View previous topic :: View next topic |
Author |
Message |
nixnux n00b
Joined: 13 Jul 2005 Posts: 12
|
Posted: Sat Oct 29, 2005 6:13 pm Post subject: |
|
|
Excellent Howto, worked great for me. One thing I'm trying to figure out is how to identify between the outgoing data in a BitTorrent application and the outgoing ACKs. I limit the upstream just great...It works awesome. Only problem is the downstream on a torrent goes way down. I'm assuming the outgoing ACKs are getting limited along with the outgoing data. Any one know how to distinguish between the two?
Thanks |
|
Back to top |
|
|
ultraViolet Apprentice
Joined: 03 Apr 2004 Posts: 280 Location: Lyon, France
|
Posted: Wed Nov 23, 2005 7:36 pm Post subject: |
|
|
Hi all !
I have read this very interesting thread with attention, because I have tried in the past to control p2p traffic in this way :
if there is a connection etablished, p2p fall at 0 as input and output.
The matter was mainly that I am sharing my connection with other people which doesnt respect the rules I have etablished, like only use p2p clients allowing to be stopped from my 'workstation'. It can be seen as autoritative, but I am the one who pay for it. I am a gamer and I can't support to see my ping falling down for p2p traffic, when I can spare some night time to play.
I have tried marking p2p traffic via ipp2p. The result was positive, but not sufficient. According to what I have read, l7 seems to be efficient too, but the fact is that it only block bandwith, not the number of connection etablished for example.
My question will so be this one : Do you think it is pertinent to use ipp2p and l7 at the same time to detect the most p2p packet as possible ?
Any help would be appreciated, and would allow my users to keep their free connection... |
|
Back to top |
|
|
ssmaxss Apprentice
Joined: 28 Jun 2005 Posts: 160 Location: Moscow, Russia.
|
Posted: Wed Mar 29, 2006 6:17 pm Post subject: |
|
|
I whant to lower priority of incoming bittorent traffic (For fast surfnig while downloading via bittorrent). I whant to find bittorrent packets by using ipp2p (ports are dynamic, and maybe I will use ed2k). How can I do it? I whant a simple and clear "Gentoo way". |
|
Back to top |
|
|
Falchion n00b
Joined: 18 Dec 2005 Posts: 57
|
Posted: Thu Apr 27, 2006 12:02 pm Post subject: Help on filtering specific program for different client |
|
|
Supposedly I patched my iptables....
Can I filter my LAN connection so that I can make sure that both the ip & internet explorer use a limited bandwidth?
I did use tc filter add dev eth0 parent 1: protocol ip u32 match ip sport 80 0xffff flowid 1:20 & also for port 8080 + 3128.
It worked great. HOWEVER, it also filter the game online patch and I don't want that. I just want to filter internet explorer.
Does the patch work if my client is WinXP? and can I actually filter internet explorer for each computer differently? I want IE on comp1 to use 56kb/s, IE on comp2 56kb/s, IE on comp3 56kb/s, etc.
I tried adding iexplore/iexplore.exe without any patch and it says that it can't find the program specified because I don't have it if I type ps -A.
Please help me on this. Thanks. |
|
Back to top |
|
|
Moloch Apprentice
Joined: 17 Mar 2003 Posts: 293 Location: Albuquerque, NM, US
|
Posted: Fri Apr 28, 2006 7:26 pm Post subject: |
|
|
nixnux wrote: | Excellent Howto, worked great for me. One thing I'm trying to figure out is how to identify between the outgoing data in a BitTorrent application and the outgoing ACKs. I limit the upstream just great...It works awesome. Only problem is the downstream on a torrent goes way down. I'm assuming the outgoing ACKs are getting limited along with the outgoing data. Any one know how to distinguish between the two?
Thanks | Yes, I use seperate ACK queues for each of of my categories. Say for example you have Code: | iptables -A tcpost -t mangle -o $INTERFACE -p tcp --dport $port -j CLASSIFY --set-class 1:32 | Then I would have an almost identical line Code: | ACKS='--tcp-flags SYN,RST,ACK ACK -m length --length :255'
iptables -A tcpost -t mangle -o $INTERFACE -p tcp --dport $port $ACKS -j CLASSIFY --set-class 1:31 | Where class 1:31 is a higher priority than 1:32.
So this uses the same port as the previous but the length of the packet must be from 0 to 255 and have the SYN,RST,ACK ACK TCP flags. This seems to work great for me. Even when I have a lot of bittorrents seeding. I can start downloading a torrent and it will slow down my seeding upload which allows the download to go much quicker. This works great for anything that uses TCP. Obviously this won't work with UDP.
Another trick for those trying to limit bittorrent traffic where you have the bittorrent client on another computer than the firewall. You could assign another IP address to the client machine. For example in in /etc/conf.d/net may look like Code: | config_eth0=( "192.168.0.5/24" "192.168.0.200/24") | Then on your firewall tell it to match based upon that IP address Code: | iptables -A tcpost -t mangle -o $INTERFACE -p tcp --source 192.168.0.200 -j CLASSIFY --set-class 1:74 |
Back on the client machine you can then configure the bittorrent client to bind to 192.168.0.200 rather thant the primary one or all interfaces. If the client doesn't support binding to an interface you can use iptables on the client machine (assuming it's running Linux of course) to force connections based upon user or program name to use 192.168.0.200. This looks like Code: | iptables -A POSTROUTING -m owner --uid-owner bittorrent -j SNAT --to-source 192.168.0.200 | Make sure port forwarding on the firewall is setup to forward bittorrent ports to 192.168.0.200.
This may not be the best way to do things, but it seems to work very well for me. _________________ Understanding is a three-edged sword: your side, their side, and the truth. --Kosh
1010011010 |
|
Back to top |
|
|
depontius Advocate
Joined: 05 May 2004 Posts: 3509
|
Posted: Mon May 08, 2006 1:54 pm Post subject: Simple limiting (simulate DSL migration) |
|
|
Parasietje wrote: | http://www.szabilinux.hu/bandwidth/
This URL is worth checking out. Download bandwidth limiting works like a charm on my router. If you run a squid proxy, you may have problems limiting download traffic if you use transparent proxying.
Use Delaying Pools for squid bandhwith limiting. (Line 2849 in squid.conf) |
I'm looking to save $$$ by moving from cable to DSL, but first I want to "simulate" the move, by bandwidth-limiting. The first entry on this thread indicates that input bandwidth limiting is difficult, but the link you give seems to do it simply. (I haven't tried it yet, just read the link.) All of my LAN traffic passes through my server/router, so I do have a simple throttle point to do this.
I may have 2 DSL plans available, one saving $$$ and one saving $$. The cheap side of me would like to look at the low-bandwidth plan. I already run emerge sync from cron on my server, and my other systems sync to that. I'm also running http-replicator, so I have caching and provisions to move things into the wee hours, in order to avoid waiting and contention. I'm concerned about interactive bandwidth.
Is this a sane thing to do?
What are the "weight" factors? From what I can see, in my case the weights don't really matter, since I'm making all systems peers sharing one link. Correct? _________________ .sigs waste space and bandwidth |
|
Back to top |
|
|
johnny_martins00 Apprentice
Joined: 01 Jun 2006 Posts: 293
|
Posted: Mon Apr 09, 2007 2:08 pm Post subject: |
|
|
hi. great howto! im trying something like your howto but with some subclasses. my question is if in one class i can declare 3 subclasses like :
Code: |
localhost johnny # tc class add dev eth0 parent 1: classid 1:1 htb rate 120kbit burst 6k
localhost johnny # tc class add dev eth0 parent 1:1 classid 1:10 htb rate 100kbit burst 6k prio 1
localhost johnny # tc class add dev eth0 parent 1:1 classid 1:20 htb rate 10kbit burst 6k prio 2
localhost johnny # tc class add dev eth0 parent 1:1 classid 1:30 htb rate 10kbit burst 6k prio 3
now i want to declare 3 subclasses of class 10
localhost johnny # tc class add dev eth0 parent 1:10 classid 1:100 htb rate 60kbit
localhost johnny # tc class add dev eth0 parent 1:10 classid 1:200 htb rate 40kbit
localhost johnny # tc class add dev eth0 parent 1:10 classid 1:300 htb rate 20kbit
localhost johnny # tc qdisc add dev eth0 parent 1:10 handle 10: sfq perturb 10
localhost johnny # tc qdisc add dev eth0 parent 1:100 handle 1000: sfq perturb 10
localhost johnny # tc qdisc add dev eth0 parent 1:200 handle 2000: sfq perturb 10
localhost johnny # tc qdisc add dev eth0 parent 1:300 handle 3000: sfq perturb 10
localhost johnny # tc qdisc add dev eth0 parent 1:20 handle 20: sfq perturb 10
localhost johnny # tc qdisc add dev eth0 parent 1:30 handle 30: sfq perturb 10
localhost johnny # tc class show dev eth0
class htb 1:1 root rate 120000bit ceil 120000bit burst 6Kb cburst 1749b
class htb 1:10 parent 1:1 rate 100000bit ceil 100000bit burst 6Kb cburst 1725b
class htb 1:100 parent 1:10 leaf 1000: prio 0 rate 60000bit ceil 60000bit burst 1674b cburst 1674b
class htb 1:20 parent 1:1 leaf 20: prio 2 rate 10000bit ceil 10000bit burst 6Kb cburst 1612b
class htb 1:200 parent 1:10 leaf 2000: prio 0 rate 40000bit ceil 40000bit burst 1650b cburst 1650b
class htb 1:30 parent 1:1 leaf 30: prio 3 rate 10000bit ceil 10000bit burst 6Kb cburst 1612b
class htb 1:300 parent 1:10 leaf 3000: prio 0 rate 20000bit ceil 20000bit burst 1625b cburst 1625b
|
another thing is the tc filter command... i wanna make a filter for all the traffic http but... dont know how. i've tried this:
Code: |
tc filter add dev eth0 parent 10:0 protocol ip prio 3 u32 \ match ip protocol 80 0xff lowid 10:100
|
but its not working....
another thing its the diferences between using tc filter and the iptables that i cant understand...
Thk,
Regards |
|
Back to top |
|
|
Xamindar Veteran
Joined: 03 Oct 2004 Posts: 1155 Location: California
|
Posted: Tue Nov 06, 2007 5:25 am Post subject: |
|
|
I have a problem. I simply ran the following and haven't add any clauses to shape traffic yet:
Code: |
tc qdisc add dev eth0 root handle 1: htb default 10
tc class add dev eth0 parent 1: classid 1:1 htb rate 120kbit burst 6k
tc class add dev eth0 parent 1:1 classid 1:10 htb rate 120kbit burst 6k prio 1
tc class add dev eth0 parent 1:1 classid 1:20 htb rate 60kbit burst 6k prio 2
tc class add dev eth0 parent 1:1 classid 1:30 htb rate 30kbit burst 6k prio 3
tc qdisc add dev eth0 parent 1:10 handle 10: sfq perturb 10
tc qdisc add dev eth0 parent 1:20 handle 20: sfq perturb 10
tc qdisc add dev eth0 parent 1:30 handle 30: sfq perturb 10
|
but for some reason as soon as I add these not only does my outgoing slow to about 4k/s but so does my input! Why is it doing this? I checked and eth0 is indeed my outgoing interface. |
|
Back to top |
|
|
Xamindar Veteran
Joined: 03 Oct 2004 Posts: 1155 Location: California
|
Posted: Tue Nov 06, 2007 6:08 am Post subject: |
|
|
I even tried following this guide:
http://gentoo-wiki.com/HOWTO_Packet_Shaping
and the same thing happened. Both upload and download is being limited! What is the deal with this? |
|
Back to top |
|
|
exarkun n00b
Joined: 13 Dec 2007 Posts: 1
|
Posted: Thu Dec 13, 2007 10:11 pm Post subject: |
|
|
Also, as of kernel 2.6.14, the pid-owner, sid-owner, and cmd-owner options are no longer available in iptables. Does anyone have a way to get this working for a specific program now? Running p2p kills my downstream such that my connection is near useless.
Thanks. |
|
Back to top |
|
|
sunilkb n00b
Joined: 31 Jul 2014 Posts: 1
|
Posted: Fri Aug 01, 2014 6:59 am Post subject: RegardinG bandwidth limiting post. |
|
|
Dear Author of Bandwidth Limiting post .
You mentioned in Section 7 of this post, Point 3. Would you please help me how to do TCP Window manipulation to influence the speed of network streams?
3)TCP window manipulation is an advanced and better method of influencing the speed of network streams, unfortunately AFAIK there are no open source applications that implement that for the time being.
Thanks,
Sunil |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|