[Feature request] add speed limit option

[neonramzy]

hi. adding bandwidth and network speed limit option will be great. thanks.

[gustavo-iniguez-goya]

Hi @neonramzy ,

The next v.1.6.0 version will have option to limit network traffic (by ip, port, etc), but no by application.

Why:

Right now we only intercept NEW packets (i.e.: the first one only). However in order to apply limits or redirect connections, we need to mark every single packet sent by an app (correct me if I'm wrong).

Placing a mark on a packet of an app is simple, I already have a PoC working (configurable via a field rule). However intercepting all the packets of an app is CPU hogging (via ip/nftables).

Some ideas:

• Place a mark on the first packet -> then send the mark+pid to a ebpf "classifier" module that would mark every packet (We'd need to "pin" a ebpf map, in order to share it between eBPF modules). https://man7.org/linux/man-pages/man8/tc-bpf.8.html#EXAMPLES

• hook sock_sendmsg() (or securit_sock_sendmsg()). On first packet -> mark it -> update the eBPF entry -> on sock_sendmsg() get the PID -> mark it if applies.

If we make that working then we could improve it later allowing to filter by mark+pid+cmdline, etc.

Possible problems:

Related: #437

[gustavo-iniguez-goya]

Latest sources (v1.6.0) as of today have option to limit the bandwidth (only per connection, not by application)

[benchonaut]

( would just using tc be an option ?

https://www.techrepublic.com/article/how-to-limit-bandwidth-on-linux-to-better-test-your-applications/ )