packet-classifier Summer of Code RFQ

[Andy Pyles <ajpyles%cs.wm.edu@localhost>]

---------
In kernel API for registering packet classes
--------


Hello, I'm interested in the Summer of Code proposal for
packet-classifier API. Below is a proposal that I have put together
regarding this SOC project. Any comments provided will be greatly
appreciated.
Most of the RFQ here is a re-phrasing of proposal outlined here:
http://www.netbsd.org/contrib/soc-projects.html#packet-classifying
This is my understanding of the proposal, and may contain errors, in
which case corrections are welcome.


Request for Comment: packet-classifier API

Overview:
Currently when a new class is added via pf/ALTQ / ALTQD it is added to
an internal ALTQ data structure. Similarly, PF uses tags, it's own
data structure for tagging packets.  Since PF and ALTQ are tightly
coupled together, I propose a way to decouple PF and ALTQ.  For
instance, suppose an alternative firewall would like to integrate with
ALTQ? Currently there is not a viable way to accomplish this outside
of the tight coupling that is done with PF. What is required is a
common API that can be used by ALTQ, PF and network device drivers.
    This common API is coined the "packet-classifier" API. The
packet-classifier will store packet classes in a separate data
structure. ALTQ and network device drivers can register new classes
with the packet-classifier. An ethernet device driver could register
two classes "hi_priority" and "low_priority" with the
packet-classifier for instance if it contains transmit rings of
different priority. When a register() is successful, the
packet-classifier returns a token than can then be used for labeling a
packet placed in an MBUF for instance that can be classified later.

The packet-classifier API will have the following function calls:
     Token *packet_classifier_register(....); // register a new class
returns Token
     int packet_classifier_lookup(....);  // lookup classifier
     int packet_classifier_destroy(Token); // destroy classifier with
associated Token
     int packet_classifier_replace(Token,.....); // replace classifier
with associated Token, with updated         information.
     TODO:  others??

Challenges:
The most difficult part of this project is the learning curve. There
are a number of internals that will need to be changed, specifically
ALTQ, PF and at least one ethernet driver. There is a lot of things to
follow up on here. However, looking the source code the last couple of
days, things look pretty straight forward.

Approach:
I plan on doing the following: First, setup a simulated environment
with traffic shaping enabled. I have this environment already setup
with two virtual machines that gives higher precedence for ssh traffic
over http traffic.
Second, I will start with PF using the packet-classifier to convert
TAG names to packet-classifier tokens and label in  MBUF packet
header.
Third, I will modify ALTQ to read the token from the MBUF and then
lookup() the token in the packet-classifier to determine how to
classify the packet, i.e. which queue to enqueue the packet.
Finally, assuming I can obtain the hardware for an appropriate NIC, I
will add the support to at least one NIC driver.


Open Questions:
What data structure to use for the packet-classifier?
      I'm thinking at this point a hash-table, or a binary tree.
The SOC description describes an ethernet NIC with high and low
priority transmit rings. Can someone give me an example of such a NIC?

Thanks for your time in reading this. Please let me know if you have
any suggestions or comments.

regards,
Andy