[PATCH] PF+dummynet

Peter Jeremy peter.jeremy at alcatel-lucent.com
Wed Jul 13 01:08:14 UTC 2011


On 2011-Jun-29 16:26:34 +0800, Ermal Luçi <eri at freebsd.org> wrote:
>On Wed, Jun 29, 2011 at 6:42 AM, Peter Jeremy
><peter.jeremy at alcatel-lucent.com> wrote:
>> Has anyone adapted the PF+dummynet patches for 8.x or 9.x?
>
>Well the patch is this
>https://github.com/bsdperimeter/pfsense-tools/blob/master/patches/RELENG_8_1/dummynet.RELENG_8.diff
>It should apply to 8.x without problems.
>Some manual work for any rejection might be needed because of other
>patches present in pfSense.

I notice that the issue of pipe/queue configuration has been excised
from pfctl(8) and relies on ipfw(8) (hopefully only as a stopgap).
Having looked at how ipfw(4) and dummynet(4) have been roto-tilled,
I can understand why, but this is not especially convenient for me
and I'm looking at implementing the missing functionality.

There appear to be two possible approaches to move forward:
1) Include ipfw/dummynet.c into pfctl(8) and modify pfctl/parse.y
   to accumulate pipe/queue configuration options into an argv array
   that can be passed to ipfw_config_pipe().
2) Implement the functional equivalent of ipfw/dummynet.c::ipfw_config_pipe()
   in pfctl/parse.y.

The former approach looks simpler (apart from the code to collect the
arguments into an argv array, there are 8 fairly simple support
functions that need to be implemented or copied from ipfw) but it's
not clear that the error handling approaches are compatible.  The
latter appears to be more work and results in more code duplication
but maintains better internal consistency in pfctl.

(The other two approaches I considered but discarded were to use
ipfw(8) for configuration or to copy struct dn_pipe{7,8} from
ip_dn_glue.c and continue to use the deprecated IP_DUMMYNET_CONFIGURE
interface).

Has the pfSense Project looked at how it will implement pipe/queue
configuration?  And, if so, what approach will you be using?

-- 
Peter Jeremy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-pf/attachments/20110713/3e88926e/attachment.pgp


More information about the freebsd-pf mailing list