Hi I''ve searched the archive for a solution where I want to limit/shape WLAN users. I only know''s their MAC, because they get their IP from dhcp.> Why not, just use negative offsets with U32 to access >the 14-byte eth frame header before the IP header: > >Decimal Ofs Description >----------------------------------- >-14: DST MAC, 6 bytes >-8: SRC MAC, 6 bytes >-2: Eth PROTO, 2 bytes, eg. ETH_P_IP >0: Protocol header (IP Header) >Is the above true? If so, can you give me an example with MAC address 00:04:e2:5f:eb:e4. And, is it possible to shape so everyone gets 256kbit each? Thx, Joachim
>I''ve searched the archive for a solution where I want to limit/shape >WLAN users. I only know''s their MAC, because they get their IP from dhcp.Get their IP addresses from arp. _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Joachim,
(Beautiful name, by the way....)
: I''ve searched the archive for a solution where I want to limit/shape
: WLAN users. I only know''s their MAC, because they get their IP from
: dhcp.
:
: > Why not, just use negative offsets with U32 to access
: >the 14-byte eth frame header before the IP header:
: >
: >Decimal Ofs Description
: >-----------------------------------
: >-14: DST MAC, 6 bytes
: >-8: SRC MAC, 6 bytes
: >-2: Eth PROTO, 2 bytes, eg. ETH_P_IP
: >0: Protocol header (IP Header)
I think this came from some mails of about 6 or 8 months ago on the LARTC
list, no? I recognize the content....
http://mailman.ds9a.nl/pipermail/lartc/2002q4/006552.html
http://mailman.ds9a.nl/pipermail/lartc/2003q1/006663.html
Note that Julian has expressed twice before that this is a bit of a
hackish method of identifying and classifying packets, and in his second
posting suggests a method to classify directly using "protocol arp".
http://mailman.ds9a.nl/pipermail/lartc/2003q1/006739.html
http://mailman.ds9a.nl/pipermail/lartc/2003q1/006740.html
I haven''t tried it, so have no idea how it might work. Maybe one of
the
gurus on this list will be able to tell you how to use the tc/u32 syntax
to classify your frames.
I think David Boreham''s conclusion might be a bit easier for you
though,
if you really want to try to match on destination ethernet addresses. You
could use the ARP table ("ip neigh show" or "arp -n") to get
the
information you need, and then mark packets based on source. I''d think
a
hashing filter would allow you to put each source IP in a different class.
Now, on the other hand, if you have a DHCP pool of known size already, why
not just create a single class for each of the available IPs in that DHCP
pool. You can have a parent class which has a ceil of the total bandwidth
you want to allow to this DHCP pool. Then each user will get 256kbit
bandwidth until you have so many users in your DHCP pool that they start
fighting over the bandwidth. At that point, HTB, will still give you fair
distribution of the bandwidth, and you don''t have to mess with link
layer
addressing and tc at all.
DHCP-IP-0 256kbit class --+----- total DHCP pool bandwidth
DHCP-IP-1 256kbit class --+
DHCP-IP-2 256kbit class --+
... .
DHCP-IP-n 256kbit class --+
Just a thought.
: Is the above true? If so, can you give me an example with MAC address
: 00:04:e2:5f:eb:e4.
:
: And, is it possible to shape so everyone gets 256kbit each?
Yes, indeed....if you have that much bandwidth in your lunch pail.
-Martin
--
Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
I would have thought that you could use ebtables or the bridge-nf firewall code to do firewall marking, then use tc to filter on firewall mark as usual. Have a look at <http://ebtables.sourceforge.net/> Alternatively, use ARP as suggested before, though you will have to rerun it every time their IP changes. Andrew :From: "Joachim Wickman" <jwickman@tawi.fi> :To: <lartc@mailman.ds9a.nl> :Date: Thu, 12 Jun 2003 21:03:43 +0300 :Subject: [LARTC] HTB and TC on MAC addresses :This is a multi-part message in MIME format. :------=_NextPart_000_0048_01C33126.1B78DD90 :I''ve searched the archive for a solution where I want to limit/shape :WLAN users. I only know''s their MAC, because they get their IP from :dhcp.> Why not, just use negative offsets with U32 to access >the 14-byte eth frame header before the IP header: > >Decimal Ofs Description >----------------------------------- >-14: DST MAC, 6 bytes >-8: SRC MAC, 6 bytes >-2: Eth PROTO, 2 bytes, eg. ETH_P_IP >0: Protocol header (IP Header) >:Is the above true? If so, can you give me an example with MAC address :00:04:e2:5f:eb:e4. :And, is it possible to shape so everyone gets 256kbit each? _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Stef, Can cbq/htb support classes for 1000> clients concurrently??. Trevor On Mon, 2003-06-16 at 13:20, Stef Coene wrote:> On Monday 16 June 2003 09:29, Joachim Wickman wrote: > > Thanks for the answer. > > > > How many classes can HTB take? > > I use 4-6 interfaces / computer and 2 pools / interface which is has 62 > > addresses each. > > So there would be about 512 classes if I make one for each address. > No problem for htb. But it also depends on how many active classes you will > have at the same time and the filters you use. > > > > I think this came from some mails of about 6 or 8 months ago on the LARTC > > > list, no? I recognize the content.... > > Yes. > > I did get it to work in one direction. =) > > And iptables -j mark in the other direction. > > But your idea of one class / ip is something I''m thinking of to make now. > > So I don''t need to fill in the MAC or IP when a new client comes to town. > So not all classes will be actvive? For performance considerations, only the > active classes are important. > > > Stef-- ( >- GNU/LINUX, It''s all about CHOICE -< ) /~\ __ trevor@clovertechnologies.com __ /~\ | \) / Pre Sales Consultant - Red Hat \ (/ | |_|_ \ 9820349221(M) | 22881326(O) / _|_| \___________________________________/ _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Thanks for the answer. How many classes can HTB take? I use 4-6 interfaces / computer and 2 pools / interface which is has 62 addresses each. So there would be about 512 classes if I make one for each address.> I think this came from some mails of about 6 or 8 months ago on the LARTC > list, no? I recognize the content....Yes. I did get it to work in one direction. =) And iptables -j mark in the other direction. But your idea of one class / ip is something I''m thinking of to make now. So I don''t need to fill in the MAC or IP when a new client comes to town. I''m also having a problem with DHCP that it won''t put "known" members in the right pool, but maybe ask that in the dhcp maillist. // Joachim _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On Monday 16 June 2003 09:29, Joachim Wickman wrote:> Thanks for the answer. > > How many classes can HTB take? > I use 4-6 interfaces / computer and 2 pools / interface which is has 62 > addresses each. > So there would be about 512 classes if I make one for each address.No problem for htb. But it also depends on how many active classes you will have at the same time and the filters you use.> > I think this came from some mails of about 6 or 8 months ago on the LARTC > > list, no? I recognize the content.... > Yes. > I did get it to work in one direction. =) > And iptables -j mark in the other direction. > But your idea of one class / ip is something I''m thinking of to make now. > So I don''t need to fill in the MAC or IP when a new client comes to town.So not all classes will be actvive? For performance considerations, only the active classes are important. Stef -- stef.coene@docum.org "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.oftc.net _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> > But your idea of one class / ip is something I''m thinking of to makenow.> > So I don''t need to fill in the MAC or IP when a new client comes totown.> So not all classes will be actvive? For performance considerations, onlythe> active classes are important.Right now there are about 20-30 users and growing.. But likely there will be around 50 active classes in the near future. // Joachim _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On Monday 16 June 2003 15:02, Joachim Wickman wrote:> > > But your idea of one class / ip is something I''m thinking of to make > > now. > > > > So I don''t need to fill in the MAC or IP when a new client comes to > > town. > > > So not all classes will be actvive? For performance considerations, only > > the > > > active classes are important. > > Right now there are about 20-30 users and growing.. But likely there will > be around 50 active classes in the near future.No problem for htb. Stef -- stef.coene@docum.org "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.oftc.net _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On Sunday 15 June 2003 22:47, Trevor Warren wrote:> Stef, > > Can cbq/htb support classes for 1000> clients concurrently??.That will be tricky. I think it can, but it will depends a lot on the used hardware. Also, what''s the speed of the link you are going to shape? Stef -- stef.coene@docum.org "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.oftc.net _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/