shorewall-tcclasses.5

sharewall is very good

.\"     Title: shorewall-tcclasses
.\"    Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
.\"      Date: 03/19/2009
.\"    Manual: [FIXME: manual]
.\"    Source: [FIXME: source]
.\"  Language: English
.\"
.TH "SHOREWALL\-TCCLASSES" "5" "03/19/2009" "[FIXME: source]" "[FIXME: manual]"
.\" -----------------------------------------------------------------
.\" * (re)Define some macros
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" toupper - uppercase a string (locale-aware)
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.de toupper
.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
\\$*
.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
..
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" SH-xref - format a cross-reference to an SH section
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.de SH-xref
.ie n \{\
.\}
.toupper \\$*
.el \{\
\\$*
.\}
..
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" SH - level-one heading that works better for non-TTY output
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.de1 SH
.\" put an extra blank line of space above the head in non-TTY output
.if t \{\
.sp 1
.\}
.sp \\n[PD]u
.nr an-level 1
.set-an-margin
.nr an-prevailing-indent \\n[IN]
.fi
.in \\n[an-margin]u
.ti 0
.HTML-TAG ".NH \\n[an-level]"
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
\." make the size of the head bigger
.ps +3
.ft B
.ne (2v + 1u)
.ie n \{\
.\" if n (TTY output), use uppercase
.toupper \\$*
.\}
.el \{\
.nr an-break-flag 0
.\" if not n (not TTY), use normal case (not uppercase)
\\$1
.in \\n[an-margin]u
.ti 0
.\" if not n (not TTY), put a border/line under subheading
.sp -.6
\l'\n(.lu'
.\}
..
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" SS - level-two heading that works better for non-TTY output
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.de1 SS
.sp \\n[PD]u
.nr an-level 1
.set-an-margin
.nr an-prevailing-indent \\n[IN]
.fi
.in \\n[IN]u
.ti \\n[SN]u
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.ps \\n[PS-SS]u
\." make the size of the head bigger
.ps +2
.ft B
.ne (2v + 1u)
.if \\n[.$] \&\\$*
..
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" BB/BE - put background/screen (filled box) around block of text
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.de BB
.if t \{\
.sp -.5
.br
.in +2n
.ll -2n
.gcolor red
.di BX
.\}
..
.de EB
.if t \{\
.if "\\$2"adjust-for-leading-newline" \{\
.sp -1
.\}
.br
.di
.in
.ll
.gcolor
.nr BW \\n(.lu-\\n(.i
.nr BH \\n(dn+.5v
.ne \\n(BHu+.5v
.ie "\\$2"adjust-for-leading-newline" \{\
\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
.\}
.el \{\
\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
.\}
.in 0
.sp -.5v
.nf
.BX
.in
.sp .5v
.fi
.\}
..
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" BM/EM - put colored marker in margin next to block of text
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.de BM
.if t \{\
.br
.ll -2n
.gcolor red
.di BX
.\}
..
.de EM
.if t \{\
.br
.di
.ll
.gcolor
.nr BH \\n(dn
.ne \\n(BHu
\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
.in 0
.nf
.BX
.in
.fi
.\}
..
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "Name"
tcclasses \- Shorewall file to define HTB classes
.SH "Synopsis"
.fam C
.HP \w'\fB/etc/shorewall/tcclasses\fR\ 'u
\fB/etc/shorewall/tcclasses\fR
.fam
.SH "Description"
.PP
A note on the
\fIrate\fR/bandwidth definitions used in this file:
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
don\'t use a space between the integer value and the unit: 30kbit is valid while 30 kbit is NOT\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
you can use one of the following units:
.PP
\fBkpbs\fR
.RS 4
Kilobytes per second\&.
.RE
.PP
\fBmbps\fR
.RS 4
Megabytes per second\&.
.RE
.PP
\fBkbit\fR
.RS 4
Kilobits per second\&.
.RE
.PP
\fBmbit\fR
.RS 4
Megabits per second\&.
.RE
.PP
\fBbps\fR or \fBnumber\fR
.RS 4
Bytes per second\&.
.RE
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
if you want the values to be calculated for you depending on the output bandwidth setting defined for an interface in tcdevices, you can use expressions like the following:
.PP
full/3
.RS 4
causes the bandwidth to be calculated as 1/3 of the full outgoing speed that is defined\&.
.RE
.PP
full*9/10
.RS 4
will set this bandwidth to 9/10 of the full bandwidth
.RE
.sp
DO NOT add a unit to the rate if it is calculated !
.RE
.PP
The columns in the file are as follows\&.
.PP
\fBINTERFACE\fR \- \fIinterface\fR[:\fIclass\fR]
.RS 4
Name of
\fIinterface\fR\&. Each interface may be listed only once in this file\&. You may NOT specify the name of an alias (e\&.g\&., eth0:0) here; see
\m[blue]\fBhttp://www\&.shorewall\&.net/FAQ\&.htm#faq18\fR\m[]
.sp
If you are running Shorewall\-perl 4\&.1\&.6 or later, you may specify the interface number rather than the interface name\&. If the
\fBclassify\fR
option is given for the interface in
\m[blue]\fBshorewall\-tcdevices\fR\m[]\&\s-2\u[1]\d\s+2(5), then you must also specify an interface class (an integer that must be unique within classes associated with this interface)\&.
.sp
You may NOT specify wildcards here, e\&.g\&. if you have multiple ppp interfaces, you need to put them all in here!
.sp
Please note that you can only use interface names in here that have a bandwidth defined in the
\m[blue]\fBshorewall\-tcdevices\fR\m[]\&\s-2\u[1]\d\s+2(5) file
.RE
.PP
\fBMARK\fR \- {\-|\fIvalue\fR}
.RS 4
The mark
\fIvalue\fR
which is an integer in the range 1\-255\&. You set mark values in the
\m[blue]\fBshorewall\-tcrules\fR\m[]\&\s-2\u[2]\d\s+2(5) file, marking the traffic you want to fit in the classes defined in here\&. Must be specified as \'\-\' if the
\fBclassify\fR
option is given for the interface in
\m[blue]\fBshorewall\-tcdevices\fR\m[]\&\s-2\u[1]\d\s+2(5)
.sp
You can use the same marks for different interfaces\&.
.RE
.PP
\fBRATE\fR \- \fIrate\fR
.RS 4
The minimum bandwidth this class should get, when the traffic load rises\&. If the sum of the rates in this column exceeds the INTERFACE\'s OUT\-BANDWIDTH, then the OUT\-BANDWIDTH limit may not be honored\&.
.RE
.PP
\fBCEIL\fR \- \fIrate\fR
.RS 4
The maximum bandwidth this class is allowed to use when the link is idle\&. Useful if you have traffic which can get full speed when more needed services (e\&.g\&. ssh) are not used\&.
.sp
You can use the value
\fBfull\fR
in here for setting the maximum bandwidth to the defined output bandwidth of that interface\&.
.RE
.PP
\fBPRIORITY\fR \- \fIpriority\fR
.RS 4
The
\fIpriority\fR
in which classes will be serviced by the packet shaping scheduler and also the priority in which bandwidth in excess of the rate will be given to each class\&.
.sp
Higher priority classes will experience less delay since they are serviced first\&. Priority values are serviced in ascending order (e\&.g\&. 0 is higher priority than 1)\&.
.sp
Classes may be set to the same priority, in which case they will be serviced as equals\&.
.RE
.PP
\fBOPTIONS\fR (Optional) \- [\fIoption\fR[\fB,\fR\fIoption\fR]\&.\&.\&.]
.RS 4
Added in Shorewall\-perl 4\&.1\&. A comma\-separated list of options including the following:
.PP
\fBdefault\fR
.RS 4
This is the default class for that interface where all traffic should go, that is not classified otherwise\&.
.sp
.if n \{\
.sp
.\}
.RS 4
.BM yellow
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBNote\fR
.ps -1
.br
You must define
\fBdefault\fR
for exactly one class per interface\&.
.sp .5v
.EM yellow
.RE
.RE
.PP
\fBtos=0x\fR\fIvalue\fR[/0x\fImask\fR] (mask defaults to 0xff)
.RS 4
This lets you define a classifier for the given
\fIvalue\fR/\fImask\fR
combination of the IP packet\'s TOS/Precedence/DiffSrv octet (aka the TOS byte)\&. Please note that classifiers override all mark settings, so if you define a classifer for a class, all traffic having that mark will go in it regardless of any mark set on the packet by a firewall/mangle filter\&.
.RE
.PP
\fBtos\-\fR\fItosname\fR
.RS 4
Aliases for the following TOS octet value and mask encodings\&. TOS encodings of the "TOS byte" have been deprecated in favor of diffserve classes, but programs like ssh, rlogin, and ftp still use them\&.
.sp
.if n \{\
.RS 4
.\}
.fam C
.ps -1
.nf
.BB lightgray
        \fBtos\-minimize\-delay\fR       0x10/0x10
        \fBtos\-maximize\-throughput\fR  0x08/0x08
        \fBtos\-maximize\-reliability\fR 0x04/0x04
        \fBtos\-minimize\-cost\fR        0x02/0x02
        \fBtos\-normal\-service\fR       0x00/0x1e
.EB lightgray
.fi
.fam
.ps +1
.if n \{\
.RE
.\}
.if n \{\
.sp
.\}
.RS 4
.BM yellow
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBNote\fR
.ps -1
.br
Each of these options is only valid for ONE class per interface\&.
.sp .5v
.EM yellow
.RE
.RE
.PP
\fBtcp\-ack\fR
.RS 4
If defined, causes a tc filter to be created that puts all tcp ack packets on that interface that have a size of <=64 Bytes to go in this class\&. This is useful for speeding up downloads\&. Please note that the size of the ack packets is limited to 64 bytes because we want only packets WITHOUT payload to match\&.
.sp
.if n \{\
.sp
.\}
.RS 4
.BM yellow
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBNote\fR
.ps -1
.br
This option is only valid for ONE class per interface\&.
.sp .5v
.EM yellow
.RE
.RE
.RE
.SH "Examples"
.PP
Example 1:
.RS 4
Suppose you are using PPP over Ethernet (DSL) and ppp0 is the interface for this\&. You have 4 classes here, the first you can use for voice over IP traffic, the second interactive traffic (e\&.g\&. ssh/telnet but not scp), the third will be for all unclassified traffic, and the forth is for low priority traffic (e\&.g\&. peer\-to\-peer)\&.
.sp
The voice traffic in the first class will be guaranteed a minimum of 100kbps and always be serviced first (because of the low priority number, giving less delay) and will be granted excess bandwidth (up to 180kbps, the class ceiling) first, before any other traffic\&. A single VOIP stream, depending upon codecs, after encapsulation, can take up to 80kbps on a PPOE/DSL link, so we pad a little bit just in case\&. (TOS byte values 0xb8 and 0x68 are DiffServ classes EF and AFF3\-1 respectively and are often used by VOIP devices)\&.
.sp
Interactive traffic (tos\-minimum\-delay) and TCP acks (and ICMP echo traffic if you use the example in tcrules) and any packet with a mark of 2 will be guaranteed 1/4 of the link bandwidth, and may extend up to full speed of the link\&.
.sp
Unclassified traffic and packets marked as 3 will be guaranteed 1/4th of the link bandwidth, and may extend to the full speed of the link\&.
.sp
Packets marked with 4 will be treated as low priority packets\&. (The tcrules example marks p2p traffic as such\&.) If the link is congested, they\'re only guaranteed 1/8th of the speed, and even if the link is empty, can only expand to 80% of link bandwidth just as a precaution in case there are upstream queues we didn\'t account for\&. This is the last class to get additional bandwidth and the last to get serviced by the scheduler because of the low priority\&.
.sp
.if n \{\
.RS 4
.\}
.fam C
.ps -1
.nf
.BB lightgray
        #INTERFACE  MARK  RATE    CEIL      PRIORITY    OPTIONS
        ppp0        1     100kbit 180kbit   1           tos=0x68/0xfc,tos=0xb8/0xfc
        ppp0        2     full/4  full      2           tcp\-ack,tos\-minimize\-delay
        ppp0        3     full/4  full      3           default
        ppp0        4     full/8  full*8/10 4
.EB lightgray
.fi
.fam
.ps +1
.if n \{\
.RE
.\}
.RE
.SH "FILES"
.PP
/etc/shorewall/tcclasses
.SH "See ALSO"
.PP
\m[blue]\fBhttp://shorewall\&.net/traffic_shaping\&.htm\fR\m[]
.PP
shorewall(8), shorewall\-accounting(5), shorewall\-actions(5), shorewall\-blacklist(5), shorewall\-hosts(5), shorewall\-interfaces(5), shorewall\-ipsec(5), shorewall\-maclist(5), shorewall\-masq(5), shorewall\-nat(5), shorewall\-netmap(5), shorewall\-params(5), shorewall\-policy(5), shorewall\-providers(5), shorewall\-proxyarp(5), shorewall\-route_rules(5), shorewall\-routestopped(5), shorewall\-rules(5), shorewall\&.conf(5), shorewall\-tcdevices(5), shorewall\-tcrules(5), shorewall\-tos(5), shorewall\-tunnels(5), shorewall\-zones(5)
.SH "Notes"
.IP " 1." 4
shorewall-tcdevices
.RS 4
\%http://www.shorewall.net/manpages/shorewall-tcdevices.html
.RE
.IP " 2." 4
shorewall-tcrules
.RS 4
\%http://www.shorewall.net/manpages/shorewall-tcrules.html
.RE