From 15915799b9c2b12ba074b9318b8ebdf93774f3b7 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Tue, 18 Oct 2011 05:53:31 -0700 Subject: [PATCH] Document new IN-BANDWIDTH handling Signed-off-by: Tom Eastep --- manpages/shorewall-tcdevices.xml | 20 ++++++++- manpages/shorewall-tcinterfaces.xml | 59 +++++++++++++++++---------- manpages6/shorewall6-tcdevices.xml | 27 +++++++++--- manpages6/shorewall6-tcinterfaces.xml | 59 +++++++++++++++++---------- 4 files changed, 115 insertions(+), 50 deletions(-) diff --git a/manpages/shorewall-tcdevices.xml b/manpages/shorewall-tcdevices.xml index 4c03b8742..0be099a32 100644 --- a/manpages/shorewall-tcdevices.xml +++ b/manpages/shorewall-tcdevices.xml @@ -123,7 +123,7 @@ IN-BANDWIDTH (in_bandwidth) - - bandwidth[:burst] + {-|bandwidth[:burst]|~bandwidth[:interval:decay_interval]} The incoming bandwidth of that interface. @@ -145,6 +145,21 @@ bandwidth more accurate; often for fast lines, the enforced rate is well below the specified bandwidth. + + What is described above creates a rate/burst policing filter. + Beginning with Shorewall 4.4.25, a rate-estimated policing filter + may be configured instead. Rate-estimated filters should be used + with ethernet adapters that have Generic Receive Offload enabled by + default. See Shorewall FAQ + 97a. + + To create a rate-estimated filter, precede the bandwidth with + a tilde ("~"). The optional interval and decay_interval determine + how often the rate is estimated and how many samples are retained + for estimating. Please see http://ace-host.stuart.id.au/russell/files/tc/doc/estimators.txt + for details. @@ -231,6 +246,9 @@ http://shorewall.net/configuration_file_basics.htm#Pairs + http://ace-host.stuart.id.au/russell/files/tc/doc/estimators.txt + shorewall(8), shorewall-accounting(5), shorewall-actions(5), shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5), shorewall-ipsets(5), shorewall-maclist(5), shorewall-masq(5), diff --git a/manpages/shorewall-tcinterfaces.xml b/manpages/shorewall-tcinterfaces.xml index 52036fc3b..24b7153ad 100644 --- a/manpages/shorewall-tcinterfaces.xml +++ b/manpages/shorewall-tcinterfaces.xml @@ -141,32 +141,44 @@ - IN-BANDWIDTH (in_bandwidth) - - [rate[:burst]] + IN-BANDWIDTH (in_bandwidth) - + {-|bandwidth[:burst]|~bandwidth[:interval:decay_interval]} - Optional. If specified, enables ingress policing on the - interface. If incoming traffic exceeds the given - rate, received packets are dropped - randomly. With some DSL and Cable links, large queues can build up - in the ISP's gateway router. While this insures maximum throughput, - it kills interactive response time. By setting IN-BANDWIDTH, you can - eliminate these queues. + The incoming bandwidth of that interface. + Please note that you are not able to do traffic shaping on incoming + traffic, as the traffic is already received before you could do so. + But this allows you to define the maximum traffic allowed for this + interface in total, if the rate is exceeded, the packets are + dropped. You want this mainly if you have a DSL or Cable connection + to avoid queuing at your providers side. - To pick an appropriate setting, we recommend that you start by - setting it significantly below your measured download bandwidth (20% - or so). While downloading, measure the ping response time from the - firewall to the upstream router as you gradually increase the - setting.The optimal setting is at the point beyond which the ping - time increases sharply as you increase the setting. + If you don't want any traffic to be dropped, set this to a + value to zero in which case Shorewall will not create an ingress + qdisc.Must be set to zero if the REDIRECTED INTERFACES column is + non-empty. - The burst option was added in - Shorewall 4.4.13. If not supplied, 10kb is assumed. A larger - burst size can help make the - rate estimate more accurate on fast - lines. The default burst often make the - enforced rate mush less that the specified - rate. + The optional burst option was added in Shorewall 4.4.18. The + default burst is 10kb. A larger + burst can help make the + bandwidth more accurate; often for fast + lines, the enforced rate is well below the specified + bandwidth. + + What is described above creates a rate/burst policing filter. + Beginning with Shorewall 4.4.25, a rate-estimated policing filter + may be configured instead. Rate-estimated filters should be used + with ethernet adapters that have Generic Receive Offload enabled by + default. See Shorewall FAQ + 97a. + + To create a rate-estimated filter, precede the bandwidth with + a tilde ("~"). The optional interval and decay_interval determine + how often the rate is estimated and how many samples are retained + for estimating. Please see http://ace-host.stuart.id.au/russell/files/tc/doc/estimators.txt + for details. @@ -204,6 +216,9 @@ http://ace-host.stuart.id.au/russell/files/tc/doc/sch_tbf.txt + http://ace-host.stuart.id.au/russell/files/tc/doc/estimators.txt + shorewall(8), shorewall-accounting(5), shorewall-actions(5), shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5), shorewall-ipsets(5), shorewall-maclist(5), shorewall-masq(5), diff --git a/manpages6/shorewall6-tcdevices.xml b/manpages6/shorewall6-tcdevices.xml index 0886de6e5..630beecc7 100644 --- a/manpages6/shorewall6-tcdevices.xml +++ b/manpages6/shorewall6-tcdevices.xml @@ -123,9 +123,8 @@ - IN-BANDWIDTH (in_bandwidth) - - bandwidth[:burst] + IN-BANDWIDTH (in_bandwidth) - + {-|bandwidth[:burst]|~bandwidth[:interval:decay_interval]} The incoming bandwidth of that interface. @@ -137,16 +136,31 @@ to avoid queuing at your providers side. If you don't want any traffic to be dropped, set this to a - value to zero in which case Shorewall6 will not create an ingress + value to zero in which case Shorewall will not create an ingress qdisc.Must be set to zero if the REDIRECTED INTERFACES column is non-empty. - The optional burst option was added in Shorewall6 4.4.18. The + The optional burst option was added in Shorewall 4.4.18. The default burst is 10kb. A larger burst can help make the bandwidth more accurate; often for fast lines, the enforced rate is well below the specified bandwidth. + + What is described above creates a rate/burst policing filter. + Beginning with Shorewall 4.4.25, a rate-estimated policing filter + may be configured instead. Rate-estimated filters should be used + with ethernet adapters that have Generic Receive Offload enabled by + default. See Shorewall FAQ + 97a. + + To create a rate-estimated filter, precede the bandwidth with + a tilde ("~"). The optional interval and decay_interval determine + how often the rate is estimated and how many samples are retained + for estimating. Please see http://ace-host.stuart.id.au/russell/files/tc/doc/estimators.txt + for details. @@ -231,6 +245,9 @@ http://shorewall.net/traffic_shaping.htm + http://ace-host.stuart.id.au/russell/files/tc/doc/estimators.txt + shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5), shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5), shorewall6-maclist(5), shoewall6-netmap(5),shorewall6-params(5), diff --git a/manpages6/shorewall6-tcinterfaces.xml b/manpages6/shorewall6-tcinterfaces.xml index 27525de7b..544b42469 100644 --- a/manpages6/shorewall6-tcinterfaces.xml +++ b/manpages6/shorewall6-tcinterfaces.xml @@ -141,32 +141,44 @@ - IN-BANDWIDTH (in_bandwidth) - - [rate[:burst]] + IN-BANDWIDTH (in_bandwidth) - + {-|bandwidth[:burst]|~bandwidth[:interval:decay_interval]} - Optional. If specified, enables ingress policing on the - interface. If incoming traffic exceeds the given - rate, received packets are dropped - randomly. With some DSL and Cable links, large queues can build up - in the ISP's gateway router. While this insures maximum throughput, - it kills interactive response time. By setting IN-BANDWIDTH, you can - eliminate these queues. + The incoming bandwidth of that interface. + Please note that you are not able to do traffic shaping on incoming + traffic, as the traffic is already received before you could do so. + But this allows you to define the maximum traffic allowed for this + interface in total, if the rate is exceeded, the packets are + dropped. You want this mainly if you have a DSL or Cable connection + to avoid queuing at your providers side. - To pick an appropriate setting, we recommend that you start by - setting it significantly below your measured download bandwidth (20% - or so). While downloading, measure the ping response time from the - firewall to the upstream router as you gradually increase the - setting.The optimal setting is at the point beyond which the ping - time increases sharply as you increase the setting. + If you don't want any traffic to be dropped, set this to a + value to zero in which case Shorewall will not create an ingress + qdisc.Must be set to zero if the REDIRECTED INTERFACES column is + non-empty. - The burst option was added in - Shorewall 4.4.13. If not supplied, 10kb is assumed. A larger - burst size can help make the - rate estimate more accurate on fast - lines. The default burst often make the - enforced rate mush less that the specified - rate. + The optional burst option was added in Shorewall 4.4.18. The + default burst is 10kb. A larger + burst can help make the + bandwidth more accurate; often for fast + lines, the enforced rate is well below the specified + bandwidth. + + What is described above creates a rate/burst policing filter. + Beginning with Shorewall 4.4.25, a rate-estimated policing filter + may be configured instead. Rate-estimated filters should be used + with ethernet adapters that have Generic Receive Offload enabled by + default. See Shorewall FAQ + 97a. + + To create a rate-estimated filter, precede the bandwidth with + a tilde ("~"). The optional interval and decay_interval determine + how often the rate is estimated and how many samples are retained + for estimating. Please see http://ace-host.stuart.id.au/russell/files/tc/doc/estimators.txt + for details. @@ -204,6 +216,9 @@ http://ace-host.stuart.id.au/russell/files/tc/doc/sch_tbf.txt + http://ace-host.stuart.id.au/russell/files/tc/doc/estimators.txt + shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5), shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-maclist(5), shoewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5),