Hi! Thanks to LARTC I was able to set up this configuration: - ppp0 (adsl connection) to the internet - vpn0 connection to a remote router with a gre tunnel I''m doing shaping traffic out of ppp0 with HTB: Minimum delay (tos 0x10), icmp and ACK packets get maximun priority and all available bandwitdh, file sharing gets 3/10 of bandwidth (ceiil 9/10) and the rest 6/10 of bandwidth (ceil 9/10). I can get good result even with eavy loads. Now, I would very much like to know, if someone can help: 1. gre tunnel traffic is not shaped internally when it gets to ppp0, right? So if I want to shape it I need to use a qdisc for vpn0. 2. if 1 is correct, I need to set a txqueuelen for vpn0, otherwise I would not get any effect, right? (default is txqueuelen:0) 3. In order to set priority, in ppp0, for all tunnel traffic, I need to use a filter with the u32 selector? will somthing like ''match ip protocol 47'' be fine? 4. How can I set up a filter for shaping (in ppp0) encapsulated traffic? for istance, if I want ssh to vpn0 to have maximum priority either within the tunnel and also within the traffic passing trough ppp0, how can achivie that? I cannot find documentation on u32 that I can use to work that out... Thank you very much. Andrea _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Andrea Rossato wrote:> 4. How can I set up a filter for shaping (in ppp0) encapsulated traffic? > for istance, if I want ssh to vpn0 to have maximum priority either > within the tunnel and also within the traffic passing trough ppp0, how > can achivie that? I cannot find documentation on u32 that I can use to > work that out...I did it the hard way: dumped packets to find out... I post this with the hope tha it can be useful to others. I need to shape internally encapsulated traffic (a gre tunnel) in order to give interactivity maximum priority in my adsl uplink connection but treating bulk vpn traffic as usual bulk traffic. To achieve that I need to match encapsulated packets. Following you will find some tested examples that can help you understand how to do - I needed something like this last night. :) Question: I cannot match anything with nexthdr (neither assuming ip herders are 24 bytes long). Way? I''m using linux-2.4.20-rc4 and tc binary from htb3.6-020525 Regards, Andrea A gre encapsulated ip packet: |<20 bytes ip header>||<4 bytes gre header >||<20 bytes ip header>||<ip protocol header and the rest>| Matching exsamples: #match tos 0x10 Minimum Delay tc filter add dev ppp0 parent 1:0 prio 10 u32 \ match ip protocol 47 0xff \ match u16 0x10 00ff at 24 \ flowid 1:50 #match ICMP (ip protocol 1) tc filter add dev ppp0 parent 1:0 prio 10 u32 \ match ip protocol 47 0xff \ match u16 0x01 00ff at 32 \ flowid 1:50 #match dport 22 (ssh) tc filter add dev ppp0 parent 1:0 prio 10 u32 \ match ip protocol 47 0xff \ match u16 0x06 00ff at 32 \ # match ip protocol 6 (tcp) match u16 0x0016 ffff at 46 \ # match dport 22 (ssh) flowid 1:50 #match dest address tc filter add dev ppp0 parent 1:0 prio 10 u32 \ match ip protocol 47 0xff \ match u16 0x01 00ff at 32 \ # match ip protocol 1 (icmp) match u32 0xac100201 ffffffff at 40 \ # match ip addr 172.16.02.01 flowid 1:50 _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/