Linux Traffic shaping
linux routing has an advanced feature called traffic shaping. there are 3 class-full queue's: ctb (class token bucket) which is the most complex, htb (hierarchy token bucket) and fair share scheduling. The most common and easiest to use is htb.
Here we are not modifying our physical device speed, we're modifying how fast the kernel sends out the packets. The packet needs to be serviced using a class-full tree, if we want to limit the bandwidth for ssh/scp/sftp we need a tree like this
1: (Parent node htb)
/ | \
/ | \
1:1 This class defineshow fast is our card (100mbit for this example)
/ | \
/ | \
1:10 (Leaf node for our class ssh/scp we want 1mbit/s when our packet is ready to get dequeued)
root@kali-man:~#tc qdisc add dev eth1 root handle 1: htb <---Create parent node or root node
root@kali-man:~# tc class add dev eth1 parent 1: classid 1:1 htb rate 100mbit ceil 100mbit <---- create our definition class for our network card
root@kali-man:~# tc class add dev eth1 parent 1:1 classid 1:10 htb rate 1mbit ceil 1mbit <--- We now create the leaf node saying that the rate 1 mbit/s and the ceiling is 1mbit/s
root@kali-man:~# tc filter add dev eth1 protocol ip prio 0 u32 match ip sport 22 0xffff classid 1:10<--- this is the classfier we match the packet and the destination port and what node leaf has to be serviced
We could have also limited the bandwidth for all protocoles
last line should have read like this:
tc filter add dev eth1 protocol ip
tc filter add dev eth1 protocol ip handle 1 fw flowid 1:10
as you see handle 1 is an arbitrary number, so we're marking all packets with the number one
now will tell the kernel to slow down
after the routing decision has been taken : we mangle the packets and we mark them
iptables -t mangle -A POSTROUTING -j MARK --set-mark 1
You can test it using winscp or any other tool, you'll see that the speed is around 110KB/s (1mbit)
No hay comentarios:
Publicar un comentario