Flow Control Contexts

The flow control contexts allow to count and limit the IP traffic.

The context can be created using a call to nf_srv_addFlowCtl, specifying the traffic limits in NF_SRV_FLOWCTL_DATA structure in bytes per second. When the limit values are not zero, the driver limits the inbound/outbound throughput to specified values. When a limit value is zero, the traffic is not limited.

To associate a flow control context with network activity assign the created context to fcHandle field of NF_SRV_RULE_ACTION structure in NF_SRV_RULE.

The traffic is counted and limited for all packets matching a rule with given flow control context. The total transmission speed for all packets matching a rule with some flow control context is limited to the values specified in the appropriate NF_SRV_FLOWCTL_DATA.

The flow context counts the number of inbound/outbound bytes for the matching traffic. It is possible to get the current values at any time using a call to nf_srv_getFlowCtlStat.

It is possible to modify the traffic limits for a control context using nf_srv_modifyFlowCtl. A context can be deleted using nf_srv_deleteFlowCtl. All flow control contexts are deleted automatically after detaching from driver with nf_srv_free or on unexpected shutdown of the filtering process.

The traffic counting and limiting works for the endpoints satisfying the rules with filtering flags NF_SRV_FILTER or NF_SRV_ALLOW.