[clug] Set TCP window size for specific incoming protocols?

[Damien Elmes]

Michael Still <mikal at stillhq.com> writes:

> Hey folk,
>
> I have a firewall with a slow connection. I would like to limit the rate 
> at which incoming packets for FTP hit the ISP side of my firewall. Because 
> these packets are coming from the ISP, it strikes me that what I really 
> want to do is set a relatively small size for the TCP window for these 
> connections.
>
> Does anyone have pointers on how to do this? I've had a look with google, 
> and can see anything relevant, and the iptables man page (which is 
> probably the wrong tool) doesn't seem to have anything either.
>
> Any pointers greatly appreciated.

I've no experience with varying the window size directly to achieve
throttling, but have used the linux QoS tools before:

  tc qdisc add dev $DEV handle ffff: ingress
    
  tc filter add dev $DEV parent ffff: protocol ip prio 50 u32 match ip src \
     0.0.0.0/0 police rate ${DOWNLINK}kbit burst 10k drop flowid :2
    
you can use 'sport' to match on the ftp data port.

As far as I know, this just throws away packets when the incoming rate
is too high, resulting in your ISP having to resend packets, which
slows down the stream in the process.

Cheers,
-- 
Damien Elmes