" Cc: freebsd-net@FreeBSD.ORG Subject: Re: determining "originator/source" of connection ... Message-ID: <20021022115624.A34249@carp.icir.org> References: <20021022113249.C33933@carp.icir.org> <20021022154730.K25737-100000@hub.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20021022154730.K25737-100000@hub.org>; from scrappy@hub.org on Tue, Oct 22, 2002 at 03:48:13PM -0300 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, Oct 22, 2002 at 03:48:13PM -0300, Marc G. Fournier wrote: > On Tue, 22 Oct 2002, Luigi Rizzo wrote: ... > > Or if you are just happy to aggregate by IP, one solution i often > > use is the following (based on dummynet's dynamic pipes): > > > > # do not expire pipes even if they have no pending traffic > > sysctl net.inet.ip.dummynet.expire=0 > > > > # create separate pipes for src and dst masks > > ipfw pipe 20 config mask src-ip 0xffffffff buckets 256 > > ipfw pipe 21 config mask dst-ip 0xffffffff buckets 256 > > > > ipfw add pipe 20 ip from $my_subnet to any > > ipfw add pipe 21 ip from any to $my subnet > > I don't believe I could do this with ipfw ... $my_subnet == 131.162.0.0 :( > I fear the machin would strat to smoke, no? :( as long as you have enough memory and set the number of buckets large enough (probably more in the 2-4k range), i do not see problems. Yes, each flow consumes a bit of memory (i think some 128 bytes) but for 64k flows this is still bearable. You'll actually save the work of copying every packet to userland which all bpf-based solutions must do. cheers luigi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message