forming queues in netfilter
Jeff Miller
jeffm@dynamite.com.au
Tue, 30 Nov 1999 14:53:53 +1100
I'm attempting to write a leak bucket module for rate (bps) control of
packets. It works fine until I try ftp which tries to use mtu sized
packets (1500 bytes in this case) then the total through put drops
dramatically. From reading things on the web I'm lead to believe this is
due to tcp congestion control. correct??
To get around this I was think of using queues within a netfilter module.
I know there are other methods available in the kernel already but I need
to do this for may subnets and as I'm already using netfilter for the
firewalling it would make maintanence mach easier.
anyway, in psuedo code
ipt_bytes_match() {
tokens += amount
if (tokens > capacity) tokens = capacity
if (len > tokens) {
tokens -= len
transmit_packet
}
else queue_packet
}
periodic() {
tokens += amount
if (tokens > capacity) tokens = capacity
if (packet_in_queue and (len > tokens)) {
dequeue_packet
tokens -= len
inject_packet
}
}
1) Is there anyway to tell netfilter: match succeeded and packet was
eaten? eaten as a target?
2) How to inject the packet?
Alternates and other ideas welcome. I'll also post my code if anyone is
interested in seeing such basic code.
Jeff.