Flow Control Contexts
The flow control contexts allow to count and limit the IP traffic.
The context can be created using a call to
nf_srv_addFlowCtl, specifying
the traffic limits in
NF_SRV_FLOWCTL_DATA structure in bytes per second.
When the limit values are not zero, the driver limits the
inbound/outbound throughput to specified values. When a limit value is
zero, the traffic is not limited.
To associate a flow control context with network activity assign the created context to fcHandle field of
NF_SRV_RULE_ACTION structure in
NF_SRV_RULE.
The traffic is counted and limited for all packets matching a rule with
given flow control context. The total
transmission speed for all packets matching a rule with some flow control context is limited
to the values specified in the appropriate
NF_SRV_FLOWCTL_DATA.
The flow context counts the number of inbound/outbound bytes for the matching traffic. It is possible to get the current values at any
time using a call to
nf_srv_getFlowCtlStat.
It is possible to modify the traffic limits for a control context
using
nf_srv_modifyFlowCtl. A context can be deleted using
nf_srv_deleteFlowCtl.
All flow control contexts are deleted automatically after detaching from driver with nf_srv_free or on unexpected shutdown of the filtering process.
The traffic counting and limiting works for the endpoints satisfying
the rules with filtering flags NF_SRV_FILTER or NF_SRV_ALLOW.