shorewall_code/Shorewall/tcclasses

194 lines
6.9 KiB
Plaintext
Raw Normal View History

#
# Shorewall version 3.3 - Tcclasses File
#
# Based on tc4shorewall version 0.5 by Arne Bernin
#
# /etc/shorewall/tcclasses
#
# Define the classes used for traffic shaping in this file.
#
# A note on the rate/bandwidth definitions used in this file:
#
# - don't use a space between the integer value and
# the unit: 30kbit is valid while 30 kbit is NOT.
#
# - you can use one of the following units:
#
# kbps Kilobytes per second
# mbps Megabytes per second
# kbit Kilobits per second
# mbit Megabits per second
# bps or a
# bare number Bytes per second
#
# - if you want the values to be calculated for you depending
# on the output bandwidth setting defined for an interface
# in tcdevices, you can use expressions like the following:
#
# full/3 causes the bandwidth to be calculated
# as 3 of the the full outgoing
# speed that is defined.
#
# full*9/10 will set this bandwidth to 9/10 of
# the full bandwidth
#
# DO NOT add a unit to the rate if it is calculated !
#
# Columns are:
#
# INTERFACE Name of interface. Each interface may be listed only
# once in this file. You may NOT specify the name of
# an alias (e.g., eth0:0) here; see
# http://www.shorewall.net/FAQ.htm#faq18
#
# You may NOT specify wildcards here, e.g. if you
# have multiple ppp interfaces, you need to put
# them all in here!
#
# Please note that you can only use interface names
# in here that have a bandwidth defined in the tcdevices
# file
#
# MARK The mark value which is an integer in the range 1-255.
# You define this marks in the tcrules file, marking
# the traffic you want to fit in the classes defined
# in here.
#
# You can use the same marks for different interfaces.
#
# RATE The minimum bandwidth this class should get,
# when the traffic load rises.
#
# CEIL The maximum bandwidth this class is allowed to use
# when the link is idle. Useful if you have traffic
# which can get full speed when more needed services
# (e.g. ssh) are not used.
#
# You can use the value "full" in here for setting
# the maximum bandwidth to the defined output bandwidth
# of that interface
#
# PRIORITY The priority in which classes will be serviced by
# the packet shaping scheduler and also the priority
# in which bandwidth in excess of the rate will be
# given to each class.
#
# Higher priority classes will experience less delay
# since they are serviced first. Priority values
# are serviced in ascending order (e.g. 0 is higher
# priority than 1).
#
# Classes may be set to the same priority, in which
# case they will be serviced as equals.
#
# OPTIONS A comma-separated list of options including the
# following:
#
# default - this is the default class for that
# interface where all traffic should go,
# that is not classified otherwise.
#
# NOTE: defining default for exactly one
# class per interface is mandatory!
#
# tos=0x<value>[/0x<mask>] (mask defaults to 0xff)
# - this lets you define a classifier
# for the given <value>/<mask>
# combination of the IP packet's
# TOS/Precedence/DiffSrv octet (aka the
# TOS byte). Please note, classifiers
# override all mark settings, so if you
# define a classifer for a class, all
# traffic having that mark will go in it
# regardless of any mark set on the
# packet by a firewall/mangle filter.
#
# NOTE: multiple tos= statements may be
# applied per class and per interface,
# but a given value/mask pair is valid
# for only ONE class per interface.
#
# tos-<tosname> - aliases for the following TOS octet
# value and mask encodings. TOS
# encodings of the "TOS byte" have been
# deprecated in favor of diffserve
# classes, but programs like ssh,
# rlogin, and ftp still use them.
#
# tos-minimize-delay 0x10/0x10
# tos-maximize-throughput 0x08/0x08
# tos-maximize-reliability 0x04/0x04
# tos-minimize-cost 0x02/0x02
# tos-normal-service 0x00/0x1e
#
# NOTE: each of this options is only
# valid for ONE class per interface.
#
# tcp-ack - if defined causes an tc filter to
# be created that puts all tcp ack
# packets on that interface that have
# an size of <=64 Bytes to go in this
# class. This is useful for speeding up
# downloads. Please note that the size
# of the ack packets is limited to 64
# bytes as some applications (p2p for
# example) use to make every packet an
# ack packet which would cause them
# all into here. We want only packets
# WITHOUT payload to match, so the size
# limit.
#
# NOTE: This option is only valid for
# ONE class per interface.
#
#
#
# Example 1: Suppose you are using PPP over Ethernet (DSL)
# and ppp0 is the interface for this. You have 4 classes
# here, the first you can use for voice over IP
# traffic, the second interactive traffic (e.g.
# ssh/telnet but not scp), the third will be for all
# unclassified traffic, and the forth is for low
# priority traffic (e.g. peer-to-peer).
#
# The voice traffic in the first class will be
# guaranteed a minimum of 100kbps and always be
# serviced first (because of the low priority number,
# giving less delay) and will be granted excess
# bandwidth (up to 180kbps, the class ceiling) first,
# before any other traffic. A single VOIP stream,
# depending upon codecs, after encapsulation, can take
# up to 80kbps on a PPOE/DSL link, so we pad a little
# bit just in case. (TOS byte values 0xb8 and 0x68
# are DiffServ classes EF and AFF3-1 respectively and
# are often used by VOIP devices).
#
# Interactive traffic (tos-minimum-delay) and
# TCP acks (and ICMP echo traffic if you use the example
# in tcrules) and any packet with a mark of 2 will be
# guaranteed 1/4 of the link bandwidth, and may extend
# up to full speed of the link.
#
# Unclassified traffic and packets marked as 3 will be
# guaranteed 1/4th of the link bandwidth, and may extend
# to the full speed of the link.
#
# Packets marked with 4 will be treated as low priority
# packets. (The tcrules example marks p2p traffic as
# such.) If the link is congested, they're only
# guaranteed 1/8th of the speed, and even if the link is
# empty, can only expand to 80% of link bandwidth just
# as a precaution in case there are upstream queues we
# didn't account for. This is the last class to get
# additional bandwidth and the last to get serviced by
# the scheduler because of the low priority.
#
# ppp0 1 100kbit 180kbit 1 tos=0x68/0xfc,tos=0xb8/0xfc
# ppp0 2 full/4 full 2 tcp-ack,tos-minimize-delay
# ppp0 3 full/4 full 3 default
# ppp0 4 full/8 full*8/10 4
#
###############################################################################
#INTERFACE MARK RATE CEIL PRIORITY OPTIONS
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE