Re: [gentoo-user] Packet Shaping

[Grant <emailgrant@gmail.com>]

> > After a lot of testing, these numbers seem to give me the best
> > performance as far as bittorrent download speed.
> > How can that be?  Is DOWNLINK my upload and UPLINK my download?
>
> Hm, usually not. Are you by chance shaping the internal (i.e. LAN)
> interface on a router? Then, of course, it would make sense (except
> from the fact that shaping your actual bottle neck, i.e. Internet
> connection, would make more sense).

Thanks a lot for that.  I switched the interface to eth0 and reversed
the DOWNLINK and UPLINK values.

> > I tried to define the bittorrent ports as a low priority like this:
> > NOPRIOPORTSRC=6881:6999
> > NOPRIOPORTDST=6881:6999
> >
> > but I get this when restarting shorewall:
> > Illegal "match"
>
> In the wshaper source, the action happens here (and the same for *DST):
> ---snip
> for a in $NOPRIOPORTSRC
> do
>         tc filter add dev $DEV parent 1: protocol ip prio 15 u32 \
>            match ip sport $a 0xffff flowid 1:30
> done
> ---snip
>
> In this configuration, it expects a shell-separatable list of ports,
> i.e. separated by whitespace. It will create a rule for each one.
>
> The dirty, easy way:
> | NOPRIOPORTSRC=$(seq 6881 6999)
> | NOPRIOPORTDST=$NOPRIOPORTSRC
>
> But I would rather extend wshaper by another (custom) line and dump your
> NOPRIOPORT*-settings.
>
> The syntax is "match ip sport PATTERN MASK". The port of an incoming
> packet is AND'ed w/ the MASK and compared to the PATTERN.
>
> e.g. "match ip sport 6880 0xffe0" would match 6880-6911, a further
> "match ip sport 6912 0xffc0" would match 6912-6975.
>
> The advantage of this is simply speed/CPU cycles. Alternatively, you
> could just use iptables to mark your packets (which probably means even
> more precious CPU cycles). The wshaper script, however, doesn't use
> iptables.

I switched to wshaper from wshaper.htb and now ssh and browsing seem a
lot more responsive.  Could that be because I'm missing something in
my kernel that I need for htb?  I don't get any errors when restarting
the firewall.

One other thing is if I don't limit the upload rate within my
bittorrent client, it really goes nuts and everything else suffers.  I
don't see how that's possible with UPLINK and the bittorrent source
and destination ports defined.

What I'd really like to do is limit the bittorrent upload rate so
Verizon doesn't throttle my connection.  Can I do that with The Wonder
Shaper without limiting the total upload rate?  I don't trust the
bittorrent clients I use to limit it.

- Grant
-- 
gentoo-user@gentoo.org mailing list