TWxSoftware/twx-linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
68dd299bc8
twx-linux/include/linux/netfilter
History
Patrick McHardy 50c164a81f [NETFILTER]: x_tables: add rateest match 
Add rate estimator match. The rate estimator match can match on
estimated rates by the RATEEST target. It supports matching on
absolute bps/pps values, comparing two rate estimators and matching
on the difference between two rate estimators.

This is what I use to route outgoing data connections from a FTP
server over two lines based on the  available bandwidth:

# estimate outgoing rates
iptables -t mangle -A POSTROUTING -o eth0 -j RATEEST --rateest-name eth0 \
                                                     --rateest-interval 250ms \
                                                     --rateest-ewma 0.5s
iptables -t mangle -A POSTROUTING -o ppp0 -j RATEEST --rateest-name ppp0 \
                                                     --rateest-interval 250ms \
                                                     --rateest-ewma 0.5s

# mark based on available bandwidth
iptables -t mangle -A BALANCE -m state --state NEW \
                              -m helper --helper ftp \
                              -m rateest --rateest-delta \
                                         --rateest1 eth0 \
                                         --rateest-bps1 2.5mbit \
                                         --rateest-gt \
                                         --rateest2 ppp0 \
                                         --rateest-bps2 2mbit \
                              -j CONNMARK --set-mark 0x1

iptables -t mangle -A BALANCE -m state --state NEW \
                              -m helper --helper ftp \
                              -m rateest --rateest-delta \
                                         --rateest1 ppp0 \
                                         --rateest-bps1 2mbit \
                                         --rateest-gt \
                                         --rateest2 eth0 \
                                         --rateest-bps2 2.5mbit \
                              -j CONNMARK --set-mark 0x2

iptables -t mangle -A BALANCE -j CONNMARK --restore-mark

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28 14:56:03 -08:00
..
Kbuild [NETFILTER]: x_tables: add rateest match 2008-01-28 14:56:03 -08:00
nf_conntrack_amanda.h
nf_conntrack_common.h
nf_conntrack_ftp.h
nf_conntrack_h323_asn1.h
nf_conntrack_h323_types.h
nf_conntrack_h323.h
nf_conntrack_irc.h
nf_conntrack_pptp.h
nf_conntrack_proto_gre.h
nf_conntrack_sane.h
nf_conntrack_sctp.h
nf_conntrack_sip.h
nf_conntrack_tcp.h
nf_conntrack_tftp.h
nf_conntrack_tuple_common.h
nfnetlink_compat.h
nfnetlink_conntrack.h
nfnetlink_log.h
nfnetlink_queue.h
nfnetlink.h
x_tables.h [NETFILTER]: x_tables: struct xt_table_info diet 2008-01-28 14:55:54 -08:00
xt_CLASSIFY.h
xt_comment.h
xt_connbytes.h
xt_connlimit.h
xt_connmark.h
xt_CONNMARK.h
xt_CONNSECMARK.h
xt_conntrack.h
xt_dccp.h
xt_dscp.h [NETFILTER]: IPv6 capable xt_tos v1 match 2008-01-28 14:56:00 -08:00
xt_DSCP.h [NETFILTER]: IPv6 capable xt_TOS v1 target 2008-01-28 14:56:00 -08:00
xt_esp.h
xt_hashlimit.h
xt_helper.h
xt_length.h
xt_limit.h
xt_mac.h
xt_mark.h
xt_MARK.h
xt_multiport.h
xt_NFLOG.h
xt_NFQUEUE.h
xt_owner.h [NETFILTER]: merge ipt_owner/ip6t_owner in xt_owner 2008-01-28 14:55:55 -08:00
xt_physdev.h
xt_pkttype.h
xt_policy.h
xt_quota.h
xt_rateest.h [NETFILTER]: x_tables: add rateest match 2008-01-28 14:56:03 -08:00
xt_RATEEST.h [NETFILTER]: x_tables: add RATEEST target 2008-01-28 14:56:02 -08:00
xt_realm.h
xt_sctp.h
xt_SECMARK.h
xt_state.h
xt_statistic.h
xt_string.h
xt_tcpmss.h
xt_TCPMSS.h
xt_TCPOPTSTRIP.h [NETFILTER]: x_tables: add TCPOPTSTRIP target 2008-01-28 14:55:51 -08:00
xt_tcpudp.h
xt_time.h
xt_u32.h