Traffic quota features in IPFW

Max Laier max at love2party.net
Sat Jul 16 15:40:43 GMT 2005


On Saturday 16 July 2005 17:02, Chris Dionissopoulos wrote:
> Hi ppl, ( and sorry for cross posting)
>
> I review Andrey's  Elsukov patch for adding "bound" support in ipfw, and i
> decide to  push a little forward this feature.

Sorry to be blunt, but I don't see the point in this feature nor do I think 
it's a good idea.  All it does is adding overhead to every packet that is 
processed by IPFW.  You might argue that this overhead is fairly little, but 
if you combine the last ten "neat to have though not really necessary" 
features this adds up.  Also the code is getting more and more hacked up.  
Your feature might be nicely done, but it adds to the main switch-loops 
making them more and more unreadable until it all falls over and nobody is 
willing to touch the code anymore.  I have seen (too) much ipfw code lately 
while tieing together lose ends in the IPv6-import and it's already messy 
enough.

I urge you to reconsider if we really need this.  If you think we can't live 
without it, it'd be nice if you could come up with a clean(er) way to extend 
IPFW with additional stuff like this without impact to performance and 
maintainability for the common case (without the magic foobar-option of the 
day).  Thanks.

BTW: This function can be done with a three line awk-skript without any effect 
on performance.  Of course you will lose some precision, but I don't see 
applications where you have to be *that* percise.

> You can see the whole picture in there:
> http://www.freebsd.org/cgi/query-pr.cgi?pr=80642
> and there:
> http://butcher.heavennet.ru/
>
> In my patch, 3 new options are added:
> 1. "below <VALUE>" (which is the same option as Andrey's "bound" option, I
> just rename it) 2. "above <VALUE>" which is the oposite option of "below".
> Match rules when the counter is above <value> 3. "check-quota" (which is
> the same option as Andrey's "check-bound" , but now applies to both "above"
> and "below" options).
>
> Notes:
> 1. Patch is against releng_6.
> 2. I also include a more compicated example which is (IMHO) a complete
> traffic quota+shaping solution for a small (or not so small)  ISP.
> 3. For installation, follow the instructions Adrey publish in his webspace:
> http://butcher.heavennet.ru/
> 4. Patch doesn't breaks ipfw ABI (today) , because  adds new options at the
> end of list. If you apply this patch in a month or so, I cannot guarantee
> success.
> 5. Please test, and send me your feedbacks.
>
>
>  I 'll be happy if you find usefull these features and if any developer
> commits this patch in current or releng_6 branch.

-- 
/"\  Best regards,                      | mlaier at freebsd.org
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | mlaier at EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-ipfw/attachments/20050716/9465cacd/attachment.bin


More information about the freebsd-ipfw mailing list