| Main Menu|
Warning, before you untar the Arbitrator releases please read the How-To. Also any items in the Changelog relating to the version.
. arbitrator9.62.tar.gz this is the GPL version. It does not come with a GUI, nor is reporting included in this version. Those items are licensed with our commercial products only. This version runs on the Linux 2.6.5 kernel. No other patches are required since iptables and ebtables are already in this kernel. READ THE CHANGE LOG FOR INFO ON THIS VERSION.
. arbitrator8.63.tar.gz this is the GPL version. This is currently the most stable version based on the 2.4.19 kernel. It does not come with a GUI, nor is reporting included in this version. Those items are licensed with our commercial products only. This version runs on the Linux 2.4.19 kernel. READ THE CHANGE LOG FOR INFO ON THIS VERSION.
. callnetplot version 1.0 for plotting MULTIPLE VLANs This is a user donated perl script which should be used with 8.25. Other versions may be able to be tweaked to use this as well with a little work.
Version 1.21 is a watchdog utility type program for the Arbi. You can read the README by clicking here.
This is a beta release and we welcome beta customers. Enforce Bandwidth Caps on monthly/daily or hourly
usage, take actions when caps are exceeded. You can read the README by clicking here.
This is a beta release and we welcome beta customers. You can find the docs for ArbiQos by clicking here.
. apccrond - Perl cron like helper app
. asciiplot2.0 - Perl plot routine that creates ASCII graphs in the form of horizontal bar charts. You could modify the code to output graphics instead of ASCII *'s for use with web apps. Here is the README.
. bridge-nf-0.0.7-against-2.4.19.diff for the 2.4.19 kernels.
Off site links
. 2.6.5 Kernel Source
| Linux help links|
|| NotOnFrontPage: Arbitrator Change Log|
Added /art/conncount utility so you can easily see how many connections an IP has.
Fixes of minor bugs in our 2.4.19 kernel version code.
Fixes for our 2.6.5 kernel code to improve the total amount of bandwidth that can be handled.
Fixes for our 2.6.5 kernel code that could result in kernel panics or kmsgs upon putting large amounts of bandwidth through it.
This version is based on the 2.6.5 kernel source. Because of this there are more drivers available such as new network drivers and Scsi drivers and so on. This version is an update of the 8.6 version with VLANS built in as well. No patches are required except the Arbitrator files since Iptables and EBtables are built into this kernel.
8.6 Introduces a release where VLANS (virtual trunking) feature is
backward comapatible to previous releases that did not have virtual
What this means is you can upgrade to 8.6 from 8.22 -8.2x without
changing configuration or defining VLANS
This version requires a rebuild of the 2.4.19 kernel and bridge tools.
Fixed non initialized variable doing total
Both bridge utils and kernel need recompiling
for this version.
Revised code so that it will now work using
kernel 2.4.25 w/ebtables patch applied.
You must use the 2.4.25 kernel source and then
patch with the ebtables patch and then apply
this code afterwards. You cannot use this
version as is with any other kernel source
version or without ebtables.
You still need to use the bridge-utils-0.9.5.tar
but do not use the bridge-nf-0.0.7 against-2.4.19.diff of course.
Fixes typo in /etc/init.d/arbitrate so it
removes hard limits.
New buffering and tweaking for hard limits.
This version will require a rebuild of kernel and bridge utils.
Capability of setting hard limits now per host IP
or a range of hosts starting with x.x.x.x/y
Hard limit has an in and out value you can
set per host IP.
ADD_CONFIG HARD x.x.x.x/y inval outval range
We have modified this version of the Bandwidth
Arbitrator to handle even more users than before. The
connection tracking table can now handle 5000
connections which will easily work on networks with
3000 active users. And 6000 total users.
The value left on so that the GPL version quit after 4 days
has been toggled off which it should have been before.
This release provides a system wide connection limit
for your network. With a single command you can limit
the number of active connections to all hosts on your
Host A,B,C are outside your network
Host D,E,F,G are on your network
If you set the network wide connection limit to "2"
for incoming connections, then if HOST(s) A B and C
try to connect to HOST D on your network, only two
will be allowed.
To limit incoming connections
/art/ADD_CONFIG CONNECTION x.x.x.x/32 val 999999 [0,1]
Where the ip address is put does not matter but must be
Patches a build problem with the 7.64 kernel and adds
a key mechanism to build systems with restricted
Tweaked the way MAC related tasks were handled to resolve issues that some people were finding when using mostly MAC shaping.
No need to recompile if you are already on 7.6x. New files are in /art
Changed /art/new2 so that changing downlink takes
affect without restarting. Old bug that resurfaced.
Changed the way percentage affected rules to make
it more precise.
Changed /art/new2 so that toggling off default rules
does not also toggle off user rules.
Major optimizations to allow for handling shaping
rules, up to 3 times as many rules may be processed
before running out of CPU.
Fixed a serious problem with the internal perl
signaling which was causing systems to crash when
Further smoothing of how penalties are released to
make bandwidth limiting steadier.
Added getbrain2 to the archive.
Revised /art/BROWSE_CONFIG to show RATIO
Fixes for brctl that were supposed to be in the previous
release but didn't make it some how.
You will need to recompile the kernel and bridge utils
if coming from 7.3x and you will need to recompile the
bridge utils if coming from 7.51
ADD_CONFIG CONNECTION x.x.x.x/y val port direction
The direction parameter is new to the 7.51 release.
A value of 0 indicates limit incoming connections to
host, a value of 1 indicates limit the total number of
outgoing connections from the host. For backward
compatibility you can leave the "direction" parameter
off and the connection limit will default to incoming.
"x.x.x.x" = is the host and y must be 32.
"val" = connections allowed before droping new
Setting the port to 0 will limit all connections
coming into this host.
Setting the port value will do the following, please
READ carefully. When the port value is set the number
of connections coming to/from the host on all ports
will be counted. When the number of connections on
ALL ports exceeds "val" new connections to the
specified "port" will be denied.
Connections are defined as any two IP addresses
talking to each other.
A new parameter RATIO has been added. This parameter
will allow the adminstrator to tell the arbitrator
(default rules) not to create any Penalties unti the
utilization on the trunk exceeds "RATIO". Ratio should
be set from 1 to 100. For example setting Ratio to 90
on 100kbs trunk will disable any arbitration of data
until the trunk utilization hits 90kbs. Ratio applies
to both TRUNK_UP and TRUNK_DOWN directions.
Added new utility getbrain2
This new utility will allow you to look at usage by
application. It will only show you the current active
usage for selected applications (BEARSHARE GNUTELLA
WINMX and so forth) You must turn on application shaping for
each individual application you wish to track. Be
careful not to turn on too many at one time unless
needed, shaping applications will tax your CPU
Also if you are just interested in tracking
application usage with this utility and not shaping
then set the percent value to 100 and nothing will get
Fixed typo/bug in start up routine
You can now start the arbitrator and tell it run in
double time, essentially what this means is that it
will do analysis on bandwdith usage twice a second
instead of once a second.
This version is meant for use in doing QOS type
activities where it is important to scale back hogs
more quickly. If you choose to use double time on the
standard arbitrator it is advised that you also scale
back the PENALTY_UNIT parameter as the combination of
a smaller PENALTY_UNIT and double time should give you
The trade-off with using double time, is that it will
use quite a bit more resources. Keep an eye on system
UPLINK and DOWNLINK limits by host
Default rules not staying off when they were supposed
to be off
Content Filtering is now fixed
Version 7.0 beta
In the 7.0 release the Arbitrator now makes all
default shaping decisions on UPLINK and DOWNLINK
In this release you must tell the Arbitrator the speed
of your TRUNK_UP and TRUNK_DOWN. Once this is in place
the Arbitrator now will penalize uplink and downlink
hogs based on the amount of traffic they use in a
specific direction. Prior to this release the
Arbitrator summed the traffic for a hog in both
directions and compared that sum to the bandwidth of
the bi-directional trunk. Many ISP's have different
speeds for UPLINK and DOWNLINK, so this new version
allows for better utilization of those resources.
This release also auto detects the direction of
traffic across the Arbitrator, there is no need for
any reference IP.
Also in this release we have added edonkey emule
shaping and a fix for bittorrent.
We have also disabled some of the lesser used features
in this release. These include:
1) The Compound Limit Feature
No plans to support this at this time.
2) Priority Host Feature
Priority Hosts feature was so specialized we have
created a seperate Arbiqos release in the GPL and a
professional product for QOS features.
3) We have disabled some of the command line time of
day scheduling capabilities.
We plan to use our embedded cron facility for more
robust scheduling. We will write a new front end for
this in the GUI tools, the current command line tool
does not allow for day of week or multiple intervals.
Fixed a typo in ADD_CONFIG which made adding
a mask impossible if you had version 6.3
Fixes for possible kernel panic conditions
MAC uplink and downlink commands now available
via REMOVE_CONFIG and ADD_CONFIG
The 6.3 version does require a kernel/modules and bridge utils recompile
Shape by MAC Address
Limit number of connections to a host
The 6.2 version does require a kernel/modules and bridge utils recompile
Fixes to clear up loop holes in application shaping
for Kazaa ,and Gnutella
It is recommended that you increase INACTIVE_TICS to
1500 when shaping p2p applications.
It is also the first release with connection limits by
host and port. With this feature you can reduce the
threat of denial service attacks. It won't prevent
them but it will keep your servers from getting
Connection limits are also useful to keep the number
of Gnutella connections down for a particular host.
Gnutella clients can create hundreds of download
connections when downloaing just a few files.
When upgrading to 6.0 you will have to recompile the
kernel and the bridge utils also.
/art/new2 was fixed to allow BRAIN_SIZE on initial
startup to take the correct value from arbdefault.
/art/new2 was revised so that arblog doesn't continue
to grow and grow. Now 30 mins will be stored and then
it will be saved out to an arblog.bak so you will not
ever have more than 60 mins worth of logging in those
Fixed a Content Filter problem that was created by
the changes in 5.52
5.53 will require a kernel compile.
Fixed a port tracking problem where the port was not
showing the correct port. This would not affect the
core program but reporting was not showing correctly
Fixed a negative value in the brain table that was
cosmetic for the most part
5.52 will require a kernel recompile
Fixed /art/new2 so that it did not complain about
the new kbs values it now sees when shaping by kbs.
Also a precedence problem in a compare statement
in /art/new2 was fixed.
You can now specify a SHAPE amount by kbs instead
of a percentage of the trunk size. Simply add kbs
after the number you want like 60000kbs
You can turn off the default shaping mode of Arbi
with a toggle in arbdefault.conf now.
/art/MODIFY_CONFIG was adding extra spaces to the
arbdefault.conf when modifying an APP and a couple
of regex were fixed so they didn't error when enabled
No compiling is necessary from 5.4
You do need to add the line that pertains to the
new config option in arbdefault.conf for the
default shaping to any older version of arbdefault.
conf you are wanting to keep.
Ports were not being updated in the brain if they
started the connection on one port and then switched
to a different port.
We have a fix coming for the UPLINK DOWNLINK
feature. It had some quirks.
We have a fix for application patterns,
when you stop the arbitrator and then restart it they
were not getting cleaned up correctly.
And lastly there was a problem with the IMAP
problem,it you set it, it causes the KERNEL to throw
errors to the log. Needless to say IMAP was not being
There were modifications to the kernel source so you will need to recompile
In this release the major enhancement is the ability
to limit a single user to a fixed amount of traffic
per an application .
To keep the user at 10.33.22.1 from using more than
50kbs for BEARSHARE you would do the following.
1) Assuming you have a 5mbs Trunk , you would do the
First Turn on APP SHAPING for BEARSHARE in general by
ADD_CONFIG APP BEARSHARE 100
Notice I set the BEARSHARE limit for the whole trunk
to 100 percent because I had no desire to limit
BEARSHARE trunk wide.
Now ADD in the specific host(s) you want to limit for
ADD_CONFIG HOST 10.33.22.1/32 COMPOUND BEARSHARE 1
And you are done.
To REMOVE this rule
REMOVE_CONFIG COMPOUND 10.33.22.1 BEARSHARE.
Caveats to this utility.
The 5.3 release does not support persistence, if you
reboot you must re-enter the rules (most users just
write a start-up script)
The 5.3 release does not support modify for these
"Compound" limits, you must remove and then add to
Also in 5.3 a fix to allow the increase of MAX_PENALTY.
Added the ability to limit bandwidth in the
UPLINK and DOWNLINK directions for the same IP or host
Smoothed out the shaping so fluctuations are not as drastic
Added two new patterns RDP and MSNMESSeNGEr
Only Changes from 5.1 are in the /art directory. No need
to recompile from 5.1
Added CONTENT_FILTER2 which is a commandline version of
CONTENT_FILTER which is interactive in nature.
/art/new2 was revised to fix a warning when used in Debian
which can be ignored but was annoying.
Use the new command CONTENT_FILTER to add filters to
/etc/arbdefault.conf, use ADD_CONFIG and REMOVE_CONFIG
to enable and disable the content filters.
You can increase the number of BUFFERS which
corresponds to the number of simultaneous penalties.
Prior to release 5.0 you had to use the lower level
brctl/setbuff command to increase buffers and the
change only took effect if you did a start/stop on the
Arbitrator (not good if you want your system to
recover on a reboot to its original configuration)
The new Parameter also show up in the BROWSE_CONFIG
5.0 will require a full recompile.
In this release, we have created three configuration
parameters to make it easy to set up an external IP
address to remotely contact the arbitrator in a "two
ethernet" card configuration.
They allow you to set an IP address for the bridge,
which is essentially just like setting up the normal IP
address on a host, except that with a bridge you have to do it
a bit differently. So the arbitrator start up routine
will do the IP set up for you if you set these
Use the standard MODIFY_CONFIG utility to set values
for these parameters. This will store these in arbdefault.conf
MODIFY_CONFIG, ADD_CONFIG, REMOVE_CONFIG and BROWSE_CONFIG
were all updated to work with the new values.
Some limits were upped in the bridge code as well.
The 4.63 version does require a kernel/modules and bridge utils recompile
LIMIT PERCENT UPLINK
This mode works just like LIMIT PERCENT but it is only
applied to the traffic coming from host/subnet. To
see the syntaxt of how to use the UPLINK LIMIT, run
the ADD_CONFIG command from the console without any
parameters, and it will display the usage syntax for
setting up this type of LIMIT.
LIMIT PERCENT DOWNLINK
Same as UPLINK but the opposite direction, limits
traffic going to the specified host/subnet.
Fixes and Features
1) Tightened the scope of WINMX application shaping
2) Fixed problem with only one application shaping
rule in effect at one time
3) Fixed a problem with the FTP pattern (typo from
last release broke FTP application shaping)
4) Added shaping for RSTP
5) Fixed problem with modifying MAX_PENALTY and
PENALTY_UNIT using MODIFY_CONFIG (fixes are in NEW2)
6) Made a fix in ADD_CONFIG , was having
trouble with the "+" sign in a regular expression.
This was needed for WINMX
The 4.61 version will require a rebuild of the kernel/modules and the bridge utils
/art/REMOVE_CONFIG - now you can remove MASK, SHAPE LIMIT, SHAPE PORT,
etc from the commandline without touching arbdefault.conf and without
manually restarting Arbi.
New APP shaping for WINMX
New kernel mods to support removing APPS (fixes that
bug where we ran out of space for APPS, keeps you from
putting the same app in the kernel twice on a restart
of the arbitrator)
The 4.6 version will require a rebuild of the kernel/modules
/art/ADD_CONFIG bugs fixed
/art/MODIFY_CONFIG typos fixed
/art/new2 bugs fixed
/etc/init.d/arbitrate bug fixed where start_it should have been killed
before new2 was killed upon a stop.
/art/ADD_CONFIG - add new configs to Arbi on the fly without restarting.
/art/BROWSE_CONFIG - the official way to look at your parameters.
/art/test_config4.5.sh - the official test configuration utility
Fixed all known typo's and/or bugs in files in /art already.
Those upgrading from 4.4 or 4.41 can just run ./install.sh and there
is no need to recompile the bridge-utils nor the kernel or modules this time.
All changes were done to done in /art (except for one line commented out in
a bridge-utils file but it is only cosmetic)
Fixed typo in /art/new2 and commented out the shaping that was left turned on in the /etc/arbdefault.conf.
/art/MODIFY_CONFIG Dynamically change your shaping parameters on the fly.
BROWSE_PARAMS - coming soon
lists out all parameters and their current settings or just the
named parameter of your choice
ADD_CONFIG - coming soon
lets you add a shaping rule or mask to a running system
REMOVE_CONFIG - coming soon
lets you remove an existing shaping rule or mask from a running system
Added Experimental app shaping for
Novell Core Protocol NCP
AOL AIM content
It also now supports a 0 percent shaping option,
there is footnote that this is not perfect for ftp
(note in the conf file), this 0 percent feature
should not be used as failsafe firewall for apps yet
as small bits of data do slip through.
Fixed a small bug in the new2 command.
Fixed the quirks in the pattern finding mechanism, now you can just brctl debug 2 any time.
Added application shaping for ftp , now we detect ftp when it port hops.
Added shaping for smtp
Added shaping for pressplay, musicmatch, live365
Experimental shaping for realplayer
Optimized the application shaper to be more efficient.
Added the changelog to the archive so you could see what version you had last by looking at this file.
New install.sh routine for install included.
New directory structure for the releases in the tar.gz format so you don't have to worry about where you untar the release any longer. Some people would have had problems if they did not see the Main How-to and instead of using a /scratch directory they untarred directly into their /usr/src. The new structure and naming is now safer.
Added more app shaping in default configs plus added new routine and how to for finding new apps on your own.