Is there an API for ipfw?
Luigi Rizzo
rizzo at icir.org
Thu Mar 30 22:06:56 UTC 2006
On Thu, Mar 30, 2006 at 04:57:42PM -0500, Mikhail Teterin wrote:
> Hi!
>
> I'm writing an application that, needs to be able to quickly alter the
> bandwidth between another machine and the host.
>
> The only way I can do that -- without another machine's cooperation -- is by
> using the firewall, such as the dummynet functionality of ipfw.
>
> Is there any way to create/alter such a pipe from a C-program without using
> system("ipfw ....")?
you can surely use the setsockopt/ioctl interface that is used
by ipfw2.c - however, before doing that, i suggest that
you look at the actual time consumed by system("ipfw ....") and
how often you need to do it - if it turns out that you are
using for the task only 5% or less of the available CPU time,
in my opinion it is not worth the effort.
If you are doing it a lot more often, you should probably
also consider the effect of such frequent changes to the
pipe's configuration - e.g. pipes respond with a delay
which is inversely proportional to the bandwidth, so in
many cases still doesn't make sense to change the pipe's
rate 100 times per second.
cheers
luigi
> If not ipfw, perhaps, other firewall modules in FreeBSD-6.x?
>
> Thanks a lot!
>
> -mi
More information about the freebsd-net
mailing list