4. Userland Traffic Shapper

Userland Traffic Shapper

  • J

    After a looong time i finally started to develop the userland traffic shaper that i discussed before with some people of dev-team.

    I think it is usefull for 1.2 targets because i did not see a per-ip traffic shapper option and a lot of people request it.

    I have all needed classes written (in objectpascal) and just need to test.

    My idea is to have a "traffic shapper bridge"

    current model uses two tun/tap devices and a tcp socket;

    the program starts without any rules (so no packets traverse the bridge at all).

    other program connects to a port (configurable) at 127.0.0.1 (configurable) and sends commands, building pipes to allow traffic to flow at a rate.

    something like :

    Start the server

    ./trafficshaperbridge <1st tun> <2nd tun> <ip><port>Controller program connects to <ip>: <port>and sends commands like these :

    upstream <ip><bytes><maxbytes><rate><millisec>downstream <ip><bytes><maxbytes><rate><millisec>ex: upstream 192.168.1.20 12800 51200 10 1000

    meaning : traffic going from device 2 to device 1, comming from 192.168.1.20 can transfer 12800 bytes each 100 milliseconds (= 128KByte/Sec) steady or burst (after being idle some time) at 51200 bytes each 100 milliseconds (= 512KByte/Sec). if the queue starts to get full, packets will be dropped after waiting 1 sec on the queue…

    where <ip>can be the source or destination ip
    bytes is the number of bytes that the token bucket receives per tick
    maxbytes is the maximum number of bytes the token bucket can hold
    rate is the rate (per second) the bucket is filled with <bytes>and millisec is the max number of milliseconds a packet can stay waiting, after wich it will be discarded...

    upstream is from device 2 to device 1 and downstream is from device 1 to device 2

    upstream traffic is classed by source ip and downstream traffic is classed by destination ip

    after each command sent to the control socket, a number is returned, meaning the ID of the objects created by the command.

    this is usefull for something like

    delete <id>that will drop all rules relative to <id>...

    So if everything works as expected it will be simple to write a PHP interface for this or to add functionality to the captive portal to allow login/logout with traffic shapping.

    the "traffic shapper bridge" needs two tun/tap devices

    generally /dev/tun0 and /dev/tun1

    tun0/1 must be created before the application runs, with
    ifconfig tun0 create
    ifconfig tun1 create

    and other commands to give ips, etc.

    pfsense needs to add some routing to force packets to pass thru the bridge, and the 1st device (/dev/tun0) will become the lan interface of pfsense, while the real physical lan interface will be bridged with the /dev/tun1 device, this will force packets to pass thru the bridge...</id></id></bytes></ip></millisec></rate></maxbytes></bytes></ip></millisec></rate></maxbytes></bytes></ip></port></ip></port></ip>

    0
  • E

    Sorry for breaking the party but in 2.0 we have per-ip shaping(dummynet) working!

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy