SHOREWALL\-TCDEVICES

Section: Configuration Files (5)
Updated: 04/11/2019
Page Index

NAME

tcdevices - Shorewall Traffic Shaping Devices file

SYNOPSIS

/etc/shorewall[6]/tcdevices

DESCRIPTION

Entries in this file define the bandwidth for interfaces on which you want traffic shaping to be enabled.

If you do not plan to use traffic shaping for a device, don't put it in here as it limits the throughput of that device to the limits you set here.

A note on the bandwidth definitions used in this file:

: • don't use a space between the integer value and the unit: 30kbit is valid while 30 kbit is not.

• you can use one of the following units:

kbps

: Kilobytes per second.

mbps

: Megabytes per second.

kbit

: Kilobits per second.

mbit

: Megabits per second.

bps or number

: Bytes per second.

: • Only whole integers are allowed.

The columns in the file are as follows (where the column name is followed by a different name in parentheses, the different name is used in the alternate specification syntax).

INTERFACE - [number:]interface

Name of interface. Each interface may be listed only once in this file. You may NOT specify the name of an alias (e.g., eth0:0) here; see m[blue]http://www.shorewall.net/FAQ.htm#faq18m[][1]

You may NOT specify wildcards here, e.g. if you have multiple ppp interfaces, you need to put them all in here!

If the device doesn't exist, a warning message will be issued during "shorewall [re]start" and "shorewall reload" and traffic shaping configuration will be skipped for that device.

Shorewall assigns a sequential interface number to each interface (the first entry in the file is interface 1, the second is interface 2 and so on) You can explicitly specify the interface number by prefixing the interface name with the number and a colon (":"). Example: 1:eth0.

IN-BANDWIDTH (in_bandwidth) - {-|bandwidth[:burst]|~bandwidth[:interval:decay_interval]}

The incoming bandwidth of that interface. Please note that you are not able to do traffic shaping on incoming traffic, as the traffic is already received before you could do so. But this allows you to define the maximum traffic allowed for this interface in total, if the rate is exceeded, the packets are dropped. You want this mainly if you have a DSL or Cable connection to avoid queuing at your providers side.

If you don't want any traffic to be dropped, set this to a value to zero in which case Shorewall will not create an ingress qdisc.Must be set to zero if the REDIRECTED INTERFACES column is non-empty.

The optional burst option was added in Shorewall 4.4.18. The default burst is 10kb. A larger burst can help make the bandwidth more accurate; often for fast lines, the enforced rate is well below the specified bandwidth.

What is described above creates a rate/burst policing filter. Beginning with Shorewall 4.4.25, a rate-estimated policing filter may be configured instead. Rate-estimated filters should be used with Ethernet adapters that have Generic Receive Offload enabled by default. See m[blue]Shorewall FAQ 97am[][2].

To create a rate-estimated filter, precede the bandwidth with a tilde ("~"). The optional interval and decay_interval determine how often the rate is estimated and how many samples are retained for estimating. Please see m[blue]http://ace-host.stuart.id.au/russell/files/tc/doc/estimators.txtm[] for details. If not specified, the default interval is 250ms and the default decay_interval is 4sec.

OUT-BANDWIDTH (out_bandwidth) - bandwidth

: The outgoing bandwidth of that interface. This is the maximum speed your connection can handle. It is also the speed you can refer as "full" if you define the tc classes in m[blue]shorewall-tcclassesm[][3](5). Outgoing traffic above this rate will be dropped.

OPTIONS - {-|{classify|htb|hfsc|linklayer={ethernet|atm|adsl}|tsize=tsize|mtu=mtu|mpu=mpu|overhead=overhead} ,...}

classify --- When specified, Shorewall will not generate tc or Netfilter rules to classify traffic based on packet marks. You must do all classification using CLASSIFY rules in m[blue]shorewall-manglem[][4](5).

htb - Use the Hierarchical Token Bucket queuing discipline. This is the default.

hfsc - Shorewall normally uses the Hierarchical Token Bucket queuing discipline. When hfsc is specified, the Hierarchical Fair Service Curves discipline is used instead (see tc-hfsc (7)).

linklayer - Added in Shorewall 4.5.6. Type of link (ethernet, atm, adsl). When specified, causes scheduler packet size manipulation as described in tc-stab (8). When this option is given, the following options may also be given after it: mtu=mtu - The device MTU; default 2048 (will be rounded up to a power of two)

mpu=mpubytes - Minimum packet size used in calculations. Smaller packets will be rounded up to this size

tsize=tablesize - Size table entries; default is 512

overhead=overheadbytes - Number of overhead bytes per packet.

REDIRECTED INTERFACES (redirect)- [interface[,interface]...]

: May only be specified if the interface in the INTERFACE column is an Intermediate Frame Block (IFB) device. Causes packets that enter each listed interface to be passed through the egress filters defined for this device, thus providing a form of incoming traffic shaping. When this column is non-empty, the classify option is assumed.

EXAMPLES

Example 1:

Suppose you are using PPP over Ethernet (DSL) and ppp0 is the interface for this. The device has an outgoing bandwidth of 500kbit and an incoming bandwidth of 6000kbit

        #INTERFACE   IN-BANDWIDTH    OUT-BANDWIDTH         OPTIONS         REDIRECTED
        #                                                                  INTERFACES
        1:ppp0         6000kbit        500kbit