LARTC - May 2005 - Rules OK (?), no filtering...

Hi

I have defined a single HTB qdisc on eth0 with one root class 1:1 further
subdivided as below, nothing complicated.


                   1: (root qdisc)
                    |
                    |
                   1:1 (root class)
                   /\
                 /    \
               /        \
             /            \
           /                \
        1:10                  \               }
       / | \                 1:20             }
     /   |   \                 / \            }  <------  subclasses
   /     |     \             /     \          }
1:100  1:200  1:300       1:201  1:202        }
  |      |      |           |      |
  |      |      |           |      |
 101:   102:   103:        201:   202:           <------  sqf qdiscs



I have a filtering rule on 1: directing everything from/to IP_address.xx.yy.zz
to class 1:20.
There is a filtering rule on (subclass) 1:20 directing everything to/from ports
25, 80, 110, 119 to (subclass) 1:201.
n
Also, there are further filtering rules on 1:10 towards 1:200 and 1:300, based
on src ip addresses.
That''s it for filtering rules.
In my definition for htb 1: I included "default 10"

I have enclosed the details (but not the script that generated this
configuration) at the end. As you can see, even though the qdiscs and classes
are properly defined with (seemingly) proper filters, there is traffic only on
subclass 1:201, sqf 201: and on htb 1:, rootclass 1:1. None on the other
branches...

But a capture of the traffic confirms that there is indeed activity on those
other branches.

I have assumed (wrongly?) that defining two filter rules on 1:10 would send all
unmatched traffic on the third branch (same assumption for the filter on 1: and
on 1:20). When I tried the following (as mentioned in the documentation):

tc filter add dev eth0 protocol ip parent 1:10 prio 2 flowid 1:100

on the line following my two filter definitions, hoping to send "packets
not matched so far" to 1:100, tc complained: "unknown filter
"flowid" hence opion "1:100" is unparsable"...

Can one define filtering rules on classes as well as on qdiscs? Does the target
have to be a qdisc or can it also be a class? What about default behaviour?

One last thing: I have defined my initial qdisc on eth0 as 1: with default 10.
This should send any unfiltered stuff to 1:10, no matter the absence of a
default filter. Could the absence of such a default filter on 1:10 prevent this
classifying?

What am i missing?

TIA.

P.S. Please let me know if you need other info.




_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

karcinox@globetrotter.net wrote:
> Hi
> 
> I have defined a single HTB qdisc on eth0 with one root class 1:1 further
subdivided as below, nothing complicated.
> 
> 
>                    1: (root qdisc)
>                     |
>                     |
>                    1:1 (root class)
>                    /\
>                  /    \
>                /        \
>              /            \
>            /                \
>         1:10                  \               }
>        / | \                 1:20             }
>      /   |   \                 / \            }  <------  subclasses
>    /     |     \             /     \          }
> 1:100  1:200  1:300       1:201  1:202        }
>   |      |      |           |      |
>   |      |      |           |      |
>  101:   102:   103:        201:   202:           <------  sqf qdiscs
> 
> 
> 
> I have a filtering rule on 1: directing everything from/to
IP_address.xx.yy.zz to class 1:20.
> There is a filtering rule on (subclass) 1:20 
 From the filter stats it looks like you have everything on 1:0 some 
should have parent 1:20

directing everything to/from ports 25, 80, 110, 119 to (subclass)
1:201.
> n
> Also, there are further filtering rules on 1:10 towards 1:200 and 1:300,
based on src ip addresses.
> That''s it for filtering rules.
> In my definition for htb 1: I included "default 10"
> 
> I have enclosed the details (but not the script that generated this
configuration) at the end.
Seeing that would be easier.

  As you can see, even though the qdiscs and classes are properly 
defined with (seemingly) proper filters, there is traffic only on 
subclass 1:201, sqf 201: and on htb 1:, rootclass 1:1. None on the other 
branches...
> 
> But a capture of the traffic confirms that there is indeed activity on
those other branches.
> 
> I have assumed (wrongly?) that defining two filter rules on 1:10 would send
all unmatched traffic on the third branch (same assumption for the filter on 1:
and on 1:20). When I tried the following (as mentioned in the documentation):
> 
> tc filter add dev eth0 protocol ip parent 1:10 prio 2 flowid 1:100
tc filter add dev eth0 protocol ip parent 1:10 prio 3 u32 match u32 0 0 
flowid 1:100 should do it make the other 2 on 1:10 prio 1 and 2 to be 
sure (though it will probably be OK with all at same prio if they get 
installed in the right order)
> 
> on the line following my two filter definitions, hoping to send
"packets not matched so far" to 1:100, tc complained: "unknown
filter "flowid" hence opion "1:100" is unparsable"...
> 
> Can one define filtering rules on classes as well as on qdiscs?
yes

Does the target have to be a qdisc or can it also be a class?

can be a class.


  What about default behaviour?

not sure about htb default I only ever set it to a leaf - remember arp 
will go there if you shape eth unless you filter it elsewhere.


Andy.