Per User Bandwidth through Radius.
-
-
chillispot can also be made to use pf, although to what extent I don't know at this point. There were patches for this under freebsd earlier this year that (I think) were committed. Everything I've seen so far shows only NAT and L3 rules. IT would likely be able to be made to talk to tables using pftabled or perl or something, but I don't see any indication of if that is currently the case.
I think what sullrich wants to know is what mechanism you are using to actually perform the QoS (ipfw, pf, some kind of weird alchemy or magic, etc.).
We understand where you are getting the data from to create the rules (radius). If you post your stuff I'm sure it can be reverse engineered to see what it does. -
i am using pf not ipfw.
-
i am using pf not ipfw.
In that case is it using altq to enforce the bandwidth speed limits? We are looking to reverse engineer how this works.
-
don't understand the "reverse engineer". in any event, anyone who wants futher assistance getting it install on their box we should take it offline as to not ramble on in this thread. send me a pm, and ill help as much as I can.
-
Uhh, what else is this forum for? I would rather keep this public. If you do not wish to help us out that is fine but its not going to be taken private.
-
I am very interested in this but would prefer it if it was a proper pfsense package that way any changes in updates to the pfsense software will not result in this feature failing.
I did a little google search on chillispot this is what i came back with www.chillispot.info i think it is the package the mdouglas has used to make this work.
Thanks everyone
-
We want to add these types of features to our captive portal in the future. If someone could setup this package on a local system and get the per user bandwidth features working and show the altq/pf/ipfw configuration it would be a HUGE help for us. I would take the time to do it but I have 100 tasks currently in play on top of our pending 1.2 release.
-
don't understand the "reverse engineer". in any event, anyone who wants futher assistance getting it install on their box we should take it offline as to not ramble on in this thread. send me a pm, and ill help as much as I can.
Reverse Engineer in this case just means to look at your work and see what you've done to gain any info we either didn't think to ask or you weren't able to provide. I'm willing to look at this and I actually have a little time at the moment (dunno how long it will last till the next thing comes up, though) so if you'd be so kind, I'd really like to at least see your php gui code. Having everything you've done would be optimal. Feel free to PM it to me or email me directly if you must but I'd much rather keep it in the forum since I tend to get pulled away from stuff and don't want it to get dropped.
-
Just wanted to say I would love to see this project going somewhere good.
-
A quick guess says it has ALTQ_WFQ on :)
Not really difficult to port and extend.
Anyone interested buying me some time to do this!But i really would love to buy me some time for other cooler things like a 2 level shaper on pfSense.
One level does per user bandwidth the other on the whole traffic priorization.
If you think its worth it i will give you for bonus ipp2p(p2p traffic identification) for free ::) -
Ok i looked at the code quickly and it is all usermode and it uses a bare and bones leaky bucket algorithm for shaping(in user mode!!!). So it should be slow and not recommended by me for many users.
The shaper in user mode would be directly substituted to dummynet freebsd even gaining features.
-
Ok i looked at the code quickly and it is all usermode and it uses a bare and bones leaky bucket algorithm for shaping(in user mode!!!). So it should be slow and not recommended by me for many users.
The shaper in user mode would be directly substituted to dummynet freebsd even gaining features.
Okay, thanks for checking. I am not sure we want to do this in userland.
-
I've been thinking about this a little more. I'm probably out of place here, but this would be fairly simple using flow data and tables (yeah, I know I've said this before and never actually done it). It would require something like perl to munge the flow data so it probably wouldn't be self contained enough to work on the embedded platform, but nether would the coova stuff since it required sql. I'm still playing catchup so I'm not sure. Does pfsense do tables (even in RELENG_1 or HEAD)? I know it was on the roadmap but last time I looked (2006-ish) it wasn't yet available.
-
What you want to use flows for?!
Per user bandwidth?! (if yes, don't bother it is not the right solution)Something else, please explain i am not following.
-
What you want to use flows for?!
Per user bandwidth?! (if yes, don't bother it is not the right solution)Something else, please explain i am not following.
I beg to disagree. I've used flows to control user (IP/MAC) bandwidth for years and years with much success. It's not perfect by any means but I challenge you to find anything that doesn't control windowing to do a better job.
Coupled with static DHCP mappings it works exceptionally well. The key is the goo that reads and writes the QoS rules based on the flow data. -
On FreeBSD netgraph offers the tools to do what you want, but i am resaying this that there are better ways of doing it.
-
On FreeBSD netgraph offers the tools to do what you want,
Yeah, either netgraph or pfflowd could be used. I've always had problems with netgraph personally but I have not tried it in a while.
but i am resaying this that there are better ways of doing it.
I welcome any and all suggestions.
-
I am going to tweak my setup alittle and modify my admin gui to support the ability to auth to remote radius/mysql server. There are a couple of reasons for this idea.
#1, will provide an alternative to the CP embedded in pf. (won't debate if it is better or worse). I have recently complied a pfsense ver of coova-chilli which is the sister to chillispot. Chillispot has been a dead project since 2005.
#2, will support being installed on an embedded device since mysql will be remote. (cf r/w issues)
User management will still need to be done with whatever method you choose. Certainly you could install freeradius right in pfsense and use the pf gui to admin freeradius. Certainly will leave the door open to customization. Like I have said before, I don't know now to write a true pfsense package, but ill zip up the coova package & php files. I am assuming I can just attach the file right to this thread.
thoughts?
-
If memory serves me right, chilli spot is able to do its own packet switching, on userland.
Can WE (Myself included if i can develop with PASCAL language) develop a traffic shapping tcp/udp proxy ?
I dont need help with the daemon part, i have lots of experience developing tcp/ip apps with freepascal/synapse but i will need help to package and put this thing to work with pfsense…