[Nufw-devel] Re: A [GOOD] question!!!!

[Eric Leblond]

> I want to ask you a question about NuFw, my question is:
> 
>     - After the client aunthenticated , does the packet he send to 
> gateway has information about user id? and where?.
> This question is because i want to make some bandwidth limitation based 
> on user id, using iproute and i think NuFw could helpme in it. If i can 
> read the user id from packet and make a queue for each one.

I think you point out something very interesting !
NuFW works this way :
Client sends an authentication packet for each new connection.
The authentification daemon sends an authorisation back to the gateway
for each connection.
It's highly possible to include the user id in the answer packet.
So if we're able to put a mark on the packet using the provided id we're
done ! (Using connmark we can mark each packet of this connection by
that mark on tc will be able to do the job !)

So the only point is to able to change the fw mark in user mode !
As the definition of the ipq_packet_msg is beginning like that :
 typedef struct ipq_packet_msg {
         unsigned long packet_id;        /* ID of queued packet */
         unsigned long mark;             /* Netfilter mark value */
         ....
 }
and that, we're working on a buffer allocated by the kernel, it seems
highly possible that mark can be changed !
The tests can be done easily. I will do it this WE.

> sorry about my english

mine is worse !

BR,
-- 
Eric Leblond
Nufw, Now User Filtering Works (http://www.nufw.org)

signature.asc
Description: Ceci est une partie de message numériquement signée.