Flow control contexts

The flow control contexts allow to count and limit TCP and UDP traffic.

The context can be created using a call to nf_srv_addFlowCtl(), specifying the traffic limits in NF_SRV_FLOWCTL_DATA structure in bytes per second. When the limit values are not zero, the driver limits the inbound/outbound throughput to specified values. When a limit value is zero, the traffic is not limited.

To associate a flow control context with network activity assign the created context to fcHandle field of NF_SRV_RULE_ACTION structure in NF_SRV_RULE.

The traffic is counted and limited for all endpoints associated with given control context. I.e. when all TCP connections and UDP sockets of some process are associated with a single control context specifying some limit for inbound/outbound data, the total transmission speed for all network activity of the process is limited to the specified values.

The flow context counts the number of inbound/outbound bytes for all associated endpoints. It is possible to get the current values at any time using a call to nf_srv_getFlowCtlStat().

It is possible to modify the traffic limits for a control context using nf_srv_modifyFlowCtl(). A context can be deleted using nf_srv_deleteFlowCtl(). All flow control contexts are deleted automatically after detaching from driver with nf_srv_free() or on unexpected shutdown of the filtering process.

The traffic counting and limiting works for the endpoints satisfying the rules with filtering flags NF_SRV_FILTER or NF_SRV_ALLOW.