thr3ads.net - LARTC - Pakets marked but no shapeing is done [Oct 2003]

Dragoa Cinteza
2003-Oct-19 10:22 UTC
Pakets marked but no shapeing is done
<html><head>
<style>
body { FONT-FAMILY:'georgia' ; FONT-SIZE:12 ; }
</style>
</head>
<body align=>
Sorry
for the non-mime-encoded 8bit iso-8859-1 characters in the from header.
<br>
I resend this as an answer to the problem Harald Welte told me about.<br>
I hope it's ok  and goes to the maillist now.<br>
<br>
Hello lartc users,<br>
<br>
I mark pakets (by MAC and IP), works on my lan except for 1 single host.
<br>
This host is able to fuck-up the entire network because not a single bit of
<br>
his traffic is shaped. this way when he is downloading there is no more
<br>
internet in the entire LAN.<br>
<br>
<br>
Here is what I get:<br>
<br>
~ # iptables -L -n -v <br>
Chain INPUT (policy DROP 129 packets, 18244 bytes) <br>
pkts bytes target prot opt in out source destination <br>
121K 89M ipac~o all -- * * 0.0.0.0/0 0.0.0.0/0 <br>
0 0 PSCAN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x3F <br>
0 0 PSCAN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00 <br>
2106
103K tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x16/0x02 limit: avg 10/sec burst
5 <br>
121K 89M CUSTOMINPUT all -- * * 0.0.0.0/0 0.0.0.0/0 <br>
117K 88M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
<br>
215 7951 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 <br>
21 1260 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 <br>
671 40197 ACCEPT all -- eth0 * 192.168.1.1 0.0.0.0/0 MAC 00:02:44:67:30:30
<br>
54 4471 ACCEPT all -- eth0 * 192.168.1.2 0.0.0.0/0 MAC 00:02:44:67:30:5E
<br>
1417 87806 ACCEPT all -- eth0 * 192.168.1.3 0.0.0.0/0 MAC 00:02:44:59:71:40
<br>
734 56195 ACCEPT all -- eth0 * 192.168.1.4 0.0.0.0/0 MAC 00:D0:09:D5:6B:12
<br>
394 28308 ACCEPT all -- eth0 * 192.168.1.5 0.0.0.0/0 MAC 00:50:FC:9D:7A:5B
<br>
0 0 ACCEPT all -- eth0 * 192.168.1.6 0.0.0.0/0 MAC 00:80:5F:8F:C2:48 <br>
109 11947 ACCEPT all -- eth0 * 192.168.1.7 0.0.0.0/0 MAC 00:06:4F:05:FB:16
<br>
0 0 ACCEPT all -- ipsec+ * 0.0.0.0/0 0.0.0.0/0 <br>
129 18244 RED all -- * * 0.0.0.0/0 0.0.0.0/0 <br>
129 18244 XTACCESS all -- * * 0.0.0.0/0 0.0.0.0/0 <br>
113
16529 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/min burst 5 LOG flags 0
level 4 prefix `INPUT ' <br>
<br>
Chain FORWARD (policy DROP 0 packets, 0 bytes) <br>
pkts bytes target prot opt in out source destination <br>
198K 62M ipac~fi all -- * * 0.0.0.0/0 0.0.0.0/0 <br>
198K 62M ipac~fo all -- * * 0.0.0.0/0 0.0.0.0/0 <br>
0 0 PSCAN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x3F <br>
0 0 PSCAN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00 <br>
198K 62M CUSTOMFORWARD all -- * * 0.0.0.0/0 0.0.0.0/0 <br>
190K 61M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
<br>
0 0 ACCEPT all -- eth0 * 192.168.1.1 0.0.0.0/0 MAC 00:02:44:67:30:30 <br>
1 48 ACCEPT all -- eth0 * 192.168.1.2 0.0.0.0/0 MAC 00:02:44:67:30:5E <br>
429 54514 ACCEPT all -- eth0 * 192.168.1.3 0.0.0.0/0 MAC 00:02:44:59:71:40
<br>
6831 832K ACCEPT all -- eth0 * 192.168.1.4 0.0.0.0/0 MAC 00:D0:09:D5:6B:12
<br>
478 28669 ACCEPT all -- eth0 * 192.168.1.5 0.0.0.0/0 MAC 00:50:FC:9D:7A:5B
<br>
0 0 ACCEPT tcp -- eth1 * 0.0.0.0/0 192.168.1.5 tcp dpt:19995 <br>
0 0 ACCEPT tcp -- eth1 * 0.0.0.0/0 192.168.1.5 tcp dpt:19995 <br>
0 0 ACCEPT all -- eth0 * 192.168.1.6 0.0.0.0/0 MAC 00:80:5F:8F:C2:48 <br>
72 5774 ACCEPT all -- eth0 * 192.168.1.7 0.0.0.0/0 MAC 00:06:4F:05:FB:16
<br>
0 0 ACCEPT all -- ipsec+ * 0.0.0.0/0 0.0.0.0/0 <br>
0 0 PORTFWACCESS all -- * * 0.0.0.0/0 0.0.0.0/0 <br>
0 0 DMZHOLES all -- * eth0 0.0.0.0/0 0.0.0.0/0 <br>
0
0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/min burst 5 LOG flags 0 level
4 prefix `OUTPUT ' <br>
<br>
Chain OUTPUT (policy ACCEPT 141K packets, 85M bytes) <br>
pkts bytes target prot opt in out source destination <br>
141K 85M ipac~i all -- * * 0.0.0.0/0 0.0.0.0/0 <br>
<br>
Chain CUSTOMFORWARD (1 references) <br>
pkts bytes target prot opt in out source destination <br>
<br>
The
bad host is 192.168. 1.1. As you can see his pakets are marked, but then the
shapeing is not done at all.<br>
<br>
~ # tc -d -s class show dev eth1 <br>
class
htb 10:10 root rate 125Kbit ceil 125Kbit burst 40Kb/8 mpu 0b cburst 1759b/8 mpu
0b level 7 <br>
Sent 45405999 bytes 110084 pkts (dropped 0, overlimits 0) <br>
rate 90bps 1pps <br>
lended: 35284 borrowed: 0 giants: 0 <br>
tokens: 2086912 ctokens: 79872 <br>
<br>
class
htb 10:1 parent 10:10 prio 2 quantum 1500 rate 18Kbit ceil 125Kbit burst 40Kb/8
mpu 0b cburst 1759b/8 mpu 0b level 0 <br>
Sent 0 bytes 0 pkts (dropped 0, overlimits 0) <br>
lended: 0 borrowed: 0 giants: 0 <br>
tokens: 14563554 ctokens: 90112 <br>
<br>
class
htb 10:2 parent 10:10 prio 2 quantum 1500 rate 18Kbit ceil 125Kbit burst 40Kb/8
mpu 0b cburst 1759b/8 mpu 0b level 0 <br>
Sent 0 bytes 0 pkts (dropped 0, overlimits 0) <br>
lended: 0 borrowed: 0 giants: 0 <br>
tokens: 14563554 ctokens: 90112 <br>
<br>
class
htb 10:3 parent 10:10 prio 2 quantum 1500 rate 18Kbit ceil 125Kbit burst 40Kb/8
mpu 0b cburst 1759b/8 mpu 0b level 0 <br>
Sent 446562 bytes 6804 pkts (dropped 0, overlimits 0) <br>
rate 5bps <br>
lended: 6804 borrowed: 0 giants: 0 <br>
tokens: 14344532 ctokens: 58573 <br>
<br>
class
htb 10:4 parent 10:10 prio 2 quantum 1500 rate 18Kbit ceil 125Kbit burst 40Kb/8
mpu 0b cburst 1759b/8 mpu 0b level 0 <br>
Sent 44734592 bytes 102026 pkts (dropped 0, overlimits 0) <br>
rate 37bps <br>
lended: 66742 borrowed: 35284 giants: 0 <br>
tokens: 14518044 ctokens: 83560 <br>
<br>
class
htb 10:5 parent 10:10 prio 2 quantum 1500 rate 20Kbit ceil 125Kbit burst 40Kb/8
mpu 0b cburst 1759b/8 mpu 0b level 0 <br>
Sent 216317 bytes 1153 pkts (dropped 0, overlimits 0) <br>
rate 60bps <br>
lended: 1153 borrowed: 0 giants: 0 <br>
tokens: 12304384 ctokens: 79872 <br>
<br>
class
htb 10:6 parent 10:10 prio 2 quantum 1500 rate 18Kbit ceil 125Kbit burst 40Kb/8
mpu 0b cburst 1759b/8 mpu 0b level 0 <br>
Sent 0 bytes 0 pkts (dropped 0, overlimits 0) <br>
lended: 0 borrowed: 0 giants: 0 <br>
tokens: 14563554 ctokens: 90112 <br>
<br>
class
htb 10:7 parent 10:10 prio 2 quantum 1500 rate 18Kbit ceil 125Kbit burst 40Kb/8
mpu 0b cburst 1759b/8 mpu 0b level 0 <br>
Sent 8528 bytes 101 pkts (dropped 0, overlimits 0) <br>
lended: 101 borrowed: 0 giants: 0 <br>
tokens: 14546488 ctokens: 87655 <br>
<br>
And this is the version I use<br>
kernel HTB init, kernel part version 3.10 </body></html>