diff --git a/manpages/shorewall-tcdevices.xml b/manpages/shorewall-tcdevices.xml
index 4c03b8742..0be099a32 100644
--- a/manpages/shorewall-tcdevices.xml
+++ b/manpages/shorewall-tcdevices.xml
@@ -123,7 +123,7 @@
IN-BANDWIDTH (in_bandwidth) -
- bandwidth[:burst]
+ {-|bandwidth[:burst]|~bandwidth[:interval:decay_interval]}
The incoming bandwidth of that interface.
@@ -145,6 +145,21 @@
bandwidth more accurate; often for fast
lines, the enforced rate is well below the specified
bandwidth.
+
+ What is described above creates a rate/burst policing filter.
+ Beginning with Shorewall 4.4.25, a rate-estimated policing filter
+ may be configured instead. Rate-estimated filters should be used
+ with ethernet adapters that have Generic Receive Offload enabled by
+ default. See Shorewall FAQ
+ 97a.
+
+ To create a rate-estimated filter, precede the bandwidth with
+ a tilde ("~"). The optional interval and decay_interval determine
+ how often the rate is estimated and how many samples are retained
+ for estimating. Please see http://ace-host.stuart.id.au/russell/files/tc/doc/estimators.txt
+ for details.
@@ -231,6 +246,9 @@
http://shorewall.net/configuration_file_basics.htm#Pairs
+ http://ace-host.stuart.id.au/russell/files/tc/doc/estimators.txt
+
shorewall(8), shorewall-accounting(5), shorewall-actions(5),
shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5),
shorewall-ipsets(5), shorewall-maclist(5), shorewall-masq(5),
diff --git a/manpages/shorewall-tcinterfaces.xml b/manpages/shorewall-tcinterfaces.xml
index 52036fc3b..24b7153ad 100644
--- a/manpages/shorewall-tcinterfaces.xml
+++ b/manpages/shorewall-tcinterfaces.xml
@@ -141,32 +141,44 @@
- IN-BANDWIDTH (in_bandwidth) -
- [rate[:burst]]
+ IN-BANDWIDTH (in_bandwidth) -
+ {-|bandwidth[:burst]|~bandwidth[:interval:decay_interval]}
- Optional. If specified, enables ingress policing on the
- interface. If incoming traffic exceeds the given
- rate, received packets are dropped
- randomly. With some DSL and Cable links, large queues can build up
- in the ISP's gateway router. While this insures maximum throughput,
- it kills interactive response time. By setting IN-BANDWIDTH, you can
- eliminate these queues.
+ The incoming bandwidth of that interface.
+ Please note that you are not able to do traffic shaping on incoming
+ traffic, as the traffic is already received before you could do so.
+ But this allows you to define the maximum traffic allowed for this
+ interface in total, if the rate is exceeded, the packets are
+ dropped. You want this mainly if you have a DSL or Cable connection
+ to avoid queuing at your providers side.
- To pick an appropriate setting, we recommend that you start by
- setting it significantly below your measured download bandwidth (20%
- or so). While downloading, measure the ping response time from the
- firewall to the upstream router as you gradually increase the
- setting.The optimal setting is at the point beyond which the ping
- time increases sharply as you increase the setting.
+ If you don't want any traffic to be dropped, set this to a
+ value to zero in which case Shorewall will not create an ingress
+ qdisc.Must be set to zero if the REDIRECTED INTERFACES column is
+ non-empty.
- The burst option was added in
- Shorewall 4.4.13. If not supplied, 10kb is assumed. A larger
- burst size can help make the
- rate estimate more accurate on fast
- lines. The default burst often make the
- enforced rate mush less that the specified
- rate.
+ The optional burst option was added in Shorewall 4.4.18. The
+ default burst is 10kb. A larger
+ burst can help make the
+ bandwidth more accurate; often for fast
+ lines, the enforced rate is well below the specified
+ bandwidth.
+
+ What is described above creates a rate/burst policing filter.
+ Beginning with Shorewall 4.4.25, a rate-estimated policing filter
+ may be configured instead. Rate-estimated filters should be used
+ with ethernet adapters that have Generic Receive Offload enabled by
+ default. See Shorewall FAQ
+ 97a.
+
+ To create a rate-estimated filter, precede the bandwidth with
+ a tilde ("~"). The optional interval and decay_interval determine
+ how often the rate is estimated and how many samples are retained
+ for estimating. Please see http://ace-host.stuart.id.au/russell/files/tc/doc/estimators.txt
+ for details.
@@ -204,6 +216,9 @@
http://ace-host.stuart.id.au/russell/files/tc/doc/sch_tbf.txt
+ http://ace-host.stuart.id.au/russell/files/tc/doc/estimators.txt
+
shorewall(8), shorewall-accounting(5), shorewall-actions(5),
shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5),
shorewall-ipsets(5), shorewall-maclist(5), shorewall-masq(5),
diff --git a/manpages6/shorewall6-tcdevices.xml b/manpages6/shorewall6-tcdevices.xml
index 0886de6e5..630beecc7 100644
--- a/manpages6/shorewall6-tcdevices.xml
+++ b/manpages6/shorewall6-tcdevices.xml
@@ -123,9 +123,8 @@
- IN-BANDWIDTH (in_bandwidth) -
- bandwidth[:burst]
+ IN-BANDWIDTH (in_bandwidth) -
+ {-|bandwidth[:burst]|~bandwidth[:interval:decay_interval]}
The incoming bandwidth of that interface.
@@ -137,16 +136,31 @@
to avoid queuing at your providers side.
If you don't want any traffic to be dropped, set this to a
- value to zero in which case Shorewall6 will not create an ingress
+ value to zero in which case Shorewall will not create an ingress
qdisc.Must be set to zero if the REDIRECTED INTERFACES column is
non-empty.
- The optional burst option was added in Shorewall6 4.4.18. The
+ The optional burst option was added in Shorewall 4.4.18. The
default burst is 10kb. A larger
burst can help make the
bandwidth more accurate; often for fast
lines, the enforced rate is well below the specified
bandwidth.
+
+ What is described above creates a rate/burst policing filter.
+ Beginning with Shorewall 4.4.25, a rate-estimated policing filter
+ may be configured instead. Rate-estimated filters should be used
+ with ethernet adapters that have Generic Receive Offload enabled by
+ default. See Shorewall FAQ
+ 97a.
+
+ To create a rate-estimated filter, precede the bandwidth with
+ a tilde ("~"). The optional interval and decay_interval determine
+ how often the rate is estimated and how many samples are retained
+ for estimating. Please see http://ace-host.stuart.id.au/russell/files/tc/doc/estimators.txt
+ for details.
@@ -231,6 +245,9 @@
http://shorewall.net/traffic_shaping.htm
+ http://ace-host.stuart.id.au/russell/files/tc/doc/estimators.txt
+
shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5),
shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5),
shorewall6-maclist(5), shoewall6-netmap(5),shorewall6-params(5),
diff --git a/manpages6/shorewall6-tcinterfaces.xml b/manpages6/shorewall6-tcinterfaces.xml
index 27525de7b..544b42469 100644
--- a/manpages6/shorewall6-tcinterfaces.xml
+++ b/manpages6/shorewall6-tcinterfaces.xml
@@ -141,32 +141,44 @@
- IN-BANDWIDTH (in_bandwidth) -
- [rate[:burst]]
+ IN-BANDWIDTH (in_bandwidth) -
+ {-|bandwidth[:burst]|~bandwidth[:interval:decay_interval]}
- Optional. If specified, enables ingress policing on the
- interface. If incoming traffic exceeds the given
- rate, received packets are dropped
- randomly. With some DSL and Cable links, large queues can build up
- in the ISP's gateway router. While this insures maximum throughput,
- it kills interactive response time. By setting IN-BANDWIDTH, you can
- eliminate these queues.
+ The incoming bandwidth of that interface.
+ Please note that you are not able to do traffic shaping on incoming
+ traffic, as the traffic is already received before you could do so.
+ But this allows you to define the maximum traffic allowed for this
+ interface in total, if the rate is exceeded, the packets are
+ dropped. You want this mainly if you have a DSL or Cable connection
+ to avoid queuing at your providers side.
- To pick an appropriate setting, we recommend that you start by
- setting it significantly below your measured download bandwidth (20%
- or so). While downloading, measure the ping response time from the
- firewall to the upstream router as you gradually increase the
- setting.The optimal setting is at the point beyond which the ping
- time increases sharply as you increase the setting.
+ If you don't want any traffic to be dropped, set this to a
+ value to zero in which case Shorewall will not create an ingress
+ qdisc.Must be set to zero if the REDIRECTED INTERFACES column is
+ non-empty.
- The burst option was added in
- Shorewall 4.4.13. If not supplied, 10kb is assumed. A larger
- burst size can help make the
- rate estimate more accurate on fast
- lines. The default burst often make the
- enforced rate mush less that the specified
- rate.
+ The optional burst option was added in Shorewall 4.4.18. The
+ default burst is 10kb. A larger
+ burst can help make the
+ bandwidth more accurate; often for fast
+ lines, the enforced rate is well below the specified
+ bandwidth.
+
+ What is described above creates a rate/burst policing filter.
+ Beginning with Shorewall 4.4.25, a rate-estimated policing filter
+ may be configured instead. Rate-estimated filters should be used
+ with ethernet adapters that have Generic Receive Offload enabled by
+ default. See Shorewall FAQ
+ 97a.
+
+ To create a rate-estimated filter, precede the bandwidth with
+ a tilde ("~"). The optional interval and decay_interval determine
+ how often the rate is estimated and how many samples are retained
+ for estimating. Please see http://ace-host.stuart.id.au/russell/files/tc/doc/estimators.txt
+ for details.
@@ -204,6 +216,9 @@
http://ace-host.stuart.id.au/russell/files/tc/doc/sch_tbf.txt
+ http://ace-host.stuart.id.au/russell/files/tc/doc/estimators.txt
+
shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5),
shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-maclist(5),
shoewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5),