LARTC - Sep 2005 - htb + tc filter

Hi everybody,
i am new to this list so dont blame me if i will talk about nothing..
At this moment i am experimenting with htb + tc u32 filters , the 
problem is that
i want some traffic to be unshaped so i did this..

tc qdisc add dev eth0 root handle 10: htb default 20
tc class add dev eth0 parent 10: classid 10:2  htb rate 256Kbit

THIS IS TRAFFIC I WANT NOT TO BE SHAPED
tc filter add dev eth0 parent 10: protocol ip prio 1 u32 \
   match ip sport 8764 0xffff match ip dst 213.151.70.42 match ip src 
213.151.64.80 flowid 10:1
tc filter add dev eth0 parent 10: protocol ip prio 1 u32 \
   match ip sport 123 0xffff match ip dst 212.24.132.2 match ip src 
213.151.64.80 flowid 10:1
EVERYTHING ELSE TO CLASS 10:2
tc filter add dev eth0 parent 10: protocol ip prio 1 u32  match ip dst 
0.0.0.0/0 flowid 10:2

the last filter should pass all traffic whitch dont pass the filters to 
class 10:2 but this is not the case.
If i do some network bandwidth testing with netperf to other host then  
stated the traffic is still unshaped.
Have some idea what i have wrong?
thanks

Jorge Sanchez

On Wednesday 28 September 2005 15:30, choros wrote:
> the last filter should pass all traffic whitch dont pass the filters to
> class 10:2 but this is not the case.
I''m not sure the order you add filters is actually the order filters
are
traversed... so why not use the prio parameter to make sure that your 
catchall comes last?

A completely different approach would be to just put the traffic you
don''t
want to be shaped into a HTB class as well, by putting a fat class on top,
like this:

HTB Qdisc
|
\--- HTB root class (100mbit)
     |
     \--- HTB internet class (256kbit)
     \--- HTB lan class (100mbit minus 256kbit)

(I''m actually using a value lower than 100mbit though - due to overhead
and
other issues, in a 100mbit network you can never actually reach the full 
100mbit speed).

That way, I get packets that come from the internet and go to the LAN 
shaped down to 256kbit, while internal lan traffic (e.g. router is also a 
fileserver for the local network) can go by unaffected.

By the way, if you let this internal lan traffic go by completely unshaped, 
chances are that load gets so high it will even choke the internet 
connection. So even if the packets are allowed to go fast, it''s a good 
idea to shape them in order of guaranteeing a 256kbit or whatever channel 
for internet.

HTH
Andreas Klauer

Hi,
thanks for replay, i will include the whole script..
iptables -t mangle -F  2>/dev/null
iptables -t mangle -X  2>/dev/null
iptables -t mangle -N markov
iptables -t mangle -I PREROUTING -j markov
iptables -t mangle -N markov2
iptables -t mangle -I POSTROUTING -j markov2

unalias a
unalias s
unalias d
echo ''clear; tc -s class sh dev eth0 | grep p''> /usr/bin/a
echo ''clear; tc -s class sh dev eth1 | grep p''> /usr/bin/s
echo ''clear; tc -s class sh dev eth2 | grep p''> /usr/bin/d
chmod +x /usr/bin/a /usr/bin/s /usr/bin/d
alias s0=''clear; tc -s class sh dev eth0 | grep p''
alias s1=''clear; tc -s class sh dev eth1 | grep p''
alias s2=''clear; tc -s class sh dev eth2 | grep p''
alias s3=''clear; tc -s class sh dev eth3 | grep p''
alias z=''clear; tc -s class sh dev ''


tc qdisc del dev eth0 root >/dev/null 2>&1
tc qdisc del dev eth1 root >/dev/null 2>&1

# whole interface eth0 - 1024 kbps

tc qdisc add dev eth0 root handle 10: htb default 20
tc class add dev eth0 parent 10: classid 10:2 \
 htb rate 1024Kbit

tc filter add dev eth0 parent 10: protocol ip prio 1 u32 \
         match ip dst 0.0.0.0/0 flowid 10:2

# outgoing class for eth1 - 1024 kbps
tc class add dev eth0 parent 10:2 classid 10:21 \
htb rate 1024Kbit

# mark for it
tc filter add dev eth0 parent 10:2 protocol ip prio 1 \
handle 1 fw classid 10:21

echo eth0 ''-->'' from eth1 total 1024 kbps, weight 102,

tc qdisc add dev eth0 parent 10:21 sfq perturb 15
echo eth0 ''-->'' 1024 kbps total

# whole interface eth1 - 1024 kbps

tc qdisc add dev eth1 root handle 11: htb default 20
tc class add dev eth1 parent 11: classid 11:2 \
 htb rate 1024Kbit


tc filter add dev eth1 parent 11: protocol ip prio 1 u32 \
         match ip dst 0.0.0.0/0 flowid 11:2
tc qdisc add dev eth1 parent 11:2 sfq perturb 15
iptables -t mangle -A markov -i eth1 -j MARK --set-mark 1
echo eth1 ''-->'' 1024 kbps total


Jorge



Andreas Klauer wrote:
>On Wednesday 28 September 2005 15:30, choros wrote:
>  
>
>>the last filter should pass all traffic whitch dont pass the filters to
>>class 10:2 but this is not the case.
>>    
>>
>
>I''m not sure the order you add filters is actually the order
filters are
>traversed... so why not use the prio parameter to make sure that your 
>catchall comes last?
>
>A completely different approach would be to just put the traffic you
don''t
>want to be shaped into a HTB class as well, by putting a fat class on top,
>like this:
>
>HTB Qdisc
>|
>\--- HTB root class (100mbit)
>     |
>     \--- HTB internet class (256kbit)
>     \--- HTB lan class (100mbit minus 256kbit)
>
>(I''m actually using a value lower than 100mbit though - due to
overhead and
>other issues, in a 100mbit network you can never actually reach the full 
>100mbit speed).
>
>That way, I get packets that come from the internet and go to the LAN 
>shaped down to 256kbit, while internal lan traffic (e.g. router is also a 
>fileserver for the local network) can go by unaffected.
>
>By the way, if you let this internal lan traffic go by completely unshaped, 
>chances are that load gets so high it will even choke the internet 
>connection. So even if the packets are allowed to go fast, it''s a
good
>idea to shape them in order of guaranteeing a 256kbit or whatever channel 
>for internet.
>
>HTH
>Andreas Klauer
>_______________________________________________
>LARTC mailing list
>LARTC@mailman.ds9a.nl
>http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
>  
>


_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc