Date: Thu, 20 May 2010 10:18:47 +0200 From: "Spenst, Aleksej" <Aleksej.Spenst@harman.com> To: "'freebsd-pf@freebsd.org'" <freebsd-pf@freebsd.org> Subject: Ingress traffic shaping Message-ID: <20290C577F743240B5256C89EFA753810C3CC9FE50@HIKAWSEX01.ad.harman.com>
next in thread | raw e-mail | index | archive | help
Hi All, If I understand it correctly, ingress traffic shaping is not possible with = pf/altq. Are there any tricks to do it? I suppose that if incoming traffic is sent out by the router further to the= LAN, the incoming traffic can be considered as outcoming traffic and there= fore can be easily shaped. ---- incoming traffic ---> <ext_if> ROUTER <int_if with altq> ---- shaped o= utcoming traffic ----> So, in this case one can say that ingress traffic can be shaped. In this ma= nner it should be possible to limit TCP download traffic. What if traffic is not forwarded further? ---- incoming traffic ---> <ext_if> END HOST Is it possible to do anything to slow down for example TCP download traffic= ? Drop incoming packets? Drop or slow down outgoing ACKs? I've tried to put outgoing ACKs in the queue with the lowest priority, but = that doesn't help when there is no much other outbound traffic. I also was trying to figure out whether it is possible to forward the incom= ing traffic to the loopback interface and then back to ext_if, so that inco= ming traffic can be considered as outcoming at the loopback interface. ---- incoming traffic ---> <ext_if> ----> <lo0> ---- shaped outcoming traff= ic ----><back to ext_if> but I couldn't configure pf.conf such that this would be possible... Is thi= s theoretically possible? Thanks a lot for any tips! Aleksej.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20290C577F743240B5256C89EFA753810C3CC9FE50>