I'm trying to limit the output bandwidth generated by an application with linux tc. This application sends me the source port of the request that I use has a filter to limit each user at a given downloadspeed. I feel that my setup could be managed way better if I had a better knowledge of linux tc.
At the application level users are categorized as members of a group, each group have a limited bandwidth.
Example :
Members of group A : 512kbit/s
Members of group B : 1Mbit/s
Members of group C : 2Mbit/s
When a user connects to the application, it retrieves the source port to the origin of the request from the user and sends me the source port and the bandwidth at which the user must be limited depending on group to which it belongs. With these informations I must add the appropriate rules so that the user (the source port in reality) is limited to the right bandwidth.
If the user that connect isn't a member of any group it should be limited at a default bandwidth speed.
I'm actually managing this by using a self made daemon that add or remove rules from when it receive a request from the application. With my little knowledge of tc I'm not able to limit other users (ones that aren't in a group, all others in fact) at a default speed and my configuration seems awful to me.
Here is the base of my tc qdisc and classes :
tc qdisc add dev eth0 root handle 1: htb
tc class add dev eth0 parent 1: classid 1:1 htb rate 100mbps ceil 125mbps
To classify a user at a given speed I have to add one subclass and then associate one filter to it :
# a member of group A
tc class add dev eth0 parent 1:1 classid 1:11 htb rate 512kbps ceil 512kbps
# tts associated filter to match his source port
tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip sport 50001 flowid 1:11
# a member of group A again
tc class add dev eth0 parent 1:1 classid 1:12 htb rate 512kbps ceil 512kbps
# tts associated filter to match his source port
tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip sport 61524 flowid 1:12
# a member of group B again
tc class add dev eth0 parent 1:1 classid 1:13 htb rate 1000kbps ceil 1000kbps
# tts associated filter to match his source port
tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip sport 57200 flowid 1:13
I already know that a source port could be the same if its coming from a different IP address the thing is the application is behind a proxy so I don't have to manage any IP address in that situation.
I would like to know how to manage the fact that for all other users (request/source port, whatever you name it) could be limited at a given speed each. I mean that each connection should be able to use at max 100kbit/s for example, not a shared 100kbit/s.
I also would like to know if there is a way to simplify my rules. I don't know if it is possible to use only one class per group and associate multiple filters to the same class so each users could be handled by one class and not one class per user.
I appreciate any advice, thanks.
