Hello, its me again, I won''t stop sending emails to this list, until I solve this problem, I''ve tried several apps to create the right htb rules (even made them my self), but I always get the same results, traffic gets shaped, but I can''t use my bandwidth, and this is weird, because I should be able to, also I keep seeing download being limited too, and that shouldn''t be happening, I don''t think I''m the only one with this problem out there, so I will post here once again my configuration, to match p2p traffic and to shape it: ### ### iptables -t mangle -F iptables -t mangle -X iptables -t mangle -N lay7PRE iptables -t mangle -N lay7POST iptables -t mangle -N ipp2pPRE iptables -t mangle -N ipp2pPOST ### PREROUTING RULES ### iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark iptables -t mangle -A PREROUTING -m mark ! --mark 0 -j ACCEPT iptables -t mangle -A ipp2pPRE -p tcp -m ipp2p --ipp2p -j MARK --set-mark 3 iptables -t mangle -A ipp2pPRE -p udp -m ipp2p --bit -j MARK --set-mark 3 iptables -t mangle -A ipp2pPRE -p tcp -m mark --mark 3 -j CONNMARK --save-mark iptables -t mangle -A lay7PRE -m layer7 --l7proto smtp -j MARK --set-mark 1 iptables -t mangle -A lay7PRE -m layer7 --l7proto ssh -j MARK --set-mark 2 iptables -t mangle -A lay7PRE -m mark --mark 2 -j CONNMARK --save-mark ### POSTROUTING RULES ### iptables -t mangle -A ipp2pPOST -o eth1 -m mark --mark 3 -j CLASSIFY --set-class 1:30 iptables -t mangle -A lay7POST -o eth1 -m mark --mark 1 -j CLASSIFY --set-class 1:20 iptables -t mangle -A lay7POST -o eth1 -m mark --mark 2 -j CLASSIFY --set-class 1:10 ### ### iptables -t mangle -A PREROUTING -j lay7PRE iptables -t mangle -A POSTROUTING -j lay7POST iptables -t mangle -A PREROUTING -j ipp2pPRE iptables -t mangle -A POSTROUTING -j ipp2pPOST TC RULES tc qdisc add dev eth1 handle 1:0 root dsmark indices 8 default_index 0 tc qdisc add dev eth1 handle 2:0 parent 1:0 htb tc class add dev eth1 parent 2:0 classid 2:1 htb rate 22000bps ceil 22000bps tc class add dev eth1 parent 2:1 classid 2:2 htb rate 3000bps ceil 5000bps prio 0 tc qdisc add dev eth1 handle 3:0 parent 2:2 sfq tc class add dev eth1 parent 2:1 classid 2:3 htb rate 5000bps ceil 6000bps prio 1 tc qdisc add dev eth1 handle 4:0 parent 2:3 sfq tc class add dev eth1 parent 2:1 classid 2:4 htb rate 8000bps ceil 8000bps prio 2 tc qdisc add dev eth1 handle 5:0 parent 2:4 sfq tc class add dev eth1 parent 2:1 classid 2:5 htb rate 10000bps ceil 10000bps burst 0 cburst 0 prio 3 quantum 1500 tc qdisc add dev eth1 handle 6:0 parent 2:5 sfq tc class add dev eth1 parent 2:1 classid 2:6 htb rate 10000bps ceil 22000bps prio 1 tc qdisc add dev eth1 handle 7:0 parent 2:6 sfq tc filter add dev eth1 parent 2:0 protocol all prio 1 tcindex mask 0x7 shift 0 tc filter add dev eth1 parent 2:0 protocol all prio 1 handle 5 tcindex classid 2:6 tc filter add dev eth1 parent 2:0 protocol all prio 1 handle 4 tcindex classid 2:4 tc filter add dev eth1 parent 2:0 protocol all prio 1 handle 3 tcindex classid 2:5 tc filter add dev eth1 parent 2:0 protocol all prio 1 handle 2 tcindex classid 2:3 tc filter add dev eth1 parent 2:0 protocol all prio 1 handle 1 tcindex classid 2:2 tc filter add dev eth1 parent 1:0 protocol all prio 1 u32 match u8 0x5 0xf at 0 match u16 0x0 0xffc0 at 2 classid 1:5 tc filter add dev eth1 parent 1:0 protocol all prio 1 u32 match u8 0x5 0xf at 0 match u8 0x10 0x10 at 33 classid 1:4 tc filter add dev eth1 parent 1:0 protocol all prio 1 u32 match u8 0x5 0xf at 0 classid 1:5 tc filter add dev eth1 parent 1:0 protocol all prio 1 u32 match u32 0x0 0x0 at 0 classid 1:5 well, this rules are generated with tcng (tcc actually), and I see traffic going to the p2p rule (being 2:5), but still I''m not able to browse the web! nor chat nor anything, someone adviced me to create an interactive class and then leave the unmatched traffic go to a default class (and here''ll go p2p traffic too), but then I''m running a squid server at home, and thus I don''t know what port to specify to do this, anyway, I''ve tried already with normal http traffic, with layer7, I see the traffic going to the iptables chain, but yet it''ll still won''t work, p2p traffic keeps eating all my bandwidth, its ignoring all the priorities I have in my tc rules (being the 2:5 class the one with the lowest priority), I really need to get this working, and I know there''s some ppl that has lots of more experience that me, and I''m sure you can help me. Thank you EDGAR MERINO
Mensaje citado por Edgar <donvodka@gmail.com>:> Hello, its me again, I won''t stop sending emails to this list, until I solve > > this problem, I''ve tried several apps to create the right htb rules (even > made them my self), but I always get the same results, traffic gets shaped, > but I can''t use my bandwidth, and this is weird, because I should be able to, > > also I keep seeing download being limited too, and that shouldn''t be > happening, I don''t think I''m the only one with this problem out there, so I > will post here once again my configuration, to match p2p traffic and to shape > > it: > > ### ### > iptables -t mangle -F > iptables -t mangle -X > iptables -t mangle -N lay7PRE > iptables -t mangle -N lay7POST > iptables -t mangle -N ipp2pPRE > iptables -t mangle -N ipp2pPOST > > ### PREROUTING RULES ### > iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark > iptables -t mangle -A PREROUTING -m mark ! --mark 0 -j ACCEPT > iptables -t mangle -A ipp2pPRE -p tcp -m ipp2p --ipp2p -j MARK --set-mark 3 > iptables -t mangle -A ipp2pPRE -p udp -m ipp2p --bit -j MARK --set-mark 3 > iptables -t mangle -A ipp2pPRE -p tcp -m mark --mark 3 -j CONNMARK > --save-mark > iptables -t mangle -A lay7PRE -m layer7 --l7proto smtp -j MARK --set-mark 1 > iptables -t mangle -A lay7PRE -m layer7 --l7proto ssh -j MARK --set-mark 2 > iptables -t mangle -A lay7PRE -m mark --mark 2 -j CONNMARK --save-mark > > ### POSTROUTING RULES ### > iptables -t mangle -A ipp2pPOST -o eth1 -m mark --mark 3 -j CLASSIFY > --set-class 1:30 > iptables -t mangle -A lay7POST -o eth1 -m mark --mark 1 -j CLASSIFY > --set-class 1:20 > iptables -t mangle -A lay7POST -o eth1 -m mark --mark 2 -j CLASSIFY > --set-class 1:10 > > ### ### > iptables -t mangle -A PREROUTING -j lay7PRE > iptables -t mangle -A POSTROUTING -j lay7POST > iptables -t mangle -A PREROUTING -j ipp2pPRE > iptables -t mangle -A POSTROUTING -j ipp2pPOST > > TC RULES > tc qdisc add dev eth1 handle 1:0 root dsmark indices 8 default_index 0 > tc qdisc add dev eth1 handle 2:0 parent 1:0 htb > tc class add dev eth1 parent 2:0 classid 2:1 htb rate 22000bps ceil 22000bps > tc class add dev eth1 parent 2:1 classid 2:2 htb rate 3000bps ceil 5000bps > prio 0 > tc qdisc add dev eth1 handle 3:0 parent 2:2 sfq > tc class add dev eth1 parent 2:1 classid 2:3 htb rate 5000bps ceil 6000bps > prio 1 > tc qdisc add dev eth1 handle 4:0 parent 2:3 sfq > tc class add dev eth1 parent 2:1 classid 2:4 htb rate 8000bps ceil 8000bps > prio 2 > tc qdisc add dev eth1 handle 5:0 parent 2:4 sfq > tc class add dev eth1 parent 2:1 classid 2:5 htb rate 10000bps ceil 10000bps > > burst 0 cburst 0 prio 3 quantum 1500 > tc qdisc add dev eth1 handle 6:0 parent 2:5 sfq > tc class add dev eth1 parent 2:1 classid 2:6 htb rate 10000bps ceil 22000bps > > prio 1 > tc qdisc add dev eth1 handle 7:0 parent 2:6 sfq > tc filter add dev eth1 parent 2:0 protocol all prio 1 tcindex mask 0x7 shift > 0 > tc filter add dev eth1 parent 2:0 protocol all prio 1 handle 5 tcindex > classid > 2:6 > tc filter add dev eth1 parent 2:0 protocol all prio 1 handle 4 tcindex > classid > 2:4 > tc filter add dev eth1 parent 2:0 protocol all prio 1 handle 3 tcindex > classid > 2:5 > tc filter add dev eth1 parent 2:0 protocol all prio 1 handle 2 tcindex > classid > 2:3 > tc filter add dev eth1 parent 2:0 protocol all prio 1 handle 1 tcindex > classid > 2:2 > tc filter add dev eth1 parent 1:0 protocol all prio 1 u32 match u8 0x5 0xf at > > 0 match u16 0x0 0xffc0 at 2 classid 1:5 > tc filter add dev eth1 parent 1:0 protocol all prio 1 u32 match u8 0x5 0xf at > > 0 match u8 0x10 0x10 at 33 classid 1:4 > tc filter add dev eth1 parent 1:0 protocol all prio 1 u32 match u8 0x5 0xf at > > 0 classid 1:5 > tc filter add dev eth1 parent 1:0 protocol all prio 1 u32 match u32 0x0 0x0 > at > 0 classid 1:5 > > well, this rules are generated with tcng (tcc actually), and I see traffic > going to the p2p rule (being 2:5), but still I''m not able to browse the web! > > nor chat nor anything, someone adviced me to create an interactive class and > > then leave the unmatched traffic go to a default class (and here''ll go p2p > traffic too), but then I''m running a squid server at home, and thus I don''t > know what port to specify to do this, anyway, I''ve tried already with normal > > http traffic, with layer7, I see the traffic going to the iptables chain, but > > yet it''ll still won''t work, p2p traffic keeps eating all my bandwidth, its > ignoring all the priorities I have in my tc rules (being the 2:5 class the > one with the lowest priority), I really need to get this working, and I know > > there''s some ppl that has lots of more experience that me, and I''m sure you > can help me. Thank youcan != want != will You may have a problem with the rate units - bps != bit -, but i dont know the type or rate of your internet link. Post a detailed ascii diagram of your network. Which is the transfer rate of the internet link? IPP2P works very well for me. How did you test your iptables & tc setup? In the real network or in a controlled environment? Did you try starting with a very basic tc setup and adding tc qdiscs, classes and filters one by one and checking the results on every step? Regards, Francisco. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Miles de internautas ya utilizan el discador del Portal. Bajatelo ahora, se instala solo!. http://www.montevideo.com.uy/discador/setup.exe +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
You might want to remove the iptables CLASSIFY rules as they point to non existent tc classes, 1:10, 1:20, and 1:30. Also your total combined rates for all the subclasses of 2:1 are greater than the rate of 2:1, 22kbps for 2:1 and 36kbps for 2:2 - 2:6. It''s best if you keep these to add up to the root classes ceil or lower. Also you''re marking p2p data as 3 and sending it to classid 2:5. 2:5 is tied for the highest bandwidth at 10kbps, why? In my tc setup, p2p is only given a rate of 4bps, and then a ciel of about 75% of my connection. This way, p2p has to borrow the bandwidth from everything else, and thus gets last grab at bandwidth. Giving it a guarentee on par with the second highest class, of course your connection still seems a little swamped. - Jody On 7/8/05, Francisco Pereira <fpereira@lojan.com> wrote:> Mensaje citado por Edgar <donvodka@gmail.com>: > > > Hello, its me again, I won''t stop sending emails to this list, until I solve > > > > this problem, I''ve tried several apps to create the right htb rules (even > > made them my self), but I always get the same results, traffic gets shaped, > > but I can''t use my bandwidth, and this is weird, because I should be able to, > > > > also I keep seeing download being limited too, and that shouldn''t be > > happening, I don''t think I''m the only one with this problem out there, so I > > will post here once again my configuration, to match p2p traffic and to shape > > > > it: > > > > ### ### > > iptables -t mangle -F > > iptables -t mangle -X > > iptables -t mangle -N lay7PRE > > iptables -t mangle -N lay7POST > > iptables -t mangle -N ipp2pPRE > > iptables -t mangle -N ipp2pPOST > > > > ### PREROUTING RULES ### > > iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark > > iptables -t mangle -A PREROUTING -m mark ! --mark 0 -j ACCEPT > > iptables -t mangle -A ipp2pPRE -p tcp -m ipp2p --ipp2p -j MARK --set-mark 3 > > iptables -t mangle -A ipp2pPRE -p udp -m ipp2p --bit -j MARK --set-mark 3 > > iptables -t mangle -A ipp2pPRE -p tcp -m mark --mark 3 -j CONNMARK > > --save-mark > > iptables -t mangle -A lay7PRE -m layer7 --l7proto smtp -j MARK --set-mark 1 > > iptables -t mangle -A lay7PRE -m layer7 --l7proto ssh -j MARK --set-mark 2 > > iptables -t mangle -A lay7PRE -m mark --mark 2 -j CONNMARK --save-mark > > > > ### POSTROUTING RULES ### > > iptables -t mangle -A ipp2pPOST -o eth1 -m mark --mark 3 -j CLASSIFY > > --set-class 1:30 > > iptables -t mangle -A lay7POST -o eth1 -m mark --mark 1 -j CLASSIFY > > --set-class 1:20 > > iptables -t mangle -A lay7POST -o eth1 -m mark --mark 2 -j CLASSIFY > > --set-class 1:10 > > > > ### ### > > iptables -t mangle -A PREROUTING -j lay7PRE > > iptables -t mangle -A POSTROUTING -j lay7POST > > iptables -t mangle -A PREROUTING -j ipp2pPRE > > iptables -t mangle -A POSTROUTING -j ipp2pPOST > > > > TC RULES > > tc qdisc add dev eth1 handle 1:0 root dsmark indices 8 default_index 0 > > tc qdisc add dev eth1 handle 2:0 parent 1:0 htb > > tc class add dev eth1 parent 2:0 classid 2:1 htb rate 22000bps ceil 22000bps > > tc class add dev eth1 parent 2:1 classid 2:2 htb rate 3000bps ceil 5000bps > > prio 0 > > tc qdisc add dev eth1 handle 3:0 parent 2:2 sfq > > tc class add dev eth1 parent 2:1 classid 2:3 htb rate 5000bps ceil 6000bps > > prio 1 > > tc qdisc add dev eth1 handle 4:0 parent 2:3 sfq > > tc class add dev eth1 parent 2:1 classid 2:4 htb rate 8000bps ceil 8000bps > > prio 2 > > tc qdisc add dev eth1 handle 5:0 parent 2:4 sfq > > tc class add dev eth1 parent 2:1 classid 2:5 htb rate 10000bps ceil 10000bps > > > > burst 0 cburst 0 prio 3 quantum 1500 > > tc qdisc add dev eth1 handle 6:0 parent 2:5 sfq > > tc class add dev eth1 parent 2:1 classid 2:6 htb rate 10000bps ceil 22000bps > > > > prio 1 > > tc qdisc add dev eth1 handle 7:0 parent 2:6 sfq > > tc filter add dev eth1 parent 2:0 protocol all prio 1 tcindex mask 0x7 shift > > 0 > > tc filter add dev eth1 parent 2:0 protocol all prio 1 handle 5 tcindex > > classid > > 2:6 > > tc filter add dev eth1 parent 2:0 protocol all prio 1 handle 4 tcindex > > classid > > 2:4 > > tc filter add dev eth1 parent 2:0 protocol all prio 1 handle 3 tcindex > > classid > > 2:5 > > tc filter add dev eth1 parent 2:0 protocol all prio 1 handle 2 tcindex > > classid > > 2:3 > > tc filter add dev eth1 parent 2:0 protocol all prio 1 handle 1 tcindex > > classid > > 2:2 > > tc filter add dev eth1 parent 1:0 protocol all prio 1 u32 match u8 0x5 0xf at > > > > 0 match u16 0x0 0xffc0 at 2 classid 1:5 > > tc filter add dev eth1 parent 1:0 protocol all prio 1 u32 match u8 0x5 0xf at > > > > 0 match u8 0x10 0x10 at 33 classid 1:4 > > tc filter add dev eth1 parent 1:0 protocol all prio 1 u32 match u8 0x5 0xf at > > > > 0 classid 1:5 > > tc filter add dev eth1 parent 1:0 protocol all prio 1 u32 match u32 0x0 0x0 > > at > > 0 classid 1:5 > > > > well, this rules are generated with tcng (tcc actually), and I see traffic > > going to the p2p rule (being 2:5), but still I''m not able to browse the web! > > > > nor chat nor anything, someone adviced me to create an interactive class and > > > > then leave the unmatched traffic go to a default class (and here''ll go p2p > > traffic too), but then I''m running a squid server at home, and thus I don''t > > know what port to specify to do this, anyway, I''ve tried already with normal > > > > http traffic, with layer7, I see the traffic going to the iptables chain, but > > > > yet it''ll still won''t work, p2p traffic keeps eating all my bandwidth, its > > ignoring all the priorities I have in my tc rules (being the 2:5 class the > > one with the lowest priority), I really need to get this working, and I know > > > > there''s some ppl that has lots of more experience that me, and I''m sure you > > can help me. Thank you > > can != want != will > > You may have a problem with the rate units - bps != bit -, but i dont know the > type or rate of your internet link. > Post a detailed ascii diagram of your network. Which is the transfer rate of the > internet link? > > IPP2P works very well for me. > How did you test your iptables & tc setup? In the real network or in a > controlled environment? > Did you try starting with a very basic tc setup and adding tc qdiscs, classes > and filters one by one and checking the results on every step? > > Regards, > Francisco. > > +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > > Miles de internautas ya utilizan el discador del Portal. > Bajatelo ahora, se instala solo!. > > http://www.montevideo.com.uy/discador/setup.exe > > +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > > _______________________________________________ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc >