5

I have a Raspberry Pi, and I'd like to have bitcoind running on it. This consumes a lot of my outgoing bandwidth at times, so I'd like to make sure it never uses more than 20 KB/s for Bitcoin data.

The Bitcoin protocol uses port 8333 for connections, so I figure it should be possible to identify connections easily by just looking at if either the source or destination port equals 8333.

On Linux, which set of commands will make sure that data to and from port 8333 will not exceed 20 KB/s?

runeks
  • 364
  • 3
  • 12
  • For questions about advanced Linux networking, you should almost always start here. http://www.lartc.org/lartc.html – Zoredache May 21 '13 at 00:09
  • 1
    See also http://unix.stackexchange.com/questions/34116/how-can-i-limit-the-bandwidth-used-by-a-process/34123#34123 – peterph May 21 '13 at 22:22

2 Answers2

1

You can use tc to "shape" bandwidth utilization based on network addresses or marked packets. Once upon a time there was some option in IPTables for marking packets then using tc I can't remember what it is. It's not in my iptables --help anywhere so they may have taken it out. Which is just as well because it's probably based off pid or owner. PID's get recycled and owner would be too vague. If you know the rough range of network addresses, tc might be preferable since learning it can pay off in other areas. If you can't, then the application itself might be the only criteria you can reliably use.

If you have a reasonably current kernel you can limit an application's bandwidth usage via cgroups. Here is another answer showing a short example of how to set up the cgroup.

cgroups are preferable because fork's and execve's catch the new children, so any child processes get added to the same cgroup. That's why that answer I linked works even though they only add their shell's pid (the cgroup catches bash's calling of execve and adds the PID to the same cgroup).

Community
  • 1
Bratchley
  • 16,684
  • 13
  • 64
  • 103
1

The following set of commands will limit the outgoing rate for traffic with a source or destination port of 8333 to 160 kbit/s, unless the destination IP is on the local network.

#network interface on which to limit traffic
IF="eth0"
#limit of the network interface in question
LINKCEIL="1gbit"
#limit outbound Bitcoin protocol traffic to this rate
LIMIT="160kbit"

#delete existing rules
tc qdisc del dev ${IF} root

#add root class
tc qdisc add dev ${IF} root handle 1: htb default 10

#add parent class
tc class add dev ${IF} parent 1: classid 1:1 htb rate ${LINKCEIL} ceil ${LINKCEIL}

#add our two classes. one unlimited, another limited
tc class add dev ${IF} parent 1:1 classid 1:10 htb rate ${LINKCEIL} ceil ${LINKCEIL} prio 0
tc class add dev ${IF} parent 1:1 classid 1:11 htb rate ${LIMIT} ceil ${LIMIT} prio 1

#add handles to our classes so packets marked with <x> go into the class with "... handle <x> fw ..."
tc filter add dev ${IF} parent 1: protocol ip prio 1 handle 1 fw classid 1:10
tc filter add dev ${IF} parent 1: protocol ip prio 2 handle 2 fw classid 1:11

#limit outgoing traffic to and from port 8333. but not when dealing with a host on the local network
#   --set-mark marks packages matching these criteria with the number "2"
#   these packages are filtered by the tc filter with "handle 2"
#   this filter sends the packages into the 1:11 class, and this class is limited to ${LIMIT}
iptables -t mangle -A OUTPUT -p tcp -m tcp --dport 8333 ! -d 192.168.0.0/16 -j MARK --set-mark 0x2
iptables -t mangle -A OUTPUT -p tcp -m tcp --sport 8333 ! -d 192.168.0.0/16 -j MARK --set-mark 0x2
runeks
  • 364
  • 3
  • 12