Re: traffic limit

From: Jim Richardson (warlock_at_eskimo.com)
Date: 11/26/03

  • Next message: Pete Goodeve: "tar over ssh hangs" 
    Date: Tue, 25 Nov 2003 21:49:22 -0800

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    On Tue, 25 Nov 2003 02:01:19 -0500,
     joseph philip <joseph@nntp.will.suffice> wrote:
    > On Sun, 23 Nov 2003 16:32:50 +0400, rihad wrote:
    >
    >> Is there a way to limit the bandwidth usage of network utilities? I'm
    >> looking for something like "limit_bandwidth --limit=3k wget <...>".
    >
    > WHERE="PREROUTING -i eth0"
    > TC=/sbin/tc
    > EXT=eth0
    >
    > BW="bandwidth 384kbit"
    > AVPKT="avpkt 1200"
    > ALLOT="allot 1400"
    >
    > iptables -t mangle -A $WHERE -m owner --cmd-owner wget -j MARK --set-mark
    > 4
    >
    > iptables -t mangle -A $WHERE -m owner --cmd-owner wget -j ACCEPT
    >
    > $TC qdisc del dev $EXT root 2> /dev/null > /dev/null
    >
    > $TC qdisc add dev $EXT root handle 1:0 cbq $AVPKT $BW
    >
    > # A root CLASS set to bandwidth we are capable of..
    >
    > $TC class add dev $EXT parent 1:0 classid 1:1 cbq rate 384kbit $ALLOT prio
    > 5 $AV PKT $BW bounded isolated
    >
    > #For general network traffic
    > $TC class add dev $EXT parent 1:1 classid 1:10 cbq rate 234kbit $ALLOT
    > prio 5 $A VPKT mpu 64 maxburst 40 $BW weight 1000kbit isolated
    >
    > # For wget
    > $TC class add dev $EXT parent 1:1 classid 1:20 cbq rate 30kbit $ALLOT prio
    > 5 $A VPKT mpu 64 maxburst 40 $BW weight 500kbit isolated
    >
    >
    > # Set up a queueing discipline so line-hogging doesn't occur $TC qdisc add
    > dev $EXT parent 1:10 sfq perturb 10
    >
    > $TC qdisc add dev $EXT parent 1:20 sfq perturb 10
    >
    >
    >
    > # Setup the match rules that catch the packets and feed them into #
    > appropriate classes
    > $TC filter add dev $EXT parent 1:0 protocol IP prio 10 handle 4 fw flowid
    > 1:20
    >
    > # All non marked packets send it out normally.
    >
    > $TC filter add dev $EXT parent 1:0 protocol IP prio 35 u32 match ip dst
    > 0.0.0.0 /0 flowid 1:10
    >
    >
    > Notes:
    > 1. to use cmd-owner match, you need the support in the kernel. Either it
    > is there, or you need to load the approprite module. look in
    > /lib/modules/<kernel version>/kernel/net/ipv4/netfilter/
    >
    > 2. if you are using pppoe, everytime the ppp interface comes up, you will
    > have to re-execute the tc commands. This is because, when pppd removes the
    > interface, all queues, filters and classes attached to that interface are
    > cleaned up. pppd usually calls /etc/ppp/ip-up after the ip address has
    > been assigned. It calls /etc/ppp/ip-down when it looses the connection or
    > is shut down.
    >
    > hth
    >
    >

    Now *this* is useful! thanks.

    I have to go play with my servers now, later...

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.3 (GNU/Linux)

    iD8DBQE/xD7id90bcYOAWPYRAu56AJ0YAkf8C8+pTFnFiKlVEI2kEE/lTwCfZK8V
    loYbxbqp+J1lm2ndbW6AHEY=
    =kF1e
    -----END PGP SIGNATURE----- 

    -- 
Jim Richardson     http://www.eskimo.com/~warlock
"And the faults in bad software can be so subtle as to be practically
theological."
        - Bruce Sterling - The Hacker Crackdown
  • Next message: Pete Goodeve: "tar over ssh hangs"