Extending dummynet/ipfw
Paul Joe
apauljoe at gmail.com
Mon Sep 27 17:12:31 UTC 2010
On Mon, Sep 27, 2010 at 9:25 PM, John Nielsen <lists at jnielsen.net> wrote:
> On Sep 27, 2010, at 11:20 AM, Paul Joe wrote:
>
> > I have attached a patch which allows to do flow classifications in
> userland
> > (e.g based on url categories, LDAP users)
> > and do bandwidth control in kernel(dummynet).
> >
> > The patch has
> >
> > a) a setsocketopt, to associate a pipe to the socket.
> >
> > b) an ipfw option(sockarg) to redirect flows to corresponding pipe.
> >
> > Moreover, a member uint32_t is added to struct socket to hold the pipe
> info.
> >
> > I guess this structure is not part of kernel userland ABI.
> >
> > Please let me know your comments, which I would be glad to incorporate
>
> This is something I have wished for in the past so I'm glad to see it. I'd
> love to test it but I'm not sure what to do, especially on the userland
> side. Could you post a simple ipfw ruleset that uses your patch along with
> directions or a simple example program for doing the userland
> classification?
>
1) Create some pipes using ipfw pipe command or directly using dummynet
socket option.
ipfw pipe 2 config bw 100KB/sec
2) Add the generic sockarg option to redirect the traffic
to pipe associated with the socket.
ipfw add 100 pipe tablearg ip from any to any sockarg out
3) A sample python program could be
import socket
client_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
# Make the traffic flow through pipe 2. You can use any userspace logic to
select any pipe you created.
# you can use SO_USER_COOKIE for 0x1015 after the patch is checked in
rest = client_socket.setsockopt(socket.SOL_SOCKET, 0x1015, 2);
client_socket.connect(("www.google.com",80))
s = "GET\r\n"
print client_socket.send(s);
r = client_socket.recv(512);
print r
Let me know if you face any issues in testing it.
Thanks,
Joe
> Thanks!
>
> JN
>
>
More information about the freebsd-net
mailing list