Re: control p2p upload bandwidth rate

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Seems like eth0 is your IF connected to the itnernet, you need to do shaping on that for the upload.  Modifying the rates and using the same tc comands but on eth0 would likely do it.

Also your script is flawed, the layer7 matching for most if not all of those protocols will only match on the first packet or two. After that the data for those connections won't match. I suggest you look into using CONNMARK target/matching so you can match all of the data, not just the first few packets.

With your setup it'd be used something along these lines:
#before setting mark:
#restores any saved mark
iptables -t mangle -A PREROUTING -p tcp -j CONNMARK --restore-mark
#accepts the packet if it has a mark besides the default 0 and prevents the saved mark from being changed
iptables -t mangle -A PREROUTING -p tcp -m mark ! --mark 0 -j ACCEPT

#use "-j MARK --set-mark #" here

#after all the --set-mark's
iptables -t mangle -A PREROUTING -p tcp -m mark ! --mark 0 -j CONNMARK --save-mark
iptables -t mangle -A PREROUTING -p tcp -m mark ! --mark 0 -j ACCEPT

Without this, I'm not really sure how you were matching all packets for your download shaping.  Normally, only the first packet or two will have matching data in the TCP connection, and if you don't somehow mark the whole connection using the above, the majority of the bandwidth won't be shaped correctly.

- Jody


On 12/22/05, ro0ot <ro0ot@xxxxxxxxxxxx> wrote:
Hi all,

I am running Slackware 10.1 with Kernel 2.6.14.3 includes iptables 1.3.4
with layer 7

My network diagram below: -
INTERNET --- LINUX_ROUTER_FW --- PCs

Below is my simple iptables script: -

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -t mangle -A POSTROUTING -m layer7 --l7proto applejuice -j MARK
--set-mark 1
iptables -t mangle -A POSTROUTING -m layer7 --l7proto ares -j MARK
--set-mark 1
iptables -t mangle -A POSTROUTING -m layer7 --l7proto bittorrent -j MARK
--set-mark 1
iptables -t mangle -A POSTROUTING -m layer7 --l7proto directconnect -j
MARK --set-mark 1
iptables -t mangle -A POSTROUTING -m layer7 --l7proto edonkey -j MARK
--set-mark 1
iptables -t mangle -A POSTROUTING -m layer7 --l7proto fasttrack -j MARK
--set-mark 1
iptables -t mangle -A POSTROUTING -m layer7 --l7proto gnucleuslan -j
MARK --set-mark 1
iptables -t mangle -A POSTROUTING -m layer7 --l7proto gnutella -j MARK
--set-mark 1
iptables -t mangle -A POSTROUTING -m layer7 --l7proto napster -j MARK
--set-mark 1
iptables -t mangle -A POSTROUTING -m layer7 --l7proto openft -j MARK
--set-mark 1

Below is my simple tc script: -

tc qdisc del dev eth1 root
tc qdisc add dev eth1 root handle 1: htb default 20
tc class add dev eth1 parent 1: classid 1:1 htb rate 10240kbit ceil
10240kbit
tc class add dev eth1 parent 1:1 classid 1:11 htb rate 32kbit ceil 512kbit
tc filter add dev eth1 protocol ip parent 1:0 prio 1 handle  1 fw
classid 1:11
tc qdisc add dev eth1 parent 1:11 sfq perturb 10

I have no problem shaping the "PCs" p2p download bandwidth rate.  How
can I control the "PCs" p2p upload bandwidth rate?  Please help...thanks, :)

Regards,
ro0ot





_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux