Hi.
I am trying to bend my brain around ''tc'' and friends and am
failing so far.
I need to set up a bridge which limits the packet rate to 2000 packets/s, but
with the added
twist that packets with a certain DSCP value must be given absolute priority in
both directions.
The packet rate limit thing appears to be easy:
brcfg addbr br0
brcfg addif br0 eth0
brcfg addif br0 eth1
ifconfig eth0 promisc up
ifconfig eth1 promisc up
ifconfig br0 192.168.10.1 promisc up
ebtables -P FORWARD DROP
ebtables -A FORWARD --logical-out br0 --limit 2000/s -j ACCEPT
I think this bit works. (A bit difficult to measure. iptraf only reveals
packetrates for physical ethernet interfaces. Are there better alternatives to
monitor the packetrate on a live interface?)
But I need to make sure the packets are prioritized before they enter the bridge
device. I was hoping the ingress qdisc could help me here.
Something like this:
tc qdisc add dev eth0 handle ffff: ingress
tc filter add dev eth0 parent ffff: protocol ip prio 1 u32 match ip tos 0xC0
0xff
tc filter add dev eth0 parent ffff: protocol ip prio 2 u32 match ip dst 0/0
tc qdisc add dev eth1 handle ffff: ingress
tc filter add dev eth1 parent ffff: protocol ip prio 1 u32 match ip tos 0xC0
0xff
tc filter add dev eth1 parent ffff: protocol ip prio 2 u32 match ip dst 0/0
I would not be terribly surprised if the lines above make somebody cry. Or
laugh. Or both.
The idea was to prioritize packets with the "right" DSCP value over
all other packets, causing the "other" packets to be dropped first.
This does not appear to work.
Is what I am trying to do at all doable with the current tools?
And by the way: ''man tc'' refers to the
''tc-filter'' man-page, which I cannot find....
Regards,
Dag B
