source-git / iptables

Clone
Source Code
GIT

Blame extensions/libxt_rateest.man

c8 c8s master
  1.   45e61c67fb4b995791ca58925e36a1351ccb4acb
  2.   extensions
  3.   libxt_rateest.man
Blob History Raw
Packit Service d1fe03 
The rate estimator can match on estimated rates as collected by the RATEEST
Packit Service d1fe03 
target. It supports matching on absolute bps/pps values, comparing two rate
Packit Service d1fe03 
estimators and matching on the difference between two rate estimators.
Packit Service d1fe03 
.PP
Packit Service d1fe03 
For a better understanding of the available options, these are all possible
Packit Service d1fe03 
combinations:
Packit Service d1fe03 
.\" * Absolute:
Packit Service d1fe03 
.IP \(bu 4
Packit Service d1fe03 
\fBrateest\fP \fIoperator\fP \fBrateest-bps\fP
Packit Service d1fe03 
.IP \(bu 4
Packit Service d1fe03 
\fBrateest\fP \fIoperator\fP \fBrateest-pps\fP
Packit Service d1fe03 
.\" * Absolute + Delta:
Packit Service d1fe03 
.IP \(bu 4
Packit Service d1fe03 
(\fBrateest\fP minus \fBrateest-bps1\fP) \fIoperator\fP \fBrateest-bps2\fP
Packit Service d1fe03 
.IP \(bu 4
Packit Service d1fe03 
(\fBrateest\fP minus \fBrateest-pps1\fP) \fIoperator\fP \fBrateest-pps2\fP
Packit Service d1fe03 
.\" * Relative:
Packit Service d1fe03 
.IP \(bu 4
Packit Service d1fe03 
\fBrateest1\fP \fIoperator\fP \fBrateest2\fP \fBrateest-bps\fP(without rate!)
Packit Service d1fe03 
.IP \(bu 4
Packit Service d1fe03 
\fBrateest1\fP \fIoperator\fP \fBrateest2\fP \fBrateest-pps\fP(without rate!)
Packit Service d1fe03 
.\" * Relative + Delta:
Packit Service d1fe03 
.IP \(bu 4
Packit Service d1fe03 
(\fBrateest1\fP minus \fBrateest-bps1\fP) \fIoperator\fP
Packit Service d1fe03 
(\fBrateest2\fP minus \fBrateest-bps2\fP)
Packit Service d1fe03 
.IP \(bu 4
Packit Service d1fe03 
(\fBrateest1\fP minus \fBrateest-pps1\fP) \fIoperator\fP
Packit Service d1fe03 
(\fBrateest2\fP minus \fBrateest-pps2\fP)
Packit Service d1fe03 
.TP
Packit Service d1fe03 
\fB\-\-rateest\-delta\fP
Packit Service d1fe03 
For each estimator (either absolute or relative mode), calculate the difference
Packit Service d1fe03 
between the estimator-determined flow rate and the static value chosen with the
Packit Service d1fe03 
BPS/PPS options. If the flow rate is higher than the specified BPS/PPS, 0 will
Packit Service d1fe03 
be used instead of a negative value. In other words, "max(0, rateest#_rate -
Packit Service d1fe03 
rateest#_bps)" is used.
Packit Service d1fe03 
.TP
Packit Service d1fe03 
[\fB!\fP] \fB\-\-rateest\-lt\fP
Packit Service d1fe03 
Match if rate is less than given rate/estimator.
Packit Service d1fe03 
.TP
Packit Service d1fe03 
[\fB!\fP] \fB\-\-rateest\-gt\fP
Packit Service d1fe03 
Match if rate is greater than given rate/estimator.
Packit Service d1fe03 
.TP
Packit Service d1fe03 
[\fB!\fP] \fB\-\-rateest\-eq\fP
Packit Service d1fe03 
Match if rate is equal to given rate/estimator.
Packit Service d1fe03 
.PP
Packit Service d1fe03 
In the so-called "absolute mode", only one rate estimator is used and compared
Packit Service d1fe03 
against a static value, while in "relative mode", two rate estimators are
Packit Service d1fe03 
compared against another.
Packit Service d1fe03 
.TP
Packit Service d1fe03 
\fB\-\-rateest\fP \fIname\fP
Packit Service d1fe03 
Name of the one rate estimator for absolute mode.
Packit Service d1fe03 
.TP
Packit Service d1fe03 
\fB\-\-rateest1\fP \fIname\fP
Packit Service d1fe03 
.TP
Packit Service d1fe03 
\fB\-\-rateest2\fP \fIname\fP
Packit Service d1fe03 
The names of the two rate estimators for relative mode.
Packit Service d1fe03 
.TP
Packit Service d1fe03 
\fB\-\-rateest\-bps\fP [\fIvalue\fP]
Packit Service d1fe03 
.TP
Packit Service d1fe03 
\fB\-\-rateest\-pps\fP [\fIvalue\fP]
Packit Service d1fe03 
.TP
Packit Service d1fe03 
\fB\-\-rateest\-bps1\fP [\fIvalue\fP]
Packit Service d1fe03 
.TP
Packit Service d1fe03 
\fB\-\-rateest\-bps2\fP [\fIvalue\fP]
Packit Service d1fe03 
.TP
Packit Service d1fe03 
\fB\-\-rateest\-pps1\fP [\fIvalue\fP]
Packit Service d1fe03 
.TP
Packit Service d1fe03 
\fB\-\-rateest\-pps2\fP [\fIvalue\fP]
Packit Service d1fe03 
Compare the estimator(s) by bytes or packets per second, and compare against
Packit Service d1fe03 
the chosen value. See the above bullet list for which option is to be used in
Packit Service d1fe03 
which case. A unit suffix may be used - available ones are: bit, [kmgt]bit,
Packit Service d1fe03 
[KMGT]ibit, Bps, [KMGT]Bps, [KMGT]iBps.
Packit Service d1fe03 
.PP
Packit Service d1fe03 
Example: This is what can be used to route outgoing data connections from an
Packit Service d1fe03 
FTP server over two lines based on the available bandwidth at the time the data
Packit Service d1fe03 
connection was started:
Packit Service d1fe03 
.PP
Packit Service d1fe03 
# Estimate outgoing rates
Packit Service d1fe03 
.PP
Packit Service d1fe03 
iptables \-t mangle \-A POSTROUTING \-o eth0 \-j RATEEST \-\-rateest\-name eth0
Packit Service d1fe03 
\-\-rateest\-interval 250ms \-\-rateest\-ewma 0.5s
Packit Service d1fe03 
.PP
Packit Service d1fe03 
iptables \-t mangle \-A POSTROUTING \-o ppp0 \-j RATEEST \-\-rateest\-name ppp0
Packit Service d1fe03 
\-\-rateest\-interval 250ms \-\-rateest\-ewma 0.5s
Packit Service d1fe03 
.PP
Packit Service d1fe03 
# Mark based on available bandwidth
Packit Service d1fe03 
.PP
Packit Service d1fe03 
iptables \-t mangle \-A balance \-m conntrack \-\-ctstate NEW \-m helper \-\-helper ftp
Packit Service d1fe03 
\-m rateest \-\-rateest\-delta \-\-rateest1 eth0 \-\-rateest\-bps1 2.5mbit \-\-rateest\-gt
Packit Service d1fe03 
\-\-rateest2 ppp0 \-\-rateest\-bps2 2mbit \-j CONNMARK \-\-set\-mark 1
Packit Service d1fe03 
.PP
Packit Service d1fe03 
iptables \-t mangle \-A balance \-m conntrack \-\-ctstate NEW \-m helper \-\-helper ftp
Packit Service d1fe03 
\-m rateest \-\-rateest\-delta \-\-rateest1 ppp0 \-\-rateest\-bps1 2mbit \-\-rateest\-gt
Packit Service d1fe03 
\-\-rateest2 eth0 \-\-rateest\-bps2 2.5mbit \-j CONNMARK \-\-set\-mark 2
Packit Service d1fe03 
.PP
Packit Service d1fe03 
iptables \-t mangle \-A balance \-j CONNMARK \-\-restore\-mark

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation