# # Shorewall version 3.2 - Tcclasses File # # Based on tc4shorewall version 0.5 by Arne Bernin # # /etc/shorewall/tcclasses # # Define the classes used for traffic shaping in this file. # # A note on the rate/bandwidth definitions used in this file: # # - don't use a space between the integer value and # the unit: 30kbit is valid while 30 kbit is NOT. # # - you can use one of the following units: # # kbps Kilobytes per second # mbps Megabytes per second # kbit Kilobits per second # mbit Megabits per second # bps or a # bare number Bytes per second # # - if you want the values to be calculated for you depending # on the output bandwidth setting defined for an interface # in tcdevices, you can use expressions like the following: # # full/3 causes the bandwidth to be calculated # as 3 of the the full outgoing # speed that is defined. # # full*9/10 will set this bandwidth to 9/10 of # the full bandwidth # # DO NOT add a unit to the rate if it is calculated ! # # Columns are: # # INTERFACE Name of interface. Each interface may be listed only # once in this file. You may NOT specify the name of # an alias (e.g., eth0:0) here; see # http://www.shorewall.net/FAQ.htm#faq18 # # You may NOT specify wildcards here, e.g. if you # have multiple ppp interfaces, you need to put # them all in here! # # Please note that you can only use interface names # in here that have a bandwidth defined in the tcdevices # file # # MARK The mark value which is an integer in the range 1-255. # You define this marks in the tcrules file, marking # the traffic you want to fit in the classes defined # in here. # # You can use the same marks for different interfaces. # # RATE The minimum bandwidth this class should get, # when the traffic load rises. # # CEIL The maximum bandwidth this class is allowed to use # when the link is idle. Useful if you have traffic # which can get full speed when more needed services # (e.g. ssh) are not used. # # You can use the value "full" in here for setting # the maximum bandwidth to the defined output bandwidth # of that interface # # PRIORITY The priority in which classes will be serviced by # the packet shaping scheduler and also the priority # in which bandwidth in excess of the rate will be # given to each class. # # Higher priority classes will experience less delay # since they are serviced first. Priority values # are serviced in ascending order (e.g. 0 is higher # priority than 1). # # Classes may be set to the same priority, in which # case they will be serviced as equals. # # OPTIONS A comma-separated list of options including the # following: # # default - this is the default class for that # interface where all traffic should go, # that is not classified otherwise. # # NOTE: defining default for exactly one # class per interface is mandatory! # # tos=0x<value>[/0x<mask>] (mask defaults to 0xff) # - this lets you define a classifier # for the given <value>/<mask> # combination of the IP packet's # TOS/Precedence/DiffSrv octet (aka the # TOS byte). Please note, classifiers # override all mark settings, so if you # define a classifer for a class, all # traffic having that mark will go in it # regardless of any mark set on the # packet by a firewall/mangle filter. # # NOTE: multiple tos= statements may be # applied per class and per interface, # but a given value/mask pair is valid # for only ONE class per interface. # # tos-<tosname> - aliases for the following TOS octet # value and mask encodings. TOS # encodings of the "TOS byte" have been # deprecated in favor of diffserve # classes, but programs like ssh, # rlogin, and ftp still use them. # # tos-minimize-delay 0x10/0x10 # tos-maximize-throughput 0x08/0x08 # tos-maximize-reliability 0x04/0x04 # tos-minimize-cost 0x02/0x02 # tos-normal-service 0x00/0x1e # # NOTE: each of this options is only # valid for ONE class per interface. # # tcp-ack - if defined causes an tc filter to # be created that puts all tcp ack # packets on that interface that have # an size of <=64 Bytes to go in this # class. This is useful for speeding up # downloads. Please note that the size # of the ack packets is limited to 64 # bytes as some applications (p2p for # example) use to make every packet an # ack packet which would cause them # all into here. We want only packets # WITHOUT payload to match, so the size # limit. # # NOTE: This option is only valid for # ONE class per interface. # # # # Example 1: Suppose you are using PPP over Ethernet (DSL) # and ppp0 is the interface for this. You have 4 classes # here, the first you can use for voice over IP # traffic, the second interactive traffic (e.g. # ssh/telnet but not scp), the third will be for all # unclassified traffic, and the forth is for low # priority traffic (e.g. peer-to-peer). # # The voice traffic in the first class will be # guaranteed a minimum of 100kbps and always be # serviced first (because of the low priority number, # giving less delay) and will be granted excess # bandwidth (up to 180kbps, the class ceiling) first, # before any other traffic. A single VOIP stream, # depending upon codecs, after encapsulation, can take # up to 80kbps on a PPOE/DSL link, so we pad a little # bit just in case. (TOS byte values 0xb8 and 0x68 # are DiffServ classes EF and AFF3-1 respectively and # are often used by VOIP devices). # # Interactive traffic (tos-minimum-delay) and # TCP acks (and ICMP echo traffic if you use the example # in tcrules) and any packet with a mark of 2 will be # guaranteed 1/4 of the link bandwidth, and may extend # up to full speed of the link. # # Unclassified traffic and packets marked as 3 will be # guaranteed 1/4th of the link bandwidth, and may extend # to the full speed of the link. # # Packets marked with 4 will be treated as low priority # packets. (The tcrules example marks p2p traffic as # such.) If the link is congested, they're only # guaranteed 1/8th of the speed, and even if the link is # empty, can only expand to 80% of link bandwidth just # as a precaution in case there are upstream queues we # didn't account for. This is the last class to get # additional bandwidth and the last to get serviced by # the scheduler because of the low priority. # # ppp0 1 100kbit 180kbit 1 tos=0x68/0xfc,tos=0xb8/0xfc # ppp0 2 full/4 full 2 tcp-ack,tos-minimize-delay # ppp0 3 full/4 full 3 default # ppp0 4 full/8 full*8/10 4 # ############################################################################### #INTERFACE MARK RATE CEIL PRIORITY OPTIONS #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE