tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: GSoC 2008 - Create an in-kernel API for "packet classes"

anish babu wrote:
On Fri, Apr 11, 2008 at 1:55 PM, Darren Reed <> 
> anish babu wrote:
> > ...
> >
> > I want to clarify one more thing on the project that I am working on -
> > 'Create an in-kernal API for Packet Classes'. Instead of tagging the
> > packets by pf and then converting the tags to tokens, Is it not
> > possible to send the packets matching a particular rule set directly
> > to an output queue? I think it should work fine for queues created by
> > ALTQ but are there any issues with interface drivers?
> >
> >
>  I think what you're referring to here is "policy based routing", where (for
> instance),
>  you do a rule like this with ipfilter:
>  pass in on bge0 to fxp0: proto tcp from any to any port = 80
>  ...and that bypasses the routing tables (yes) and queues the packet
> directly on
>  fxp0 (yes.)  Now if there are multiple output queues per interface, I'm not
> sure
>  how you would address those using the above without some other means to
>  define what those were (is this ALTQ?)
>  Darren

Rules in ALTQ:

altq on fxp0 cbq bandwidth 1Mb queue { ssh,ftp }  // creates 2 child queues

queue ssh bandwidth 50 % cbq

queue ftp bandwidth 50% cbq

In pf:

pass out on fxp0 from any to any port 22 queue ssh. // send matching
packets to ssh queue on fxp0 interface

pass out on fxp0 from any to any port 21 queue ftp.

I think this rule set should redirect the packets to that particular
queue right?

Yes and so long as it verifies that <fxp0,ssh> is a valid queue
definiion, everything is sensible.


Home | Main Index | Thread Index | Old Index