Flow control contexts
The flow control contexts allow to count and limit TCP and UDP traffic.
The context can be created using a call to nf_addFlowCtl
the traffic limits in NF_FLOWCTL_DATA
structure in bytes per second.
When the limit values are not zero, the driver limits the
inbound/outbound throughput to specified values. When a limit value is
zero, the traffic is not limited.
Each context can be associated with one or more TCP or UDP endpoints
using calls to nf_setTCPFlowCtl
. It is possible to
call this functions in tcpConnectRequest/tcpConnected/udpCreated events or at any other
The traffic is counted and limited for all endpoints associated with
given control context. I.e. when all TCP connections and UDP sockets
of some process are associated with a single control context
specifying some limit for inbound/outbound data, the total
transmission speed for all network activity of the process is limited
to the specified values.
The flow context counts the number of inbound/outbound bytes for all
associated endpoints. It is possible to get the current values at any
time using a call to nf_getFlowCtlStat
It is possible to modify the traffic limits for a control context
. A context can be deleted using
All flow control contexts are deleted automatically after detaching from driver with nf_free or on unexpected shutdown of the filtering process.
The traffic counting and limiting works for the endpoints satisfying
the rules with filtering flags NF_FILTER or NF_CONTROL_FLOW. When
NF_CONTROL_FLOW is specified instead of NF_FILTER, the driver
indicates only tcpConnectRequest/tcpConnected/tcpClosed and
udpCreated/udpClosed events, i.e. doesn't indicate the data packets
for filtering. In this case there are no delays because of filtering
the packets in user mode, but it is possible to use the control
contexts to count and limit the traffic. The endpoints having NF_ALLOW
flag are not counted.
The described functionality is available only with WFP driver.