Hi, When i do ''wshaper start'' the interface i have defined stops routing traffic for some reason. It resumes routing when i do ''wshaper stop''. I''m using debian stable (3.0 woody) with debian''s default 2.4.18-686 kernel. When I run the script I get no errors, and when I do a ''status'', everything looks correct. Can ANYONE please give me a little insight as to what to do? I have the variables set as follows: DOWNLINK=1450 UPLINK=180 DEV=eth0 The machine is a NAT machine. I''m using shorewall to handle the NAT stuff for me. But even with shorewall disabled, wshaper still fails. Thank you for your help. -Rob _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Hi, So, I''ve isolated the problem to this piece of code from the script: ########## downlink ############# # slow downloads down to somewhat less than the real speed to prevent # queuing at our ISP. Tune to see how high you can set it. # ISPs tend to have *huge* queues to make sure big downloads are fast # # attach ingress policer: tc qdisc add dev $DEV handle ffff: ingress # filter *everything* to it (0.0.0.0/0), drop everything that''s # coming in too fast: == HERE =tc filter add dev $DEV parent ffff: protocol ip prio 50 u32 match ip src \ 0.0.0.0/0 police rate ${DOWNLINK}kbit burst 10k drop flowid :1 ========= and I really have no idea why this would cause the interface to drop all packets (that''s what it seems to be doing). Anyone have any ideas?? BTW, wondershaper script is at: http://lartc.org/wondershaper/ Thanks, Rob On Mon, 28 Oct 2002 13:43:35 -0500 Rob <rob00si@fastmail.fm> wrote:> Hi, > > When i do ''wshaper start'' the interface i have defined stops routing > traffic for some reason. It resumes routing when i do ''wshaper stop''. > > I''m using debian stable (3.0 woody) with debian''s default 2.4.18-686 > kernel. > > When I run the script I get no errors, and when I do a ''status'', > everything looks correct. > > Can ANYONE please give me a little insight as to what to do? > > I have the variables set as follows: > > DOWNLINK=1450 > UPLINK=180 > DEV=eth0 > > The machine is a NAT machine. I''m using shorewall to handle the NAT > stuff for me. But even with shorewall disabled, wshaper still fails. > > Thank you for your help. > > -Rob_______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
--On Wednesday, October 30, 2002 4:35 PM -0500 Rob <rob00si@fastmail.fm> wrote:> tc filter add dev $DEV parent ffff: protocol ip prio 50 u32 match ip src \ > 0.0.0.0/0 police rate ${DOWNLINK}kbit burst 10k drop flowid :1What''s the value of $DEV and $DOWNLINK at this point? _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Hi, <snip from script> DOWNLINK=1450 UPLINK=180 DEV=eth0 </script> for some reason it seems to be droping all the packets... pings/http/ssh/etc... Do you know if I need to do any sort of Packet Mangling (ie. number the packets)? I''m going to include the wondershaper script below: ========================================================================== #!/bin/bash # Wonder Shaper # please read the README before filling out these values # # Set the following values to somewhat less than your actual download # and uplink speed. In kilobits. Also set the device that is to be shaped. DOWNLINK=1450 UPLINK=180 DEV=eth0 # low priority OUTGOING traffic - you can leave this blank if you want # low priority source netmasks NOPRIOHOSTSRC=80 # low priority destination netmasks NOPRIOHOSTDST # low priority source ports NOPRIOPORTSRC # low priority destination ports NOPRIOPORTDST # Now remove the following two lines :-) echo Please read the documentation in ''README'' first :-\) exit ######################################################### if [ "$1" = "status" ] then tc -s qdisc ls dev $DEV tc -s class ls dev $DEV exit fi # clean existing down- and uplink qdiscs, hide errors tc qdisc del dev $DEV root 2> /dev/null > /dev/null tc qdisc del dev $DEV ingress 2> /dev/null > /dev/null if [ "$1" = "stop" ] then exit fi ###### uplink # install root CBQ tc qdisc add dev $DEV root handle 1: cbq avpkt 1000 bandwidth 10mbit # shape everything at $UPLINK speed - this prevents huge queues in your # DSL modem which destroy latency: # main class tc class add dev $DEV parent 1: classid 1:1 cbq rate ${UPLINK}kbit \ allot 1500 prio 5 bounded isolated # high prio class 1:10: tc class add dev $DEV parent 1:1 classid 1:10 cbq rate ${UPLINK}kbit \ allot 1600 prio 1 avpkt 1000 # bulk and default class 1:20 - gets slightly less traffic, # and a lower priority: tc class add dev $DEV parent 1:1 classid 1:20 cbq rate $[9*$UPLINK/10]kbit \ allot 1600 prio 2 avpkt 1000 # ''traffic we hate'' tc class add dev $DEV parent 1:1 classid 1:30 cbq rate $[8*$UPLINK/10]kbit \ allot 1600 prio 2 avpkt 1000 # all get Stochastic Fairness: tc qdisc add dev $DEV parent 1:10 handle 10: sfq perturb 10 tc qdisc add dev $DEV parent 1:20 handle 20: sfq perturb 10 tc qdisc add dev $DEV parent 1:30 handle 30: sfq perturb 10 # start filters # TOS Minimum Delay (ssh, NOT scp) in 1:10: tc filter add dev $DEV parent 1:0 protocol ip prio 10 u32 \ match ip tos 0x10 0xff flowid 1:10 # ICMP (ip protocol 1) in the interactive class 1:10 so we # can do measurements & impress our friends: tc filter add dev $DEV parent 1:0 protocol ip prio 11 u32 \ match ip protocol 1 0xff flowid 1:10 # prioritize small packets (<64 bytes) tc filter add dev $DEV parent 1: protocol ip prio 12 u32 \ match ip protocol 6 0xff \ match u8 0x05 0x0f at 0 \ match u16 0x0000 0xffc0 at 2 \ flowid 1:10 # some traffic however suffers a worse fate for a in $NOPRIOPORTDST do tc filter add dev $DEV parent 1: protocol ip prio 14 u32 \ match ip dport $a 0xffff flowid 1:30 done for a in $NOPRIOPORTSRC do tc filter add dev $DEV parent 1: protocol ip prio 15 u32 \ match ip sport $a 0xffff flowid 1:30 done for a in $NOPRIOHOSTSRC do tc filter add dev $DEV parent 1: protocol ip prio 16 u32 \ match ip src $a flowid 1:30 done for a in $NOPRIOHOSTDST do tc filter add dev $DEV parent 1: protocol ip prio 17 u32 \ match ip dst $a flowid 1:30 done # rest is ''non-interactive'' ie ''bulk'' and ends up in 1:20 tc filter add dev $DEV parent 1: protocol ip prio 18 u32 \ match ip dst 0.0.0.0/0 flowid 1:20 ########## downlink ############# # slow downloads down to somewhat less than the real speed to prevent # queuing at our ISP. Tune to see how high you can set it. # ISPs tend to have *huge* queues to make sure big downloads are fast # # attach ingress policer: tc qdisc add dev $DEV handle ffff: ingress # filter *everything* to it (0.0.0.0/0), drop everything that''s # coming in too fast: tc filter add dev $DEV parent ffff: protocol ip prio 50 u32 match ip src \ 0.0.0.0/0 police rate ${DOWNLINK}kbit burst 10k drop flowid :1 ==========================================================================On Wed, 30 Oct 2002 15:27:31 -0800 Kenneth Porter <shiva@sewingwitch.com> wrote:> --On Wednesday, October 30, 2002 4:35 PM -0500 Rob <rob00si@fastmail.fm> > wrote: > > > tc filter add dev $DEV parent ffff: protocol ip prio 50 u32 match ip src \ > > 0.0.0.0/0 police rate ${DOWNLINK}kbit burst 10k drop flowid :1 > > What''s the value of $DEV and $DOWNLINK at this point?_______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
--On Wednesday, October 30, 2002 10:07 PM -0500 Rob <rob00si@fastmail.fm> wrote:># low priority OUTGOING traffic - you can leave this blank if you want ># low priority source netmasks > NOPRIOHOSTSRC=80BTW, this looks like a bug in the script. The 80 should be the value for NOPRIOPORTSRC. (But this shouldn''t kill the connection.) You might try throwing a "set -x" at the top of the script to expand and echo commands before they execute, to see what''s really getting issued. _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Hi, Ok, here is the output of the script w/ the ''-x'' + DOWNLINK=1450 + UPLINK=180 + DEV=eth0 + NOPRIOHOSTSRC=80 + NOPRIOHOSTDST+ NOPRIOPORTSRC+ NOPRIOPORTDST+ ''['' start = status '']'' + tc qdisc del dev eth0 root + tc qdisc del dev eth0 ingress + ''['' start = stop '']'' + tc qdisc add dev eth0 root handle 1: cbq avpkt 1000 bandwidth 10mbit + tc class add dev eth0 parent 1: classid 1:1 cbq rate 180kbit allot 1500 prio 5 bounded isolated + tc class add dev eth0 parent 1:1 classid 1:10 cbq rate 180kbit allot 1600 prio 1 avpkt 1000 + tc class add dev eth0 parent 1:1 classid 1:20 cbq rate 162kbit allot 1600 prio 2 avpkt 1000 + tc class add dev eth0 parent 1:1 classid 1:30 cbq rate 144kbit allot 1600 prio 2 avpkt 1000 + tc qdisc add dev eth0 parent 1:10 handle 10: sfq perturb 10 + tc qdisc add dev eth0 parent 1:20 handle 20: sfq perturb 10 + tc qdisc add dev eth0 parent 1:30 handle 30: sfq perturb 10 + tc filter add dev eth0 parent 1:0 protocol ip prio 10 u32 match ip tos 0x10 0xff flowid 1:10 + tc filter add dev eth0 parent 1:0 protocol ip prio 11 u32 match ip protocol 1 0xff flowid 1:10 + tc filter add dev eth0 parent 1: protocol ip prio 12 u32 match ip protocol 6 0xff match u8 0x05 0x0f at 0 match u16 0x0000 0xffc0 at 2 flowid 1:10 + tc filter add dev eth0 parent 1: protocol ip prio 16 u32 match ip src 80 flowid 1:30 + tc filter add dev eth0 parent 1: protocol ip prio 18 u32 match ip dst 0.0.0.0/0 flowid 1:20 + tc qdisc add dev eth0 handle ffff: ingress + tc filter add dev eth0 parent ffff: protocol ip prio 50 u32 match ip src 0.0.0.0/0 police rate 1450kbit burst 10k drop flowid :1 =============================================================== Do you see anything obvious? The commands that kill the connection in the last one... seems to drop all pacets instead of being selective... *sigh* Anyway, thanks for ANY help you can give :) -Rob On Wed, 30 Oct 2002 19:34:30 -0800 Kenneth Porter <shiva@sewingwitch.com> wrote:> --On Wednesday, October 30, 2002 10:07 PM -0500 Rob <rob00si@fastmail.fm> > wrote: > > ># low priority OUTGOING traffic - you can leave this blank if you want > ># low priority source netmasks > > NOPRIOHOSTSRC=80 > > BTW, this looks like a bug in the script. The 80 should be the value for > NOPRIOPORTSRC. (But this shouldn''t kill the connection.) > > You might try throwing a "set -x" at the top of the script to expand and > echo commands before they execute, to see what''s really getting issued. > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/_______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
--On Wednesday, October 30, 2002 11:46 PM -0500 Rob <rob00si@fastmail.fm> wrote:> + tc qdisc add dev eth0 handle ffff: ingress > + tc filter add dev eth0 parent ffff: protocol ip prio 50 u32 match ip > src 0.0.0.0/0 police rate 1450kbit burst 10k drop flowid :1That looks reasonable. I''ve been using this on 3 systems now and haven''t seen this. Two are Red Hat 7.2 and one is Red Hat 8, so I''m puzzled why it''s hanging up for you. I''d suggest commenting out the last line of wshaper and then manually issuing the tc filter, tinkering with the parameters to see if you can narrow down what about it is failing. _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/