This example shows how a combination of BPF programs can be used to perform per-IP classification and rate limiting. The simulation in this example shows an example where N+M devices are combined and use 1 WAN. Traffic sent from/to the "neighbor" devices have their combined bandwidth capped at 128kbit, and the rest of the traffic can use an additional 1Mbit. This works by sharing a map between various tc ingress filters, each with a related set of bpf functions attached. The map stores a list of dynamically learned ip addresses that were seen on the neighbor devices and should be throttled. /------------\ | neigh1 --|->->->->->->->-| | | neigh2 --|->->->->->->->-| <-128kb-| /------\ | neigh3 --|->->->->->->->-| | wan0 | wan | | | ^ | br100 |-<-<-<--| sim | | | clsfy_neigh() | | ^ \------/ | lan1 ----|->->->->->->->-| <--1Mb--| | | lan2 ----|->->->->->->->-| | classify_wan() | ^ \------------/ | pass() | To run the example: $ sudo /path/to/neighbor_sharing/neighbor_sharing.py Starting netserver with host 'IN(6)ADDR_ANY' port '12865' and family AF_UNSPEC Starting netserver with host 'IN(6)ADDR_ANY' port '12865' and family AF_UNSPEC Starting netserver with host 'IN(6)ADDR_ANY' port '12865' and family AF_UNSPEC Starting netserver with host 'IN(6)ADDR_ANY' port '12865' and family AF_UNSPEC Starting netserver with host 'IN(6)ADDR_ANY' port '12865' and family AF_UNSPEC Network ready. Create a shell in the wan0 namespace and test with netperf (Neighbors are 172.16.1.100-102, and LAN clients are 172.16.1.150-151) e.g.: ip netns exec wan0 netperf -H 172.16.1.100 -l 2 Press enter when finished: In another shell: $ sudo ip netns exec wan0 netperf -H 172.16.1.100 -l 2 MIGRATED TCP STREAM TEST from 0.0.0.0 (0.0.0.0) port 0 AF_INET to 172.16.1.100 () port 0 AF_INET : demo Recv Send Send Socket Socket Message Elapsed Size Size Size Time Throughput bytes bytes bytes secs. 10^6bits/sec 87380 16384 16384 4.30 0.18 $ sudo ip netns exec wan0 netperf -H 172.16.1.150 -l 2 MIGRATED TCP STREAM TEST from 0.0.0.0 (0.0.0.0) port 0 AF_INET to 172.16.1.150 () port 0 AF_INET : demo Recv Send Send Socket Socket Message Elapsed Size Size Size Time Throughput bytes bytes bytes secs. 10^6bits/sec 87380 16384 16384 4.10 1.01 The bandwidth is throttled according to the IP.