LARTC - Nov 2001 - Problem with CBQ & Fwmark

Hi I''m trying to use CBQ to limit the outgoing traffic from my
server. The server is colocated on a 10Mb lan, but only has a 64Kbit
bandwidth allocation.

I using kernel 2.4.14 and I am trying to set up a 64K bounded class,
with 4 unbounded-subclassess of 16, 32, 2 & 14K.

This is what I''m using:

iptables -t mangle -F PREROUTING

iptables -t mangle -N mark1
iptables -t mangle -F mark1
iptables -t mangle -A mark1 -j MARK --set-mark 1

iptables -t mangle -N mark2
iptables -t mangle -F mark2
iptables -t mangle -A mark2 -j MARK --set-mark 2

iptables -t mangle -N mark3
iptables -t mangle -F mark3
iptables -t mangle -A mark3 -j MARK --set-mark 3

iptables -t mangle -N mark4
iptables -t mangle -F mark4
iptables -t mangle -A mark4 -j MARK --set-mark 4

iptables -t mangle -N mark5
iptables -t mangle -F mark5
iptables -t mangle -A mark5 -j MARK --set-mark 5

# traffic classification
iptables -t mangle -A PREROUTING -p TCP --sport   20 -j mark1 # ftp-data
iptables -t mangle -A PREROUTING -p TCP --sport   21 -j mark2 # ftp
iptables -t mangle -A PREROUTING -p TCP --sport   25 -j mark5 # smtp-recv
iptables -t mangle -A PREROUTING -p TCP --dport   25 -j mark5 # smtp-send
iptables -t mangle -A PREROUTING -p TCP --sport   80 -j mark3 # http
iptables -t mangle -A PREROUTING -p TCP --sport  110 -j mark5 # pop3
iptables -t mangle -A PREROUTING -p TCP --sport  119 -j mark4 # news-server
iptables -t mangle -A PREROUTING -p TCP --dport  119 -j mark5 # newsfeed in.
iptables -t mangle -A PREROUTING -p TCP --sport 2401 -j mark5 # cvspserver
# Next line is highport traffic (mainly ftp-data again)
iptables -t mangle -A PREROUTING -p TCP --sport 1024:65535 --dport 1024:65535 -j
mark1
iptables -t mangle -A PREROUTING -p TCP -j mark5
iptables -t mangle -A PREROUTING -p UDP -j mark5
iptables -t mangle -A PREROUTING -p ICMP -j mark5
iptables -t mangle -A PREROUTING -j mark5

AVPKT=748

tc qdisc del dev eth0 root
tc qdisc add dev eth0 root handle 10: cbq bandwidth 10Mbit avpkt $AVPKT

## Setup Clases

tc class add dev eth0 parent 10:0 classid 10:1 cbq bandwidth 10Mbit rate \
   10Mbit allot 1514 weight 1Mbit prio 8 maxburst 20 avpkt $AVPKT

# 64kbit parent class 
tc class add dev eth0 parent 10:1 classid 10:200 cbq bandwidth 10Mbit rate \
   64Kbit allot 1514 weight 64Kbit prio 5 maxburst 20 avpkt $AVPKT \
   bounded

# 16kbit 
tc class add dev eth0 parent 10:200 classid 10:250 cbq bandwidth 10Mbit rate \
   16Kbit allot 1514 weight 16Kbit prio 5 maxburst 20 avpkt $AVPKT

# 32k 
tc class add dev eth0 parent 10:200 classid 10:251 cbq bandwidth 10Mbit rate \
   32Kbit allot 1514 weight 32Kbit prio 5 maxburst 20 avpkt $AVPKT

# 2k 
tc class add dev eth0 parent 10:200 classid 10:252 cbq bandwidth 10Mbit rate \
   2Kbit allot 1514 weight 2Kbit prio 5 maxburst 20 avpkt $AVPKT

# 14k
tc class add dev eth0 parent 10:200 classid 10:253 cbq bandwidth 10Mbit rate \
   14Kbit allot 1514 weight 14Kbit prio 5 maxburst 20 avpkt $AVPKT
# Setup queues
tc qdisc add dev eth0 parent 10:200 cbq bandwidth 64Kbit avpkt $AVPKT
tc qdisc add dev eth0 parent 10:250 sfq quantum 1514b perturb 15
tc qdisc add dev eth0 parent 10:251 sfq quantum 1514b perturb 15
tc qdisc add dev eth0 parent 10:252 sfq quantum 1514b perturb 15
tc qdisc add dev eth0 parent 10:253 sfq quantum 1514b perturb 15

# Setup filters

tc filter add dev eth0 protocol ip parent 10:0 prio 1 handle 4 fw classid 10:250
tc filter add dev eth0 protocol ip parent 10:0 prio 1 handle 3 fw classid 10:251
tc filter add dev eth0 protocol ip parent 10:0 prio 1 handle 2 fw classid 10:252
tc filter add dev eth0 protocol ip parent 10:0 prio 1 handle 1 fw classid 10:253

I get no errors when setting this up, but somehow my marked packets
are not making it into the queues.

# tc -s qdisc show
qdisc sfq 800f: dev eth0 quantum 1514b perturb 15sec
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0)

 qdisc sfq 800e: dev eth0 quantum 1514b perturb 15sec
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0)

 qdisc sfq 800d: dev eth0 quantum 1514b perturb 15sec
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0)

 qdisc sfq 800c: dev eth0 quantum 1514b perturb 15sec
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0)

 qdisc cbq 800b: dev eth0 rate 64Kbit (bounded,isolated) prio no-transmit
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
  borrowed 0 overactions 0 avgidle 74799 undertime 0

 qdisc cbq 10: dev eth0 rate 10Mbit (bounded,isolated) prio no-transmit
 Sent 5302106 bytes 7589 pkts (dropped 0, overlimits 0)
  borrowed 0 overactions 0 avgidle 466 undertime 0

What silly (or not so silly) mistake have I been making?

        - Thanks in advance, Robert Collier.

-- 
Robert Collier
rob@lspace.org