Shorewall users - Apr 2008 - Traffic Shaping

I have tried to follow the HOWTO''s as best I could to add some traffic 
shaping to my existing shorewall firewall/router.

What I am trying to achieve
Top priority to all voip traffic, regardless of sip, iax2 etc.
Higher priority for interactive traffic - ssh, http
General queue for everything else, but
A low priority queue for any ipp2p traffic

What I have achieved.....
Almost everything (99%) seems to be in the default queue, occasionally 
something shows up in the "Mark 2 queue"  Queue 1 and 4 are never
used.

I am running a 2.6.24 kernel, on a USparc1 using debian testing and I 
have attached a shorewall dump.

I have created the following tcrules, tcclasses, and tcdevices files.


tcrules
#MARK    SOURCE        DEST        PROTO    PORT(S)    CLIENT    USER 
  TEST
#                            PORT(S)
#VoIP
1       192.168.0.62    0.0.0.0/0       tcp    4569,5060,5061
1       192.168.0.62    0.0.0.0/0       tcp    -       4569,5060,5061
1       192.168.0.62    0.0.0.0/0       udp    4569,5060,5061
1       192.168.0.62    0.0.0.0/0       udp    -    4569,5060,5061
1       192.168.0.62    0.0.0.0/0       udp    10001:20000
1       192.168.0.62    0.0.0.0/0       udp    -    10001:20000


# Interactive traffic
2    0.0.0.0/0    0.0.0.0/0    tcp    22,26
2    0.0.0.0/0    0.0.0.0/0    tcp        22,26
2    0.0.0.0/0    0.0.0.0/0    tcp    -    80,8080,443
# General traffic
3       0.0.0.0/0       0.0.0.0/0    all

# P2P
RESTORE  0.0.0.0/0      0.0.0.0/0       all        -    -        -         0
CONTINUE 0.0.0.0/0      0.0.0.0/0       all        -    -        -    !0
4        0.0.0.0/0      0.0.0.0/0       ipp2p:all
SAVE     0.0.0.0/0      0.0.0.0/0       all        -    -        -    !0

tcdevices - note eth2 is my outside interface....
#INTERFACE    IN-BANDWITH    OUT-BANDWIDTH
eth2        14000kbit    800kbit
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

tcclasses
#INTERFACE    MARK    RATE    CEIL    PRIORITY    OPTIONS
eth2        1    full/2    full    1        tos-minimize-delay
eth2        2    full/2    full    2        tcp-ack,tos-maximize-reliability
eth2        3    full/3    full    3        default,tos-maximize-throughput
eth2        4    full/3    full    4
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE



Note:  Shorewall is running on a USparc 1 and when I ran shorewall dump, 
this error is also reported

/usr/share/shorewall/lib.cli: line 185:  5786 Bus error               tc 
-s filter ls dev $device


-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don''t miss this year''s exciting event. There''s still
time to save $100.
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone

Sean Whitney wrote:
> 
> I have created the following tcrules, tcclasses, and tcdevices files.
> 
The LAST MATCH decides the mark in tcrules, NOT THE FIRST MATCH! So it looks 
like the order of your tcrules is totally wrong.

-Tom


-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don''t miss this year''s exciting event. There''s still
time to save $100.
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone