[Divert] Can Divert Sockets Solve My Problem

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

I've been approaced by someone I know to find a solution to an
interesting problem.  Divert sockets look like a possible solution
(any other known solutions would be appreciated as well).

I've read all the documentation on the web site so I hope I haven't
missed anything. 

PROBLEM
A Linux box serving as a gateway to a number of computers
has a normal connection to the outside world that we whish to control 
but expensive links to the computers on the subnet we are performing
router services for.

IMPORTANT POINTS

  o There can be over 1000 computers on the controlled subnet.

  o Each subnet IP address has a priority in the maximum amount of 
    bandwidth it can use in a short period of time (do not have
    to be super close here, like the linux traffic shaper is, but
    the idea is the same). I would be happy to let them burst over
    at high speed until a quota is exceeded, then stop serving them
    till enough time goes by to give them another burst. A resolution
    of one second should be suffcient though I would prever 0.25 
    second.

  o The restrictions must be by IP address. Each IP address on
    the controlled network is independent of each others configuration.

  o I must also validate users on the controlled network before letting
    them on the expensive link. A web login should be suffcient 
    (fairly trivial, but be aware of it).

  o The number of users on the subnet can approach 1000. Using
    the traditional Linux traffic shaper would require TWO shaper 
    devices for each IP address (one for each direction). Along with
    vastly exceeding the network device limit of 100 in 
    kernel/net/core/dev.c, I shutter to thing what 500+ so network 
    devices would do to router software (zebra), etc., trying to 
    cope with all those entries.

As I understand Divert Sockets:

  o I could capture incoming and outgoing operations on the main link.
    Controlling the speed of the traffic on it would effectively
    reduce the speed of transmissions on the expensive link.

QUESTIONS:

  1. The sample code only diverted port 4321... is there a way to divert
     all ports for the common link using a single process?  

  2. If not, can I fake it somehow by starting diversions on ports
     as required BEFORE I need the information?  I think I could live
     with a separate process for each diverted port.

  3. While I haven't been involved in IP on low levels, I have been
     extensively involved in propritary protocols for special hardware. 
     I've been looking through various TCP/IP documents. Some of which are at
     http://www.exit109.com/~ghealton/.computer_inet.html#@Technical.TCP.IP

     Any other really good documents?

  4. If I decide to slow down outgoing packets over the main link, is
     there a way I can tell the sender to slow down as not to fill 
     the router's internal buffers during large file transfers?  
     Or will this not be an issue under TCP/IP?

NOTES:

If I use Divert Sockets, I'll likely contribute additional documentation
to the project, if not additional code.

My "customer" would like something running next month, even if less
than complete. Speed control is the largest issue.

----------------------------------------------------------------------
ghe...@ex...   http://www.exit109.com/~ghealton/
----------------------------------------------------------------------
	Computers are like air conditioners: 
	      they don't work well when Windows are left open

-------------------------------------------------------------------------
Divert Sockets for Linux List
mailto:di...@li...
http://www.anr.mcnc.org/~divert
-------------------------------------------------------------------------