LARTC - Mar 2003 - [tcng] avoiding dsmark; help with nested classifiers

Hello all,

Pardon the long mail, I''ll accept flames if I have irritated anybody.
Here are three snippets of different ways to approach a tcng
configuration.  Unfortunately, I must not quite understand tcng syntax....

I could work around it, build a new kernel and so forth, but I''m
curious
about this behaviour of tcng.  It almost strikes me as "by-design" or
a
feature of the language--I''d just like to understand why this is
happening, and if there is a way I can solve my conundrum!

Intended goal:

  - support nested HTB classes; top level class to limit total bandwidth,
  - add internal classes to limit (and isolate) certain types of traffic.
  - use tcng; much more readable  (Thank goodness!)

Working example (simpler than reality...lab/test sort of thing) has all
filters attached to 1:0, and traffic is divided up roughly like this (see
example):

  - class 1:1 HTB ( rate = ceil = 1544k )
    - class 1:2 ( rate = 128k, ceil =  512k ), interactive traffic
    - class 1:3 ( rate = 512k, ceil = 1544k ), bulk (mail/web/scp)
    - class 1:4 ( rate = 128k, ceil =  768k ), default

If I use the tcng class selection path construct (see Example #1), I''ll
need support for dsmark in my kernel, and being a lazy admin, I''d
rather
work around this requirement....  This was not unexpected, since Werner
clearly outlined the requirement of dsmark support on this very list (if
not elsewhere):

   http://mailman.ds9a.nl/pipermail/lartc/2002q3/004504.html

If I put my classifiers in the internal classes (1:2, 1:3, 1:4) (see
Example #2), then the filters are attached to parent 1:1, which means that
they never get called.  This is intuitive given the syntax and structure
of the tcng language.

My clever workaround failed miserably, however, when I tried to select
all IP packets with TCP segments in class 1:1 the class closest to the
root (see Example #3).  I''m not sure what to make of this.

My questions:

  - How can I nest classes with filters without using dsmark?
  - Am I overlooking a very simple solution?
  - What section of the manual should I re-read?
  - Anybody have an example of nested HTB classes or CBQ classes
    without dsmark or class selection path?

Thanks in advance,

-Martin


# -- Example #1 class selection path; requires dsmark kernel support
#
#include "fields.tc"
#include "ports.tc"
#
dev eth0 {
    egress {
        class ( <$ssh> )  if tcp_sport == 22 || ip_tos_delay == 1 ;
        class ( <$bulk> ) if tcp_sport == 22 || tcp_dport == 80 ;
        class ( <$other> ) if 1 ;
        htb () {
            class ( rate 1544kbps, ceil 1544kbps ) {
                $ssh   = class ( rate 128kbps, ceil  512kbps ) ;
                $bulk  = class ( rate 512kbps, ceil 1544kbps ) ;
                $other = class ( rate 128kbps, ceil  768kbps ) ;
            }
        }
    }
}
#
# -- most output suppressed...; word wrapped/shell escaped for
#    readability
#
$ tcc lartc-example-1.tcc  | grep filter | head -4
tc filter add dev eth0 parent 2:0 protocol all \
  prio 1 tcindex mask 0x3 shift 0
tc filter add dev eth0 parent 2:0 protocol all \
  prio 1 handle 3 tcindex classid 2:4
tc filter add dev eth0 parent 2:0 protocol all \
  prio 1 handle 2 tcindex classid 2:3
tc filter add dev eth0 parent 2:0 protocol all \
  prio 1 handle 1 tcindex classid 2:2
# <-- more lines of "tc filter" would have been here -->



# -- Example #2; all tc filter commands attach to parent 1:1
#
#include "fields.tc"
#include "ports.tc"
#
dev eth0 {
  htb {
    class ( rate 1544kbps, ceil 1544kbps ) {
      class ( rate 128kbps, ceil 512kbps ) \
        if tcp_dport == 22 && ip_tos_delay == 1 { sfq ( perturb 10s ); }
      class ( rate 512kbps, ceil 1544kbps ) \
        if tcp_dport == 25 || tcp_dport == 80 { sfq ( perturb 10s ); }
      class ( rate 128kbps, ceil 768kbps ) { sfq ( perturb 10s ); }
    }
  }
}
#
# -- word wrapped/shell escaped for readability
#
$ tcc lartc-example-2.tcc | grep filter  | head -4
tc filter add dev eth0 parent 1:1 protocol all prio 1   \
  handle 1:0:0 u32 divisor 1
tc filter add dev eth0 parent 1:1 protocol all prio 1   \
  u32 match u8 0x6 0xff at 9 offset at 0 mask 0f00      \
  shift 6 eat link 1:0:0
tc filter add dev eth0 parent 1:1 protocol all prio 1   \
  handle 1:0:1 u32 ht 1:0:0 match u16 0x16 0xffff at 2  \
  match u8 0x10 0x10 at 1 classid 1:2
tc filter add dev eth0 parent 1:1 protocol all prio 1   \
  handle 2:0:0 u32 divisor 1


# -- Example #3; differs from #2 in line 3, "if ip_proto ==
IPPROTO_TCP"
#    only one tc filter command appears in output--filter command for
#    selecting IP packets with TCP segments
#
#include "fields.tc"
#include "ports.tc"
#
dev eth0 {
  htb {
    class ( rate 1544kbps, ceil 1544kbps ) if ip_proto == IPPROTO_TCP {
      class ( rate 128kbps, ceil 512kbps ) \
        if tcp_dport == 22 && ip_tos_delay == 1 { sfq ( perturb 10s ); }
      class ( rate 512kbps, ceil 1544kbps ) \
        if tcp_dport == 25 || tcp_dport == 80 { sfq ( perturb 10s ); }
      class ( rate 128kbps, ceil 768kbps ) { sfq ( perturb 10s ); }
    }
  }
}
#
# -- word wrapped/shell escaped for readability
#
$ tcc lartc-example-3.tcc | grep filter
tc filter add dev eth0 parent 1:0 protocol all prio 1 \
  u32 match u8 0x6 0xff at 9 classid 1:1


-- 
Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/