tech-net archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: GSoC 2008 - Create an in-kernel API for "packet classes"
On Fri, Apr 11, 2008 at 1:55 PM, Darren Reed <darrenr%netbsd.org@localhost>
wrote:
> anish babu wrote:
>
> > ...
> >
> > I want to clarify one more thing on the project that I am working on -
> > 'Create an in-kernal API for Packet Classes'. Instead of tagging the
> > packets by pf and then converting the tags to tokens, Is it not
> > possible to send the packets matching a particular rule set directly
> > to an output queue? I think it should work fine for queues created by
> > ALTQ but are there any issues with interface drivers?
> >
> >
>
> I think what you're referring to here is "policy based routing", where (for
> instance),
> you do a rule like this with ipfilter:
>
> pass in on bge0 to fxp0:1.2.3.4 proto tcp from any to any port = 80
>
> ...and that bypasses the routing tables (yes) and queues the packet
> directly on
> fxp0 (yes.) Now if there are multiple output queues per interface, I'm not
> sure
> how you would address those using the above without some other means to
> define what those were (is this ALTQ?)
>
> Darren
>
>
Rules in ALTQ:
altq on fxp0 cbq bandwidth 1Mb queue { ssh,ftp } // creates 2 child queues
queue ssh bandwidth 50 % cbq
queue ftp bandwidth 50% cbq
In pf:
pass out on fxp0 from any to any port 22 queue ssh. // send matching
packets to ssh queue on fxp0 interface
pass out on fxp0 from any to any port 21 queue ftp.
I think this rule set should redirect the packets to that particular
queue right?
Home |
Main Index |
Thread Index |
Old Index