Changeset 3a3cfab in freewrt for docs

Timestamp:

Jun 30, 2007, 3:09:21 PM (18 years ago)

Author:

Phil Sutter <n0-1@…>

Branches:

freewrt_1_0, freewrt_2_0

Children:

69879d0

Parents:

8e6a19f

Message:

add some documentation of fwrtc, the FreeWRT Traffic Control script

git-svn-id: ​svn://www.freewrt.org/branches/freewrt_1_0@3046 afb5a338-a214-0410-bd46-81f09a774fd1

File:

• docs/handbook/user/handbook.tex (modified) (1 diff)

docs/handbook/user/handbook.tex

@@ -1235 +1235 @@
 Same semantics as above.
 
+
+\section{Traffic Control}
+
+To aid in setting up Quality of Service and Traffic Shaping, FreeWRT provides a
+configurable script via the \app{fwrtc} package. Though this package will allow
+you to choose between different implementations of Queueing Disciplines, for
+now there exists only a single implementation using HTB.
+
+\subsection{Concept}
+
+In general, \app{fwrtc} allows classifying of network traffic into three classes:
+\begin{description}
+        \item[REAL] high priority, mid bandwidth \\
+                use this for low delay applications like \app{SSH}, \app{VoIP}
+                or \app{DNS}
+        \item[BULK] mid priority, high bandwidth \\
+                this is a generic class for everything that doesn't fit above
+                or below
+        \item[P2P] low priority, low bandwidth \\
+                use this class for all unwanted traffic disturbing normal use
+                of the internet connection (\app{P2P} and other parasites)
+\end{description}
+
+\paragraph{Note} that fwrtc does not actually classify the traffic, it just
+provides the classes above and allows comfortable configuration of the
+necessary values. For classifying traffic, use \app{iptables} (see below for
+more details).
+
+\subsection{Installation}
+
+This is done just like with any other FreeWRT package, so using the ADK to
+integrate it into the firmware image right from the start or by installing it
+afterwards using \app{ipkg}.
+
+\subsection{Configuration}
+
+\app{fwrtc} basically exists of two files:
+\begin{itemize}
+        \item the script itself \file{/etc/hotplug.d/net/10-fwrtc}
+        \item a configuration file \file{/etc/fwrtc.conf}
+\end{itemize}
+It should not be necessary to touch the hotplug script, so adjusting the
+configuration values should be enough to complete the first part of the setup
+process.
+
+The second part consists of defining \app{iptables} rules for classifying
+traffic. \app{fwrtc} provides three \app{tc}-filters (one for each class),
+matching different firewall marks (see the \code{MARK} target of
+\app{iptables}).
+
+See the example below to gather some inspiration on how to actually
+implementing the rules:
+
+\begin{Verbatim}[label=sample set of iptables rules for fwrtc]
+iptables -t mangle -A POSTROUTING -o eth0 -j tc
+
+### match ip tos Minimum-Delay
+iptables -t mangle -A tc -m tos --tos 0x10 -j MARK --set-mark 0x1
+iptables -t mangle -A tc -m tos --tos 0x10 -j RETURN
+
+## fish out tcp syn, syn-ack and ack packets (no piggyback!)
+iptables -t mangle -A tc -p tcp -m length --length 44:84 \
+        --tcp-flags SYN,FIN,RST SYN -j MARK --set-mark 0x1
+iptables -t mangle -A tc -p tcp -m length --length 44:84 \
+        --tcp-flags SYN,FIN,RST SYN -j RETURN
+iptables -t mangle -A tc -p tcp -m length --length 44:84 \
+        --tcp-flags SYN,ACK,FIN,RST ACK -j MARK --set-mark 0x1
+iptables -t mangle -A tc -p tcp -m length --length 44:84 \
+        --tcp-flags SYN,ACK,FIN,RST ACK -j RETURN
+
+### prioritize icmp packets
+iptables -t mangle -A tc -p icmp -j MARK --set-mark 0x1
+iptables -t mangle -A tc -p icmp -j RETURN
+
+### dns traffic
+iptables -t mangle -A tc -p tcp --dport 53 -j MARK --set-mark 0x1
+iptables -t mangle -A tc -p tcp --dport 53 -j RETURN
+iptables -t mangle -A tc -p udp --dport 53 -j MARK --set-mark 0x1
+iptables -t mangle -A tc -p udp --dport 53 -j RETURN
+
+### games
+iptables -t mangle -A tc -m layer7 --l7proto quake-halflife -j MARK --set-mark 0x1
+iptables -t mangle -A tc -m layer7 --l7proto quake-halflife -j RETURN
+iptables -t mangle -A tc -m layer7 --l7proto battlefield1942 -j MARK --set-mark 0x1
+iptables -t mangle -A tc -m layer7 --l7proto battlefield1942 -j RETURN
+iptables -t mangle -A tc -m layer7 --l7proto battlefield2 -j MARK --set-mark 0x1
+iptables -t mangle -A tc -m layer7 --l7proto battlefield2 -j RETURN
+
+### voip
+iptables -t mangle -A tc -m layer7 --l7proto sip -j MARK --set-mark 0x1
+iptables -t mangle -A tc -m layer7 --l7proto sip -j RETURN
+iptables -t mangle -A tc -m layer7 --l7proto rtp -j MARK --set-mark 0x1
+iptables -t mangle -A tc -m layer7 --l7proto rtp -j RETURN
+iptables -t mangle -A tc -m layer7 --l7proto skypetoskype -j MARK --set-mark 0x1
+iptables -t mangle -A tc -m layer7 --l7proto skypetoskype -j RETURN
+
+### crappy p2p traffic
+iptables -t mangle -A tc -m layer7 --l7proto bittorrent -j MARK --set-mark 0x3
+iptables -t mangle -A tc -m layer7 --l7proto bittorrent -j RETURN
+iptables -t mangle -A tc -m layer7 --l7proto edonkey -j MARK --set-mark 0x3
+iptables -t mangle -A tc -m layer7 --l7proto edonkey -j RETURN
+iptables -t mangle -A tc -m layer7 --l7proto fasttrack -j MARK --set-mark 0x3
+iptables -t mangle -A tc -m layer7 --l7proto fasttrack -j RETURN
+iptables -t mangle -A tc -m layer7 --l7proto gnutella -j MARK --set-mark 0x3
+iptables -t mangle -A tc -m layer7 --l7proto gnutella -j RETURN
+iptables -t mangle -A tc -m layer7 --l7proto napster -j MARK --set-mark 0x3
+iptables -t mangle -A tc -m layer7 --l7proto napster -j RETURN
+\end{Verbatim}
+
 \section{FWCF - FreeWRT Configuration Filesystem}