Previous: NAT, Up: Configuration
<traffic> sectionThis section is used to define traffic shaping rules. These traffic shaping
rules are called flows, the concept of flows is a single-parent
child relationship. For instance you can define 1 major flow, within this
flow you can define separate priorities and limits for different traffic such
as mail, browsing and p2p traffic. This example setup might be used for a DSL
internet connection where one would like to prioritize internet browsing.
The syntax of this section follows...
<firewall>
.
.
.
# Traffic flows
<traffic>
<flow name="dsl_line_in" max-rate="64000" report-timeout="60">
<flow name="http_in" max-rate="32000" burst-rate="64000" nfmark="100">
http_traffic_in
</flow>
<flow name="smtp_in" max-rate="8000" burst-rate="32000" nfmark="101">
smtp_traffic_in
</flow>
<flow name="p2p_in" max-rate="24000" burst-rate="32000"
nfmark="102">
p2p_traffic_in
</flow>
</flow>
<flow name="dsl_line_out" max-rate="64000" report-timeout="60">
<flow name="http_out" max-rate="32000" burst-rate="64000" nfmark="200">
http_traffic_out
</flow>
<flow name="smtp_out" max-rate="8000" burst-rate="32000" nfmark="201">
smtp_traffic_out
</flow>
<flow name="p2p_out" max-rate="24000" burst-rate="32000" nfmark="202">
p2p_traffic_out
</flow>
</flow>
</traffic>
.
.
.
</firewall>
The <traffic> ... </traffic> tags have no parameters.
Valid sub-tags and their parameters are detailed below...
<flow> ... </flow>
<flow> tag is used to specify a traffic flow and takes the
following parameters...
name="..." - Mandatory flow name, this is used to identify the flow
when reporting and monitoring
nfmark="..." - Mandatory/Optional parameter to specify the NFMARK
of the traffic that applies to this flow. This must be used at the deepest
level of flow embedding to match traffic. Each nfmark value MUST be
unique!
stats-len="..." - Optional parameter to specify the period in
seconds that the average bandwidth rate and packet rate is based on. If 0 is
specified here there will be no average
queue-size="..." - Optional parameter to specify the size of the
entire packet queue. If 0 is specified, queue size is unlimited. If -1 is
specified, the queue will not be used.
queue-len="..." - Optional parameter to specify the maximum number
of packets that can be in the entire queue at any one time. If -1 is
specified the queue will not be used..
max-rate="..." - Optional parameter to specify the maximum rate in
bytes/s before packets are queued, packets are not queued if they can be
bursted. If 0 is specified, no traffic limiting will occur. If however the
report-timeout="..." parameter is also specified then only logging
will occur.
burst-rate="..." - Optional parameter to specify the maximum rate in
bytes/s which packets can be bursted. Bursting can only occur until the parent
has maxed out its max-rate. Unlimited bursting will occur when burst-rate = 0,
remember unlimited meaning until the parent has maxed its max-rate. This value
must be greater than max-rate.
burst-threshold="..." - Optional parameter to specify at what
percentage we will stop bursting to our parent flow with regards to the parents
current rate of usage. If this is set to 75, bursting to our parent will only
be allowed until parent has maxed out 75% of its allowed maximum bandwidth
utilization. If other flows max 70% of the parents bandwidth, we will be
allowed to max our max-rate and burst until our parent reaches 75% of
its max-rate. Remember burst-threshold pertains to the parents
max-rate parameter, not the parents burst-rate.
report-timeout="..." - Optional parameter to specify if and in what
time increments the traffic statistics are logged to file. For example, if this
parameter is set to 60, bwmd will log traffic stats to file every 60
seconds. Minimum value for this parameter is 30.
prio-classifier="..." - Optional parameter to specify an automatic
traffic prioritization classifier. This parameter defaults to the none
classifier, where no prioritization takes place. Available classifiers are
discussed below...
Between the opening and closing tags, classes defined in the <global>
section can be listed, if you want to list multiple classes use one per line,
these classes classify which traffic applies to which rule.
Please note listing classes is required only if you are using BWM Tools to
generate your firewall for you, otherwise just make sure you MARK your
traffic correctly and the MARK value matches the
nfmark="..." parameter value used above.
Alternatively <flow> ... </flow> tags can be embedded to form a more
complex hierarcy.
On a last note, if you are infact not using BWM Tools to generate your
firewall and don't want to embed flows in multiple hierarchical levels you
can specify the flow tag quickly in the following way <flow ... />.
To continue on the line of complexity, one can specify the following sub-tags,
within the <flow> ... </flow> tags...
<queue> ... </queue> tag is used to finer tune queuing
prio="..." - Mandatory parameter to specify the priority of the
matched traffic. (1 = highest, 100 = lowest).
nfmark="..." - Mandatory parameter to specify the mark value of the
traffic.
<queue> ... </queue> tags to give
VNC traffic highest priority...
<flow name="line_in" max-rate="32000">
<flow name="p2p_traffic_in" max-rate="8000" burst-rate="24000" nfmark="100">
class_p2p_traffic_in
</flow>
<flow name="vnc_in" max-rate="24000" burst-rate="32000">
<queue prio="1" nfmark="101">
class_vnc_in
</queue>
</flow>
</flow>
Between the opening and closing tags, classes defined in the <global>
section can be listed, if you want to list multiple classes use one per line,
these classes classify which traffic applies to which rule.
Please note listing classes is required only if you are using BWM Tools to
generate your firewall for you, otherwise just make sure you MARK your
traffic correctly and the MARK value matches the
nfmark="..." parameter value used above.
On a last note, if you are infact not using BWM Tools to generate your
firewall and want to specify a queue quickly, you can do so in the following
way <queue ... />.
<group> ... </group>
<group> tag is used for reporting only. It is for grouping flows
together into 1 reporting name. This tag takes the following parameters...
name="..." - Mandatory flow name, this is used to identify the flow
when reporting and monitoring
report-timeout="..." - Optional parameter to specify if and in what
time increments the traffic statistics are logged to file. For example, if this
parameter is set to 60, bwmd will log traffic stats to file every 60
seconds. Minimum value for this parameter is 30.
stats-len="..." - Optional parameter to specify the period in
seconds that the average bandwidth rate and packet rate is based on. If 0 is
specified here there will be no average