1ipqosconf(1M) System Administration Commands ipqosconf(1M)
2
6 ipqosconf - configure the IPQoS facility
7
9 /usr/sbin/ipqosconf
10 /usr/sbin/ipqosconf -a conf_file [-vs]
13 /usr/sbin/ipqosconf -c
16 /usr/sbin/ipqosconf -f
19 /usr/sbin/ipqosconf -l
22 /usr/sbin/ipqosconf -L
25
28 The ipqosconf utility configures the Quality of Service facility of the
29 Internet Protocol (IP). Only superusers can use this command.
30 Without arguments, ipqosconf displays the actual IPQoS configuration.
33 Configuration is not preserved across reboot. You must apply the con‐
36 figuration every time that the machine reboots. To apply the configura‐
37 tion early in the boot phase, you can populate the
38 /etc/inet/ipqosinit.conf file, which is then read from the svc:/net‐
39 work/initial:default service.
40
42 The following options are supported:
43 -a conf_file Apply the configuration in conf_file. If the conf_file
45 is −, ipqosconf reads from standard input.
46 -c Populate the boot file with the current configuration.
49 -f Flush the configuration.
52 -l List the current applied configuration.
55 -L List the current configuration in verbose mode.
58 In addition to the information that the -l option pro‐
60 vides, the -L option provides filters and classes con‐
61 figured through other means than the iqposconf command.
62 This option also provides the full set of filters that
63 were created by ipqosconf by representing a multi-homed
64 host in a configuration file
65 -s Log messages to syslog during an -a operation.
68 -v Toggle verbose mode during an -a operation.
71 The -v option causes all messages to go to the console
73 in addition to their normal destination. Messages
74 intended to go to syslog, because the -s flag is set or
75 because it is a log message, still go to syslog as well
76 as the console.
77
80 The configuration file is composed of a format version and a succession
81 of configuration (action) blocks. There are different configuration
82 blocks for each type of action that is being configured.
83 Format Version
85 The first line of the configuration file specifies the format version
86 contained in the configuration file.
87 The following entry specifies the format version:
90 fmt_version x.x
92 where x.x is the format version. 1.0 is the only supported version.
96 Configuration Blocks
98 Following the format version, are a succession of configuration
99 (action) blocks that are different for each type of action being con‐
100 figured. A configuration block always has the following structure:
101 action {
103 name action_name
104 module module_name
105 params_clause | ""
106 cf_clauses
107 }
108 action_name ::= string
110 module_name ::= ipgpc | dlcosmk | dscpmk | flowacct | tswtclmt |
111 tokenmt
112 params_clause ::= params {
114 parameters
115 params_stats | ""
116 }
117 parameters ::= prm_name_value parameters | ""
119 prm_name_value ::= param_name param_value
121 Modules
125 The param_name and the types of param_value are specific to a given
126 module.
127 params_stats ::= global_stats boolean
129 cf_clauses ::= class_clause cf_clauses |
131 filter_clause cf_clauses | ""
132 class_clause ::= class {
134 name class_name
135 next_action next_action_name
136 class_stats | ""
137 }
138 class_name ::= string
140 next_action_name ::= string
141 class_stats ::= enable_stats boolean
142 boolean ::= TRUE | FALSE
143 filter_clause ::= filter {
145 name filter_name
146 class class_name
147 parameters
148 }
149 filter_name ::= string
151 There must be exactly one configuration block belonging to module
156 ipgpc. The action must be named ipgpc.classify. All other actions
157 should be reachable from ipgpc by way of parameters of type action or
158 the next_action of a class.
159 The set of types that are used for parameters of the different modules
162 are:
163 action ::= string
165 protocol ::= 1..255
166 port ::= 1..65535
167 uint8 ::= 0..255
168 uint32 ::= 0..4294967296
169 int32 ::= -2147483648..2147483648
170 address ::= <see the description section>
171 ifname ::= <interface name recognized by SIOGLIFINDEX ioctl>
172 enum ::= string | { string_list }
173 boolean ::= TRUE | FALSE
174 integer_array ::= { range_value_list }
175 map_index ::= uint32
176 address ::= ip_address | ip_node_name
177 user ::= uid | username
178 uid ::= 0..65535
179 username ::= string
180 string_list ::= string sl_entrys
181 sl_entrys ::= ',' string sl_entrys | ""
182 range_value_list ::= range_value_entry range_value_entrys
183 range_value_entry ::= range ':' integer_array_value
184 range ::= uint32 '-' uint32
185 integer_array_value ::= string | integer_array_number
186 integer_array_number ::= uint8 | uint32
187 range_value_entrys ::= ';' range_value_entry range_value_entrys | ""
188 ip_node_name ::= string
189 ip_address ::= v4_address | v6_address
190 v4_address ::= v4_ip_address / v4_cidr_mask |
191 v4_ip_address
192 v4_cidr_mask ::= 1-32
193 v6_address ::= v6_ip_address / v6_cidr_mask |
194 v6_ip_address
195 v6_cidr_mask ::= 1-128
196 METER module tokenmt configuration syntax:
201 red_action_name action
203 yellow_action_name action
204 green_action_name action
205 committed_rate uint32
206 committed_burst uint32
207 peak_rate uint32
208 <if present this signifies that this will be a two rate meter, not
209 a single rate meter>
210 peak_burst uint32
211 <this is the 'peak' burst size for a two rate meter, but
212 the 'excess' burst size for a single rate meter>
213 color_aware boolean
214 color_map integer_array
215 global_stats boolean
216 METER module tswtclmt configuration syntax:
221 red_action_name action
223 yellow_action_name action
224 green_action_name action
225 committed_rate uint32
226 peak_rate uint32
227 window uint32
228 global_stats boolean
229 MARKER module dscpmk configuration syntax:
234 next_action action
236 dscp_map int_array
237 dscp_detailed_stats boolean
238 global_stats boolean
239 MARKER module dlcosmk configuration syntax:
244 next_action action
246 cos map_index
247 global_stats boolean
248 CLASSIFIER module ipgpc configuration syntax:
252 user user
254 projid int32
255 if_name ifname
256 direction enum {
257 LOCAL_IN,
258 LOCAL_OUT,
259 FWD_IN,
260 FWD_OUT}
261 protocol protocol
262 dsfield uint8
263 dsfield_mask uint8
264 saddr address
265 daddr address
266 sport port
267 dport port
268 priority uint32
269 precedence uint32
270 ip_version enum {
271 V4,
272 V6 }
273 global_stats boolean
274 ACCOUNTING module flowacct configuration syntax:
279 next_action action
281 timer uint32
282 timeout uint32
283 max_limit uint32
284 Types
288 action A string of characters with a matching action defini‐
289 tion. The character string can be up to twenty three
290 characters in length. To allow for spaces the string
291 needs to be enclosed in quotes and cannot span lines.
292 Two special actions are pre-defined and can not have
293 an explicit action definition. The two pre-defined
294 actions are continue and drop. continue causes the
295 packet that is passed to it to continue normal pro‐
296 cessing. drop causes the packet that is passed to it
297 to be dropped.
298 address A machine name or address recognized by getipnodeby‐
301 name(3SOCKET). If a machine name is specified, and
302 ip_version has been defined, the query is done using
303 that address family. If a machine name is not speci‐
304 fied and ip_version has not been defined, the query is
305 done using the AI_DEFAULT flag to getipnodeby‐
306 name()(..AF_INET6..). CIDR address masks following an
307 IP address are allowed. Specify the CIDR address masks
308 as 1-32 (for v4) or 1-128 (for v6). CIDR addresses are
309 disallowed for node names.
310 enum Either one of the supported values or comma delimited
313 list of support values, enclosed in curly braces.
314 ifname A non-NULL, existing interface name recognized by the
317 SIOGLIFINDEX socket ioctl.
318 integer_array A comma delimited set of range/value pairs, enclosed
321 in curly braces.
322 Specify range in the format x-y, where x and y are
324 integers that denote the range of array indexes to
325 which the value applies. The minimum value for both x
326 and y is 0. The maximum value for x is particular to
327 the parameter. Any array indexes not referred to in
328 the set of ranges are left at their previous value.
329 map_index A non-negative integer used as an index into any maps
332 associated with a parameter of this type.
333 The maximum value of this type is dictated by the num‐
335 ber of entries in the associated maps. The index
336 starts at 0.
337 port Either a service name recognized by getservby‐
340 name(3SOCKET) or an integer 1-65535.
341 protocol Either a protocol name recognized by getprotoby‐
344 name(3SOCKET) or an integer 1-255.
345 string A character string. Enclose string in quotes. string
348 cannot span multiple lines.
349 user Either a valid user ID or username for the system that
352 is being configured.
353 Parameters
356 The configuration file can contain the following parameters
357 color_aware A value of TRUE or FALSE, indicating whether or
359 not the configured action takes account of the
360 previous packet coloring when classifying.
361 color_map An integer array that defines which values of
364 the dscp field correspond with which colors for
365 when the color_aware parameter is set to TRUE.
366 committed_burst The committed burst size in bits.
369 committed_rate The committed rate in bits per second.
372 cos The value used to determine the underlying
375 driver level priority applied to the packet
376 which is defined in 802.1D.
377 daddr The destination address of the datagram.
380 direction The value used to build a filter matching only
383 part of the traffic.
384 This parameter is of type enum with valid values
386 of LOCAL_IN (local bound traffic), LOCAL_OUT
387 (local sourced traffic), FWD_IN (forwarded traf‐
388 fic entering the system), and FWD_OUT (forwarded
389 traffic exiting the system).
390 dport The destination port of the datagram.
393 dscp_detailed_stats A value of TRUE or FALSE that determines whether
396 detailed statistics are switched on for this
397 dscp action.
398 Specify TRUE to switch on or FALSE to switch
400 off.
401 dscp_map The integer_array that supplies the values that
404 IP packets with a given dscp value have their
405 dscp re-marked with.
406 The existing value is used to index into the
408 array where the new value is taken from. The
409 array is of size 64, meaning valid indexes are
410 0-63 and valid values are also 0-63.
411 dsfield The DS field of the IP datagram header. This is
414 an 8-bit value, with each bit position corre‐
415 sponding with the same one in the header; this
416 enables matches to be done on the CU bits. If
417 you specify this parameter, you must also spec‐
418 ify the dsfield_mask parameter.
419 dsfield_mask The mask applied to the dsfield parameter to
422 determine the bits against which to match. This
423 is an 8-bit value, with each bit position corre‐
424 sponding with the same one in the dsfield param‐
425 eter.
426 global_stats A value of TRUE or FALSE to enable or disable
429 the statistic collection for this action.
430 green_action_name The action to be executed for packets that are
433 deemed to be green.
434 if_name The name of an interface recognized by the
437 SIOGLIFINDEX ioctl. This parameter is of type
438 ifname.
439 ip_version This parameter is of type enum and has valid
442 values of V4 and V6.
443 If it is set to V4 only then only ipv4addresses
445 are requested for a specified hostname. If it is
446 set to V6, only ipv6 addresses are returned if
447 there are any, otherwise v4 mapped v6 addresses
448 are returned. If both V4 and V6 are specified,
449 or if ip_version is not specified, then both
450 ipv4 and ipv6 addresses are requested for a
451 specified hostname.
452 max_limit The maximum number of flow entries present at
455 one time in the flowacct actions in the memory
456 resident table.
457 next_action The action to be executed when the current
460 action is complete.
461 This value can be either the name of an action
463 defined in the configuration file, or one of the
464 two special action types: drop and continue.
465 peak_burst The peak burst size, for a two rate meter, or
468 excess burst size, for a single rate meter, in
469 bits.
470 peak_rate The peak rate in bits per second.
473 precedence An integer that is used to order filters. If
476 there are two matching filters that have the
477 same priority value, the one with the lower
478 precedence value is the one matched. This param‐
479 eter should be used because the order of the
480 filters in a configuration file has no influence
481 on their relative precedence.
482 priority An integer that represents the relative priority
485 of a filter. If there are two matching filters,
486 the one with the higher priority value is the
487 one matched. Multiple filters can have the same
488 priority.
489 projid The project ID of the process sending the data.
492 This value is always -1 for received traffic.
493 protocol The Upper Layer Protocol against which this
496 entry is matched.
497 red_action_name The action to be executed for packets that are
500 determined to be red.
501 saddr The source address of the datagram.
504 sport The source port of the datagram.
507 timeout The timeout in milliseconds after which flows
510 are written to the accounting file.
511 timer The period in milliseconds at which timed-out
514 flows are checked for.
515 user The user ID or username of the process sending
518 the data. This value is always -1 for received
519 traffic.
520 window The window size in ms.
523 yellow_action_name The action to be executed for packets that are
526 determined to be yellow.
527
530 None.
531
533 Example 1 Sending All Traffic From eng to the AF 1 Class of Service
534 This example sends all traffic from eng to the AF 1 class of service.
537 It is documented in four separate steps:
538 The following step creates a tokenmt action with three outcomes:
542 #meter for class 1.
545 action {
546 name AF_CL1
547 module tokenmt
548 params{
549 committed_rate 64
550 committed_burst 75
551 peak_burst 150
552 global_stats TRUE
553 red_action_name drop
554 yellow_action_name markAF12
555 green_action_name markAF11
556 }
557 }
558 The following step creates two dscpmk actions:
563 #class 1, low drop precedence.
566 action {
567 name markAF11
568 module dscpmk
569 params{
570 dscp_map {0-63:28}
571 dscp_detailed_stats TRUE
572 global_stats TRUE
573 next_action acct1
574 }
575 }
576 #class 1, medium drop precedence.
577 action {
578 name markAF12
579 module dscpmk
580 params {
581 dscp_map {0-63:30}
582 dscp_detailed_stats TRUE
583 global_stats TRUE
584 next_action acct1
585 }
586 }
587 The following step creates an accounting action:
592 #billing for transmitted class 1 traffic.
595 action {
596 name acct1
597 module flowacct
598 params {
599 timer 10
600 timeout 30
601 global_stats TRUE
602 max_limit 1024
603 next_action continue
604 }
605 }
606 The following step creates an ipgpc action:
611 #traffic from eng sent, traffic from ebay dropped.
614 action {
615 name ipgpc.classify
616 module ipgpc
617 class {
618 name from_eng
619 enable_stats TRUE
620 next_action AF_CL1
621 }
622 class {
623 name from_ebay
624 enable_stats TRUE
625 next_action drop
626 }
627 filter {
629 name from_eng
630 saddr eng-subnet
631 class from_eng
632 }
633 filter {
634 name from_ebay
635 saddr ebay-subnet
636 class from_ebay
637 }
638 }
639
643 /etc/inet/ipqosinit.conf
644 Contains the IPQoS configuration loaded at boot time. If this file
646 exists, it is read from the network/initial:default service.
647 /etc/inet/ipqosconf.1.sample
650 Sample configuration file for an application server
652 /etc/inet/ipqosconf.2.sample
655 Sample configuration file that meters the traffic for a specified
657 application
658 /etc/inet/ipqosconf.3.sample
661 Sample configuration file that marks the ethernet headers of web
663 traffic with a given user priority
664
667 See attributes(5) for descriptions of the following attributes:
668 ┌─────────────────────────────┬─────────────────────────────┐
673 │ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
674 ├─────────────────────────────┼─────────────────────────────┤
675 │Availability │SUNWqosu │
676 ├─────────────────────────────┼─────────────────────────────┤
677 │Interface Stability │Evolving │
678 └─────────────────────────────┴─────────────────────────────┘
679
681 syslog(3C), getipnodebyname(3SOCKET), getprotobyname(3SOCKET), get‐
682 servbyname(3SOCKET), attributes(5), dlcosmk(7IPP), dscpmk(7IPP),
683 flowacct(7IPP), ipgpc(7IPP), ipqos(7IPP), tokenmt(7IPP), tswtclmt(7IPP)
684
686 ipqosconf sends messages to syslog of facility user, severity notice
687 when any changes are made to the IPQoS configuration.
688 Errors that occur during an ipqosconf operation send an error message
691 to the console by default. For the application of a new configuration
692 if the -s option is set then these messages are sent to syslog as
693 facility user, severity error instead. If the -v option is present dur‐
694 ing an application then all error and change notificationmessages are
695 sent to the console as well as their default destination.
696SunOS 5.11 18 Dec 2008 ipqosconf(1M)