Date: Fri, 21 May 2010 10:46:01 +0800 From: shoks <lowbotskie@gmail.com> To: "Spenst, Aleksej" <Aleksej.Spenst@harman.com> Cc: "freebsd-pf@freebsd.org" <freebsd-pf@freebsd.org> Subject: Re: Ingress traffic shaping Message-ID: <AANLkTilDPmQYB3fPDyjD53bvuFXvav9nnJ6j3_lLUSMR@mail.gmail.com> In-Reply-To: <20290C577F743240B5256C89EFA753810C3CC9FE50@HIKAWSEX01.ad.harman.com> References: <20290C577F743240B5256C89EFA753810C3CC9FE50@HIKAWSEX01.ad.harman.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, May 20, 2010 at 4:18 PM, Spenst, Aleksej <Aleksej.Spenst@harman.com>wrote: > Hi All, > > If I understand it correctly, ingress traffic shaping is not possible with > pf/altq. > Are there any tricks to do it? > > Not really tricky, a diligent read of the PF and ALTQ doc should help you figure out the right configs. Would you mind posting your PF configs, the one without the loopback redirection? > > I suppose that if incoming traffic is sent out by the router further to the > LAN, the incoming traffic can be considered as outcoming traffic and > therefore can be easily shaped. > > ---- incoming traffic ---> <ext_if> ROUTER <int_if with altq> ---- shaped > outcoming traffic ----> > > So, in this case one can say that ingress traffic can be shaped. In this > manner it should be possible to limit TCP download traffic. > > > What if traffic is not forwarded further? > > ---- incoming traffic ---> <ext_if> END HOST > > Is it possible to do anything to slow down for example TCP download > traffic? Drop incoming packets? Drop or slow down outgoing ACKs? > I've tried to put outgoing ACKs in the queue with the lowest priority, but > that doesn't help when there is no much other outbound traffic. > > I also was trying to figure out whether it is possible to forward the > incoming traffic to the loopback interface and then back to ext_if, so that > incoming traffic can be considered as outcoming at the loopback interface. > > ---- incoming traffic ---> <ext_if> ----> <lo0> ---- shaped outcoming > traffic ----><back to ext_if> > > but I couldn't configure pf.conf such that this would be possible... Is > this theoretically possible? > > > Thanks a lot for any tips! > > Aleksej. > > > > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTilDPmQYB3fPDyjD53bvuFXvav9nnJ6j3_lLUSMR>