LARTC - Jun 2002 - Better filtering to a class

Adi Nugroho said:
> Dear all,
>
> I want to make a filter for all IRC-Dalnet traffic, so I want to put
> all  traffic for port 6660, 6661, 6662, 6663, 6664, 6665, 6666, 6667,
> 6668, 6669,  7000, 7001, 7002, and 8000 to a class. So, I create a TC
> script as below.
>
> I''m sure, it is not effective, and we can write it in simpler.
> I need help, how to make my script below are simpler.
> The simpler, the better.
One approach would be to use iptables/ipchains to mark your packets and then
select the tc class based on the fw mark. There some examples posted in the
archives of this list or you could look as my firewall script (on my site)
for an example.

Alex
www.bennee.com/~alex/

On Mon, 2002-06-17 at 22:31, Alex Bennee wrote:
> Adi Nugroho said:
> > Dear all,
> >
> > I want to make a filter for all IRC-Dalnet traffic, so I want to put
> > all  traffic for port 6660, 6661, 6662, 6663, 6664, 6665, 6666, 6667,
> > 6668, 6669,  7000, 7001, 7002, and 8000 to a class. So, I create a TC
> > script as below.
> >
> > I''m sure, it is not effective, and we can write it in
simpler.
> > I need help, how to make my script below are simpler.
> > The simpler, the better.
> 
> One approach would be to use iptables/ipchains to mark your packets and
then
> select the tc class based on the fw mark. There some examples posted in the
> archives of this list or you could look as my firewall script (on my site)
> for an example.
/sbin/tc qdisc add dev ppp0 root handle 1: htb default 60

    # add a rate limiting class underneath - this ensure we don''t send
    # packets to the dsl modem faster than its going to send them
    /sbin/tc class add dev ppp0 parent 1: classid 1:1 htb rate 250kbps
ceil 260kbps burst 6k

    #sub classes for each traffic type
    /sbin/tc class add dev ppp0 parent 1:1 classid 1:10 htb prio 1 rate
250kbps burst 6k
    /sbin/tc class add dev ppp0 parent 1:1 classid 1:20 htb prio 2 rate
250kbps burst 6k
    /sbin/tc class add dev ppp0 parent 1:1 classid 1:30 htb prio 3 rate
250kbps burst 6k
    /sbin/tc class add dev ppp0 parent 1:1 classid 1:40 htb prio 4 rate
250kbps burst 6k
    /sbin/tc class add dev ppp0 parent 1:1 classid 1:50 htb prio 5 rate
250kbps burst 6k
    /sbin/tc class add dev ppp0 parent 1:1 classid 1:60 htb prio 6 rate
250kbps burst 6k

anychance showing me an alternative to htb (and does the exactly the
samething using cbq..) ? unless its possible to use a stock 2.4.18
without the htb-patch...since hdd space isnt an option.

-- 
ph33r!
Linux mdew 2.4.19-pre10-xfs-aa2 #10 Mon Jun 17 11:06:06 NZST 2002 i686
unknown
GPG Key: http://mdew.orcon.net.nz/gpg

Dear all,

I want to make a filter for all IRC-Dalnet traffic, so I want to put all 
traffic for port 6660, 6661, 6662, 6663, 6664, 6665, 6666, 6667, 6668, 6669, 
7000, 7001, 7002, and 8000 to a class. So, I create a TC script as below.

I''m sure, it is not effective, and we can write it in simpler. 
I need help, how to make my script below are simpler.
The simpler, the better.

Thank you for your help.

-- 
Regards,

Adi Nugroho

Here is my script....

#   Down Stream
tc class add dev eth0 parent 1:1  classid 1:123  htb rate 12kbit burst 64k 
ceil 64kbit prio 3
tc class add dev eth0 parent 1:123 classid 1:1231 htb rate 1.2kbit burst 3.2k 
ceil 64kbit
tc class add dev eth0 parent 1:123 classid 1:1232 htb rate 2.4kbit burst 6.4k 
ceil 64kbit
tc class add dev eth0 parent 1:123 classid 1:1233 htb rate 8.4kbit burst 54.4k 
ceil 64kbit
tc qdisc add dev eth0 parent 1:1231 handle 1231: sfq perturb 5 quantum 1514
tc qdisc add dev eth0 parent 1:1232 handle 1232: sfq perturb 5 quantum 1514
tc qdisc add dev eth0 parent 1:1233 handle 1233: sfq perturb 5 quantum 1514
tc filter add dev eth0 protocol ip parent 1:0 prio 4 u32 match ip dst 
203.112.65.54 match ip sport 6660 0xffff flowid 1:1232
tc filter add dev eth0 protocol ip parent 1:0 prio 4 u32 match ip dst 
203.112.65.54 match ip sport 6661 0xffff flowid 1:1232
tc filter add dev eth0 protocol ip parent 1:0 prio 4 u32 match ip dst 
203.112.65.54 match ip sport 6662 0xffff flowid 1:1232
tc filter add dev eth0 protocol ip parent 1:0 prio 4 u32 match ip dst 
203.112.65.54 match ip sport 6663 0xffff flowid 1:1232
tc filter add dev eth0 protocol ip parent 1:0 prio 4 u32 match ip dst 
203.112.65.54 match ip sport 6664 0xffff flowid 1:1232
tc filter add dev eth0 protocol ip parent 1:0 prio 4 u32 match ip dst 
203.112.65.54 match ip sport 6665 0xffff flowid 1:1232
tc filter add dev eth0 protocol ip parent 1:0 prio 4 u32 match ip dst 
203.112.65.54 match ip sport 6666 0xffff flowid 1:1232
tc filter add dev eth0 protocol ip parent 1:0 prio 4 u32 match ip dst 
203.112.65.54 match ip sport 6667 0xffff flowid 1:1232
tc filter add dev eth0 protocol ip parent 1:0 prio 4 u32 match ip dst 
203.112.65.54 match ip sport 6668 0xffff flowid 1:1232
tc filter add dev eth0 protocol ip parent 1:0 prio 4 u32 match ip dst 
203.112.65.54 match ip sport 6669 0xffff flowid 1:1232
tc filter add dev eth0 protocol ip parent 1:0 prio 4 u32 match ip dst 
203.112.65.54 match ip sport 7000 0xffff flowid 1:1232
tc filter add dev eth0 protocol ip parent 1:0 prio 4 u32 match ip dst 
203.112.65.54 match ip sport 7001 0xffff flowid 1:1232
tc filter add dev eth0 protocol ip parent 1:0 prio 4 u32 match ip dst 
203.112.65.54 match ip sport 7002 0xffff flowid 1:1232
tc filter add dev eth0 protocol ip parent 1:0 prio 4 u32 match ip dst 
203.112.65.54 match ip sport 8000 0xffff flowid 1:1232
tc filter add dev eth0 protocol ip parent 1:0 prio 5 u32 match ip dst 
203.112.65.54 match ip protocol 6 0xff flowid 1:1231
tc filter add dev eth0 protocol ip parent 1:0 prio 6 u32 match ip dst 
203.112.65.54 flowid 1:1233

#    Up Stream
tc class add dev eth2 parent 1:1  classid 1:123  htb rate 4kbit burst 16k ceil 
64kbit prio 3
tc class add dev eth2 parent 1:123 classid 1:1231 htb rate 0.4kbit burst 0.8k 
ceil 64kbit
tc class add dev eth2 parent 1:123 classid 1:1232 htb rate 0.8kbit burst 1.6k 
ceil 64kbit
tc class add dev eth2 parent 1:123 classid 1:1233 htb rate 2.8kbit burst 13.6k 
ceil 64kbit
tc qdisc add dev eth2 parent 1:1231 handle 1231: sfq perturb 5 quantum 1514
tc qdisc add dev eth2 parent 1:1232 handle 1232: sfq perturb 5 quantum 1514
tc qdisc add dev eth2 parent 1:1233 handle 1233: sfq perturb 5 quantum 1514
tc filter add dev eth2 protocol ip parent 1:0 prio 4 u32 match ip dst 
203.112.65.54 match ip dport 6660 0xffff flowid 1:1232
tc filter add dev eth2 protocol ip parent 1:0 prio 4 u32 match ip dst 
203.112.65.54 match ip dport 6661 0xffff flowid 1:1232
tc filter add dev eth2 protocol ip parent 1:0 prio 4 u32 match ip dst 
203.112.65.54 match ip dport 6662 0xffff flowid 1:1232
tc filter add dev eth2 protocol ip parent 1:0 prio 4 u32 match ip dst 
203.112.65.54 match ip dport 6663 0xffff flowid 1:1232
tc filter add dev eth2 protocol ip parent 1:0 prio 4 u32 match ip dst 
203.112.65.54 match ip dport 6664 0xffff flowid 1:1232
tc filter add dev eth2 protocol ip parent 1:0 prio 4 u32 match ip dst 
203.112.65.54 match ip dport 6665 0xffff flowid 1:1232
tc filter add dev eth2 protocol ip parent 1:0 prio 4 u32 match ip dst 
203.112.65.54 match ip dport 6666 0xffff flowid 1:1232
tc filter add dev eth2 protocol ip parent 1:0 prio 4 u32 match ip dst 
203.112.65.54 match ip dport 6667 0xffff flowid 1:1232
tc filter add dev eth2 protocol ip parent 1:0 prio 4 u32 match ip dst 
203.112.65.54 match ip dport 6668 0xffff flowid 1:1232
tc filter add dev eth2 protocol ip parent 1:0 prio 4 u32 match ip dst 
203.112.65.54 match ip dport 6669 0xffff flowid 1:1232
tc filter add dev eth2 protocol ip parent 1:0 prio 4 u32 match ip dst 
203.112.65.54 match ip dport 7000 0xffff flowid 1:1232
tc filter add dev eth2 protocol ip parent 1:0 prio 4 u32 match ip dst 
203.112.65.54 match ip dport 7001 0xffff flowid 1:1232
tc filter add dev eth2 protocol ip parent 1:0 prio 4 u32 match ip dst 
203.112.65.54 match ip dport 7002 0xffff flowid 1:1232
tc filter add dev eth2 protocol ip parent 1:0 prio 4 u32 match ip dst 
203.112.65.54 match ip dport 8000 0xffff flowid 1:1232
tc filter add dev eth2 protocol ip parent 1:0 prio 5 u32 match ip src 
203.112.65.54 match ip protocol 6 0xff flowid 1:1231
tc filter add dev eth2 protocol ip parent 1:0 prio 6 u32 match ip src 
203.112.65.54 flowid 1:1233

Hello!

I have set up a htb qdisc:
# tc qdisc show dev eth1
qdisc htb 1: r2q 10 default 12 direct_packets_stat 0

with the following classes attached to it

#tc class show dev eth1     
class htb 1:11 parent 1:1 prio 0 rate 80Kbit ceil 800Kbit burst 1575b
cburst 1969b 
class htb 1:1 root rate 800Kbit ceil 800Kbit burst 1969b cburst 1969b 
class htb 1:10 parent 1:1 prio 0 rate 240Kbit ceil 800Kbit burst 1772b
cburst 1969b 
class htb 1:12 parent 1:1 prio 0 rate 480Kbit ceil 800Kbit burst 1181b
cburst 1969b 

When I try to attach filters to it i get the following answer:
# tc filter add dev eth1 protocol ip parent 1:0 prio 1 u32 match ip
dport 80 0xffff flowid 1:10
RTNETLINK answers: Invalid argument

What am I doing wrong?

I Would really appreciate your help.

Regards,

Gabriel Paues

> When I try to attach filters to it i get the following answer:
> # tc filter add dev eth1 protocol ip parent 1:0 prio 1 u32 match ip
> dport 80 0xffff flowid 1:10
> RTNETLINK answers: Invalid argument
>
> What am I doing wrong?
did you load/compile U32 classifier ?

Wohhaaa...

Thank you so much for pointing out the obvious...
Now it works.. 

Thanks!

Gabriel Paues

Martin Devera wrote:
> 
> > When I try to attach filters to it i get the following answer:
> > # tc filter add dev eth1 protocol ip parent 1:0 prio 1 u32 match ip
> > dport 80 0xffff flowid 1:10
> > RTNETLINK answers: Invalid argument
> >
> > What am I doing wrong?
> 
> did you load/compile U32 classifier ?

Hi,
> qdisc htb 1: r2q 10 default 12 direct_packets_stat 0
>
> with the following classes attached to it
>
> #tc class show dev eth1
> class htb 1:11 parent 1:1 prio 0 rate 80Kbit ceil 800Kbit burst 1575b
> cburst 1969b
> class htb 1:1 root rate 800Kbit ceil 800Kbit burst 1969b cburst 1969b
> class htb 1:10 parent 1:1 prio 0 rate 240Kbit ceil 800Kbit burst 1772b
> cburst 1969b
> class htb 1:12 parent 1:1 prio 0 rate 480Kbit ceil 800Kbit burst 1181b
> cburst 1969b
>
> When I try to attach filters to it i get the following answer:
> # tc filter add dev eth1 protocol ip parent 1:0 prio 1 u32 match ip
> dport 80 0xffff flowid 1:10
> RTNETLINK answers: Invalid argument
>
> What am I doing wrong?
My guess:

You try to attach the filter to the class 1:0. Try attaching it to the
defined root class 1:1, or even better to the subclasses 1:10, 1:11 or 1:12
(think this is what you want).

Greetings,
Bjoern

> > What am I doing wrong?
> 
> My guess:
(Foolish crap removed)

I mixed up flowid and parent, your syntax was correct, and I was wrong.

Greetings,
Bjoern