[FUG-BR] Queue

Marcelo Costa unixmafia em yahoo.com.br
Segunda Julho 23 17:56:16 BRT 2007 

man ipfw 

......

altq queue
             When a packet matches a rule with the altq keyword, the
ALTQ
             identifier for the given queue (see altq(4)) will be
attached.
             Note that this ALTQ tag is only meaningful for packets
going
             "out" of IPFW, and not being rejected or going to divert
sockets.
             Note that if there is insufficient memory at the time the
packet
             is processed, it will not be tagged, so it is wise to make
your
             ALTQ "default" queue policy account for this.  If multiple
altq
             rules match a single packet, only the first one adds the
ALTQ
             classification tag.  In doing so, traffic may be shaped by
using
             count altq queue rules for classification early in the
ruleset,
             then later applying the filtering decision.  For example,
             check-state and keep-state rules may come later and provide
the
             actual filtering decisions in addition to the fallback ALTQ
tag.

             You must run pfctl(8) to set up the queues before IPFW will
be
             able to look them up by name, and if the ALTQ disciplines
are
             rearranged, the rules in containing the queue identifiers
in the
             kernel will likely have gone stale and need to be reloaded.
             Stale queue identifiers will probably result in
misclassifica-
             tion.

             All system ALTQ processing can be turned on or off via ipfw
             enable altq and ipfw disable altq.  The usage of
             net.inet.ip.fw.one_pass is irrelevant to ALTQ traffic
shaping, as
             the actual rule action is followed always after adding an
ALTQ
             tag.

........

 Another typical application of the traffic shaper is to introduce some
     delay in the communication.  This can significantly affect
applications
     which do a lot of Remote Procedure Calls, and where the
round-trip-time
     of the connection often becomes a limiting factor much more than
band-
     width:

           ipfw add pipe 1 ip from any to any out
           ipfw add pipe 2 ip from any to any in
           ipfw pipe 1 config delay 250ms bw 1Mbit/s
           ipfw pipe 2 config delay 250ms bw 1Mbit/s

     Per-flow queueing can be useful for a variety of purposes.  A very
simple
     one is counting traffic:

           ipfw add pipe 1 tcp from any to any
           ipfw add pipe 1 udp from any to any
           ipfw add pipe 1 ip from any to any
           ipfw pipe 1 config mask all

     The above set of rules will create queues (and collect statistics)
for
     all traffic.  Because the pipes have no limitations, the only
effect is
     collecting statistics.  Note that we need 3 rules, not just the
last one,
     because when ipfw tries to match IP packets it will not consider
ports,
     so we would not see connections on separate ports as different
ones.

     A more sophisticated example is limiting the outbound traffic on a
net
     with per-host limits, rather than per-network limits:

           ipfw add pipe 1 ip from 192.168.2.0/24 to any out
           ipfw add pipe 2 ip from any to 192.168.2.0/24 in
           ipfw pipe 1 config mask src-ip 0x000000ff bw 200Kbit/s queue
           20Kbytes
           ipfw pipe 2 config mask dst-ip 0x000000ff bw 200Kbit/s queue
           20Kbytes


exemplo interesante

http://m0n0.ch/wall/list-dev/showmsg.php?id=6/29


O que acontece é que ipfw é projetado para rule match , o usual é
colocar um delay , mas altq com ipfw é possivel sim , a questão é que
parece que não é muito utilizado assim como o dummynet

[]'s

Mais detalhes sobre a lista de discussão freebsd