Rate Limiting Per-Socket
Brooks Davis
brooks at one-eyed-alien.net
Wed Jun 23 15:10:03 GMT 2004
On Wed, Jun 23, 2004 at 03:20:19AM -0400, Takashi Okumura wrote:
> hi,
>
>
> Paul Querna wrote:
> >
> > On Tue, 2004-06-22 at 23:55 -0400, Takashi Okumura wrote:
> > > hi,
> > >
> > > please take a look at mod_netnice. it uses netnice, another in-kernel
> > > traffic control primitive on the platform. since you can control each
> > > socket with netnice, i think it's easy to extend the module to meet
> > > your needs.
> > >
> > > http://www.netnice.org/app_modnetnice.html
> > >
> >
> > Wow, that is a very neat project!
> >
> > Is there any chance of netnice being added to mainstream FreeBSD,
> > perhaps in the 5.x tree?
>
> we are currently preparing to port the module to Linux, NetBSD, MacOS X,
> and OpenBSD, as well as to 5.x. but, since the workforce is quite limited,
> it will take several months to finish the porting to 5.x. it should be
> easy, but, i realized that somebody has totally changed its procfs
> implementation, which the API of netnice relies upon. so, it will take
> a bit longer than it should be. if some of you might help us, that would
> be great.
>
> regarding the contribution to the mainstream FreeBSD, yes, we would love to.
> but, i'm a bit pessimistic about that option, simply because it looks too
> radical, at this point. maybe after we finish the porting to the major
> platforms, and the communities realize its scope and advantage, of having
> a multi-platform primitive for end-host oriented network control, we may
> start pursuing the option. but, that will be a future story. we still
> need to translate many documents for developers, and need to provide
> many netnice applications. so...
I think netnice looks really neat.
Use of /proc would definaly limit the utility of integrating the code.
We don't enable procfs by default because it's too hard to get procfs
code right as the list of procfs security advisories demonstrates (not
just on FreeBSD, but Linux, Solaris, etc.).
-- Brooks
--
Any statement of the form "X is the one, true Y" is FALSE.
PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20040623/70affb47/attachment.bin
More information about the freebsd-net
mailing list