Great Tobias, sounds good for limiting per session tcp .. Thanks, i also want to have it test. Will post to list if i succeed.. Regards, Rio Martin. On 11 September 2004 am 10:14, Tobias Geiger wrote: > Hi, > > I can't imagine a "clean" tc-only solution, > but look at the extra-patch-o-matic matches in iptables: > > from > http://www.netfilter.org/patch-o-matic/pom-extra.html#pom-extra-connrate > ----------------- > Author: Nuutti Kotivuori <naked@xxxxxx> > Status: Working, but received only minimal testing > > The connrate match is used to match against the current transfer speed of a > connection. The algorithm averages transferred bytes over a time sliding > window > of constant size. The maximum and minimum rates measurable are explained in > the > code, along the algorithm used in the measurements. > > This match can easily be used to reclassify connections based on their > current transfer rate, but is not meant for directly dropping packets, > because packet drops affect the rate being estimated. > > The transfer rate per connection can also be viewed through > /proc/net/ip_conntrack. > > Usage: > --connrate [!] [FROM]:[TO] > > will match packet from a connection which is currently transferring more > than FROM bytes per second and less than TO byte per second. 'inf' can be > used to signify largest measurable transfer rate. If FROM is omitted, it > defaults to zero. If TO is omitted, it defaults to infinity. "!" is used to > match packets not falling in the range. > > Example: > > iptables .. -m connrate --connrate 10000:100000 ... > > => match packets in connections transferring faster than 10kbps, but > slower than 100kbps. > > iptables .. -m tos --tos Minimize-Delay \ > -m connrate --connrate 20000:inf \ > -j TOS --set-tos Maximize-Throughput > > => match packets in minimize-delay TOS connections that are transferring > faster than 20kbps and change their tos to maximize-throughput instead. > > ------------------------- > > you could re-classify every *single* connection exceeding your maximum to a > "you get less than normal sessions"-htb/hfsc class.... > > perhaps this is what you want? > (although it means you'll have to patch your kernel ;) > > Greetings > > Tobias > > Am Freitag, 10. September 2004 01:57 schrieb Simon Byrnand: > > Hi All, > > > > Does anyone know of a way to limit the speed of *individual* TCP > > sessions, but without placing any overall bandwidth limits, and without > > requiring an explicit QoS entry for every ip address the machine is > > communicating with ? > > > > The scenario is a mailserver - say you want to limit individual TCP > > sessions (pop3, smtp etc) to no more than 512Kbit so that an individual > > session can't hog your bandwidth, but you don't want to place a maximum > > limit on the TOTAL traffic. Also it's impossible to set up normal per-ip > > address QoS classes, because there are potentially an almost infinite > > number of possible ip addresses that might try to connect to the server. > > > > Any ideas ? > > > > Regards, > > Simon > > > > _______________________________________________ > > LARTC mailing list / LARTC@xxxxxxxxxxxxxxx > > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
