SCM Repository

project home | /[freewrt]/branches/freewrt_1_0/docs/handbook/user/handbook.tex

Diff of /branches/freewrt_1_0/docs/handbook/user/handbook.tex

Parent Directory | Revision Log | View Patch Patch

-revision 3045 by n0-1,
Sat May 19 14:03:24 2007 UTC
+revision 3046 by n0-1,
Sat Jun 30 13:09:21 2007 UTC
 Line 1234 
 in
  \end{itemize}
  Same semantics as above.
+ \section{Traffic Control}
+ To aid in setting up Quality of Service and Traffic Shaping, FreeWRT provides a
+ configurable script via the \app{fwrtc} package. Though this package will allow
+ you to choose between different implementations of Queueing Disciplines, for
+ now there exists only a single implementation using HTB.
+ \subsection{Concept}
+ In general, \app{fwrtc} allows classifying of network traffic into three classes:
+ \begin{description}
+         \item[REAL] high priority, mid bandwidth \\
+                 use this for low delay applications like \app{SSH}, \app{VoIP}
+                 or \app{DNS}
+         \item[BULK] mid priority, high bandwidth \\
+                 this is a generic class for everything that doesn't fit above
+                 or below
+         \item[P2P] low priority, low bandwidth \\
+                 use this class for all unwanted traffic disturbing normal use
+                 of the internet connection (\app{P2P} and other parasites)
+ \end{description}
+ \paragraph{Note} that fwrtc does not actually classify the traffic, it just
+ provides the classes above and allows comfortable configuration of the
+ necessary values. For classifying traffic, use \app{iptables} (see below for
+ more details).
+ \subsection{Installation}
+ This is done just like with any other FreeWRT package, so using the ADK to
+ integrate it into the firmware image right from the start or by installing it
+ afterwards using \app{ipkg}.
+ \subsection{Configuration}
+ \app{fwrtc} basically exists of two files:
+ \begin{itemize}
+         \item the script itself \file{/etc/hotplug.d/net/10-fwrtc}
+         \item a configuration file \file{/etc/fwrtc.conf}
+ \end{itemize}
+ It should not be necessary to touch the hotplug script, so adjusting the
+ configuration values should be enough to complete the first part of the setup
+ process.
+ The second part consists of defining \app{iptables} rules for classifying
+ traffic. \app{fwrtc} provides three \app{tc}-filters (one for each class),
+ matching different firewall marks (see the \code{MARK} target of
+ \app{iptables}).
+ See the example below to gather some inspiration on how to actually
+ implementing the rules:
+ \begin{Verbatim}[label=sample set of iptables rules for fwrtc]
+ iptables -t mangle -A POSTROUTING -o eth0 -j tc
+ ### match ip tos Minimum-Delay
+ iptables -t mangle -A tc -m tos --tos 0x10 -j MARK --set-mark 0x1
+ iptables -t mangle -A tc -m tos --tos 0x10 -j RETURN
+ ## fish out tcp syn, syn-ack and ack packets (no piggyback!)
+ iptables -t mangle -A tc -p tcp -m length --length 44:84 \
+         --tcp-flags SYN,FIN,RST SYN -j MARK --set-mark 0x1
+ iptables -t mangle -A tc -p tcp -m length --length 44:84 \
+         --tcp-flags SYN,FIN,RST SYN -j RETURN
+ iptables -t mangle -A tc -p tcp -m length --length 44:84 \
+         --tcp-flags SYN,ACK,FIN,RST ACK -j MARK --set-mark 0x1
+ iptables -t mangle -A tc -p tcp -m length --length 44:84 \
+         --tcp-flags SYN,ACK,FIN,RST ACK -j RETURN
+ ### prioritize icmp packets
+ iptables -t mangle -A tc -p icmp -j MARK --set-mark 0x1
+ iptables -t mangle -A tc -p icmp -j RETURN
+ ### dns traffic
+ iptables -t mangle -A tc -p tcp --dport 53 -j MARK --set-mark 0x1
+ iptables -t mangle -A tc -p tcp --dport 53 -j RETURN
+ iptables -t mangle -A tc -p udp --dport 53 -j MARK --set-mark 0x1
+ iptables -t mangle -A tc -p udp --dport 53 -j RETURN
+ ### games
+ iptables -t mangle -A tc -m layer7 --l7proto quake-halflife -j MARK --set-mark 0x1
+ iptables -t mangle -A tc -m layer7 --l7proto quake-halflife -j RETURN
+ iptables -t mangle -A tc -m layer7 --l7proto battlefield1942 -j MARK --set-mark 0x1
+ iptables -t mangle -A tc -m layer7 --l7proto battlefield1942 -j RETURN
+ iptables -t mangle -A tc -m layer7 --l7proto battlefield2 -j MARK --set-mark 0x1
+ iptables -t mangle -A tc -m layer7 --l7proto battlefield2 -j RETURN
+ ### voip
+ iptables -t mangle -A tc -m layer7 --l7proto sip -j MARK --set-mark 0x1
+ iptables -t mangle -A tc -m layer7 --l7proto sip -j RETURN
+ iptables -t mangle -A tc -m layer7 --l7proto rtp -j MARK --set-mark 0x1
+ iptables -t mangle -A tc -m layer7 --l7proto rtp -j RETURN
+ iptables -t mangle -A tc -m layer7 --l7proto skypetoskype -j MARK --set-mark 0x1
+ iptables -t mangle -A tc -m layer7 --l7proto skypetoskype -j RETURN
+ ### crappy p2p traffic
+ iptables -t mangle -A tc -m layer7 --l7proto bittorrent -j MARK --set-mark 0x3
+ iptables -t mangle -A tc -m layer7 --l7proto bittorrent -j RETURN
+ iptables -t mangle -A tc -m layer7 --l7proto edonkey -j MARK --set-mark 0x3
+ iptables -t mangle -A tc -m layer7 --l7proto edonkey -j RETURN
+ iptables -t mangle -A tc -m layer7 --l7proto fasttrack -j MARK --set-mark 0x3
+ iptables -t mangle -A tc -m layer7 --l7proto fasttrack -j RETURN
+ iptables -t mangle -A tc -m layer7 --l7proto gnutella -j MARK --set-mark 0x3
+ iptables -t mangle -A tc -m layer7 --l7proto gnutella -j RETURN
+ iptables -t mangle -A tc -m layer7 --l7proto napster -j MARK --set-mark 0x3
+ iptables -t mangle -A tc -m layer7 --l7proto napster -j RETURN
+ \end{Verbatim}
  \section{FWCF - FreeWRT Configuration Filesystem}
  FWCF is a separate flash partition for all changes made to the \file{/etc/}

 Legend:



Removed from v.3045
 


changed lines


 
Added in v.3046
 Legend:



Removed from v.3045
 


changed lines


 
Added in v.3046
-Removed from v.3045
+Added in v.3046

root@freewrt.org:443	ViewVC Help
Powered by ViewVC 1.1.20

// Log In
// CVSweb
Project: FreeWRT
// Summary // Activity // Search // Tracker // Lists // News // SCM // Wiki