Daniel Dafoe
2005-Apr-22 15:53 UTC
Re: tc filter - based on iptables - MAC - MARK not working -altough marking on ip src, dst address works
Reading along the Net it seems that MAC marking is not
working with egress HTB (because ipables marks
packages based on --mac-source ). So my only choice is
using ingress or u32.
So this is how I did it:
I called bellow script add_shaping
DEV="eth0"
tc qdisc add dev $DEV root handle 1: htb default 20
tc class add dev $DEV parent 1: classid 1:1 htb rate
200kbps ceil 200kbps
tc class add dev $DEV parent 1:1 classid 1:15 htb rate
10kbps ceil 13kbps prio 3
tc class add dev $DEV parent 1:1 classid 1:20 htb rate
150kbps ceil 187kbps prio 2
tc qdisc add dev $DEV parent 1:15 handle 150: sfq
perturb 10
tc qdisc add dev $DEV parent 1:20 handle 200: sfq
perturb 10
U32="tc filter add dev $DEV parent 1:0 protocol ip
u32"
for computers in `cat /sistem/class15 | awk ''{ print
$1 }''`
do
in="`echo $computers | awk ''{split($1,a,":"); print
a[1]a[2] }''`"
fin="`echo $computers | awk ''{split($1,a,":"); print
a[3]a[4]a[5]a[6] }''`"
$U32 match u16 0x0800 0xffff at -2 match u32 0x$fin
0xFFFFFFFF at -12 match u16 0x$in 0xFFFF at -14
classid 1:15
done
Explanation: On a file called /sistem/class15 I have
MAC list
00:0D:87:60:61:37 JOHNNY
00:0E:A6:69:2B:74 HORY
00:50:8D:F9:E3:51 GIMMY
The script above (not so elegant I think but is my
first attempt on awk) parse /sistem/class15 and add
filter rules to match classid 1:15
I''ll make scripts for files like /sistem/classxx to
match class xx and classid 1:xx and so on -- after
this I only modify files:
/sistem/class15
/sistem/class20
/sistem/classxx
and run:
tc qdisc del dev eth0 root (actually made a new script
rm_shaping)
and of course run the awk script again (./add_shaping)
So finally all I have to do is rm_shaping, add_shaping
and my modifications of /sistem/classxx files are
loaded ---
And shaping works like a charm ...:)
Best regards
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
Andy Furniss
2005-Apr-22 22:08 UTC
Re: tc filter - based on iptables - MAC - MARK not working -altough marking on ip src, dst address works
Daniel Dafoe wrote:> Reading along the Net it seems that MAC marking is not > working with egress HTB (because ipables marks > packages based on --mac-source ). So my only choice is > using ingress or u32. > > So this is how I did it: > > I called bellow script add_shaping > > DEV="eth0" > tc qdisc add dev $DEV root handle 1: htb default 20 > tc class add dev $DEV parent 1: classid 1:1 htb rate > 200kbps ceil 200kbps > tc class add dev $DEV parent 1:1 classid 1:15 htb rate > 10kbps ceil 13kbps prio 3 > tc class add dev $DEV parent 1:1 classid 1:20 htb rate > 150kbps ceil 187kbps prio 2 > tc qdisc add dev $DEV parent 1:15 handle 150: sfq > perturb 10 > tc qdisc add dev $DEV parent 1:20 handle 200: sfq > perturb 10 > > > > U32="tc filter add dev $DEV parent 1:0 protocol ip > u32" > > for computers in `cat /sistem/class15 | awk ''{ print > $1 }''` > do > in="`echo $computers | awk ''{split($1,a,":"); print > a[1]a[2] }''`" > fin="`echo $computers | awk ''{split($1,a,":"); print > a[3]a[4]a[5]a[6] }''`" > $U32 match u16 0x0800 0xffff at -2 match u32 0x$fin > 0xFFFFFFFF at -12 match u16 0x$in 0xFFFF at -14 > classid 1:15 > done > > > Explanation: On a file called /sistem/class15 I have > MAC list > > 00:0D:87:60:61:37 JOHNNY > 00:0E:A6:69:2B:74 HORY > 00:50:8D:F9:E3:51 GIMMY > > The script above (not so elegant I think but is my > first attempt on awk) parse /sistem/class15 and add > filter rules to match classid 1:15 > > I''ll make scripts for files like /sistem/classxx to > match class xx and classid 1:xx and so on -- after > this I only modify files: > > /sistem/class15 > /sistem/class20 > /sistem/classxx > > and run: > tc qdisc del dev eth0 root (actually made a new script > rm_shaping) > and of course run the awk script again (./add_shaping) > > So finally all I have to do is rm_shaping, add_shaping > and my modifications of /sistem/classxx files are > loaded --- > > And shaping works like a charm ...:)Glad you got it working - I didn''t see this when I replied earlier mozilla didn''t thread it with the rest. Andy.