Subquestion #1
tc with all its qdiscs is perfect way to limit bandwidth, but is there any means in Linux to limit pps of outcoming packets?
Why i ask it.
Normally you think about only one resource - bandwidth (bytes per second), but when some app starts to generate tremendous amount of small packets (for instance http GET requests to different sites which contain relatively small amount of byres in it) then probably pps will be the resource.
Subquestion #2
So, I want to split all my traffic into two groups - group A with small pps and bandwidth (high priority), and group B with big pps and low priority. And then I want to limit summary (from both groups) outcoming pps, prioritizing packets from group A.
P.S. Of course I want to share common channel between these two groups. So I can not limit only B, because when A does not use channel at all, B must use 100% of it.
Is it possible? How?
Ok, here is decision to this problem. You can use iptables in such way
sudo iptables -I OUTPUT 1 -m owner --uid-owner debian-tor -j NFQUEUE --queue-num 1
sudo iptables -A OUTPUT -j NFQUEUE --queue-num 0
This will redirect all tor traffic to queue number 1, and all other traffic to queue number 0.
Next step is to write user-space app, which will read out packets from queues and issue verdicts - accept or drop.
Here is excellent description of how to build such app
And here is implementation of this app. Main part of whole app is in TScheduler::operator()
TVerdictAction Action;
if(QueueNum != TorClass) {
Action = TVerdictAction::Accept;
} else {
Action = CurrentRate > d->OverallRate ? TVerdictAction::Drop : TVerdictAction::Accept;
}