Linux userspace traffic shaper
Utility for shaping network traffic. damper uses NFQUEUE mechanism for traffic shaping. All processing occurs in user space as opposed to traditional kernel space Linux traffic shaping.
(netfilter-queue library required)
$ cc -Wall -pedantic damper.c modules.conf.c -o damper -lnetfilter_queue -pthread -lrt -lmdamper works approximately in this way: at startup two threads are created. First thread captures network packets (via NFQUEUE), calculate "weight" (or priority) for each one and put it in priority queue. Wheh queue is full, packets with low priority replaced with high-priority ones. Second thread selects packets with high weight and sends (notify kernel to send in fact) them. Sending happens with limited speed (which is set in config file), and thus it shapes traffic.
Packet weight is assigned in "modules", there is 4 out of box.
inhibit_big_flows - suppresses big flows. The more bytes transmitted between two IP addresses, the less weight of a packet in this flow.
bymark - packet weight is set by iptables mark. See damper.conf for details and example.
entropy - Shannon entropy calculated for each flow and used as weight. Flow identified by IP addresses, protocol number and source/destination ports in case of TCP or UDP. The more random is traffic (encrypted, compressed or multimedia traffic gets higher entropy values), the less weight is set to packet.
random - generates a random weight (when this module is used alone, we get the classic RED shaping algorithm)
To enable or disable modules edit modules.conf.c file
Weight from each module multiplied by module coefficient and summarized to get the final value.
For shaping outgoing locally generated TCP traffic add this rule to your iptables:
# iptables -t raw -A OUTPUT -p tcp -j NFQUEUE --queue-num 3 --queue-bypassAnd here is rules for shaping incoming TCP traffic on interface eth0.
# iptables -t raw -A PREROUTING -i eth0 -p tcp -j NFQUEUE --queue-num 3 --queue-bypassMake directory for statistics, if you plan to use it. And run shaper
# mkdir -p /var/lib/damper
# ./damper damper.conf &Shaping outgoing TCP traffic ("upload" as seen from user, egress)
# iptables -t raw -A PREROUTING -i eth0 -p tcp -j NFQUEUE --queue-num 3 --queue-bypasswhere eth0 - internal router interface
--queue-bypass option change the behavior of iptables when no userspace application is connected to the queue. Instead of dropping packets are passed throwgh
Shaping incoming TCP traffic destined to our network 192.168.0.0/24 ("download" as seen from user, ingress)
# iptables -t mangle -A FORWARD -d 192.168.0.0/24 -o eth0 -p tcp -j NFQUEUE --queue-num 3 --queue-bypassBe very careful with these rules, you may lose you router network connectivity
damper comes with web-based statistics viewer
By default it keeps statistics for last 31 days. Number of days to hold statistics can be altered by changing keepstat key in config.
You can zoom or pan chart by mouse, double-click shows stats for all the observation period
Chart displayed using SCGI module. It can be integrated with Apache, Nginx, lighthttp or any web-server which support SCGI interface
To compile module:
(libpng required)
$ cd stat
$ cc -O2 -Wall -pedantic damper_img.c image.c stats.c -o damper_img -lpng -pthreadCopy content of damper/stat/html/ directory to server root directory
Now you can run it and configure http-server
# ./damper_img 127.0.0.1:9001 /var/lib/damper/ www-data &damper_img will drop privileges to www-data and chroots to /var/lib/damper/
Sample Nginx configuration:
server {
server_name MY.SERVER.NAME;
root /var/www/MY.LOCATION;
# images
location /damper-img {
include scgi_params;
scgi_pass 127.0.0.1:9001;
scgi_param SCRIPT_NAME "/damper-img";
}
location / {
try_files $uri $uri/index.html index.html;
}
}For Apache add this string to <VirtualHost>:
SCGIMount /damper-img 127.0.0.1:9001