<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>shorewall-tcclasses</title><link rel="stylesheet" href="html.css" type="text/css" /><meta name="generator" content="DocBook XSL Stylesheets V1.73.2" /></head><body><div class="refentry" lang="en" xml:lang="en"><a id="id257171"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>tcclasses — Shorewall file to define HTB classes</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">/etc/shorewall/tcclasses</code> </p></div></div><div class="refsect1" lang="en" xml:lang="en"><a id="id257202"></a><h2>Description</h2><p>A note on the <span class="emphasis"><em>rate</em></span>/bandwidth definitions used
in this file:</p><div class="itemizedlist"><ul type="disc"><li><p>don't use a space between the integer value and the unit: 30kbit
is valid while 30 kbit is NOT.</p></li><li><p>you can use one of the following units:</p><div class="variablelist"><dl><dt><span class="term"><span class="bold"><strong>kpbs</strong></span></span></dt><dd><p>Kilobytes per second.</p></dd><dt><span class="term"><span class="bold"><strong>mbps</strong></span></span></dt><dd><p>Megabytes per second.</p></dd><dt><span class="term"><span class="bold"><strong>kbit</strong></span></span></dt><dd><p>Kilobits per second.</p></dd><dt><span class="term"><span class="bold"><strong>mbit</strong></span></span></dt><dd><p>Megabits per second.</p></dd><dt><span class="term"><span class="bold"><strong>bps</strong></span> or <span class="bold"><strong>number</strong></span></span></dt><dd><p>Bytes per second.</p></dd></dl></div></li><li><p>if you want the values to be calculated for you depending on the
output bandwidth setting defined for an interface in tcdevices, you
can use expressions like the following:</p><div class="variablelist"><dl><dt><span class="term">full/3</span></dt><dd><p>causes the bandwidth to be calculated as 1/3 of the full
outgoing speed that is defined.</p></dd><dt><span class="term">full*9/10</span></dt><dd><p>will set this bandwidth to 9/10 of the full
bandwidth</p></dd></dl></div><p>DO NOT add a unit to the rate if it is calculated !</p></li></ul></div><p>The columns in the file are as follows.</p><div class="variablelist"><dl><dt><span class="term"><span class="bold"><strong>INTERFACE</strong></span> -
<span class="emphasis"><em>interface</em></span></span></dt><dd><p>Name of <span class="emphasis"><em>interface</em></span>. Each interface may be
listed only once in this file. You may NOT specify the name of an
alias (e.g., eth0:0) here; see <a class="ulink" href="http://www.shorewall.net/FAQ.htm#faq18" target="_self">http://www.shorewall.net/FAQ.htm#faq18</a></p><p>You may NOT specify wildcards here, e.g. if you have multiple
ppp interfaces, you need to put them all in here!</p><p>Please note that you can only use interface names in here that
have a bandwidth defined in the <a class="ulink" href="shorewall-tcdevices.html" target="_self">shorewall-tcdevices</a>(5)
file</p></dd><dt><span class="term"><span class="bold"><strong>MARK</strong></span> -
<span class="emphasis"><em>value</em></span></span></dt><dd><p>The mark <span class="emphasis"><em>value</em></span> which is an integer in the
range 1-255. You set mark values in the <a class="ulink" href="shorewall-tcrules.html" target="_self">shorewall-tcrules</a>(5) file,
marking the traffic you want to fit in the classes defined in
here.</p><p>You can use the same marks for different interfaces.</p></dd><dt><span class="term"><span class="bold"><strong>RATE</strong></span> -
<span class="emphasis"><em>rate</em></span></span></dt><dd><p>The minimum bandwidth this class should get, when the traffic
load rises. If the sum of the rates in this column exceeds the
INTERFACE's OUT-BANDWIDTH, then the OUT-BANDWIDTH limit may not be
honored.</p></dd><dt><span class="term"><span class="bold"><strong>CEIL</strong></span> -
<span class="emphasis"><em>rate</em></span></span></dt><dd><p>The maximum bandwidth this class is allowed to use when the
link is idle. Useful if you have traffic which can get full speed
when more needed services (e.g. ssh) are not used.</p><p>You can use the value <span class="bold"><strong>full</strong></span> in
here for setting the maximum bandwidth to the defined output
bandwidth of that interface.</p></dd><dt><span class="term"><span class="bold"><strong>PRIORITY</strong></span> -
<span class="emphasis"><em>priority</em></span></span></dt><dd><p>The <span class="emphasis"><em>priority</em></span> in which classes will be
serviced by the packet shaping scheduler and also the priority in
which bandwidth in excess of the rate will be given to each
class.</p><p>Higher priority classes will experience less delay since they
are serviced first. Priority values are serviced in ascending order
(e.g. 0 is higher priority than 1).</p><p>Classes may be set to the same priority, in which case they
will be serviced as equals.</p></dd><dt><span class="term"><span class="bold"><strong>OPTIONS</strong></span> (Optional) -
[<span class="emphasis"><em>option</em></span>[<span class="bold"><strong>,</strong></span><span class="emphasis"><em>option</em></span>]...]</span></dt><dd><p>A comma-separated list of options including the
following:</p><div class="variablelist"><dl><dt><span class="term"><span class="bold"><strong>default</strong></span></span></dt><dd><p>This is the default class for that interface where all
traffic should go, that is not classified otherwise.</p><p></p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>You must define <span class="bold"><strong>default</strong></span> for exactly one class per
interface.</p></div></dd><dt><span class="term"><span class="bold"><strong>tos=0x</strong></span><span class="emphasis"><em>value</em></span>[/0x<span class="emphasis"><em>mask</em></span>]
(mask defaults to 0xff)</span></dt><dd><p>This lets you define a classifier for the given
<span class="emphasis"><em>value</em></span>/<span class="emphasis"><em>mask</em></span>
combination of the IP packet's TOS/Precedence/DiffSrv octet
(aka the TOS byte). Please note that classifiers override all
mark settings, so if you define a classifer for a class, all
traffic having that mark will go in it regardless of any mark
set on the packet by a firewall/mangle filter.</p></dd><dt><span class="term"><span class="bold"><strong>tos-</strong></span><span class="emphasis"><em>tosname</em></span></span></dt><dd><p>Aliases for the following TOS octet value and mask
encodings. TOS encodings of the "TOS byte" have been
deprecated in favor of diffserve classes, but programs like
ssh, rlogin, and ftp still use them.</p><pre class="programlisting"> <span class="bold"><strong>tos-minimize-delay</strong></span> 0x10/0x10
<span class="bold"><strong>tos-maximize-throughput</strong></span> 0x08/0x08
<span class="bold"><strong>tos-maximize-reliability</strong></span> 0x04/0x04
<span class="bold"><strong>tos-minimize-cost</strong></span> 0x02/0x02
<span class="bold"><strong>tos-normal-service</strong></span> 0x00/0x1e</pre><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>Each of these options is only valid for ONE class per
interface.</p></div></dd><dt><span class="term"><span class="bold"><strong>tcp-ack</strong></span></span></dt><dd><p>If defined, causes a tc filter to be created that puts
all tcp ack packets on that interface that have a size of
<=64 Bytes to go in this class. This is useful for speeding
up downloads. Please note that the size of the ack packets is
limited to 64 bytes because we want only packets WITHOUT
payload to match.</p><p></p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>This option is only valid for ONE class per
interface.</p></div></dd></dl></div></dd></dl></div></div><div class="refsect1" lang="en" xml:lang="en"><a id="id257971"></a><h2>Examples</h2><div class="variablelist"><dl><dt><span class="term">Example 1:</span></dt><dd><p>Suppose you are using PPP over Ethernet (DSL) and ppp0 is the
interface for this. You have 4 classes here, the first you can use
for voice over IP traffic, the second interactive traffic (e.g.
ssh/telnet but not scp), the third will be for all unclassified
traffic, and the forth is for low priority traffic (e.g.
peer-to-peer).</p><p>The voice traffic in the first class will be guaranteed a
minimum of 100kbps and always be serviced first (because of the low
priority number, giving less delay) and will be granted excess
bandwidth (up to 180kbps, the class ceiling) first, before any other
traffic. A single VOIP stream, depending upon codecs, after
encapsulation, can take up to 80kbps on a PPOE/DSL link, so we pad a
little bit just in case. (TOS byte values 0xb8 and 0x68 are DiffServ
classes EF and AFF3-1 respectively and are often used by VOIP
devices).</p><p>Interactive traffic (tos-minimum-delay) and TCP acks (and ICMP
echo traffic if you use the example in tcrules) and any packet with
a mark of 2 will be guaranteed 1/4 of the link bandwidth, and may
extend up to full speed of the link.</p><p>Unclassified traffic and packets marked as 3 will be
guaranteed 1/4th of the link bandwidth, and may extend to the full
speed of the link.</p><p>Packets marked with 4 will be treated as low priority packets.
(The tcrules example marks p2p traffic as such.) If the link is
congested, they're only guaranteed 1/8th of the speed, and even if
the link is empty, can only expand to 80% of link bandwidth just as
a precaution in case there are upstream queues we didn't account
for. This is the last class to get additional bandwidth and the last
to get serviced by the scheduler because of the low priority.</p><pre class="programlisting"> #INTERFACE MARK RATE CEIL PRIORITY OPTIONS
ppp0 1 100kbit 180kbit 1 tos=0x68/0xfc,tos=0xb8/0xfc
ppp0 2 full/4 full 2 tcp-ack,tos-minimize-delay
ppp0 3 full/4 full 3 default
ppp0 4 full/8 full*8/10 4</pre></dd></dl></div></div><div class="refsect1" lang="en" xml:lang="en"><a id="id258033"></a><h2>FILES</h2><p>/etc/shorewall/tcclasses</p></div><div class="refsect1" lang="en" xml:lang="en"><a id="id258043"></a><h2>See ALSO</h2><p><a class="ulink" href="http://shorewall.net/traffic_shaping.htm" target="_self">http://shorewall.net/traffic_shaping.htm</a></p><p>shorewall(8), shorewall-accounting(5), shorewall-actions(5),
shorewall-blacklist(5), shorewall-hosts(5), shorewall-interfaces(5),
shorewall-ipsec(5), shorewall-maclist(5), shorewall-masq(5),
shorewall-nat(5), shorewall-netmap(5), shorewall-params(5),
shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5),
shorewall-route_rules(5), shorewall-routestopped(5), shorewall-rules(5),
shorewall.conf(5), shorewall-tcdevices(5), shorewall-tcrules(5),
shorewall-tos(5), shorewall-tunnels(5), shorewall-zones(5)</p></div></div></body></html>
