[PATCH] PF+dummynet

Ermal Luçi eri at freebsd.org
Mon Aug 22 07:25:59 UTC 2011

On Mon, Aug 22, 2011 at 4:23 AM, Peter Jeremy
<peter.jeremy at alcatel-lucent.com> wrote:
> [This is fairly old but has recently bubbled to the top of my TODO list]
> On 2011-Jul-13 23:35:44 +0800, Ermal Luçi <eri at freebsd.org> wrote:
>>I reverted back from having the pipes configured in pfctl because it
>>will be a catching game with ipfw.
>>To me it seems quite awkward that you cannot use ipfw to do all the
>>configuration and
>>just use the pipe/queue numbers for sending traffic to it on pfctl.
> Whereas, to me it seems awkward that you use pfctl to attach
> dummynet flows to pf rules but you can't use pfctl to manage the
> dmmmynet configuration.

To me this is a not really useful work.
The only needed way for this is just feeling to have a solution integrated.

Since 9.0 dummynet can be loaded without ipfw(4) and ipfw(8) tool can
be used for it.

> I have managed to integrate ipfw/dummynet.c into pfctl and it all
> seems to work for me - except that flows are not persistent so that
> my statistics doesn't work.  I am still working through to see if
> this is something I broke or a new "feature".
> I hope to forward patches once I'm happy with it.
>>To me something that is glued on ipfw should stay there as it will get
>>the best support.
>>Possibly splitting dummynet configuration out to dnctl might have an argument.
> IMHO, it would be a great improvement to separate dummynet from ipfw.
As a start it is very easy to separate dummynet functions from ipfw(8)
and come up with a dnctl utility.
Later on it can be improved. Just that a big warning would have to be
put on ipfw(8) to let many people aware of this.
This IMHO would be worth spending time on if you really want to feel
dummynet as its own solution.
It is not a very big job per se as well.

CC'ing Luigi to see what he thinks about this.

> --
> Peter Jeremy


More information about the freebsd-pf mailing list