extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-22 15:43:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Support 'red' queuing discipline

Browse Source 
- Also added 'ls' support for HFSC

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2012-06-13 14:29:13 -07:00
parent d2c415c580
commit 6c47349689
6 changed files with 392 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

98
Shorewall/Perl/Shorewall/Tc.pm
View File

@ -1031,6 +1031,18 @@ sub dev_by_number( $ ) {
( $dev , $devref ); ( $dev , $devref );
} }
use constant { RED_INTEGER => 1, RED_FLOAT => 2, RED_NONE => 3 };
my %validredoptions = ( min => RED_INTEGER,
max => RED_INTEGER,
limit => RED_INTEGER,
burst => RED_INTEGER,
avpkt => RED_INTEGER,
bandwidth => RED_INTEGER,
probability => RED_FLOAT,
ecn => RED_NONE,
);
sub validate_tc_class( ) { sub validate_tc_class( ) {
my ( $devclass, $mark, $rate, $ceil, $prio, $options ) = my ( $devclass, $mark, $rate, $ceil, $prio, $options ) =
split_line 'tcclasses file', { interface => 0, mark => 1, rate => 2, ceil => 3, prio => 4, options => 5 }; split_line 'tcclasses file', { interface => 0, mark => 1, rate => 2, ceil => 3, prio => 4, options => 5 };
@ -1040,6 +1052,7 @@ sub validate_tc_class( ) {
my $occurs = 1; my $occurs = 1;
my $parentclass = 1; my $parentclass = 1;
my $parentref; my $parentref;
my $lsceil = 0;
fatal_error 'INTERFACE must be specified' if $devclass eq '-'; fatal_error 'INTERFACE must be specified' if $devclass eq '-';
fatal_error 'CEIL must be specified' if $ceil eq '-'; fatal_error 'CEIL must be specified' if $ceil eq '-';
@ -1116,7 +1129,9 @@ sub validate_tc_class( ) {
my $parentnum = in_hexp $parentclass; my $parentnum = in_hexp $parentclass;
fatal_error "Unknown Parent class ($parentnum)" unless $parentref && $parentref->{occurs} == 1; fatal_error "Unknown Parent class ($parentnum)" unless $parentref && $parentref->{occurs} == 1;
fatal_error "The class ($parentnum) specifies UMAX and/or DMAX; it cannot serve as a parent" if $parentref->{dmax}; fatal_error "The class ($parentnum) specifies UMAX and/or DMAX; it cannot serve as a parent" if $parentref->{dmax};
fatal_error "The class ($parentnum) specifies flow; it cannot serve as a parent" if $parentref->{flow}; fatal_error "The class ($parentnum) specifies 'flow'; it cannot serve as a parent" if $parentref->{flow};
fatal_error "The class ($parentnum) specifies 'red'; it cannot serve as a parent " if $parentref->{red};
fatal_error "The class ($parentnum) has an 'ls' curve; it cannot serve as a parent " if $parentref->{lsceil};
fatal_error "The default class ($parentnum) may not have sub-classes" if ( $devref->{default} || 0 ) == $parentclass; fatal_error "The default class ($parentnum) may not have sub-classes" if ( $devref->{default} || 0 ) == $parentclass;
$parentref->{leaf} = 0; $parentref->{leaf} = 0;
$ratemax = $parentref->{rate}; $ratemax = $parentref->{rate};
@ -1127,7 +1142,17 @@ sub validate_tc_class( ) {
my ( $umax, $dmax ) = ( '', '' ); my ( $umax, $dmax ) = ( '', '' );
if ( $ceil =~ /^(.+):(.+)/ ) {
fatal_error "An LS rate may only be specified for HFSC classes" unless $devref->{qdisc} eq 'hfsc';
$lsceil = $1;
$ceil = $2;
}
if ( $devref->{qdisc} eq 'hfsc' ) { if ( $devref->{qdisc} eq 'hfsc' ) {
if ( $rate eq '-' ) {
fatal_error 'A RATE must be supplied' unless $lsceil;
$rate = 0;
} else {
( my $trate , $dmax, $umax , my $rest ) = split ':', $rate , 4; ( my $trate , $dmax, $umax , my $rest ) = split ':', $rate , 4;
fatal_error "Invalid RATE ($rate)" if defined $rest; fatal_error "Invalid RATE ($rate)" if defined $rest;
@ -1137,6 +1162,7 @@ sub validate_tc_class( ) {
$umax = convert_size( $umax ); $umax = convert_size( $umax );
fatal_error "DMAX must be specified when UMAX is specified" if $umax && ! $dmax; fatal_error "DMAX must be specified when UMAX is specified" if $umax && ! $dmax;
$parentclass ||= 1; $parentclass ||= 1;
}
} else { } else {
$rate = convert_rate ( $ratemax, $rate, 'RATE' , $ratename ); $rate = convert_rate ( $ratemax, $rate, 'RATE' , $ratename );
} }
@ -1154,6 +1180,7 @@ sub validate_tc_class( ) {
umax => $umax , umax => $umax ,
dmax => $dmax , dmax => $dmax ,
ceiling => convert_rate( $ceilmax, $ceil, 'CEIL' , $ceilname ) , ceiling => convert_rate( $ceilmax, $ceil, 'CEIL' , $ceilname ) ,
lsceil => $lsceil ? convert_rate( $ceilmax, $lsceil, 'CEIL', 'LSCEIL' ) : 0,
priority => $prio eq '-' ? 1 : $prio , priority => $prio eq '-' ? 1 : $prio ,
mark => $markval , mark => $markval ,
flow => '' , flow => '' ,
@ -1169,6 +1196,8 @@ sub validate_tc_class( ) {
fatal_error "RATE ($tcref->{rate}) exceeds CEIL ($tcref->{ceiling})" if $tcref->{rate} > $tcref->{ceiling}; fatal_error "RATE ($tcref->{rate}) exceeds CEIL ($tcref->{ceiling})" if $tcref->{rate} > $tcref->{ceiling};
my ( $red, %redopts ) = ( 0, ( avpkt => 1000 ) );
unless ( $options eq '-' ) { unless ( $options eq '-' ) {
for my $option ( split_list1 "\L$options", 'option' ) { for my $option ( split_list1 "\L$options", 'option' ) {
my $optval = $tosoptions{$option}; my $optval = $tosoptions{$option};
@ -1192,9 +1221,11 @@ sub validate_tc_class( ) {
push @{$tcref->{tos}}, $option; push @{$tcref->{tos}}, $option;
} elsif ( $option =~ /^flow=(.*)$/ ) { } elsif ( $option =~ /^flow=(.*)$/ ) {
fatal_error "The 'flow' option is not allowed with 'pfifo'" if $tcref->{pfifo}; fatal_error "The 'flow' option is not allowed with 'pfifo'" if $tcref->{pfifo};
fatal_error "The 'flow' option is not allowed with 'red'" if $tcref->{red};
$tcref->{flow} = process_flow $1; $tcref->{flow} = process_flow $1;
} elsif ( $option eq 'pfifo' ) { } elsif ( $option eq 'pfifo' ) {
fatal_error "The 'pfifo'' option is not allowed with 'flow='" if $tcref->{flow}; fatal_error "The 'pfifo' option is not allowed with 'flow='" if $tcref->{flow};
fatal_error "The 'pfifo' option is not allowed with 'red='" if $tcref->{red};
$tcref->{pfifo} = 1; $tcref->{pfifo} = 1;
} elsif ( $option =~ /^occurs=(\d+)$/ ) { } elsif ( $option =~ /^occurs=(\d+)$/ ) {
my $val = $1; my $val = $1;
@ -1215,6 +1246,31 @@ sub validate_tc_class( ) {
warning_message "limit ignored with pfifo queuing" if $tcref->{pfifo}; warning_message "limit ignored with pfifo queuing" if $tcref->{pfifo};
fatal_error "Invalid limit ($1)" if $1 < 3 || $1 > 128; fatal_error "Invalid limit ($1)" if $1 < 3 || $1 > 128;
$tcref->{limit} = $1; $tcref->{limit} = $1;
} elsif ( $option =~ s/^red=// ) {
fatal_error "The 'red=' option is not allowed with 'flow='" if $tcref->{flow};
fatal_error "The 'red=' option is not allowed with 'pfifo'" if $tcref->{pfifo};
$tcref->{red} = 1;
my $opttype;
for my $redopt ( split_list( $option , q('red' option list) ) ) {
if ( $redopt =~ /^([a-z]+)(?:=((0?\.)?(\d{1,8})))?$/ ) {
fatal_error "Invalid 'red' option ($1)" unless $opttype = $validredoptions{$1};
fatal_error "The $1 option requires a value" unless $opttype == RED_NONE || $2;
fatal_error "The $1 option requires a value 0 < value < 1" if $opttype == RED_FLOAT && ! $3;
fatal_error "The $1 option requires an integer value" if $opttype == RED_INTEGER && $3;
$redopts{$1} = $2;
} else {
fatal_error "Invalid 'red' option specification ($redopt)";
}
}
for ( qw/ limit min max avpkt burst probability / ) {
fatal_error "The $_ 'red' option is required" unless $redopts{$_};
}
fatal_error "The 'max' red option must be at least 2 * 'min'" unless $redopts{max} >= 2 * $redopts{min};
fatal_error "The 'limit' red option must be at least 2 * 'max'" unless $redopts{limit} >= 2 * $redopts{min};
$redopts{ecn} = 1 if exists $redopts{ecn};
$tcref->{redopts} = \%redopts;
} else { } else {
fatal_error "Unknown option ($option)"; fatal_error "Unknown option ($option)";
} }
@ -1246,6 +1302,8 @@ sub validate_tc_class( ) {
occurs => 0, occurs => 0,
parent => $parentclass, parent => $parentclass,
limit => $tcref->{limit}, limit => $tcref->{limit},
red => $tcref->{red},
redopts => $tcref->{redopts},
}; };
push @tcclasses, "$device:$classnumber"; push @tcclasses, "$device:$classnumber";
}; };
@ -1800,7 +1858,9 @@ sub process_traffic_shaping() {
my $mark = $tcref->{mark}; my $mark = $tcref->{mark};
my $devicenumber = in_hexp $devref->{number}; my $devicenumber = in_hexp $devref->{number};
my $classid = join( ':', $devicenumber, $classnum); my $classid = join( ':', $devicenumber, $classnum);
my $rate = "$tcref->{rate}kbit"; my $rawrate = $tcref->{rate};
my $rate = "${rawrate}kbit";
my $lsceil = $tcref->{lsceil};
my $quantum = calculate_quantum $rate, calculate_r2q( $devref->{out_bandwidth} ); my $quantum = calculate_quantum $rate, calculate_r2q( $devref->{out_bandwidth} );
$classids{$classid}=$device; $classids{$classid}=$device;
@ -1814,16 +1874,41 @@ sub process_traffic_shaping() {
emit ( "run_tc class add dev $device parent $devicenumber:$parent classid $classid htb rate $rate ceil $tcref->{ceiling}kbit prio $tcref->{priority} \$${dev}_mtu1 quantum \$quantum" ); emit ( "run_tc class add dev $device parent $devicenumber:$parent classid $classid htb rate $rate ceil $tcref->{ceiling}kbit prio $tcref->{priority} \$${dev}_mtu1 quantum \$quantum" );
} else { } else {
my $dmax = $tcref->{dmax}; my $dmax = $tcref->{dmax};
my $rule = "run_tc class add dev $device parent $devicenumber:$parent classid $classid hfsc";
if ( $dmax ) { if ( $dmax ) {
my $umax = $tcref->{umax} ? "$tcref->{umax}b" : "\${${dev}_mtu}b"; my $umax = $tcref->{umax} ? "$tcref->{umax}b" : "\${${dev}_mtu}b";
emit ( "run_tc class add dev $device parent $devicenumber:$parent classid $classid hfsc sc umax $umax dmax ${dmax}ms rate $rate ul rate $tcref->{ceiling}kbit" ); $rule .= " sc umax $umax dmax ${dmax}ms";
$rule .= " rate $rate" if $rawrate;
} else { } else {
emit ( "run_tc class add dev $device parent $devicenumber:$parent classid $classid hfsc sc rate $rate ul rate $tcref->{ceiling}kbit" ); $rule .= " sc rate $rate" if $rawrate;
}
$rule .= " ls rate ${lsceil}kbit" if $lsceil;
emit ( "$rule ul rate $tcref->{ceiling}kbit" );
}
if ( $tcref->{leaf} ) {
if ( $tcref->{red} ) {
1 while $devnums[++$sfq];
$sfqinhex = in_hexp( $sfq);
my ( $options, $redopts ) = ( '', $tcref->{redopts} );
while ( my ( $option, $type ) = each %validredoptions ) {
if ( my $value = $redopts->{$option} ) {
if ( $type == RED_NONE ) {
$options = join( ' ', $options, $option ) if $value;
} else {
$options = join( ' ', $options, $option, $value );
}
} }
} }
if ( $tcref->{leaf} && ! $tcref->{pfifo} ) { emit( "run_tc qdisc add dev $device parent $classid handle $sfqinhex: red${options}" );
} elsif ( $tcref->{leaf} && ! $tcref->{pfifo} ) {
1 while $devnums[++$sfq]; 1 while $devnums[++$sfq];
$sfqinhex = in_hexp( $sfq); $sfqinhex = in_hexp( $sfq);
@ -1833,6 +1918,7 @@ sub process_traffic_shaping() {
emit( "run_tc qdisc add dev $device parent $classid handle $sfqinhex: sfq limit $tcref->{limit} perturb 10" ); emit( "run_tc qdisc add dev $device parent $classid handle $sfqinhex: sfq limit $tcref->{limit} perturb 10" );
} }
} }
}
# #
# add filters # add filters
# #

143
Shorewall/manpages/shorewall-tcclasses.xml
View File

@ -175,7 +175,7 @@
<varlistentry> <varlistentry>
<term><emphasis role="bold">RATE</emphasis> - <term><emphasis role="bold">RATE</emphasis> -
<emphasis>rate</emphasis>[:<emphasis>dmax</emphasis>[:<emphasis>umax</emphasis>]]</term> {-|<emphasis>rate</emphasis>[:<emphasis>dmax</emphasis>[:<emphasis>umax</emphasis>]]}</term>
<listitem> <listitem>
<para>The minimum bandwidth this class should get, when the traffic <para>The minimum bandwidth this class should get, when the traffic
@ -185,11 +185,12 @@
class exceed the CEIL of the parent class, things don't work class exceed the CEIL of the parent class, things don't work
well.</para> well.</para>
<para>When using the HFSC queuing discipline, leaf classes may <para>When using the HFSC queuing discipline, this column specify
specify <replaceable>dmax</replaceable>, the maximum delay in the real-time (RT) service curve. leaf classes may specify
milliseconds that the first queued packet for this class should <replaceable>dmax</replaceable>, the maximum delay in milliseconds
experience. May be expressed as an integer, optionally followed by that the first queued packet for this class should experience. May
'ms' with no intervening white space (e.g., 10ms).</para> be expressed as an integer, optionally followed by 'ms' with no
intervening white space (e.g., 10ms).</para>
<para>HFSC leaf classes may also specify <para>HFSC leaf classes may also specify
<replaceable>umax</replaceable>, the largest packet expected in this <replaceable>umax</replaceable>, the largest packet expected in this
@ -198,12 +199,18 @@
followed by 'b' with no intervening white space (e.g., 800b). followed by 'b' with no intervening white space (e.g., 800b).
<replaceable>umax</replaceable> may only be given if <replaceable>umax</replaceable> may only be given if
<replaceable>dmax</replaceable> is also given.</para> <replaceable>dmax</replaceable> is also given.</para>
<para>Beginning with Shorewall 4.5.6, HFSC classes may omit this
column (e.g, '-' in the column), provided that an
<replaceable>lsrate</replaceable> is specified (see CEIL below).
These rates are used to arbitrate between classes of the same
priority.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">CEIL</emphasis> - <term><emphasis role="bold">CEIL</emphasis> -
<emphasis>rate</emphasis></term> [<emphasis>lsrate</emphasis>:]<emphasis>rate</emphasis></term>
<listitem> <listitem>
<para>The maximum bandwidth this class is allowed to use when the <para>The maximum bandwidth this class is allowed to use when the
@ -214,6 +221,9 @@
here for setting the maximum bandwidth to the RATE of the parent here for setting the maximum bandwidth to the RATE of the parent
class, or the OUT-BANDWIDTH of the device if there is no parent class, or the OUT-BANDWIDTH of the device if there is no parent
class.</para> class.</para>
<para>Beginning with Shorewall 4.5.6, you can also specify an
<replaceable>lsrate</replaceable> (link sharing rate).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -253,7 +263,7 @@
<para>This is the default class for that interface where all <para>This is the default class for that interface where all
traffic should go, that is not classified otherwise.</para> traffic should go, that is not classified otherwise.</para>
<para></para> <para/>
<note> <note>
<para>You must define <emphasis <para>You must define <emphasis
@ -310,7 +320,7 @@
limited to 64 bytes because we want only packets WITHOUT limited to 64 bytes because we want only packets WITHOUT
payload to match.</para> payload to match.</para>
<para></para> <para/>
<note> <note>
<para>This option is only valid for ONE class per <para>This option is only valid for ONE class per
@ -430,6 +440,119 @@
assumed.</para> assumed.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry>
<term>red=(<replaceable>redoption</replaceable>=<replaceable>value</replaceable>,
...)</term>
<listitem>
<para>Added in Shorewall 4.5.6. When specified on a leaf
class, causes the class to use the red queuing discipline
rather than SFQ. See tc-red (8) for additional
information.</para>
<para>Allowable redoptions are:</para>
<variablelist>
<varlistentry>
<term>min</term>
<listitem>
<para>Average queue size at which marking becomes a
possibility.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>max</term>
<listitem>
<para>At this average queue size, the marking
probability is maximal. Must be at least twice
<replaceable>min</replaceable> to prevent synchronous
retransmits, higher for low min.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>probability</term>
<listitem>
<para>Maximum probability for marking, specified as a
floating point number from 0.0 to 1.0. Suggested values
are 0.01 or 0.02 (1 or 2%, respectively).</para>
</listitem>
</varlistentry>
<varlistentry>
<term>limit</term>
<listitem>
<para>Hard limit on the real (not average) queue size in
bytes. Further packets are dropped. Should be set higher
than
<replaceable>max</replaceable>+<replaceable>burst</replaceable>.
It is advised to set this a few times higher than
<replaceable>max</replaceable>. Shorewall requires that
max be at least twice
<replaceable>min</replaceable>.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>burst</term>
<listitem>
<para>Used for determining how fast the average queue
size is influenced by the real queue size. Larger values
make the calculation more sluggish, allowing longer
bursts of traffic before marking starts. Real life
experiments support the following guide line:
(<replaceable>min</replaceable>+<replaceable>min</replaceable>+<replaceable>max</replaceable>)/(3*<replaceable>avpkt</replaceable>).
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>avpkt</term>
<listitem>
<para>Optional. Specified in bytes. Used with burst to
determine the time constant for average queue size
calculations. 1000 is a good value and is the Shorewall
default.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>bandwidth</term>
<listitem>
<para>Optional. This rate is used for calculating the
average queue size after some idle time. Should be set
to the bandwidth of your interface. Does not mean that
RED will shape for you!</para>
</listitem>
</varlistentry>
<varlistentry>
<term>ecn</term>
<listitem>
<para>RED can either 'mark' or 'drop'. Explicit
Congestion Notification allows RED to notify remote
hosts that their rate exceeds the amount of bandwidth
available. Non-ECN capable hosts can only be notified by
dropping a packet. If this parameter is specified,
packets which indicate that their hosts honor ECN will
only be marked and not dropped, unless the queue size
hits limit bytes. Needs a tc binary with RED support
compiled in. Recommended.</para>
</listitem>
</varlistentry>
</variablelist>
</listitem>
</varlistentry>
</variablelist> </variablelist>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -503,6 +626,8 @@
<para><ulink <para><ulink
url="http://shorewall.net/configuration_file_basics.htm#Pairs">http://shorewall.net/configuration_file_basics.htm#Pairs</ulink></para> url="http://shorewall.net/configuration_file_basics.htm#Pairs">http://shorewall.net/configuration_file_basics.htm#Pairs</ulink></para>
<para>tc-hfsc (7)</para>
<para>shorewall(8), shorewall-accounting(5), shorewall-actions(5), <para>shorewall(8), shorewall-accounting(5), shorewall-actions(5),
shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5), shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5),
shorewall-ipsets(5), shorewall-maclist(5), shorewall-masq(5), shorewall-ipsets(5), shorewall-maclist(5), shorewall-masq(5),

5
Shorewall/manpages/shorewall-tcdevices.xml
View File

@ -200,7 +200,8 @@
<para><option>hfsc</option> - Shorewall normally uses the <para><option>hfsc</option> - Shorewall normally uses the
<firstterm>Hierarchical Token Bucket</firstterm> queuing discipline. <firstterm>Hierarchical Token Bucket</firstterm> queuing discipline.
When <option>hfsc</option> is specified, the <firstterm>Hierarchical When <option>hfsc</option> is specified, the <firstterm>Hierarchical
Fair Service Curves</firstterm> discipline is used instead.</para> Fair Service Curves</firstterm> discipline is used instead (see
tc-hfsc (7)).</para>
<para><emphasis role="bold">linklayer</emphasis> - Added in <para><emphasis role="bold">linklayer</emphasis> - Added in
Shorewall 4.5.6. Type of link (ethernet, atm, adsl). When specified, Shorewall 4.5.6. Type of link (ethernet, atm, adsl). When specified,
@ -276,6 +277,8 @@
<refsect1> <refsect1>
<title>See ALSO</title> <title>See ALSO</title>
<para>tc-hfsc (7)</para>
<para><ulink <para><ulink
url="http://shorewall.net/traffic_shaping.htm">http://shorewall.net/traffic_shaping.htm</ulink></para> url="http://shorewall.net/traffic_shaping.htm">http://shorewall.net/traffic_shaping.htm</ulink></para>

140
Shorewall6/manpages/shorewall6-tcclasses.xml
View File

@ -171,7 +171,7 @@
<varlistentry> <varlistentry>
<term><emphasis role="bold">RATE</emphasis> - <term><emphasis role="bold">RATE</emphasis> -
<emphasis>rate</emphasis>[:<emphasis>dmax</emphasis>[:<emphasis>umax</emphasis>]]</term> {-|<emphasis>rate</emphasis>[:<emphasis>dmax</emphasis>[:<emphasis>umax</emphasis>]]}</term>
<listitem> <listitem>
<para>The minimum bandwidth this class should get, when the traffic <para>The minimum bandwidth this class should get, when the traffic
@ -181,11 +181,12 @@
class exceed the CEIL of the parent class, things don't work class exceed the CEIL of the parent class, things don't work
well.</para> well.</para>
<para>When using the HFSC queuing discipline, leaf classes may <para>When using the HFSC queuing discipline, this column specify
specify <replaceable>dmax</replaceable>, the maximum delay in the real-time (RT) service curve. leaf classes may specify
milliseconds that the first queued packet for this class should <replaceable>dmax</replaceable>, the maximum delay in milliseconds
experience. May be expressed as an integer, optionally followed by that the first queued packet for this class should experience. May
'ms' with no intervening white space (e.g., 10ms).</para> be expressed as an integer, optionally followed by 'ms' with no
intervening white space (e.g., 10ms).</para>
<para>HFSC leaf classes may also specify <para>HFSC leaf classes may also specify
<replaceable>umax</replaceable>, the largest packet expected in this <replaceable>umax</replaceable>, the largest packet expected in this
@ -194,12 +195,18 @@
followed by 'b' with no intervening white space (e.g., 800b). followed by 'b' with no intervening white space (e.g., 800b).
<replaceable>umax</replaceable> may only be given if <replaceable>umax</replaceable> may only be given if
<replaceable>dmax</replaceable> is also given.</para> <replaceable>dmax</replaceable> is also given.</para>
<para>Beginning with Shorewall 4.5.6, HFSC classes may omit this
column (e.g, '-' in the column), provided that an
<replaceable>lsrate</replaceable> is specified (see CEIL below).
These rates are used to arbitrate between classes of the same
priority.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">CEIL</emphasis> - <term><emphasis role="bold">CEIL</emphasis> -
<emphasis>rate</emphasis></term> [<emphasis>lsrate</emphasis>:]<emphasis>rate</emphasis></term>
<listitem> <listitem>
<para>The maximum bandwidth this class is allowed to use when the <para>The maximum bandwidth this class is allowed to use when the
@ -210,6 +217,9 @@
here for setting the maximum bandwidth to the RATE of the parent here for setting the maximum bandwidth to the RATE of the parent
class, or the OUT-BANDWIDTH of the device if there is no parent class, or the OUT-BANDWIDTH of the device if there is no parent
class.</para> class.</para>
<para>Beginning with Shorewall 4.5.6, you can also specify an
<replaceable>lsrate</replaceable> (link sharing rate).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -304,7 +314,7 @@
limited to 64 bytes because we want only packets WITHOUT limited to 64 bytes because we want only packets WITHOUT
payload to match.</para> payload to match.</para>
<para></para> <para/>
<note> <note>
<para>This option is only valid for ONE class per <para>This option is only valid for ONE class per
@ -381,6 +391,118 @@
assumed.</para> assumed.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry>
<term>red=(<replaceable>redoption</replaceable>=<replaceable>value</replaceable>,
...)</term>
<listitem>
<para>Added in Shorewall 4.5.6. When specified on a leaf
class, causes the class to use the red queuing discipline
rather than SFQ. See tc-red (8) for additional
information.</para>
<para>Allowable redoptions are:</para>
<variablelist>
<varlistentry>
<term>min</term>
<listitem>
<para>Average queue size at which marking becomes a
possibility.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>max</term>
<listitem>
<para>At this average queue size, the marking
probability is maximal. Must be at least twice
<replaceable>min</replaceable> to prevent synchronous
retransmits, higher for low min.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>probability</term>
<listitem>
<para>Maximum probability for marking, specified as a
floating point number from 0.0 to 1.0. Suggested values
are 0.01 or 0.02 (1 or 2%, respectively).</para>
</listitem>
</varlistentry>
<varlistentry>
<term>limit</term>
<listitem>
<para>Hard limit on the real (not average) queue size in
bytes. Further packets are dropped. Should be set higher
than
<replaceable>max</replaceable>+<replaceable>burst</replaceable>.
It is advised to set this a few times higher than
<replaceable>max</replaceable>. Shorewall requires that
max be at least twice
<replaceable>min</replaceable>.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>burst</term>
<listitem>
<para>Used for determining how fast the average queue
size is influenced by the real queue size. Larger values
make the calculation more sluggish, allowing longer
bursts of traffic before marking starts. Real life
experiments support the following guide line:
(<replaceable>min</replaceable>+<replaceable>min</replaceable>+<replaceable>max</replaceable>)/(3*<replaceable>avpkt</replaceable>).</para>
</listitem>
</varlistentry>
<varlistentry>
<term>avpkt</term>
<listitem>
<para>Optional. Specified in bytes. Used with burst to
determine the time constant for average queue size
calculations. 1000 is a good value and is the Shorewall
default.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>bandwidth</term>
<listitem>
<para>Optional. This rate is used for calculating the
average queue size after some idle time. Should be set
to the bandwidth of your interface. Does not mean that
RED will shape for you!</para>
</listitem>
</varlistentry>
<varlistentry>
<term>ecn</term>
<listitem>
<para>RED can either 'mark' or 'drop'. Explicit
Congestion Notification allows RED to notify remote
hosts that their rate exceeds the amount of bandwidth
available. Non-ECN capable hosts can only be notified by
dropping a packet. If this parameter is specified,
packets which indicate that their hosts honor ECN will
only be marked and not dropped, unless the queue size
hits limit bytes. Needs a tc binary with RED support
compiled in. Recommended.</para>
</listitem>
</varlistentry>
</variablelist>
</listitem>
</varlistentry>
</variablelist> </variablelist>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -448,6 +570,8 @@
<refsect1> <refsect1>
<title>See ALSO</title> <title>See ALSO</title>
<para>tc-hfsc (7)</para>
<para><ulink <para><ulink
url="http://shorewall.net/traffic_shaping.htm">http://shorewall.net/traffic_shaping.htm</ulink></para> url="http://shorewall.net/traffic_shaping.htm">http://shorewall.net/traffic_shaping.htm</ulink></para>

5
Shorewall6/manpages/shorewall6-tcdevices.xml
View File

@ -201,7 +201,8 @@
<para><option>hfsc</option> - Shorewall normally uses the <para><option>hfsc</option> - Shorewall normally uses the
<firstterm>Hierarchical Token Bucket</firstterm> queuing discipline. <firstterm>Hierarchical Token Bucket</firstterm> queuing discipline.
When <option>hfsc</option> is specified, the <firstterm>Hierarchical When <option>hfsc</option> is specified, the <firstterm>Hierarchical
Fair Service Curves</firstterm> discipline is used instead.</para> Fair Service Curves</firstterm> discipline is used instead(see
tc-hfsc (7)).</para>
<para><emphasis role="bold">linklayer</emphasis> - Added in <para><emphasis role="bold">linklayer</emphasis> - Added in
Shorewall 4.5.6. Type of link (ethernet, atm, adsl). When specified, Shorewall 4.5.6. Type of link (ethernet, atm, adsl). When specified,
@ -278,6 +279,8 @@
<refsect1> <refsect1>
<title>See ALSO</title> <title>See ALSO</title>
<para>tc-hfsc (7)</para>
<para><ulink <para><ulink
url="http://shorewall.net/traffic_shaping.htm">http://shorewall.net/traffic_shaping.htm</ulink></para> url="http://shorewall.net/traffic_shaping.htm">http://shorewall.net/traffic_shaping.htm</ulink></para>

14
docs/traffic_shaping.xml
View File

@ -431,7 +431,7 @@
<term><emphasis role="bold">linklayer</emphasis></term> <term><emphasis role="bold">linklayer</emphasis></term>
<listitem> <listitem>
<para> Added in Shorewall 4.5.6. Type of link (ethernet, atm, <para>Added in Shorewall 4.5.6. Type of link (ethernet, atm,
adsl). When specified, causes scheduler packet size adsl). When specified, causes scheduler packet size
manipulation as described in tc-stab (8). When this option is manipulation as described in tc-stab (8). When this option is
given, the following options may also be given after given, the following options may also be given after
@ -792,6 +792,18 @@ ppp0 6000kbit 500kbit</programlisting>
<emphasis>number</emphasis> must be &gt; 2 and less than 128. If <emphasis>number</emphasis> must be &gt; 2 and less than 128. If
not specified, the value 127 is assumed</para> not specified, the value 127 is assumed</para>
</listitem> </listitem>
<listitem>
<para>red=(<replaceable>redoption</replaceable>,...) - Added in
Shorewall 4.5.6. When specified on a leaf class, causes the
class to use the red queuing discipline rather than SFQ. See
tc-red (8) for additional information.</para>
<para>See <ulink
url="manpages/shorewall-tcdevices.html">shorewall-tcdevices</ulink>
(5) for a description of the allowable
<replaceable>redoptions</replaceable>.</para>
</listitem>
</itemizedlist> </itemizedlist>
</listitem> </listitem>
</itemizedlist> </itemizedlist>