----- Menssagem Original ----- De: "Luigi Rizzo" Para:"Brett Glass" Cópia:"John Nielsen" , "freebsd-net@freebsd.org" Enviado:Sat, 13 Dec 2014 19:15:52 +1100 Assunto:Can DUMMYNET handle weighting of traffic according to firewall rules?
On Saturday, December 13, 2014, Brett Glass wrote: > At 10:35 AM 12/12/2014, John Nielsen wrote: > > Is there a reason you can't use a separate pipe for each direction? >> > > We want to limit the total amount of bandwidth consumed, based on the > formula 2U + D track of the sum. > > What I need (and am not sure if DUMMYNET can currently supply) is a pipe > that allows you to feed it a packet and say, "Count this X times toward the > bandwidth limit." > No, as it is now dummynet cannot do what you ask. It would be a one-line change in the kernel, plus the part to handle passing the extra parameter (we could call it "cost") to the queue's configuration. As usual, the UI is 10+ times bigger than the code doing the actual work (though one could rightly blame the existing UI for not being designed for extensibility). Cheers Luigi -- -----------------------------------------+------------------------------- Prof. Luigi RIZZO, ri...@iet.unipi.it . Dip. di Ing. dell'Informazione http://www.iet.unipi.it/~luigi/ . Universita` di Pisa TEL +39-050-2211611 . via Diotisalvi 2 Mobile +39-338-6809875 . 56122 PISA (Italy) -----------------------------------------+------------------------------- As I understand the problem, there are many ways to do this without actually using any special feature on dummynet. From tagging a traffic twice and feeding both tagged flows to the same pipe, to the easiest and possibily lighter approach of disabling one pass and feeding the traffic twice to the same pipe. I did a simple lazy experiment: # ipfw disable one_pass # ipfw add 1 pipe 1 all from any 22 to me 00001 pipe 1 ip from any 22 to me # ipfw add 2 pipe 1 all from any 22 to me 00002 pipe 1 ip from any 22 to me # ipfw pipe 1 config bw 256Kbit/s # scp proapps@serveruL800:/tmp/teste.bin /dev/null Password for proapps@serveruL800: teste.bin 0% 976KB 16.4KB/s 3:27:02 ETA ^C Killed by signal 2. So we have 16KB, (*8 = 128Kb, half the pipe configured bw since packets were injected twice). # ipfw delete 2 # scp proapps@serveruL800:/tmp/teste.bin /dev/null Password for proapps@serveruL800: teste.bin 1% 3408KB 31.4KB/s 1:54:00 ETA^CKilled by signal 2. And now you have 31.4M, roughly 256Kbit/s (configured pipe bw). So may you should try something like that: ipfw delete 1-2 ipfw add 1 queue 1 all from any 22 to me ipfw add 2 queue 1 all from any 22 to me ipfw add 3 queue 2 all from me to any 22 ipfw queue 1 config pipe 1 weight 5 ipfw queue 2 config pipe 1 weight 5 ipfw pipe 1 config bw 256Kbit/s ipfw sched 1 config type QFQ # ipfw sched 1 show 00001: 256.000 Kbit/s 0 ms burst 0 sched 1 type QFQ flags 0x0 0 buckets 0 active Children flowsets: 2 1 # ipfw queue 1-2 show q00001 50 sl. 0 flows (1 buckets) sched 1 weight 5 lmax 1500 pri 0 droptail q00002 50 sl. 0 flows (1 buckets) sched 1 weight 5 lmax 1500 pri 0 droptail So there's a single pipe, two flowsets, but flowset 1 is injected twice. Is that what you wanted? -- Patrick Tracanelli ------------------------- Email sent using ProApps _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
