[maemo-developers] IP packets Traffic Control with tc - kind request

From: Darius Jack dariusjack2006 at yahoo.ie
Date: Mon Aug 4 21:18:11 EEST 2008 
Hi,

excellent source for Internet traffic shaping

http://www.trekweb.com/~jasonb/articles/traffic_shaping/scenarios.html

http://www.trekweb.com/~jasonb/articles/traffic_shaping/classflows.html#iptu32

but please tell me how to control Wifi traffic to a number of clients.

Is netstat, nload a good solution ?

Just need to write basic shell script to count a number of Wifi /www clients
(netstat -a  > parser ) and have a tool, command, script
to share Wifi bandwidth between Wifi/ www clients

What I see promising in iptables is

dstlimit
This module allows you to limit the packet per second (pps) rate on a per destination IP or per destination port base. As opposed to the `limit' match, every destination ip / destination port has it's own limit.

--dstlimit avg
    Maximum average match rate (packets per second unless followed by /sec /minute /hour /day postfixes). 
--dstlimit-mode mode
    The limiting hashmode. Is the specified limit per dstip, dstip-dstport tuple, srcip-dstip tuple, or per srcipdstip-dstport tuple. 
--dstlimit-name name
    Name for /proc/net/ipt_dstlimit/* file entry 
[--dstlimit-burst burst]
    Number of packets to match in a burst. Default: 5 
[--dstlimit-htable-size size]
    Number of buckets in the hashtable 
[--dstlimit-htable-max max]
    Maximum number of entries in the hashtable 
[--dstlimit-htable-gcinterval interval]
    Interval between garbage collection runs of the hashtable (in miliseconds). Default is 1000 (1 second). 
[--dstlimit-htable-expire time
    After which time are idle entries expired from hashtable (in miliseconds)? Default is 10000 (10 seconds). 

________

fuzzy
This module matches a rate limit based on a fuzzy logic controller [FLC]

--lower-limit number
    Specifies the lower limit (in packets per second). 
--upper-limit number
    Specifies the upper limit (in packets per second). 

__

geoip
Match a packet by its source or destination country.

[!] --src-cc, --source-country country[,country,country,...]
    Match packet coming from (one of) the specified country(ies) 
[!] --dst-cc, --destination-country country[,country,country,...]
    Match packet going to (one of) the specified country(ies) 
NOTE:
    The country is inputed by its ISO3166 code. The only extra files you need is a binary db (geoipdb.bin) & its index file (geoipdb.idx). Both files are generated from a countries & subnets database with the csv2bin tool, available at www.cookinglinux.org/geoip/. Both files MUST also be moved in /var/geoip/ as the shared library is statically looking for that pathname (ex.: /var/geoip/geoipdb.bin). 

 ___

 
limit
This module matches at a limited rate using a token bucket filter. A rule using this extension will match until this limit is reached (unless the `!' flag is used). It can be used in combination with the LOG target to give limited logging, for example.

--limit rate
    Maximum average matching rate: specified as a number, with an optional `/second', `/minute', `/hour', or `/day' suffix; the default is 3/hour. 
--limit-burst number
    Maximum initial number of packets to match: this number gets recharged by one every time the limit specified above is not reached, up to this number; the default is 5. 

__
mac

--mac-source [!] address
    Match source MAC address. It must be of the form XX:XX:XX:XX:XX:XX. Note that this only makes sense for packets coming from an Ethernet device and entering the PREROUTING, FORWARD or INPUT chains. 

_

Ok.

What I need now is your advice how to put the above together into a nice, basic shell script.

Dstlimit is ok
but I need to limit Originated IP (DHCP assigned)
for each specific client's IP.

thanks

Darius



Send instant messages to your online friends http://uk.messenger.yahoo.com
More information about the maemo-developers mailing list