How does PF Limiter enforce bandwidth limits?

brunoc

Greetings gentlemen,

So, i'm try to understand how does PF Limiter (Rules - Traffic Shaper - Limiter) actually does the bandwidth limit.

Let's say i set a 10Mbps limit for IN and another 10Mbps for OUT.
When that Limiter is triggered for a given rule, obviously the Limiter doesn't simply buffer all traffic for 1 second and discards anything it.
But my guess is that it must have some sort of much shorter sampling rate (or similar) that evaluates traffic every x ms or even ns. My guess is that the Limiter divides the 10Mbps traffic into some sort of sample rate at ms or ns level (eg: 102bits every 10ms) and enforces bandwidth bases on that. Or maybe it doesn't do per bits/s but packet/s.

Also, say a host under the 10Mbps limiter tries to send 7Mbps of traffic in 100ms and sleeps the remaining 900ms, how will the Limiter work under this scenario? My guess is that it will trigger but how it apply the limit?

My goal with this post is to try to understand how the limiter enforces a given bandwidth.

Appreciate your help and knowledge.

Thanks.

jimp

Limiters are handled via DUMMYNET, which is documented in the FreeBSD man pages for ipfw(8).