ipqosconf(1M)
NAME
ipqosconf - configure the IPQoS facility
SYNOPSIS
/usr/sbin/ipqosconf
/usr/sbin/ipqosconf -a conf_file [-vs]
/usr/sbin/ipqosconf -c
/usr/sbin/ipqosconf -f
/usr/sbin/ipqosconf -l
/usr/sbin/ipqosconf -L
DESCRIPTION
The ipqosconf utility configures the Quality of Service
facility of the Internet Protocol (IP). Only superusers can
use this command.
Without arguments, ipqosconf displays the actual IPQoS con-
figuration.
Configuration is not preserved across reboot. You must apply
the configuration every time that the machine reboots. To
apply the configuration early in the boot phase, you can
populate the /etc/inet/ipqosinit.conf file, which is then
read from the inetsvc startup script.
OPTIONS
The following options are supported:
-a conf_file
Apply the configuration in conf_file. If the conf_file
is -, ipqosconf reads from standard input.
-c Populate the boot file with the current configuration.
-f Flush the configuration.
-l List the current applied configuration.
-L List the current configuration in verbose mode.
In addition to the information that the -l option pro-
vides, the -L option provides filters and classes con-
figured through other means than the iqposconf com-
mand. This option also provides the full set of
filters that were created by ipqosconf by representing
a multi-homed host in a configuration file
-s Log messages to syslog during an -a operation.
-v Toggle verbose mode during an -a operation.
The -v option causes all messages to go to the console
in addition to their normal destination. Messages
intended to go to syslog, because the -s flag is set
or because it is a log message, still go to syslog as
well as the console.
CONFIGURATION FILE
The configuration file is composed of a format version and a
succession of configuration (action) blocks. There are dif-
ferent configuration blocks for each type of action that is
being configured.
Format Version
The first line of the configuration file specifies the for-
mat version contained in the configuration file.
The following entry specifies the format version:
fmt_version x.x
where x.x is the format version. 1.0 is the only supported
version.
Configuration Blocks
Following the format version, are a succession of configura-
tion (action) blocks that are different for each type of
action being configured. A configuration block always has
the following structure :
action {
name action_name
module module_name
params_clause | ""
cf_clauses
}
action_name ::= string
module_name ::= ipgpc | dlcosmk | dscpmk | flowacct | tswtclmt |
tokenmt
params_clause ::= params {
parameters
params_stats | ""
}
parameters ::= prm_name_value parameters | ""
prm_name_value ::= param_name param_value
Modules
The param_name and the types of param_value are specific to
a given module.
params_stats ::= global_stats boolean
cf_clauses ::= class_clause cf_clauses |
filter_clause cf_clauses | ""
class_clause ::= class {
name class_name
next_action next_action_name
class_stats | ""
}
class_name ::= string
next_action_name ::= string
class_stats ::= enable_stats boolean
boolean ::= TRUE | FALSE
filter_clause ::= filter {
name filter_name
class class_name
parameters
}
filter_name ::= string
There must be exactly one configuration block belonging to
module ipgpc. The action must be named ipgpc.classify. All
other actions should be reachable from ipgpc by way of
parameters of type action or the next_action of a class.
The set of types that are used for parameters of the dif-
ferent modules are:
action ::= string
protocol ::= 1..255
port ::= 1..65535
uint8 ::= 0..255
uint32 ::= 0..4294967296
int32 ::= -2147483648..2147483648
address ::=< see the description section>
ifname ::= <interface name recognized by SIOGLIFINDEX ioctl>
enum ::= string | { string_list }
boolean ::= TRUE | FALSE
integer_array ::= { range_value_list }
map_index ::= uint32
address ::= ip_address | ip_node_name
user ::= uid | username
uid ::= 0..65535
username ::= string
string_list ::= string sl_entrys
sl_entrys ::= ',' string sl_entrys | ""
range_value_list ::= range_value_entry range_value_entrys
range_value_entry ::= range ':' integer_array_value
range ::= uint32 '-' uint32
integer_array_value ::= string | integer_array_number
integer_array_number ::= uint8 | uint32
range_value_entrys ::= ';' range_value_entry range_value_entrys | ""
ip_node_name ::= string
ip_address ::= v4_address | v6_address
v4_address ::= v4_ip_address / v4_cidr_mask |
v4_ip_address
v4_cidr_mask ::= 1-32
v6_address ::= v6_ip_address / v6_cidr_mask |
v6_ip_address
v6_cidr_mask ::= 1-128
METER module tokenmt configuration syntax :
red_action_name action
yellow_action_name action
green_action_name action
committed_rate uint32
committed_burst uint32
peak_rate uint32
<if present this signifies that this will be a two rate meter, not
a single rate meter>
peak_burst uint32
<this is the 'peak' burst size for a two rate meter, but the 'excess' burst
size for a single rate meter>
color_aware boolean
color_map integer_array
global_stats boolean
METER module tswtclmt configuration syntax :
red_action_name action
yellow_action_name action
green_action_name action
committed_rate uint32
peak_rate uint32
window uint32
global_stats boolean
MARKER module dscpmk configuration syntax :
next_action action
dscp_map int_array
dscp_detailed_stats boolean
globlal_stats boolean
MARKER module dlcosmk configuration syntax :
next_action action
cos map_index
global_stats boolean
CLASSIFIER module ipgpc configuration syntax :
if_grpname string
user user
projid int32
if_name ifname
direction enum {
LOCAL_IN,
LOCAL_OUT,
FWD_IN,
FWD_OUT}
protocol protocol
dsfield uint8
dsfield_mask uint8
saddr address
daddr address
sport port
dport port
priority uint32
precedence uint32
ip_version enum {
V4,
V6 }
global_stats boolean
ACCOUNTING module flowacct configuration syntax
next_action action
timer uint32
timeout uint32
max_limit uint32
Types
action
A string of characters with a matching action defini-
tion. The character string can be up to twenty three
characters in length. To allow for spaces the string
needs to be enclosed in quotes and cannot span lines.
Two special actions are pre-defined and can not have
an explicit action definition. The two pre-defined
actions are continue and drop. continue causes the
packet that is passed to it to continue normal pro-
cessing. drop causes the packet that is passed to it
to be dropped.
address
A machine name or address recognized by
getipnodebyname(3B). If a machine name is specified,
and ip_version has been defined, the query is done
using that address family. If a machine name is not
specified and ip_version has not been defined, the
query is done using the AI_DEFAULT flag to
getipnodebyname()(..AF_INET6..). CIDR address masks
following an IP address are allowed. Specify the CIDR
address masks as 1-32 (for v4) or 1-128 (for v6). CIDR
addresses are disallowed for node names.
enum Either one of the supported values or comma delimited
list of support values, enclosed in curly braces.
ifname
A non-NULL, existing interface name recognized by the
SIOGLIFINDEX socket ioctl.
integer_array
A comma delimited set of range/value pairs , enclosed
in curly braces.
Specify range in the format x-y, where x and y are
integers that denote the range of array indexes to
which the value applies. The minimum value for both x
and y is 0. The maximum value for x is particular to
the parameter. Any array indexes not referred to in
the set of ranges are left at their previous value.
map_index
A non-negative integer used as an index into any maps
associated with a parameter of this type.
The maximum value of this type is dictated by the
number of entries in the associated maps. The index
starts at 0.
port Either a service name recognized by
getservbyname(3SOCKET) or an integer 1-65535.
protocol
Either a protocol name recognized by
getprotobyname(3SOCKET) or an integer 1-255.
string
A character string. Enclose string in quotes. string
cannot span multiple lines.
user Either a valid user ID or username for the system that
is being configured.
Parameters
The configuration file can contain the following parameters
color_aware
A value of TRUE or FALSE, indicating whether or not
the configured action takes account of the previous
packet coloring when classifying.
color_map
An integer array that defines which values of the dscp
field correspond with which colors for when the
color_aware parameter is set to TRUE.
committed_burst
The committed burst size in bits.
committed_rate
The committed rate in bits per second.
cos The value used to determine the underlying driver
level priority applied to the packet which is defined
in 802.1D.
daddr The destination address of the datagram.
direction
The value used to build a filter matching only part of
the traffic.
This parameter is of type enum with valid values of
LOCAL_IN (local bound traffic), LOCAL_OUT (local
sourced traffic), FWD_IN (forwarded traffic entering
the system), and FWD_OUT (forwarded traffic exiting
the system).
dport The destination port of the datagram.
dscp_detailed_stats
A value of TRUE or FALSE that determines whether
detailed statistics are switched on for this dscp
action.
Specify TRUE to switch on or FALSE to switch off.
dscp_map
The integer_array that supplies the values that IP
packets with a given dscp value have their dscp re-
marked with.
The existing value is used to index into the array
where the new value is taken from. The array is of
size 64, meaning valid indexes are 0-63 and valid
values are also 0-63.
dsfield
The DS field of the IP datagram header. If you specify
this parameter, you must also specify the dsfield_mask
parameter.
dsfield_mask
The mask applied to the dsfield parameter to determine
the bits against which to match.
global_stats
A value of TRUE or FALSE to enable or disable the
statistic collection for this action.
green_action_name
The action to be executed for packets that are deemed
to be green.
if_grpname
The interface group name.
if_name
The name of an interface recognized by the SIOGLIFIN-
DEX ioctl. This parameter is of type ifname.
ip_version
This parameter is of type enum and has valid values of
V4 and V6.
If it is set to V4 only then only ipv4addresses are
requested for a specified hostname. If it is set to
V6, only ipv6 addresses are returned if there are any,
otherwise v4 mapped v6 addresses are returned. If both
V4 and V6 are specified, or if ip_version is not
specified, then both ipv4 and ipv6 addresses are
requested for a specified hostname.
max_limit
The maximum number of flow entries present at one time
in the flowacct actions in the memory resident table.
next_action
The action to be executed when the current action is
complete.
This value can be either the name of an action defined
in the configuration file, or one of the two special
action types: drop and continue. See Types for addi-
tional information on special action types.
peak_burst
The peak burst size, for a two rate meter, or excess
burst size, for a single rate meter, in bits.
peak_rate
The peak rate in bits per second.
precedence
An integer that is used to order filters. If there are
two matching filters that have the same priority
value, the one with the lower precedence value is the
one matched. This parameter should be used because the
order of the filters in a configuration file has no
influence on their relative precedence.
priority
An integer that represents the relative priority of a
filter. If there are two matching filters, the one
with the higher priority value is the one matched.
Multiple filters can have the same priority.
projid
The project ID of the process sending the data. This
value is always -1 for received traffic.
protocol
The Upper Layer Protocol against which this entry is
matched.
red_action_name
The action to be executed for packets that are deter-
mined to be red.
saddr The source address of the datagram.
sport The source port of the datagram.
timeout
The timeout in milliseconds after which flows are
written to the accounting file.
timer The period in milliseconds at which timed-out flows
are checked for.
user The user ID or username of the process sending the
data. This value is always -1 for received traffic.
window
The window size in ms.
yellow_action_name
The action to be executed for packets that are
determined to be yellow.
SECURITY
None.
EXAMPLES
Example 1: Sending All Traffic From eng to the AF 1 Class of
Service
This example sends all traffic from eng to the AF 1 class of
service. It is documented in four separate steps:
The following step creates a tokenmt action with three out-
comes:
#meter for class 1.
action {
name AF_CL1
module tokenmt
params{
committed_rate 64
committed_burst 75
peak_burst 150
global_stats TRUE
red_action_name drop
yellow_action_name markAF12
green_action_name markAF11
}
}
The following step creates two dscpmk actions:
#class 1, low drop precedence.
action {
name markAF11
module dscpmk
params{
dscp_map {0-63:28}
dscp_detailed_stats TRUE
global_stats TRUE
next_action acct1
}
}
#class 1, medium drop precedence.
action {
name markAF12
module dscpmk
params {
dscp_map {0-63:30}
dscp_detailed_stats TRUE
global_stats TRUE
next_action acct1
}
}
The following step creates an accounting action:
#billing for transmitted class 1 traffic.
action {
name acct1
module flowacct
params {
timer 10
timeout 30
global_stats TRUE
max_limit 1024
next_action continue
}
}
The following step creates an ipgpc action:
#traffic from eng sent, traffic from ebay dropped.
action {
name ipgpc.classify
module ipgpc
class {
name from_eng
enable_stats TRUE
next_action AF_CL1
}
class {
name from_ebay
enable_stats TRUE
next_action drop
}
filter {
name from_eng
saddr eng-subnet
class from_eng
}
filter {
name from_ebay
saddr ebay-subnet
class from_ebay
}
}
FILES
/etc/inet/ipqosinit.conf
Contains the IPQoS configuration loaded at boot time.
If this file exists, it is read from
/etc/initd.d/inetsvc after /usr is mounted.
ATTRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
____________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|_____________________________|
| Availability | SUNWqosu |
|_____________________________|_____________________________|
| Interface Stability | Evolving |
|_____________________________|_____________________________|
SEE ALSO
syslog(3C), getipnodebyname(3SOCKET),
getprotobyname(3SOCKET), getservbyname(3SOCKET), attri-
butes(5), dlcosmk(7IPP), dscpmk(7IPP), flowacct(7IPP),
ipgpc(7IPP), ipqos(7IPP), tokenmt(7IPP), tswtclmt(7IPP)
DIAGNOSTICS
ipqosconf sends messages to syslog of facility user, sever-
ity notice when any changes are made to the IPQoS configura-
tion.
Errors that occur during an ipqosconf operation send an
error message to the console by default. For the application
of a new configuration if the -s option is set then these
messages are sent to syslog as facility user, severity error
instead. If the -v option is present during an application
then all error and change notificationmessages are sent to
the console as well as their default destination.
Man(1) output converted with
man2html