Hi I one wants to optimize some ipchains/iptables filtering rules usually does "hashes" by creating users chains and transforming the search from a linear one to a btree like one. For CBQ filters one possibility is using hashmask along with u32 devisor and ht parameter for filters. Is the "link" parameter (used to specify the "major" number of a hash) only for devisor created hashes ? Im trying to emultate the "user chains" from firewall into CBQ filters (the fwmark wouldnt do couse even the search in firewall would be a btree, the search for a fwmark would be linear and wouldnt scale well for many classes). Im using this test commands: /sbin/tc qdisc del dev eth0 root /sbin/tc qdisc add dev eth0 root handle 1: cbq bandwidth 100Mbit allot 1514 avpkt 1000 cell 8 /sbin/tc class add dev eth0 parent 1: classid 1:1 cbq bandwidth 100Mbit rate 100Mbit avpkt 1000 prio 8 allot 1514 weight 1 maxburst 21 /sbin/tc class add dev eth0 parent 1:1 classid 1:10 estimator 1sec 8sec cbq bandwidth 100Mbit rate 16kbit avpkt 1000 prio 5 allot 1514 weight 1 maxburst 21 bounded /sbin/tc class add dev eth0 parent 1:1 classid 1:20 estimator 1sec 8sec cbq bandwidth 100Mbit rate 128kbit avpkt 1000 prio 5 allot 1514 weight 1 maxburst 21 bounded /sbin/tc qdisc add dev eth0 parent 1:10 pfifo limit 131 /sbin/tc qdisc add dev eth0 parent 1:20 pfifo limit 131 The above lines just create 2 cbq classes on eth0 and atach a pfifo qdisc on the leaf classes. /sbin/tc filter add dev eth0 parent 1:0 prio 5 protocol ip u32 match ip dst 213.157.165.0/24 link 2: RTNETLINK answers: Invalid argument This is because "link" can ONLY be used with "devisor" created tables ? Thanks ---------------------------- Mihai RUSU Disclaimer: Any views or opinions presented within this e-mail are solely those of the author and do not necessarily represent those of any company, unless otherwise specifically stated.
On Wed, Mar 06, 2002 at 03:43:45PM +0200, Mihai RUSU wrote:> Is the "link" parameter (used to specify the "major" number of a hash) > only for devisor created hashes ?I really have no clue. At one point I understood hashing filters but since then it appears I''ve swapped them out again. Also, it looks like almost nobody is a real hash expert, with the exception of Alexey, who wrote the stuff. Regards, bert -- http://www.PowerDNS.com Versatile DNS Software & Services http://www.tk the dot in .tk http://lartc.org Linux Advanced Routing & Traffic Control HOWTO
On Thu, 7 Mar 2002, bert hubert wrote:> I really have no clue. At one point I understood hashing filters but since > then it appears I''ve swapped them out again. > > Also, it looks like almost nobody is a real hash expert, with the exception > of Alexey, who wrote the stuff. >Hi Every test I made didnt worked. For now I''ll just say that the link parameter for a u32 classifier can only point to devisor hash table handles (created with tc filter protocol ip handle <id> u32 devisor <X>). If you want to includ also a more general example you can use my setup. I made a test setup where I used 2 hashes in a tree configuration. This I think can be interesting for other people too, who by just reading the FAQ cant tell for sure if its possible to make a hash and to be able to add filters in the hash that they are hashes to... :) We (my employer) will use this hashes in a production enviroment and this will make a perfect test for the hashes. If I encounter other howto related problems Ill post here. Also I dont find anything in the HOWTO about the "offset" and "shift" parameters for u32 classifiers. Do you know what they do ? ---------------------------- Mihai RUSU Disclaimer: Any views or opinions presented within this e-mail are solely those of the author and do not necessarily represent those of any company, unless otherwise specifically stated.