I guess holidays means idle time which means idle minds which leads to thumb twiddling which then leads to some work (which is sometimes useful) Ive updated the traffic control patches i posted about six months ago. Note, the current release does not break anything in tc. It is fully backward compatible so you can choose not to use it and things will work as they do today. Of course, it is very useful so you cant choose to ignore it! It''s now upgraded to better than "use at your own risk" category. tested on both uni and SMP 2.4.18 and 2.4.20. http://www.cyberus.ca/~hadi/patches/action/ Bug reports and feedback are appreaciated. A lot more goodies coming up, so this is just the tip. First steps are to prove sanity of the idea. cheers, jamal _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Ciprian Niculescu
2003-Jan-04 18:25 UTC
Re: [Linux Diffserv] ANNOUNCE: tc filter extensions
hello, if someone can develop a feature like -j LOG from iptables, for the tc filter for ex i have tc filter ...... match dport 80 0xffff flowid 1:1 i want to write to syslog the headers of the packets that matched this rule. C jamal wrote:> > I guess holidays means idle time which means idle minds which leads to > thumb twiddling which then leads to some work (which is sometimes useful) > > Ive updated the traffic control patches i posted about six months ago. > Note, the current release does not break anything in tc. It is fully > backward compatible so you can choose not to use it and things will work > as they do today. Of course, it is very useful so you cant choose to > ignore it! > > It''s now upgraded to better than "use at your own risk" category. > tested on both uni and SMP 2.4.18 and 2.4.20. > > http://www.cyberus.ca/~hadi/patches/action/ > > Bug reports and feedback are appreaciated. > A lot more goodies coming up, so this is just the tip. First steps are to > prove sanity of the idea. > > cheers, > jamal > > > ------------------------------------------------------- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > _______________________________________________ > Diffserv-general mailing list > Diffserv-general@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/diffserv-general
Yes, thats is a useful feature. Should be able to able use the iptables LOG; I am trying to avoid replicating things which already exist; it is very easy to replicate it. I''ll test iptables LOG sometimes today; if you beat me to it, let me know if it works. cheers, jamal On Sat, 4 Jan 2003, Ciprian Niculescu wrote:> hello, > > if someone can develop a feature like -j LOG from iptables, for the tc > filter > > for ex i have > > tc filter ...... match dport 80 0xffff flowid 1:1 > > i want to write to syslog the headers of the packets that matched this rule. > > C > > jamal wrote: > > > > I guess holidays means idle time which means idle minds which leads to > > thumb twiddling which then leads to some work (which is sometimes useful) > > > > Ive updated the traffic control patches i posted about six months ago. > > Note, the current release does not break anything in tc. It is fully > > backward compatible so you can choose not to use it and things will work > > as they do today. Of course, it is very useful so you cant choose to > > ignore it! > > > > It''s now upgraded to better than "use at your own risk" category. > > tested on both uni and SMP 2.4.18 and 2.4.20. > > > > http://www.cyberus.ca/~hadi/patches/action/ > > > > Bug reports and feedback are appreaciated. > > A lot more goodies coming up, so this is just the tip. First steps are to > > prove sanity of the idea. > > > > cheers, > > jamal > > > > > > ------------------------------------------------------- > > This sf.net email is sponsored by:ThinkGeek > > Welcome to geek heaven. > > http://thinkgeek.com/sf > > _______________________________________________ > > Diffserv-general mailing list > > Diffserv-general@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/diffserv-general > > > > > ------------------------------------------------------- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > _______________________________________________ > Diffserv-general mailing list > Diffserv-general@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/diffserv-general >_______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Ok, i tested basic stuff and it works. Not very useful example but should serve to illustrate things: Example below will log every packet with src ip 127.1.1.1/32 seen at ingres of dev lo every time it exceeds its allocated rate. the nfmark is also set to 2 every time the rate is exceeded. ---------- script ------- # tc qdisc add dev lo ingress # tc filter add dev lo parent ffff: protocol ip prio 1 u32 \ match ip src 127.1.1.1/32 \ action police mtu 5000 rate 2500kbit burst 90k pipe \ action ipt -j LOG --log-prefix "1:20 exceeded 2.5mbps" \ action ipt -j mark --set-mark 2 ----------------------------------------------- Now try to list what we installed ------------------ listing ---------------- jroot# tc filter show parent ffff: dev lo filter protocol ip pref 1 u32 filter protocol ip pref 1 u32 fh 800: ht divisor 1 filter protocol ip pref 1 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:20 action order 1: police 1 action pipe rate 2500Kbit burst 86153b mtu 5000b action order 2: tablename: mangle hook: NF_IP_PRE_ROUTING target LOG level warning prefix `1:20 exceded 2.5mbps'' index 1 action order 3: tablename: mangle hook: NF_IP_PRE_ROUTING target MARK set 0x2 index 2 match 7f010101/ffffffff at 12 ----------------------------- Of course this is a 5 minute test. cheers, jamal On Sat, 4 Jan 2003, jamal wrote:> > > Yes, thats is a useful feature. > Should be able to able use the iptables LOG; I am trying to avoid > replicating things which already exist; it is very easy to replicate it. > I''ll test iptables LOG sometimes today; if you beat me to it, let me know > if it works. > > cheers, > jamal > > On Sat, 4 Jan 2003, Ciprian Niculescu wrote: > > > hello, > > > > if someone can develop a feature like -j LOG from iptables, for the tc > > filter > > > > for ex i have > > > > tc filter ...... match dport 80 0xffff flowid 1:1 > > > > i want to write to syslog the headers of the packets that matched this rule. > > > > C > > > > jamal wrote: > > > > > > I guess holidays means idle time which means idle minds which leads to > > > thumb twiddling which then leads to some work (which is sometimes useful) > > > > > > Ive updated the traffic control patches i posted about six months ago. > > > Note, the current release does not break anything in tc. It is fully > > > backward compatible so you can choose not to use it and things will work > > > as they do today. Of course, it is very useful so you cant choose to > > > ignore it! > > > > > > It''s now upgraded to better than "use at your own risk" category. > > > tested on both uni and SMP 2.4.18 and 2.4.20. > > > > > > http://www.cyberus.ca/~hadi/patches/action/ > > > > > > Bug reports and feedback are appreaciated. > > > A lot more goodies coming up, so this is just the tip. First steps are to > > > prove sanity of the idea. > > > > > > cheers, > > > jamal > > > > > > > > > ------------------------------------------------------- > > > This sf.net email is sponsored by:ThinkGeek > > > Welcome to geek heaven. > > > http://thinkgeek.com/sf > > > _______________________________________________ > > > Diffserv-general mailing list > > > Diffserv-general@lists.sourceforge.net > > > https://lists.sourceforge.net/lists/listinfo/diffserv-general > > > > > > > > > > ------------------------------------------------------- > > This sf.net email is sponsored by:ThinkGeek > > Welcome to geek heaven. > > http://thinkgeek.com/sf > > _______________________________________________ > > Diffserv-general mailing list > > Diffserv-general@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/diffserv-general > > > > > ------------------------------------------------------- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > _______________________________________________ > Diffserv-general mailing list > Diffserv-general@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/diffserv-general >_______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
A small cutnpaste error below in the script On Sat, 4 Jan 2003, jamal wrote:> > Ok, i tested basic stuff and it works. Not very useful example but > should serve to illustrate things: > Example below will log every packet with src ip 127.1.1.1/32 seen at > ingres of dev lo every time it exceeds its allocated rate. the nfmark > is also set to 2 every time the rate is exceeded. > > ---------- script ------- > # > tc qdisc add dev lo ingress > # > tc filter add dev lo parent ffff: protocol ip prio 1 u32 \ > match ip src 127.1.1.1/32 \match ip src 127.1.1.1/32 flowid 1:20 \ Note: "flowid 1:20" was missing.> action police mtu 5000 rate 2500kbit burst 90k pipe \ > action ipt -j LOG --log-prefix "1:20 exceeded 2.5mbps" \ > action ipt -j mark --set-mark 2 > > ----------------------------------------------- > > Now try to list what we installed > > ------------------ listing ---------------- > jroot# tc filter show parent ffff: dev lo > filter protocol ip pref 1 u32 > filter protocol ip pref 1 u32 fh 800: ht divisor 1 > filter protocol ip pref 1 u32 fh 800::800 order 2048 key ht 800 bkt 0 > flowid 1:20 > > action order 1: police 1 action pipe rate 2500Kbit burst 86153b mtu 5000b > > action order 2: tablename: mangle hook: NF_IP_PRE_ROUTING > target LOG level warning prefix `1:20 exceded 2.5mbps'' index 1 > > action order 3: tablename: mangle hook: NF_IP_PRE_ROUTING > target MARK set 0x2 index 2 > > match 7f010101/ffffffff at 12 > > ----------------------------- > > Of course this is a 5 minute test. > > cheers, > jamal >