11

Is there any utility to limit the network throughput of a process after it has been launched? Simple example: you note that a user takes all your upload bandwidth using scp and you'd like to limit the rate or decrease the priority of the transfer.

I guess i could use a combination of iptables/tc or pf to achieve that, but i was wondering if there is a "one-shot" tool available (like trickle with a --pid option ^^) ?

Steven Monday
  • 13,019
  • 4
  • 35
  • 45
jbdenis
  • 111
  • 1
  • 3

5 Answers5

3

Unfortunately there is no such a solution for FreeBSD. There are many solutions like dummynet/ipfw or altq/pf which are used to limit network usage based on different patterns but not on pids.

On linux there is a way to limit network usage on a user basis:

iptables -t mangle -A OUTPUT -p tcp -m owner --uid-owner test -j MARK --set-mark 1

I think there is no solution to limit the network utilization based on pid.

Istvan
  • 2,562
  • 3
  • 20
  • 28
1

lsof the process to get the network ports that the proc is using. Once you know which ports are being used you can use IPTABLES rules to rate limit these ports. These articles should give you a better idea: http://linux-ip.net/articles/Traffic-Control-HOWTO/ http://blog.edseek.com/~jasonb/articles/traffic_shaping/ http://wikis.sun.com/pages/viewpage.action?pageId=49906332

Levi
  • 195
  • 5
0

In Linux, even combination of iptables and tc could be a hard problem, since the "--pid-owner" option was abandoned from "owner" iptables module (see note below the table here). In fact, only this association (packet--process) seems to be complicated, while we can easily do the rest, i.e. filter and limit packets quite efficiently.

pitr
  • 567
  • 3
  • 6
0

I don't think there is a ready made solution for this. But, using standard Linux tools you can hack a script that will do the thing.

First, you can get a list of all connections of specific process with lsof. Then, you can create ingress policies with tc for those connections.

thor
  • 648
  • 1
  • 7
  • 18
0

Crudely, if you nice the process down to +20, then anything else running on the system will get priority and the job will be scheduled less often, so will find it harder to fill the buffers or process packets, which should lead to some TCP throttling. It will be sporadic, but might help enough.

# renice 20 -p $pid
Phil P
  • 3,040
  • 1
  • 15
  • 19
  • 1
    This is a very roundabout way of trying to control bandwidth and will really only work if the system is *very* heavily loaded -- On an idle system evan a process reniced to -20 will still get on the CPU as often as it wants. – voretaq7 Jan 24 '11 at 17:39
  • Right, but if this isn't bandwidth shared with other local computers, then if the machine is idle you mostly don't care if this process gets all the bandwidth. It's only when there's another process which tries to use bandwidth that it matters. We may haver different definitions of "very heavily loaded" -- if there's another process trying to run, it gets priority and so if the load average is >= 1 per core, this may help. I did note that it's crude but if it's the only available tool (FreeBSD) then it's at least worth a shot. – Phil P Jan 24 '11 at 22:31