Provided by: shorewall-common_4.2.10-1_all bug


       tcclasses - Shorewall file to define HTB classes




       A note on the rate/bandwidth definitions used in this file:

       ·   don´t use a space between the integer value and the unit: 30kbit is
           valid while 30 kbit is NOT.

       ·   you can use one of the following units:

               Kilobytes per second.

               Megabytes per second.

               Kilobits per second.

               Megabits per second.

           bps or number
               Bytes per second.

       ·   if you want the values to be calculated for you depending on the
           output bandwidth setting defined for an interface in tcdevices, you
           can use expressions like the following:

               causes the bandwidth to be calculated as 1/3 of the full
               outgoing speed that is defined.

               will set this bandwidth to 9/10 of the full bandwidth

           DO NOT add a unit to the rate if it is calculated !

       The columns in the file are as follows.

       INTERFACE - interface[:class]
           Name of interface. Each interface may be listed only once in this
           file. You may NOT specify the name of an alias (e.g., eth0:0) here;

           If you are running Shorewall-perl 4.1.6 or later, you may specify
           the interface number rather than the interface name. If the
           classify option is given for the interface in
           shorewall-tcdevices[1](5), then you must also specify an interface
           class (an integer that must be unique within classes associated
           with this interface).

           You may NOT specify wildcards here, e.g. if you have multiple ppp
           interfaces, you need to put them all in here!

           Please note that you can only use interface names in here that have
           a bandwidth defined in the shorewall-tcdevices[1](5) file

       MARK - {-|value}
           The mark value which is an integer in the range 1-255. You set mark
           values in the shorewall-tcrules[2](5) file, marking the traffic you
           want to fit in the classes defined in here. Must be specified as
           ´-´ if the classify option is given for the interface in

           You can use the same marks for different interfaces.

       RATE - rate
           The minimum bandwidth this class should get, when the traffic load
           rises. If the sum of the rates in this column exceeds the
           INTERFACE´s OUT-BANDWIDTH, then the OUT-BANDWIDTH limit may not be

       CEIL - rate
           The maximum bandwidth this class is allowed to use when the link is
           idle. Useful if you have traffic which can get full speed when more
           needed services (e.g. ssh) are not used.

           You can use the value full in here for setting the maximum
           bandwidth to the defined output bandwidth of that interface.

       PRIORITY - priority
           The priority in which classes will be serviced by the packet
           shaping scheduler and also the priority in which bandwidth in
           excess of the rate will be given to each class.

           Higher priority classes will experience less delay since they are
           serviced first. Priority values are serviced in ascending order
           (e.g. 0 is higher priority than 1).

           Classes may be set to the same priority, in which case they will be
           serviced as equals.

       OPTIONS (Optional) - [option[,option]...]
           Added in Shorewall-perl 4.1. A comma-separated list of options
           including the following:

               This is the default class for that interface where all traffic
               should go, that is not classified otherwise.

               You must define default for exactly one class per interface.

           tos=0xvalue[/0xmask] (mask defaults to 0xff)
               This lets you define a classifier for the given value/mask
               combination of the IP packet´s TOS/Precedence/DiffSrv octet
               (aka the TOS byte). Please note that classifiers override all
               mark settings, so if you define a classifer for a class, all
               traffic having that mark will go in it regardless of any mark
               set on the packet by a firewall/mangle filter.

               Aliases for the following TOS octet value and mask encodings.
               TOS encodings of the "TOS byte" have been deprecated in favor
               of diffserve classes, but programs like ssh, rlogin, and ftp
               still use them.

                           tos-minimize-delay       0x10/0x10
                           tos-maximize-throughput  0x08/0x08
                           tos-maximize-reliability 0x04/0x04
                           tos-minimize-cost        0x02/0x02
                           tos-normal-service       0x00/0x1e

               Each of these options is only valid for ONE class per

               If defined, causes a tc filter to be created that puts all tcp
               ack packets on that interface that have a size of <=64 Bytes to
               go in this class. This is useful for speeding up downloads.
               Please note that the size of the ack packets is limited to 64
               bytes because we want only packets WITHOUT payload to match.

               This option is only valid for ONE class per interface.


       Example 1:
           Suppose you are using PPP over Ethernet (DSL) and ppp0 is the
           interface for this. You have 4 classes here, the first you can use
           for voice over IP traffic, the second interactive traffic (e.g.
           ssh/telnet but not scp), the third will be for all unclassified
           traffic, and the forth is for low priority traffic (e.g.

           The voice traffic in the first class will be guaranteed a minimum
           of 100kbps and always be serviced first (because of the low
           priority number, giving less delay) and will be granted excess
           bandwidth (up to 180kbps, the class ceiling) first, before any
           other traffic. A single VOIP stream, depending upon codecs, after
           encapsulation, can take up to 80kbps on a PPOE/DSL link, so we pad
           a little bit just in case. (TOS byte values 0xb8 and 0x68 are
           DiffServ classes EF and AFF3-1 respectively and are often used by
           VOIP devices).

           Interactive traffic (tos-minimum-delay) and TCP acks (and ICMP echo
           traffic if you use the example in tcrules) and any packet with a
           mark of 2 will be guaranteed 1/4 of the link bandwidth, and may
           extend up to full speed of the link.

           Unclassified traffic and packets marked as 3 will be guaranteed
           1/4th of the link bandwidth, and may extend to the full speed of
           the link.

           Packets marked with 4 will be treated as low priority packets. (The
           tcrules example marks p2p traffic as such.) If the link is
           congested, they´re only guaranteed 1/8th of the speed, and even if
           the link is empty, can only expand to 80% of link bandwidth just as
           a precaution in case there are upstream queues we didn´t account
           for. This is the last class to get additional bandwidth and the
           last to get serviced by the scheduler because of the low priority.

                       #INTERFACE  MARK  RATE    CEIL      PRIORITY    OPTIONS
                       ppp0        1     100kbit 180kbit   1           tos=0x68/0xfc,tos=0xb8/0xfc
                       ppp0        2     full/4  full      2           tcp-ack,tos-minimize-delay
                       ppp0        3     full/4  full      3           default
                       ppp0        4     full/8  full*8/10 4




       shorewall(8), shorewall-accounting(5), shorewall-actions(5),
       shorewall-blacklist(5), shorewall-hosts(5), shorewall-interfaces(5),
       shorewall-ipsec(5), shorewall-maclist(5), shorewall-masq(5),
       shorewall-nat(5), shorewall-netmap(5), shorewall-params(5),
       shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5),
       shorewall-route_rules(5), shorewall-routestopped(5),
       shorewall-rules(5), shorewall.conf(5), shorewall-tcdevices(5),
       shorewall-tcrules(5), shorewall-tos(5), shorewall-tunnels(5),


        1. shorewall-tcdevices

        2. shorewall-tcrules

                                  06/18/2009            SHOREWALL-TCCLASSES(5)