Stunnel.org  
   
Home
About
News
Faq
Examples
Download
Patches
Support
Related
<Patch List> <Patch Directory>
Patch info for bandwidth-limiting_dj

Patch info for bandwidth-limiting_dj

CreatorDavid A Jenkins
Patch to Version3.14
TypeNew Feature
Patchbandwidth-limiting_dj.patch
Description

(Full Text)

Enable bandwidth-limiting options to Stunnel

Author Comments


I asked a while ago for the ability to limit bandwidth per
connection.  The idea was to prevent a few heavy users from eating
up all of the network bandwidth and degrading service for everyone.
In my case, the service is engineered for dial-up users, so we
don't want cable-modem or DSL users to use all of the bandwidth
and starve the dial-up users.

I realize that this is hard to do well, but I think I've done
it well enough and quite simply.  The idea is to sleep a variable
amount after each packet either read from or written to the non-ssl
socket.

Pros:
1. really easy to implement.  (See todo list for ways to do it even better)
2. works well to limit bandwidth used per connection.
        You never reach or exceed the speed limit, but you can come close.

Cons:
1. it isn't a per user limit, so users who create additional
        connections get additional bandwidth.
2. if there are few users connected, bandwidth goes unused

I've tested this with up to 256 simulated connections and it seems
to work and doesn't degrade performance (much).

        Dave

Warning: this patch is probably Solaris 2.6 and specific.  If you have
an implementation of nanosleep it might work for you.  I used nanosleep
because it works with PTHREADS without blocking the whole process.
usleep might work if you aren't using PTHREADS and are forking.

Warning: I had to add -lposix4 to line 22 of the generated Makefile
to link in the implementation of nanosleep.

Warning: the "speed limit" is hard-coded.  If there is any interest
I can make it a command line option, but if this patch has no utility
for anyone I don't see the point.

Warning: each nanosleep will be at least as long as specified, but
may take up to one extra 'tick' of the kernel timing mechanism.
So, don't try to get too fancy with tiny sleeps.

Todo: handle return code from nanosleep.  I ignore it here because
failing to sleep in some cases is OK with me.

Todo: use an inline delay routine instead of having the same code
in two places?

Todo: Since num ranges between 1 and 8192, build a lookup table of
struct timespec's and index it by the value of num to save initializing
the timespec each time?

This website makes patches available for use by the Internet community. However it does not endorse any of the patches contained herein. They could be work perfectly, or totally foul up everything. We don't know. Contact the authors if you have any questions. Use at your own risk.

The Stunnel software package does not contain any cryptography itself, however please remember that import and/or export of cryptographic software, code providing hooks to cryptographic algorithms, and discussion about cryptography is illegal in some countries. It is imperative for you to know your local laws governing cryptography. We're not liable for anything you do that violates your local laws.