Is there a rate limiting tool for linux that can limit rates per process or socket?

Question

I found tc, which allows you to filter by ip, port etc. and then limit rates. But I was wondering if there was anything that could filter by application or limit rate given another process' socket ..

Thanks!

ok seems like

I can use lsof -iTCP and ipfw pipes ... wonder how efficient that is ..

lsof -iTCP: http://danielmiessler.com/study/lsof/

ipfw: http://www.macgeekery.com/hacks/software/traffic_shaping_in_mac_os_x

ipfw in C: http://psb.sbras.ru/cgi-bin/www/unix_help/unix-man?ipfw+4

with rate limiting (dummynet): http://www.opensource.apple.com/source/network_cmds/network_cmds-115.2/ipfw.tproj/ipfw.c

score 2 · Accepted Answer · answered Dec 16 '11 at 07:51

2

Netfilter (iptables) has the owner (and also a socket, if you wish to use that) module. With it you can apply standard firewall rules if user id or group id matches, and optionally match if the packet is associated with a socket.

iptables -t mangle -A PREROUTING -m owner -u some_user --socket-exists -j MARK --set-mark 100

Then just use tc in a way it catches mark 100:

tc filter add dev eth0 parent ffff: protocol ip prio 10 u32 match mark 100 ...

This was just my mindflow and I have no idea if this works, but give it a try. :)

answered Dec 16 '11 at 07:51

Janne Pikkarainen

31,852
4
58
81

The `owner` module also supports the specification of a PID: `-m owner --pid-owner ` – the-wabbit Dec 16 '11 at 09:26
Welcome. Although I doubt it will help resolve the question - the original poster seems to be using BSD. – the-wabbit Dec 16 '11 at 09:30
Let's see about that. This lottery could go both ways; tags mention Linux and I think `tc` is more Linux oriented command. – Janne Pikkarainen Dec 16 '11 at 09:33
Thanks, yes I was using BSD then switched to Linux so I could use tc. – Lavanya Jan 16 '12 at 03:09

Is there a rate limiting tool for linux that can limit rates per process or socket?

1 Answers1