mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-26 01:23:14 +01:00
Support 'red' queuing discipline
- Also added 'ls' support for HFSC Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
d2c415c580
commit
6c47349689
@ -1031,6 +1031,18 @@ sub dev_by_number( $ ) {
|
|||||||
( $dev , $devref );
|
( $dev , $devref );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
use constant { RED_INTEGER => 1, RED_FLOAT => 2, RED_NONE => 3 };
|
||||||
|
|
||||||
|
my %validredoptions = ( min => RED_INTEGER,
|
||||||
|
max => RED_INTEGER,
|
||||||
|
limit => RED_INTEGER,
|
||||||
|
burst => RED_INTEGER,
|
||||||
|
avpkt => RED_INTEGER,
|
||||||
|
bandwidth => RED_INTEGER,
|
||||||
|
probability => RED_FLOAT,
|
||||||
|
ecn => RED_NONE,
|
||||||
|
);
|
||||||
|
|
||||||
sub validate_tc_class( ) {
|
sub validate_tc_class( ) {
|
||||||
my ( $devclass, $mark, $rate, $ceil, $prio, $options ) =
|
my ( $devclass, $mark, $rate, $ceil, $prio, $options ) =
|
||||||
split_line 'tcclasses file', { interface => 0, mark => 1, rate => 2, ceil => 3, prio => 4, options => 5 };
|
split_line 'tcclasses file', { interface => 0, mark => 1, rate => 2, ceil => 3, prio => 4, options => 5 };
|
||||||
@ -1040,6 +1052,7 @@ sub validate_tc_class( ) {
|
|||||||
my $occurs = 1;
|
my $occurs = 1;
|
||||||
my $parentclass = 1;
|
my $parentclass = 1;
|
||||||
my $parentref;
|
my $parentref;
|
||||||
|
my $lsceil = 0;
|
||||||
|
|
||||||
fatal_error 'INTERFACE must be specified' if $devclass eq '-';
|
fatal_error 'INTERFACE must be specified' if $devclass eq '-';
|
||||||
fatal_error 'CEIL must be specified' if $ceil eq '-';
|
fatal_error 'CEIL must be specified' if $ceil eq '-';
|
||||||
@ -1116,7 +1129,9 @@ sub validate_tc_class( ) {
|
|||||||
my $parentnum = in_hexp $parentclass;
|
my $parentnum = in_hexp $parentclass;
|
||||||
fatal_error "Unknown Parent class ($parentnum)" unless $parentref && $parentref->{occurs} == 1;
|
fatal_error "Unknown Parent class ($parentnum)" unless $parentref && $parentref->{occurs} == 1;
|
||||||
fatal_error "The class ($parentnum) specifies UMAX and/or DMAX; it cannot serve as a parent" if $parentref->{dmax};
|
fatal_error "The class ($parentnum) specifies UMAX and/or DMAX; it cannot serve as a parent" if $parentref->{dmax};
|
||||||
fatal_error "The class ($parentnum) specifies flow; it cannot serve as a parent" if $parentref->{flow};
|
fatal_error "The class ($parentnum) specifies 'flow'; it cannot serve as a parent" if $parentref->{flow};
|
||||||
|
fatal_error "The class ($parentnum) specifies 'red'; it cannot serve as a parent " if $parentref->{red};
|
||||||
|
fatal_error "The class ($parentnum) has an 'ls' curve; it cannot serve as a parent " if $parentref->{lsceil};
|
||||||
fatal_error "The default class ($parentnum) may not have sub-classes" if ( $devref->{default} || 0 ) == $parentclass;
|
fatal_error "The default class ($parentnum) may not have sub-classes" if ( $devref->{default} || 0 ) == $parentclass;
|
||||||
$parentref->{leaf} = 0;
|
$parentref->{leaf} = 0;
|
||||||
$ratemax = $parentref->{rate};
|
$ratemax = $parentref->{rate};
|
||||||
@ -1127,16 +1142,27 @@ sub validate_tc_class( ) {
|
|||||||
|
|
||||||
my ( $umax, $dmax ) = ( '', '' );
|
my ( $umax, $dmax ) = ( '', '' );
|
||||||
|
|
||||||
|
if ( $ceil =~ /^(.+):(.+)/ ) {
|
||||||
|
fatal_error "An LS rate may only be specified for HFSC classes" unless $devref->{qdisc} eq 'hfsc';
|
||||||
|
$lsceil = $1;
|
||||||
|
$ceil = $2;
|
||||||
|
}
|
||||||
|
|
||||||
if ( $devref->{qdisc} eq 'hfsc' ) {
|
if ( $devref->{qdisc} eq 'hfsc' ) {
|
||||||
( my $trate , $dmax, $umax , my $rest ) = split ':', $rate , 4;
|
if ( $rate eq '-' ) {
|
||||||
|
fatal_error 'A RATE must be supplied' unless $lsceil;
|
||||||
|
$rate = 0;
|
||||||
|
} else {
|
||||||
|
( my $trate , $dmax, $umax , my $rest ) = split ':', $rate , 4;
|
||||||
|
|
||||||
fatal_error "Invalid RATE ($rate)" if defined $rest;
|
fatal_error "Invalid RATE ($rate)" if defined $rest;
|
||||||
|
|
||||||
$rate = convert_rate ( $ratemax, $trate, 'RATE', $ratename );
|
$rate = convert_rate ( $ratemax, $trate, 'RATE', $ratename );
|
||||||
$dmax = convert_delay( $dmax );
|
$dmax = convert_delay( $dmax );
|
||||||
$umax = convert_size( $umax );
|
$umax = convert_size( $umax );
|
||||||
fatal_error "DMAX must be specified when UMAX is specified" if $umax && ! $dmax;
|
fatal_error "DMAX must be specified when UMAX is specified" if $umax && ! $dmax;
|
||||||
$parentclass ||= 1;
|
$parentclass ||= 1;
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
$rate = convert_rate ( $ratemax, $rate, 'RATE' , $ratename );
|
$rate = convert_rate ( $ratemax, $rate, 'RATE' , $ratename );
|
||||||
}
|
}
|
||||||
@ -1154,6 +1180,7 @@ sub validate_tc_class( ) {
|
|||||||
umax => $umax ,
|
umax => $umax ,
|
||||||
dmax => $dmax ,
|
dmax => $dmax ,
|
||||||
ceiling => convert_rate( $ceilmax, $ceil, 'CEIL' , $ceilname ) ,
|
ceiling => convert_rate( $ceilmax, $ceil, 'CEIL' , $ceilname ) ,
|
||||||
|
lsceil => $lsceil ? convert_rate( $ceilmax, $lsceil, 'CEIL', 'LSCEIL' ) : 0,
|
||||||
priority => $prio eq '-' ? 1 : $prio ,
|
priority => $prio eq '-' ? 1 : $prio ,
|
||||||
mark => $markval ,
|
mark => $markval ,
|
||||||
flow => '' ,
|
flow => '' ,
|
||||||
@ -1169,6 +1196,8 @@ sub validate_tc_class( ) {
|
|||||||
|
|
||||||
fatal_error "RATE ($tcref->{rate}) exceeds CEIL ($tcref->{ceiling})" if $tcref->{rate} > $tcref->{ceiling};
|
fatal_error "RATE ($tcref->{rate}) exceeds CEIL ($tcref->{ceiling})" if $tcref->{rate} > $tcref->{ceiling};
|
||||||
|
|
||||||
|
my ( $red, %redopts ) = ( 0, ( avpkt => 1000 ) );
|
||||||
|
|
||||||
unless ( $options eq '-' ) {
|
unless ( $options eq '-' ) {
|
||||||
for my $option ( split_list1 "\L$options", 'option' ) {
|
for my $option ( split_list1 "\L$options", 'option' ) {
|
||||||
my $optval = $tosoptions{$option};
|
my $optval = $tosoptions{$option};
|
||||||
@ -1192,9 +1221,11 @@ sub validate_tc_class( ) {
|
|||||||
push @{$tcref->{tos}}, $option;
|
push @{$tcref->{tos}}, $option;
|
||||||
} elsif ( $option =~ /^flow=(.*)$/ ) {
|
} elsif ( $option =~ /^flow=(.*)$/ ) {
|
||||||
fatal_error "The 'flow' option is not allowed with 'pfifo'" if $tcref->{pfifo};
|
fatal_error "The 'flow' option is not allowed with 'pfifo'" if $tcref->{pfifo};
|
||||||
|
fatal_error "The 'flow' option is not allowed with 'red'" if $tcref->{red};
|
||||||
$tcref->{flow} = process_flow $1;
|
$tcref->{flow} = process_flow $1;
|
||||||
} elsif ( $option eq 'pfifo' ) {
|
} elsif ( $option eq 'pfifo' ) {
|
||||||
fatal_error "The 'pfifo'' option is not allowed with 'flow='" if $tcref->{flow};
|
fatal_error "The 'pfifo' option is not allowed with 'flow='" if $tcref->{flow};
|
||||||
|
fatal_error "The 'pfifo' option is not allowed with 'red='" if $tcref->{red};
|
||||||
$tcref->{pfifo} = 1;
|
$tcref->{pfifo} = 1;
|
||||||
} elsif ( $option =~ /^occurs=(\d+)$/ ) {
|
} elsif ( $option =~ /^occurs=(\d+)$/ ) {
|
||||||
my $val = $1;
|
my $val = $1;
|
||||||
@ -1215,6 +1246,31 @@ sub validate_tc_class( ) {
|
|||||||
warning_message "limit ignored with pfifo queuing" if $tcref->{pfifo};
|
warning_message "limit ignored with pfifo queuing" if $tcref->{pfifo};
|
||||||
fatal_error "Invalid limit ($1)" if $1 < 3 || $1 > 128;
|
fatal_error "Invalid limit ($1)" if $1 < 3 || $1 > 128;
|
||||||
$tcref->{limit} = $1;
|
$tcref->{limit} = $1;
|
||||||
|
} elsif ( $option =~ s/^red=// ) {
|
||||||
|
fatal_error "The 'red=' option is not allowed with 'flow='" if $tcref->{flow};
|
||||||
|
fatal_error "The 'red=' option is not allowed with 'pfifo'" if $tcref->{pfifo};
|
||||||
|
$tcref->{red} = 1;
|
||||||
|
my $opttype;
|
||||||
|
for my $redopt ( split_list( $option , q('red' option list) ) ) {
|
||||||
|
if ( $redopt =~ /^([a-z]+)(?:=((0?\.)?(\d{1,8})))?$/ ) {
|
||||||
|
fatal_error "Invalid 'red' option ($1)" unless $opttype = $validredoptions{$1};
|
||||||
|
fatal_error "The $1 option requires a value" unless $opttype == RED_NONE || $2;
|
||||||
|
fatal_error "The $1 option requires a value 0 < value < 1" if $opttype == RED_FLOAT && ! $3;
|
||||||
|
fatal_error "The $1 option requires an integer value" if $opttype == RED_INTEGER && $3;
|
||||||
|
$redopts{$1} = $2;
|
||||||
|
} else {
|
||||||
|
fatal_error "Invalid 'red' option specification ($redopt)";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
for ( qw/ limit min max avpkt burst probability / ) {
|
||||||
|
fatal_error "The $_ 'red' option is required" unless $redopts{$_};
|
||||||
|
}
|
||||||
|
|
||||||
|
fatal_error "The 'max' red option must be at least 2 * 'min'" unless $redopts{max} >= 2 * $redopts{min};
|
||||||
|
fatal_error "The 'limit' red option must be at least 2 * 'max'" unless $redopts{limit} >= 2 * $redopts{min};
|
||||||
|
$redopts{ecn} = 1 if exists $redopts{ecn};
|
||||||
|
$tcref->{redopts} = \%redopts;
|
||||||
} else {
|
} else {
|
||||||
fatal_error "Unknown option ($option)";
|
fatal_error "Unknown option ($option)";
|
||||||
}
|
}
|
||||||
@ -1246,6 +1302,8 @@ sub validate_tc_class( ) {
|
|||||||
occurs => 0,
|
occurs => 0,
|
||||||
parent => $parentclass,
|
parent => $parentclass,
|
||||||
limit => $tcref->{limit},
|
limit => $tcref->{limit},
|
||||||
|
red => $tcref->{red},
|
||||||
|
redopts => $tcref->{redopts},
|
||||||
};
|
};
|
||||||
push @tcclasses, "$device:$classnumber";
|
push @tcclasses, "$device:$classnumber";
|
||||||
};
|
};
|
||||||
@ -1800,7 +1858,9 @@ sub process_traffic_shaping() {
|
|||||||
my $mark = $tcref->{mark};
|
my $mark = $tcref->{mark};
|
||||||
my $devicenumber = in_hexp $devref->{number};
|
my $devicenumber = in_hexp $devref->{number};
|
||||||
my $classid = join( ':', $devicenumber, $classnum);
|
my $classid = join( ':', $devicenumber, $classnum);
|
||||||
my $rate = "$tcref->{rate}kbit";
|
my $rawrate = $tcref->{rate};
|
||||||
|
my $rate = "${rawrate}kbit";
|
||||||
|
my $lsceil = $tcref->{lsceil};
|
||||||
my $quantum = calculate_quantum $rate, calculate_r2q( $devref->{out_bandwidth} );
|
my $quantum = calculate_quantum $rate, calculate_r2q( $devref->{out_bandwidth} );
|
||||||
|
|
||||||
$classids{$classid}=$device;
|
$classids{$classid}=$device;
|
||||||
@ -1814,23 +1874,49 @@ sub process_traffic_shaping() {
|
|||||||
emit ( "run_tc class add dev $device parent $devicenumber:$parent classid $classid htb rate $rate ceil $tcref->{ceiling}kbit prio $tcref->{priority} \$${dev}_mtu1 quantum \$quantum" );
|
emit ( "run_tc class add dev $device parent $devicenumber:$parent classid $classid htb rate $rate ceil $tcref->{ceiling}kbit prio $tcref->{priority} \$${dev}_mtu1 quantum \$quantum" );
|
||||||
} else {
|
} else {
|
||||||
my $dmax = $tcref->{dmax};
|
my $dmax = $tcref->{dmax};
|
||||||
|
my $rule = "run_tc class add dev $device parent $devicenumber:$parent classid $classid hfsc";
|
||||||
|
|
||||||
if ( $dmax ) {
|
if ( $dmax ) {
|
||||||
my $umax = $tcref->{umax} ? "$tcref->{umax}b" : "\${${dev}_mtu}b";
|
my $umax = $tcref->{umax} ? "$tcref->{umax}b" : "\${${dev}_mtu}b";
|
||||||
emit ( "run_tc class add dev $device parent $devicenumber:$parent classid $classid hfsc sc umax $umax dmax ${dmax}ms rate $rate ul rate $tcref->{ceiling}kbit" );
|
$rule .= " sc umax $umax dmax ${dmax}ms";
|
||||||
|
$rule .= " rate $rate" if $rawrate;
|
||||||
} else {
|
} else {
|
||||||
emit ( "run_tc class add dev $device parent $devicenumber:$parent classid $classid hfsc sc rate $rate ul rate $tcref->{ceiling}kbit" );
|
$rule .= " sc rate $rate" if $rawrate;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$rule .= " ls rate ${lsceil}kbit" if $lsceil;
|
||||||
|
|
||||||
|
emit ( "$rule ul rate $tcref->{ceiling}kbit" );
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( $tcref->{leaf} && ! $tcref->{pfifo} ) {
|
if ( $tcref->{leaf} ) {
|
||||||
1 while $devnums[++$sfq];
|
if ( $tcref->{red} ) {
|
||||||
|
1 while $devnums[++$sfq];
|
||||||
|
$sfqinhex = in_hexp( $sfq);
|
||||||
|
|
||||||
$sfqinhex = in_hexp( $sfq);
|
my ( $options, $redopts ) = ( '', $tcref->{redopts} );
|
||||||
if ( $devref->{qdisc} eq 'htb' ) {
|
|
||||||
emit( "run_tc qdisc add dev $device parent $classid handle $sfqinhex: sfq quantum \$quantum limit $tcref->{limit} perturb 10" );
|
while ( my ( $option, $type ) = each %validredoptions ) {
|
||||||
} else {
|
if ( my $value = $redopts->{$option} ) {
|
||||||
emit( "run_tc qdisc add dev $device parent $classid handle $sfqinhex: sfq limit $tcref->{limit} perturb 10" );
|
if ( $type == RED_NONE ) {
|
||||||
|
$options = join( ' ', $options, $option ) if $value;
|
||||||
|
} else {
|
||||||
|
$options = join( ' ', $options, $option, $value );
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
emit( "run_tc qdisc add dev $device parent $classid handle $sfqinhex: red${options}" );
|
||||||
|
|
||||||
|
} elsif ( $tcref->{leaf} && ! $tcref->{pfifo} ) {
|
||||||
|
1 while $devnums[++$sfq];
|
||||||
|
|
||||||
|
$sfqinhex = in_hexp( $sfq);
|
||||||
|
if ( $devref->{qdisc} eq 'htb' ) {
|
||||||
|
emit( "run_tc qdisc add dev $device parent $classid handle $sfqinhex: sfq quantum \$quantum limit $tcref->{limit} perturb 10" );
|
||||||
|
} else {
|
||||||
|
emit( "run_tc qdisc add dev $device parent $classid handle $sfqinhex: sfq limit $tcref->{limit} perturb 10" );
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#
|
#
|
||||||
|
@ -175,7 +175,7 @@
|
|||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><emphasis role="bold">RATE</emphasis> -
|
<term><emphasis role="bold">RATE</emphasis> -
|
||||||
<emphasis>rate</emphasis>[:<emphasis>dmax</emphasis>[:<emphasis>umax</emphasis>]]</term>
|
{-|<emphasis>rate</emphasis>[:<emphasis>dmax</emphasis>[:<emphasis>umax</emphasis>]]}</term>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>The minimum bandwidth this class should get, when the traffic
|
<para>The minimum bandwidth this class should get, when the traffic
|
||||||
@ -185,11 +185,12 @@
|
|||||||
class exceed the CEIL of the parent class, things don't work
|
class exceed the CEIL of the parent class, things don't work
|
||||||
well.</para>
|
well.</para>
|
||||||
|
|
||||||
<para>When using the HFSC queuing discipline, leaf classes may
|
<para>When using the HFSC queuing discipline, this column specify
|
||||||
specify <replaceable>dmax</replaceable>, the maximum delay in
|
the real-time (RT) service curve. leaf classes may specify
|
||||||
milliseconds that the first queued packet for this class should
|
<replaceable>dmax</replaceable>, the maximum delay in milliseconds
|
||||||
experience. May be expressed as an integer, optionally followed by
|
that the first queued packet for this class should experience. May
|
||||||
'ms' with no intervening white space (e.g., 10ms).</para>
|
be expressed as an integer, optionally followed by 'ms' with no
|
||||||
|
intervening white space (e.g., 10ms).</para>
|
||||||
|
|
||||||
<para>HFSC leaf classes may also specify
|
<para>HFSC leaf classes may also specify
|
||||||
<replaceable>umax</replaceable>, the largest packet expected in this
|
<replaceable>umax</replaceable>, the largest packet expected in this
|
||||||
@ -198,12 +199,18 @@
|
|||||||
followed by 'b' with no intervening white space (e.g., 800b).
|
followed by 'b' with no intervening white space (e.g., 800b).
|
||||||
<replaceable>umax</replaceable> may only be given if
|
<replaceable>umax</replaceable> may only be given if
|
||||||
<replaceable>dmax</replaceable> is also given.</para>
|
<replaceable>dmax</replaceable> is also given.</para>
|
||||||
|
|
||||||
|
<para>Beginning with Shorewall 4.5.6, HFSC classes may omit this
|
||||||
|
column (e.g, '-' in the column), provided that an
|
||||||
|
<replaceable>lsrate</replaceable> is specified (see CEIL below).
|
||||||
|
These rates are used to arbitrate between classes of the same
|
||||||
|
priority.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><emphasis role="bold">CEIL</emphasis> -
|
<term><emphasis role="bold">CEIL</emphasis> -
|
||||||
<emphasis>rate</emphasis></term>
|
[<emphasis>lsrate</emphasis>:]<emphasis>rate</emphasis></term>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>The maximum bandwidth this class is allowed to use when the
|
<para>The maximum bandwidth this class is allowed to use when the
|
||||||
@ -214,6 +221,9 @@
|
|||||||
here for setting the maximum bandwidth to the RATE of the parent
|
here for setting the maximum bandwidth to the RATE of the parent
|
||||||
class, or the OUT-BANDWIDTH of the device if there is no parent
|
class, or the OUT-BANDWIDTH of the device if there is no parent
|
||||||
class.</para>
|
class.</para>
|
||||||
|
|
||||||
|
<para>Beginning with Shorewall 4.5.6, you can also specify an
|
||||||
|
<replaceable>lsrate</replaceable> (link sharing rate).</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
@ -253,7 +263,7 @@
|
|||||||
<para>This is the default class for that interface where all
|
<para>This is the default class for that interface where all
|
||||||
traffic should go, that is not classified otherwise.</para>
|
traffic should go, that is not classified otherwise.</para>
|
||||||
|
|
||||||
<para></para>
|
<para/>
|
||||||
|
|
||||||
<note>
|
<note>
|
||||||
<para>You must define <emphasis
|
<para>You must define <emphasis
|
||||||
@ -310,7 +320,7 @@
|
|||||||
limited to 64 bytes because we want only packets WITHOUT
|
limited to 64 bytes because we want only packets WITHOUT
|
||||||
payload to match.</para>
|
payload to match.</para>
|
||||||
|
|
||||||
<para></para>
|
<para/>
|
||||||
|
|
||||||
<note>
|
<note>
|
||||||
<para>This option is only valid for ONE class per
|
<para>This option is only valid for ONE class per
|
||||||
@ -430,6 +440,119 @@
|
|||||||
assumed.</para>
|
assumed.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term>red=(<replaceable>redoption</replaceable>=<replaceable>value</replaceable>,
|
||||||
|
...)</term>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>Added in Shorewall 4.5.6. When specified on a leaf
|
||||||
|
class, causes the class to use the red queuing discipline
|
||||||
|
rather than SFQ. See tc-red (8) for additional
|
||||||
|
information.</para>
|
||||||
|
|
||||||
|
<para>Allowable redoptions are:</para>
|
||||||
|
|
||||||
|
<variablelist>
|
||||||
|
<varlistentry>
|
||||||
|
<term>min</term>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>Average queue size at which marking becomes a
|
||||||
|
possibility.</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term>max</term>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>At this average queue size, the marking
|
||||||
|
probability is maximal. Must be at least twice
|
||||||
|
<replaceable>min</replaceable> to prevent synchronous
|
||||||
|
retransmits, higher for low min.</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term>probability</term>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>Maximum probability for marking, specified as a
|
||||||
|
floating point number from 0.0 to 1.0. Suggested values
|
||||||
|
are 0.01 or 0.02 (1 or 2%, respectively).</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term>limit</term>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>Hard limit on the real (not average) queue size in
|
||||||
|
bytes. Further packets are dropped. Should be set higher
|
||||||
|
than
|
||||||
|
<replaceable>max</replaceable>+<replaceable>burst</replaceable>.
|
||||||
|
It is advised to set this a few times higher than
|
||||||
|
<replaceable>max</replaceable>. Shorewall requires that
|
||||||
|
max be at least twice
|
||||||
|
<replaceable>min</replaceable>.</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term>burst</term>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>Used for determining how fast the average queue
|
||||||
|
size is influenced by the real queue size. Larger values
|
||||||
|
make the calculation more sluggish, allowing longer
|
||||||
|
bursts of traffic before marking starts. Real life
|
||||||
|
experiments support the following guide‐ line:
|
||||||
|
(<replaceable>min</replaceable>+<replaceable>min</replaceable>+<replaceable>max</replaceable>)/(3*<replaceable>avpkt</replaceable>).
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term>avpkt</term>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>Optional. Specified in bytes. Used with burst to
|
||||||
|
determine the time constant for average queue size
|
||||||
|
calculations. 1000 is a good value and is the Shorewall
|
||||||
|
default.</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term>bandwidth</term>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>Optional. This rate is used for calculating the
|
||||||
|
average queue size after some idle time. Should be set
|
||||||
|
to the bandwidth of your interface. Does not mean that
|
||||||
|
RED will shape for you!</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term>ecn</term>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>RED can either 'mark' or 'drop'. Explicit
|
||||||
|
Congestion Notification allows RED to notify remote
|
||||||
|
hosts that their rate exceeds the amount of bandwidth
|
||||||
|
available. Non-ECN capable hosts can only be notified by
|
||||||
|
dropping a packet. If this parameter is specified,
|
||||||
|
packets which indicate that their hosts honor ECN will
|
||||||
|
only be marked and not dropped, unless the queue size
|
||||||
|
hits limit bytes. Needs a tc binary with RED support
|
||||||
|
compiled in. Recommended.</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
</variablelist>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
</variablelist>
|
</variablelist>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
@ -503,6 +626,8 @@
|
|||||||
<para><ulink
|
<para><ulink
|
||||||
url="http://shorewall.net/configuration_file_basics.htm#Pairs">http://shorewall.net/configuration_file_basics.htm#Pairs</ulink></para>
|
url="http://shorewall.net/configuration_file_basics.htm#Pairs">http://shorewall.net/configuration_file_basics.htm#Pairs</ulink></para>
|
||||||
|
|
||||||
|
<para>tc-hfsc (7)</para>
|
||||||
|
|
||||||
<para>shorewall(8), shorewall-accounting(5), shorewall-actions(5),
|
<para>shorewall(8), shorewall-accounting(5), shorewall-actions(5),
|
||||||
shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5),
|
shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5),
|
||||||
shorewall-ipsets(5), shorewall-maclist(5), shorewall-masq(5),
|
shorewall-ipsets(5), shorewall-maclist(5), shorewall-masq(5),
|
||||||
|
@ -200,7 +200,8 @@
|
|||||||
<para><option>hfsc</option> - Shorewall normally uses the
|
<para><option>hfsc</option> - Shorewall normally uses the
|
||||||
<firstterm>Hierarchical Token Bucket</firstterm> queuing discipline.
|
<firstterm>Hierarchical Token Bucket</firstterm> queuing discipline.
|
||||||
When <option>hfsc</option> is specified, the <firstterm>Hierarchical
|
When <option>hfsc</option> is specified, the <firstterm>Hierarchical
|
||||||
Fair Service Curves</firstterm> discipline is used instead.</para>
|
Fair Service Curves</firstterm> discipline is used instead (see
|
||||||
|
tc-hfsc (7)).</para>
|
||||||
|
|
||||||
<para><emphasis role="bold">linklayer</emphasis> - Added in
|
<para><emphasis role="bold">linklayer</emphasis> - Added in
|
||||||
Shorewall 4.5.6. Type of link (ethernet, atm, adsl). When specified,
|
Shorewall 4.5.6. Type of link (ethernet, atm, adsl). When specified,
|
||||||
@ -276,6 +277,8 @@
|
|||||||
<refsect1>
|
<refsect1>
|
||||||
<title>See ALSO</title>
|
<title>See ALSO</title>
|
||||||
|
|
||||||
|
<para>tc-hfsc (7)</para>
|
||||||
|
|
||||||
<para><ulink
|
<para><ulink
|
||||||
url="http://shorewall.net/traffic_shaping.htm">http://shorewall.net/traffic_shaping.htm</ulink></para>
|
url="http://shorewall.net/traffic_shaping.htm">http://shorewall.net/traffic_shaping.htm</ulink></para>
|
||||||
|
|
||||||
|
@ -171,7 +171,7 @@
|
|||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><emphasis role="bold">RATE</emphasis> -
|
<term><emphasis role="bold">RATE</emphasis> -
|
||||||
<emphasis>rate</emphasis>[:<emphasis>dmax</emphasis>[:<emphasis>umax</emphasis>]]</term>
|
{-|<emphasis>rate</emphasis>[:<emphasis>dmax</emphasis>[:<emphasis>umax</emphasis>]]}</term>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>The minimum bandwidth this class should get, when the traffic
|
<para>The minimum bandwidth this class should get, when the traffic
|
||||||
@ -181,11 +181,12 @@
|
|||||||
class exceed the CEIL of the parent class, things don't work
|
class exceed the CEIL of the parent class, things don't work
|
||||||
well.</para>
|
well.</para>
|
||||||
|
|
||||||
<para>When using the HFSC queuing discipline, leaf classes may
|
<para>When using the HFSC queuing discipline, this column specify
|
||||||
specify <replaceable>dmax</replaceable>, the maximum delay in
|
the real-time (RT) service curve. leaf classes may specify
|
||||||
milliseconds that the first queued packet for this class should
|
<replaceable>dmax</replaceable>, the maximum delay in milliseconds
|
||||||
experience. May be expressed as an integer, optionally followed by
|
that the first queued packet for this class should experience. May
|
||||||
'ms' with no intervening white space (e.g., 10ms).</para>
|
be expressed as an integer, optionally followed by 'ms' with no
|
||||||
|
intervening white space (e.g., 10ms).</para>
|
||||||
|
|
||||||
<para>HFSC leaf classes may also specify
|
<para>HFSC leaf classes may also specify
|
||||||
<replaceable>umax</replaceable>, the largest packet expected in this
|
<replaceable>umax</replaceable>, the largest packet expected in this
|
||||||
@ -194,12 +195,18 @@
|
|||||||
followed by 'b' with no intervening white space (e.g., 800b).
|
followed by 'b' with no intervening white space (e.g., 800b).
|
||||||
<replaceable>umax</replaceable> may only be given if
|
<replaceable>umax</replaceable> may only be given if
|
||||||
<replaceable>dmax</replaceable> is also given.</para>
|
<replaceable>dmax</replaceable> is also given.</para>
|
||||||
|
|
||||||
|
<para>Beginning with Shorewall 4.5.6, HFSC classes may omit this
|
||||||
|
column (e.g, '-' in the column), provided that an
|
||||||
|
<replaceable>lsrate</replaceable> is specified (see CEIL below).
|
||||||
|
These rates are used to arbitrate between classes of the same
|
||||||
|
priority.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><emphasis role="bold">CEIL</emphasis> -
|
<term><emphasis role="bold">CEIL</emphasis> -
|
||||||
<emphasis>rate</emphasis></term>
|
[<emphasis>lsrate</emphasis>:]<emphasis>rate</emphasis></term>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>The maximum bandwidth this class is allowed to use when the
|
<para>The maximum bandwidth this class is allowed to use when the
|
||||||
@ -210,6 +217,9 @@
|
|||||||
here for setting the maximum bandwidth to the RATE of the parent
|
here for setting the maximum bandwidth to the RATE of the parent
|
||||||
class, or the OUT-BANDWIDTH of the device if there is no parent
|
class, or the OUT-BANDWIDTH of the device if there is no parent
|
||||||
class.</para>
|
class.</para>
|
||||||
|
|
||||||
|
<para>Beginning with Shorewall 4.5.6, you can also specify an
|
||||||
|
<replaceable>lsrate</replaceable> (link sharing rate).</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
@ -304,7 +314,7 @@
|
|||||||
limited to 64 bytes because we want only packets WITHOUT
|
limited to 64 bytes because we want only packets WITHOUT
|
||||||
payload to match.</para>
|
payload to match.</para>
|
||||||
|
|
||||||
<para></para>
|
<para/>
|
||||||
|
|
||||||
<note>
|
<note>
|
||||||
<para>This option is only valid for ONE class per
|
<para>This option is only valid for ONE class per
|
||||||
@ -381,6 +391,118 @@
|
|||||||
assumed.</para>
|
assumed.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term>red=(<replaceable>redoption</replaceable>=<replaceable>value</replaceable>,
|
||||||
|
...)</term>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>Added in Shorewall 4.5.6. When specified on a leaf
|
||||||
|
class, causes the class to use the red queuing discipline
|
||||||
|
rather than SFQ. See tc-red (8) for additional
|
||||||
|
information.</para>
|
||||||
|
|
||||||
|
<para>Allowable redoptions are:</para>
|
||||||
|
|
||||||
|
<variablelist>
|
||||||
|
<varlistentry>
|
||||||
|
<term>min</term>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>Average queue size at which marking becomes a
|
||||||
|
possibility.</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term>max</term>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>At this average queue size, the marking
|
||||||
|
probability is maximal. Must be at least twice
|
||||||
|
<replaceable>min</replaceable> to prevent synchronous
|
||||||
|
retransmits, higher for low min.</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term>probability</term>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>Maximum probability for marking, specified as a
|
||||||
|
floating point number from 0.0 to 1.0. Suggested values
|
||||||
|
are 0.01 or 0.02 (1 or 2%, respectively).</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term>limit</term>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>Hard limit on the real (not average) queue size in
|
||||||
|
bytes. Further packets are dropped. Should be set higher
|
||||||
|
than
|
||||||
|
<replaceable>max</replaceable>+<replaceable>burst</replaceable>.
|
||||||
|
It is advised to set this a few times higher than
|
||||||
|
<replaceable>max</replaceable>. Shorewall requires that
|
||||||
|
max be at least twice
|
||||||
|
<replaceable>min</replaceable>.</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term>burst</term>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>Used for determining how fast the average queue
|
||||||
|
size is influenced by the real queue size. Larger values
|
||||||
|
make the calculation more sluggish, allowing longer
|
||||||
|
bursts of traffic before marking starts. Real life
|
||||||
|
experiments support the following guide‐ line:
|
||||||
|
(<replaceable>min</replaceable>+<replaceable>min</replaceable>+<replaceable>max</replaceable>)/(3*<replaceable>avpkt</replaceable>).</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term>avpkt</term>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>Optional. Specified in bytes. Used with burst to
|
||||||
|
determine the time constant for average queue size
|
||||||
|
calculations. 1000 is a good value and is the Shorewall
|
||||||
|
default.</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term>bandwidth</term>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>Optional. This rate is used for calculating the
|
||||||
|
average queue size after some idle time. Should be set
|
||||||
|
to the bandwidth of your interface. Does not mean that
|
||||||
|
RED will shape for you!</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term>ecn</term>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>RED can either 'mark' or 'drop'. Explicit
|
||||||
|
Congestion Notification allows RED to notify remote
|
||||||
|
hosts that their rate exceeds the amount of bandwidth
|
||||||
|
available. Non-ECN capable hosts can only be notified by
|
||||||
|
dropping a packet. If this parameter is specified,
|
||||||
|
packets which indicate that their hosts honor ECN will
|
||||||
|
only be marked and not dropped, unless the queue size
|
||||||
|
hits limit bytes. Needs a tc binary with RED support
|
||||||
|
compiled in. Recommended.</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
</variablelist>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
</variablelist>
|
</variablelist>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
@ -448,6 +570,8 @@
|
|||||||
<refsect1>
|
<refsect1>
|
||||||
<title>See ALSO</title>
|
<title>See ALSO</title>
|
||||||
|
|
||||||
|
<para>tc-hfsc (7)</para>
|
||||||
|
|
||||||
<para><ulink
|
<para><ulink
|
||||||
url="http://shorewall.net/traffic_shaping.htm">http://shorewall.net/traffic_shaping.htm</ulink></para>
|
url="http://shorewall.net/traffic_shaping.htm">http://shorewall.net/traffic_shaping.htm</ulink></para>
|
||||||
|
|
||||||
|
@ -201,7 +201,8 @@
|
|||||||
<para><option>hfsc</option> - Shorewall normally uses the
|
<para><option>hfsc</option> - Shorewall normally uses the
|
||||||
<firstterm>Hierarchical Token Bucket</firstterm> queuing discipline.
|
<firstterm>Hierarchical Token Bucket</firstterm> queuing discipline.
|
||||||
When <option>hfsc</option> is specified, the <firstterm>Hierarchical
|
When <option>hfsc</option> is specified, the <firstterm>Hierarchical
|
||||||
Fair Service Curves</firstterm> discipline is used instead.</para>
|
Fair Service Curves</firstterm> discipline is used instead(see
|
||||||
|
tc-hfsc (7)).</para>
|
||||||
|
|
||||||
<para><emphasis role="bold">linklayer</emphasis> - Added in
|
<para><emphasis role="bold">linklayer</emphasis> - Added in
|
||||||
Shorewall 4.5.6. Type of link (ethernet, atm, adsl). When specified,
|
Shorewall 4.5.6. Type of link (ethernet, atm, adsl). When specified,
|
||||||
@ -278,6 +279,8 @@
|
|||||||
<refsect1>
|
<refsect1>
|
||||||
<title>See ALSO</title>
|
<title>See ALSO</title>
|
||||||
|
|
||||||
|
<para>tc-hfsc (7)</para>
|
||||||
|
|
||||||
<para><ulink
|
<para><ulink
|
||||||
url="http://shorewall.net/traffic_shaping.htm">http://shorewall.net/traffic_shaping.htm</ulink></para>
|
url="http://shorewall.net/traffic_shaping.htm">http://shorewall.net/traffic_shaping.htm</ulink></para>
|
||||||
|
|
||||||
|
@ -431,7 +431,7 @@
|
|||||||
<term><emphasis role="bold">linklayer</emphasis></term>
|
<term><emphasis role="bold">linklayer</emphasis></term>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para> Added in Shorewall 4.5.6. Type of link (ethernet, atm,
|
<para>Added in Shorewall 4.5.6. Type of link (ethernet, atm,
|
||||||
adsl). When specified, causes scheduler packet size
|
adsl). When specified, causes scheduler packet size
|
||||||
manipulation as described in tc-stab (8). When this option is
|
manipulation as described in tc-stab (8). When this option is
|
||||||
given, the following options may also be given after
|
given, the following options may also be given after
|
||||||
@ -792,6 +792,18 @@ ppp0 6000kbit 500kbit</programlisting>
|
|||||||
<emphasis>number</emphasis> must be > 2 and less than 128. If
|
<emphasis>number</emphasis> must be > 2 and less than 128. If
|
||||||
not specified, the value 127 is assumed</para>
|
not specified, the value 127 is assumed</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>red=(<replaceable>redoption</replaceable>,...) - Added in
|
||||||
|
Shorewall 4.5.6. When specified on a leaf class, causes the
|
||||||
|
class to use the red queuing discipline rather than SFQ. See
|
||||||
|
tc-red (8) for additional information.</para>
|
||||||
|
|
||||||
|
<para>See <ulink
|
||||||
|
url="manpages/shorewall-tcdevices.html">shorewall-tcdevices</ulink>
|
||||||
|
(5) for a description of the allowable
|
||||||
|
<replaceable>redoptions</replaceable>.</para>
|
||||||
|
</listitem>
|
||||||
</itemizedlist>
|
</itemizedlist>
|
||||||
</listitem>
|
</listitem>
|
||||||
</itemizedlist>
|
</itemizedlist>
|
||||||
|
Loading…
Reference in New Issue
Block a user