LARTC - Apr 2002 - filters order - are they ordered?

Hi.

  I have set up several htb classes, attached filters to them,
  and all seems to work right, but...

  It seems, that "fw" classifiers have "lower priority"
  in comparing with "u32" ones.

  So, in my current scenario it''s optimal (as I think now)
  to use both u32 and fw, but I wonder can I line-up my filters
  in any order I wish?

  Am I wrong somewhere?
  Where can I find more information on this?

-- 
 _,-=._              /|_/|       Where curiosity comes into play --
 `-.}   `=._,.-=-._.,  @ @._,         always foxes are there.
    `._ _,-.   )      _,.-''
       `    G.m-"^m`m''        Dmytro O. Redchuk

>   I have set up several htb classes, attached filters to them,
>   and all seems to work right, but...
>
>   It seems, that "fw" classifiers have "lower priority"
>   in comparing with "u32" ones.
mh.  I never noticed that.
>   So, in my current scenario it''s optimal (as I think now)
>   to use both u32 and fw, but I wonder can I line-up my filters
>   in any order I wish?
The prio parameters the order the filters are checked.

Stef

-- 

stef.coene@docum.org
 "Using Linux as bandwidth manager"
     http://www.docum.org/
     #lartc @ irc.openprojects.net

On Tue, 16 Apr 2002, Dmytro Redchuk wrote:
> Hi.
>
>   I have set up several htb classes, attached filters to them,
>   and all seems to work right, but...
>
>   It seems, that "fw" classifiers have "lower priority"
>   in comparing with "u32" ones.
>
>   So, in my current scenario it''s optimal (as I think now)
>   to use both u32 and fw, but I wonder can I line-up my filters
>   in any order I wish?
>
>   Am I wrong somewhere?
>   Where can I find more information on this?
Hmm

Try a tc filter show dev ethX and see their order (you will see order
<xxx> )

----------------------------
Mihai RUSU

Disclaimer: Any views or opinions presented within this e-mail are solely
those of the author and do not necessarily represent those of any company,
unless otherwise specifically stated.

> >   So, in my current scenario it''s optimal (as I think now)
 > >   to use both u32 and fw, but I wonder can I line-up my filters
 > >   in any order I wish?
 > The prio parameters the order the filters are checked.

So, I guess, I can set with "prio" and check "prefs" then?

Something is very strange for me ;-) - just take a look, please.

so.. (in more details, very sorry, if there is too much)

===========  MY "HTB INIT" SCRIPT  ==========#!/bin/bash
#
#

# addresses here, of course:
PARTNER=''blah_blah''

BIG_BOSS=''foo_foo''
FAT_ADMN=''moo_moo''

INTRANET=''192.168.100.0/24''
DMZ_NET=''bar_bar/29''

tc=/root/tc

tc_cadd="$tc class add dev eth0"

default=20

# add root qdisc:
$tc qdisc add dev eth0 root handle 1: htb default $default

# root class (whole eth0):
$tc_cadd parent 1: classid 1:1 htb rate 100Mbit ceil 100Mbit

# local traffic (almost whole eth0):
$tc_cadd parent 1:1 classid 1:$default htb rate 100Mbit ceil 100Mbit

# ppp bandwidth:
$tc_cadd parent 1:1 classid 1:10 htb rate 128kbit ceil 128kbit burst 12k
prio 0

  # add for BIG_BOSS and FAT_ADMN:
  $tc_cadd parent 1:10 classid 1:100 htb rate 20kbit ceil 128kbit burst
2k prio 0

    # for one of them:
    $tc_cadd parent 1:100 classid 1:210 htb rate 10kbit ceil 128kbit
burst 2k prio 0
    $tc qdisc add dev eth0 parent 1:210 handle 21: sfq perturb 10

    # for second one:
    $tc_cadd parent 1:100 classid 1:220 htb rate 10kbit ceil 128kbit
burst 2k prio 0
    $tc qdisc add dev eth0 parent 1:220 handle 22: sfq perturb 10


  # add for localnet and proxy:
  $tc_cadd parent 1:10 classid 1:300 htb rate 34kbit ceil 120kbit burst
2k prio 8
  $tc qdisc add dev eth0 parent 1:300 handle 30: sfq perturb 10

  # add for traffic to mail & pop:
  $tc_cadd parent 1:10 classid 1:400 htb rate 10kbit ceil 120kbit burst
2k prio 8
  $tc qdisc add dev eth0 parent 1:400 handle 40: sfq perturb 10

  # add for traffic from $PARTNER:
  $tc_cadd parent 1:10 classid 1:500 htb rate 64kbit ceil 128kbit burst
12k prio 0
  $tc qdisc add dev eth0 parent 1:500 handle 50: sfq perturb 10


#############################
## filters:
#############################

tc_fadd="$tc filter add dev eth0 protocol ip"

## from $PARTNER:
#
$tc_fadd parent 1:0 prio 0 u32 \
   match ip src $PARTNER match tcp src 80 0xffff flowid 1:500
$tc_fadd parent 1:0 prio 0 handle 8 fw flowid 1:500

## pass local traffic unshaped:
#
$tc_fadd parent 1:0 prio 1 u32 \
   match ip src $INTRANET match ip dst $INTRANET flowid 1:$default

$tc_fadd parent 1:0 prio 1 u32 \
   match ip src $DMZ_NET match ip dst $INTRANET flowid 1:$default

$tc_fadd parent 1:0 prio 1 u32 \
   match ip src $DMZ_NET match ip dst $DMZ_NET flowid 1:$default

$tc_fadd parent 1:0 prio 1 u32 \
   match ip src $INTRANET match ip dst $DMZ_NET flowid 1:$default

## admins:
#
$tc_fadd parent 1:0 prio 3 u32 \
    match ip dst $BIG_BOSS flowid 1:210

$tc_fadd parent 1:0 prio 3 u32 \
    match ip dst $FAT_ADMN flowid 1:220

## localnet masq''ed:
#

# one subnet:
$tc_fadd parent 1:0 prio 0 handle 4 fw flowid 1:300

# another one:
$tc_fadd parent 1:0 prio 0 handle 5 fw flowid 1:300

## from BAD to proxy server:
#
$tc_fadd parent 1:0 prio 0 handle 1 fw flowid 1:300

## from BAD to http & smtp & pop:
#
$tc_fadd parent 1:0 prio 0 handle 2 fw flowid 1:400
$tc_fadd parent 1:0 prio 0 handle 3 fw flowid 1:400

# END OF SCRIPT

===========  END OF MY "HTB INIT" SCRIPT  ==========
And, please, take a look at my filters.
(I changed addresses there for clarity;)

===========  tc filter show dev eth0  ==========
filter parent 1: protocol ip pref 1 u32 
filter parent 1: protocol ip pref 1 u32 fh 802: ht divisor 1 
filter parent 1: protocol ip pref 1 u32 fh 802::800 order 2048 key ht
802 bkt 0 flowid 1:210 
  match $BIG_BOSS at 16
filter parent 1: protocol ip pref 1 u32 fh 802::801 order 2049 key ht
802 bkt 0 flowid 1:220 
  match $FAT_ADMN at 16
filter parent 1: protocol ip pref 1 u32 fh 801: ht divisor 1 
filter parent 1: protocol ip pref 1 u32 fh 801::800 order 2048 key ht
801 bkt 0 flowid 1:20 
  match $INTRANET at 12
  match $INTRANET at 16
filter parent 1: protocol ip pref 1 u32 fh 801::801 order 2049 key ht
801 bkt 0 flowid 1:20 
  match $DMZ_NET at 12
  match $INTRANET at 16
filter parent 1: protocol ip pref 1 u32 fh 801::802 order 2050 key ht
801 bkt 0 flowid 1:20 
  match $DMZ_NET at 12
  match $DMZ_NET at 16
filter parent 1: protocol ip pref 1 u32 fh 801::803 order 2051 key ht
801 bkt 0 flowid 1:20 
  match $INTRANET at 12
  match $DMZ_NET at 16
filter parent 1: protocol ip pref 1 u32 fh 800: ht divisor 1 
filter parent 1: protocol ip pref 1 u32 fh 800::800 order 2048 key ht
800 bkt 0 flowid 1:500 
  match $PARTNER at 12
  match 00500000/ffff0000 at nexthdr+0
filter parent 1: protocol ip pref 3 u32 
filter parent 1: protocol ip pref 3 u32 fh 802: ht divisor 1 
filter parent 1: protocol ip pref 3 u32 fh 802::800 order 2048 key ht
802 bkt 0 flowid 1:210 
  match $BIG_BOSS at 16
filter parent 1: protocol ip pref 3 u32 fh 802::801 order 2049 key ht
802 bkt 0 flowid 1:220 
  match $FAT_ADMN at 16
filter parent 1: protocol ip pref 3 u32 fh 801: ht divisor 1 
filter parent 1: protocol ip pref 3 u32 fh 801::800 order 2048 key ht
801 bkt 0 flowid 1:20 
  match $INTRANET at 12
  match $INTRANET at 16
filter parent 1: protocol ip pref 3 u32 fh 801::801 order 2049 key ht
801 bkt 0 flowid 1:20 
  match $DMZ_NET at 12
  match $INTRANET at 16
filter parent 1: protocol ip pref 3 u32 fh 801::802 order 2050 key ht
801 bkt 0 flowid 1:20 
  match $DMZ_NET at 12
  match $DMZ_NET at 16
filter parent 1: protocol ip pref 3 u32 fh 801::803 order 2051 key ht
801 bkt 0 flowid 1:20 
  match $INTRANET at 12
  match $DMZ_NET at 16
filter parent 1: protocol ip pref 3 u32 fh 800: ht divisor 1 
filter parent 1: protocol ip pref 3 u32 fh 800::800 order 2048 key ht
800 bkt 0 flowid 1:500 
  match 3f4dd600/ffffff00 at 12
  match 00500000/ffff0000 at nexthdr+0
filter parent 1: protocol ip pref 49151 fw 
filter parent 1: protocol ip pref 49151 fw handle 0x3 classid 1:400 
filter parent 1: protocol ip pref 49151 fw 
filter parent 1: protocol ip pref 49151 fw handle 0x2 classid 1:400 
filter parent 1: protocol ip pref 49151 fw 
filter parent 1: protocol ip pref 49151 fw handle 0x1 classid 1:300 
filter parent 1: protocol ip pref 49151 fw 
filter parent 1: protocol ip pref 49151 fw handle 0x5 classid 1:300 
filter parent 1: protocol ip pref 49151 fw 
filter parent 1: protocol ip pref 49151 fw handle 0x4 classid 1:300 
filter parent 1: protocol ip pref 49151 fw 
filter parent 1: protocol ip pref 49151 fw handle 0x8 classid 1:500 
filter parent 1: protocol ip pref 49152 u32 
filter parent 1: protocol ip pref 49152 u32 fh 802: ht divisor 1 
filter parent 1: protocol ip pref 49152 u32 fh 802::800 order 2048 key
ht 802 bkt 0 flowid 1:210 
  match $BIG_BOSS at 16
filter parent 1: protocol ip pref 49152 u32 fh 802::801 order 2049 key
ht 802 bkt 0 flowid 1:220 
  match $FAT_ADMN at 16
filter parent 1: protocol ip pref 49152 u32 fh 801: ht divisor 1 
filter parent 1: protocol ip pref 49152 u32 fh 801::800 order 2048 key
ht 801 bkt 0 flowid 1:20 
  match $INTRANET at 12
  match $INTRANET at 16
filter parent 1: protocol ip pref 49152 u32 fh 801::801 order 2049 key
ht 801 bkt 0 flowid 1:20 
  match $DMZ_NET at 12
  match $INTRANET at 16
filter parent 1: protocol ip pref 49152 u32 fh 801::802 order 2050 key
ht 801 bkt 0 flowid 1:20 
  match $DMZ_NET at 12
  match $DMZ_NET at 16
filter parent 1: protocol ip pref 49152 u32 fh 801::803 order 2051 key
ht 801 bkt 0 flowid 1:20 
  match $INTRANET at 12
  match $DMZ_NET at 16
filter parent 1: protocol ip pref 49152 u32 fh 800: ht divisor 1 
filter parent 1: protocol ip pref 49152 u32 fh 800::800 order 2048 key
ht 800 bkt 0 flowid 1:500 
  match $PARTNER at 12
  match 00500000/ffff0000 at nexthdr+0

===========  END OF "tc filter show dev eth0"  ==========
So, I can see here my filters three times!
And their priorities slightly differs from specified.

I''m confused...

It works, except one thing. Filters order is not that I wish I had.

 > 
 > Stef

Thanks a lot.

 > 
 > -- 
 > 
 > stef.coene@docum.org
 >  "Using Linux as bandwidth manager"
 >      http://www.docum.org/
 >      #lartc @ irc.openprojects.net

-- 
 _,-=._              /|_/|       Where curiosity comes into play --
 `-.}   `=._,.-=-._.,  @ @._,         always foxes are there.
    `._ _,-.   )      _,.-''
       `    G.m-"^m`m''        Dmytro O. Redchuk