First of all, hi !!!
And please be comprehensive for my poor english, cause I''m French and
French
do not speak very well foreign language :o).
So my problem :
I use -j MARK in mangle table to catch packets with tc filter and to put
them in one or another class, but this doesn''t work.
Here is the script I try to use to do QoS :
# This script try to give priority to small packets traffic
# This is due to always have good ping in online game, even if some
uploading are on.
UPLINK=124
UPLINK_OTHER=70
LAN_IFACE=eth1
EXT_IFACE=ppp0
# Mark all packets
$IPTABLES -t mangle -A PREROUTING -i $LAN_IFACE -m length --length 0:200 -j
MARK --set-mark 10
$IPTABLES -t mangle -A PREROUTING -i $LAN_IFACE -m length --length
200:400 -j MARK --set-mark 15
$IPTABLES -t mangle -A PREROUTING -i $LAN_IFACE -m length --length
400:800 -j MARK --set-mark 20
$IPTABLES -t mangle -A PREROUTING -i $LAN_IFACE -m length --length
800:1500 -j MARK --set-mark 25
$TC qdisc del dev $EXT_IFACE root 2> /dev/null > /dev/null
$TC qdisc del dev $EXT_IFACE ingress 2> /dev/null > /dev/null
$TC qdisc add dev $EXT_IFACE root handle 1: htb default 20
$TC class add dev $EXT_IFACE parent 1: classid 1:1 htb rate ${UPLINK}kbit
burst 6k
$TC class add dev $EXT_IFACE parent 1:1 classid 1:10 htb rate ${UPLINK}kbit
\
burst 6k prio 1
$TC class add dev $EXT_IFACE parent 1:1 classid 1:20 htb rate
${UPLINK_OTHER}kbit \
burst 6k prio 2
$TC qdisc add dev $EXT_IFACE parent 1:10 handle 10: sfq perturb 10
$TC qdisc add dev $EXT_IFACE parent 1:20 handle 20: sfq perturb 10
# The rules that''s didn''t work, and I don''t now why.
$TC filter add dev $EXT_IFACE parent 1: protocol ip prio 15 \
handle 10 fw classid 1:10
$TC filter add dev $EXT_IFACE parent 1: protocol ip prio 20 \
handle 15 fw classid 1:10
# End of rc.qos
I don''t now why this doesn''t work, because filter rules are
setting up, a
"tc filter show" gives :
filter parent 1: protocol ip pref 15 fw
filter parent 1: protocol ip pref 15 fw handle 0xa classid 1:10
filter parent 1: protocol ip pref 20 fw
filter parent 1: protocol ip pref 20 fw handle 0xf classid 1:10
But "tc class show" always gives :
class htb 1:1 root rate 124Kbit ceil 124Kbit burst 6Kb/8 mpu 0b cburst
1757b/8 mpu 0b level 7
Sent 205068 bytes 151 pkts (dropped 0, overlimits 0)
rate 2122bps 1pps
lended: 0 borrowed: 0 giants: 0
tokens: 217601 ctokens: -8773
class htb 1:10 parent 1:1 leaf 10: prio 1 quantum 1587 rate 124Kbit ceil
124Kbit burst 6Kb/8 mpu 0b cburst 1757b/8 mpu 0b level 0
Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
lended: 0 borrowed: 0 giants: 0
tokens: 317109 ctokens: 90735
class htb 1:20 parent 1:1 leaf 20: prio 2 quantum 1000 rate 70Kbit ceil
70Kbit burst 6Kb/8 mpu 0b cburst 1688b/8 mpu 0b level 0
Sent 205068 bytes 151 pkts (dropped 0, overlimits 0)
rate 2029bps 1pps
lended: 151 borrowed: 0 giants: 0
tokens: 385463 ctokens: -21851
This is always the default option that is used, it''s as if the filter
weren''t there.
And as this is my firts attempt to make something like this, I do not
necessaraly understand all the subtibility of tc rules (like u32 matches).
Ronan LAVIEC.
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Victor Cassar
2003-Jan-07 23:55 UTC
Re: Incomprehensive problem with tc filter & mangle...
Ronan: If you are bridging remember that traffic classfiers cant see the bridged traffic thats why all the traffic goes to the default queue there is no support for brdige + classifiers unless you apply the right patches Victor Cassar --- Ronan LAVIEC <ronan.laviec@club-internet.fr> wrote:> First of all, hi !!! > And please be comprehensive for my poor english, > cause I''m French and French > do not speak very well foreign language :o). > > So my problem : > > I use -j MARK in mangle table to catch packets with > tc filter and to put > them in one or another class, but this doesn''t work. > > Here is the script I try to use to do QoS : > > # This script try to give priority to small packets > traffic > # This is due to always have good ping in online > game, even if some > uploading are on. > > UPLINK=124 > UPLINK_OTHER=70 > > LAN_IFACE=eth1 > EXT_IFACE=ppp0 > > # Mark all packets > $IPTABLES -t mangle -A PREROUTING -i $LAN_IFACE -m > length --length 0:200 -j > MARK --set-mark 10 > $IPTABLES -t mangle -A PREROUTING -i $LAN_IFACE -m > length --length > 200:400 -j MARK --set-mark 15 > $IPTABLES -t mangle -A PREROUTING -i $LAN_IFACE -m > length --length > 400:800 -j MARK --set-mark 20 > $IPTABLES -t mangle -A PREROUTING -i $LAN_IFACE -m > length --length > 800:1500 -j MARK --set-mark 25 > > $TC qdisc del dev $EXT_IFACE root 2> /dev/null > > /dev/null > $TC qdisc del dev $EXT_IFACE ingress 2> /dev/null > > /dev/null > > $TC qdisc add dev $EXT_IFACE root handle 1: htb > default 20 > > $TC class add dev $EXT_IFACE parent 1: classid 1:1 > htb rate ${UPLINK}kbit > burst 6k > > $TC class add dev $EXT_IFACE parent 1:1 classid 1:10 > htb rate ${UPLINK}kbit > \ > burst 6k prio 1 > $TC class add dev $EXT_IFACE parent 1:1 classid 1:20 > htb rate > ${UPLINK_OTHER}kbit \ > burst 6k prio 2 > > $TC qdisc add dev $EXT_IFACE parent 1:10 handle 10: > sfq perturb 10 > $TC qdisc add dev $EXT_IFACE parent 1:20 handle 20: > sfq perturb 10 > > # The rules that''s didn''t work, and I don''t now why. > $TC filter add dev $EXT_IFACE parent 1: protocol ip > prio 15 \ > handle 10 fw classid 1:10 > $TC filter add dev $EXT_IFACE parent 1: protocol ip > prio 20 \ > handle 15 fw classid 1:10 > > # End of rc.qos > > I don''t now why this doesn''t work, because filter > rules are setting up, a > "tc filter show" gives : > > filter parent 1: protocol ip pref 15 fw > filter parent 1: protocol ip pref 15 fw handle 0xa > classid 1:10 > filter parent 1: protocol ip pref 20 fw > filter parent 1: protocol ip pref 20 fw handle 0xf > classid 1:10 > > But "tc class show" always gives : > > class htb 1:1 root rate 124Kbit ceil 124Kbit burst > 6Kb/8 mpu 0b cburst > 1757b/8 mpu 0b level 7 > Sent 205068 bytes 151 pkts (dropped 0, overlimits > 0) > rate 2122bps 1pps > lended: 0 borrowed: 0 giants: 0 > tokens: 217601 ctokens: -8773 > > class htb 1:10 parent 1:1 leaf 10: prio 1 quantum > 1587 rate 124Kbit ceil > 124Kbit burst 6Kb/8 mpu 0b cburst 1757b/8 mpu 0b > level 0 > Sent 0 bytes 0 pkts (dropped 0, overlimits 0) > lended: 0 borrowed: 0 giants: 0 > tokens: 317109 ctokens: 90735 > > class htb 1:20 parent 1:1 leaf 20: prio 2 quantum > 1000 rate 70Kbit ceil > 70Kbit burst 6Kb/8 mpu 0b cburst 1688b/8 mpu 0b > level 0 > Sent 205068 bytes 151 pkts (dropped 0, overlimits > 0) > rate 2029bps 1pps > lended: 151 borrowed: 0 giants: 0 > tokens: 385463 ctokens: -21851 > > This is always the default option that is used, it''s > as if the filter > weren''t there. > > And as this is my firts attempt to make something > like this, I do not > necessaraly understand all the subtibility of tc > rules (like u32 matches). > > Ronan LAVIEC. > > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO:http://lartc.org/ __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Stef > My mangle filter is working well, the problem is realy on tc filter rules. For example I have this now : 152K 6580K MARK all -- eth1 * 0.0.0.0/0 0.0.0.0/0 length 0:200 MARK set 0xa 1688 482K MARK all -- eth1 * 0.0.0.0/0 0.0.0.0/0 length 200:400 MARK set 0xf 23254 13M MARK all -- eth1 * 0.0.0.0/0 0.0.0.0/0 length 400:800 MARK set 0x14 169K 244M MARK all -- eth1 * 0.0.0.0/0 0.0.0.0/0 length 800:1500 MARK set 0x19 Victor > I''m not bridging anything, but I have compiled the option in the kernel... Do you think it is the source of my problem ?? So what is the patch your are talking to ? Oups, I forget to tell you about my config... I have a 2.4.20 kernel to use htb rules (not patching), with the last Iproute2 and the last htb3.6-020525 (for tc command). I set to true these options in my kernel : # # Networking options # CONFIG_PACKET=y CONFIG_PACKET_MMAP=y # CONFIG_NETLINK_DEV is not set CONFIG_NETFILTER=y CONFIG_NETFILTER_DEBUG=y CONFIG_FILTER=y CONFIG_UNIX=y CONFIG_INET=y CONFIG_IP_MULTICAST=y CONFIG_IP_ADVANCED_ROUTER=y CONFIG_IP_MULTIPLE_TABLES=y CONFIG_IP_ROUTE_FWMARK=y CONFIG_IP_ROUTE_NAT=y CONFIG_IP_ROUTE_MULTIPATH=y CONFIG_IP_ROUTE_TOS=y CONFIG_IP_ROUTE_VERBOSE=y CONFIG_IP_ROUTE_LARGE_TABLES=y # CONFIG_IP_PNP is not set CONFIG_NET_IPIP=y CONFIG_NET_IPGRE=y CONFIG_NET_IPGRE_BROADCAST=y CONFIG_IP_MROUTE=y CONFIG_IP_PIMSM_V1=y CONFIG_IP_PIMSM_V2=y CONFIG_INET_ECN=y CONFIG_SYN_COOKIES=y # # IP: Netfilter Configuration # CONFIG_IP_NF_CONNTRACK=y CONFIG_IP_NF_FTP=y CONFIG_IP_NF_IRC=y CONFIG_IP_NF_IPTABLES=y CONFIG_IP_NF_MATCH_LIMIT=y CONFIG_IP_NF_MATCH_MAC=y CONFIG_IP_NF_MATCH_PKTTYPE=y CONFIG_IP_NF_MATCH_MARK=y CONFIG_IP_NF_MATCH_MULTIPORT=y CONFIG_IP_NF_MATCH_TOS=y CONFIG_IP_NF_MATCH_ECN=y CONFIG_IP_NF_MATCH_DSCP=y CONFIG_IP_NF_MATCH_AH_ESP=y CONFIG_IP_NF_MATCH_LENGTH=y CONFIG_IP_NF_MATCH_TTL=y CONFIG_IP_NF_MATCH_TCPMSS=y CONFIG_IP_NF_MATCH_HELPER=y CONFIG_IP_NF_MATCH_STATE=y CONFIG_IP_NF_MATCH_CONNTRACK=y CONFIG_IP_NF_FILTER=y CONFIG_IP_NF_TARGET_REJECT=y CONFIG_IP_NF_NAT=y CONFIG_IP_NF_NAT_NEEDED=y CONFIG_IP_NF_TARGET_MASQUERADE=y CONFIG_IP_NF_TARGET_REDIRECT=y CONFIG_IP_NF_NAT_LOCAL=y CONFIG_IP_NF_NAT_IRC=y CONFIG_IP_NF_NAT_FTP=y CONFIG_IP_NF_MANGLE=y CONFIG_IP_NF_TARGET_TOS=y CONFIG_IP_NF_TARGET_ECN=y CONFIG_IP_NF_TARGET_DSCP=y CONFIG_IP_NF_TARGET_MARK=y CONFIG_IP_NF_TARGET_LOG=y CONFIG_IP_NF_TARGET_ULOG=y CONFIG_IP_NF_TARGET_TCPMSS=y CONFIG_IP_NF_ARPTABLES=y CONFIG_IP_NF_ARPFILTER=y # CONFIG_VLAN_8021Q is not set # CONFIG_IPX is not set # # QoS and/or fair queueing # CONFIG_NET_SCHED=y CONFIG_NET_SCH_CBQ=y CONFIG_NET_SCH_HTB=y CONFIG_NET_SCH_CSZ=y CONFIG_NET_SCH_PRIO=y CONFIG_NET_SCH_RED=y CONFIG_NET_SCH_SFQ=y CONFIG_NET_SCH_TEQL=y CONFIG_NET_SCH_TBF=y CONFIG_NET_SCH_GRED=y CONFIG_NET_SCH_DSMARK=y CONFIG_NET_SCH_INGRESS=y CONFIG_NET_QOS=y CONFIG_NET_ESTIMATOR=y CONFIG_NET_CLS=y CONFIG_NET_CLS_TCINDEX=y CONFIG_NET_CLS_ROUTE4=y CONFIG_NET_CLS_ROUTE=y CONFIG_NET_CLS_FW=y CONFIG_NET_CLS_U32=y CONFIG_NET_CLS_RSVP=y CONFIG_NET_CLS_RSVP6=y CONFIG_NET_CLS_POLICE=y I know that in my case not all is usefull, but as it is really new for me, I''ve prefered to select all to true to not forget anything. Is my wish responsible of my current problem ? Ronan. _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> # The rules that''s didn''t work, and I don''t now why. > $TC filter add dev $EXT_IFACE parent 1: protocol ip prio 15 \ > handle 10 fw classid 1:10 > $TC filter add dev $EXT_IFACE parent 1: protocol ip prio 20 \ > handle 15 fw classid 1:10I don''t think it''s an issue, but you can try it without a prio parameter? Stef -- stef.coene@docum.org "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.oftc.net _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
----- Original Message ----- From: "Stef Coene" <stef.coene@docum.org> To: "Ronan LAVIEC" <ronan.laviec@club-internet.fr>; <lartc@mailman.ds9a.nl> Sent: Wednesday, January 08, 2003 7:32 PM Subject: Re: [LARTC] Incomprehensive problem with tc filter & mangle...> > # The rules that''s didn''t work, and I don''t now why. > > $TC filter add dev $EXT_IFACE parent 1: protocol ip prio 15 \ > > handle 10 fw classid 1:10 > > $TC filter add dev $EXT_IFACE parent 1: protocol ip prio 20 \ > > handle 15 fw classid 1:10 > I don''t think it''s an issue, but you can try it without a prio parameter? > > Stef > > -- > > stef.coene@docum.org > "Using Linux as bandwidth manager" > http://www.docum.org/ > #lartc @ irc.oftc.net >It''s always the same thing... Only the default setting seems to work. From yesterday, I''ve tried with match ip src, and this also doesn''t work. ($TC filter add dev $EXT_IFACE parent 1: protocol ip prio 15 u32 match ip src $PREFERED_IP flowid 1:10) I''ve tried to use mangle mark to do the same thing, and as every time always the default setting seems to work. I''ve tried another thing : I used some rules from a script found here : http://www.linux-france.org/prj/inetdoc/i/net/guides/Advanced-routing-Howto/ Advanced-routing-Howto.v0.9-15.html#ss15.8 So I used : $TC filter add dev $EXT_IFACE parent 1:0 protocol ip prio 10 u32 \ match ip tos 0x10 0xff flowid 1:10 $TC filter add dev $EXT_IFACE parent 1:0 protocol ip prio 10 u32 \ match ip protocol 1 0xff flowid 1:10 $TC filter add dev $EXT_IFACE parent 1: protocol ip prio 10 u32 \ match ip protocol 6 0xff \ match u8 0x05 0x0f at 0 \ match u16 0x0000 0xffc0 at 2 \ match u8 0x10 0xff at 33 \ flowid 1:10 In addition to my own rules.... And these three rules work, not mine. I really understand anything. What''s wrong with my rules ? Ronan. _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> It''s always the same thing... > > Only the default setting seems to work. > > From yesterday, I''ve tried with match ip src, and this also doesn''t work. > ($TC filter add dev $EXT_IFACE parent 1: protocol ip prio 15 u32 match ip > src $PREFERED_IP flowid 1:10) > > I''ve tried to use mangle mark to do the same thing, and as every time > always the default setting seems to work. > > I''ve tried another thing : > I used some rules from a script found here : > http://www.linux-france.org/prj/inetdoc/i/net/guides/Advanced-routing-Howto >/ Advanced-routing-Howto.v0.9-15.html#ss15.8 > > So I used : > > $TC filter add dev $EXT_IFACE parent 1:0 protocol ip prio 10 u32 \ > match ip tos 0x10 0xff flowid 1:10 > $TC filter add dev $EXT_IFACE parent 1:0 protocol ip prio 10 u32 \ > match ip protocol 1 0xff flowid 1:10 > $TC filter add dev $EXT_IFACE parent 1: protocol ip prio 10 u32 \ > match ip protocol 6 0xff \ > match u8 0x05 0x0f at 0 \ > match u16 0x0000 0xffc0 at 2 \ > match u8 0x10 0xff at 33 \ > flowid 1:10 > > In addition to my own rules.... And these three rules work, not mine. > > I really understand anything. What''s wrong with my rules ?I have no idea. What if you try to change to working rules untill you have the match you want? Maybe you find the error if you test each change. Stef -- stef.coene@docum.org "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.oftc.net _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/