Misc PF +ALTQ questions

gerryw at compvia.com gerryw at compvia.com
Thu May 29 06:13:44 UTC 2008 

Hello All,

I have been looking at the possibility of doing a project to create a C 
API library for PF + ALTQ and possibly a higher level C++ API. I am new to 
these components and fairly new to FreeBSD. I have been looking at the man 
pages and various other docs on the topic. It would seem I can glean most 
of the ioctl info from the pfctl source. However, I have a few question 
the I haven't been able to find answers to. I apologize if these have been 
answered before and I have missed them.

1. Most of the examples I've seen are oriented towards a home or small 
office user with a DSL or cable Internet connection. My focus is more in 
the ISP area. I want to support the ability to hard limit bandwidth by IP 
and/or MAC address. I have read somewhere that MAC addresses can be used 
as a source, but this can only be done in bridge mode. Is this correct?

2. I can see how a queue could be crated for each IP address and the 
traffic from that IP sent to the appropriate queue. This would result in 
quite a few queues when done for an entire /24 subnet. Is there a better 
way to do this? I have also read somewhere that table lookups are pretty 
fast. Is there a way to take advantage of this fact where bandwidth 
limiting is concerned?

3. Would I be better off using one of the existing queueing disciplines as 
an example and writing some code specifically designed to do what I'm 
wanting to do?

4. Is there any good info on the bandwidth usage statistics provided by PF 
+ ALTQ? I would like to do as much through the ioctl interface as 
possible.

5. I am also looking for a way to enumerate the IPs and MACS that are 
being seen by a particular interface. Again, I would like to do as much 
through the ioctl interface as possible. The pflog component is not really 
a possibility because my application will be for embedded use.

Comment: I must say I am very impressed with the fact that the ioctl 
interface is actually provided and documented to some degree. I am really 
enjoying the fact that there seems to be much more doc in general in this 
area than of Linux. Many thanks to the folks that took the time to do this 
work.

Thanks in advance,
-G

More information about the freebsd-pf mailing list