Hello lartc maintainers and users!
I have a router with two NICs. One NIC is connected to the Internet and the
other to my internal LAN. I made a script for priorizing interactive traffic.
The script matches TOS Minimize-Delay for priorizing interactive trafic, and
fwmark for metropolitan packets.
I have two root classes (simulating two circuits) : 1:1 for internet and 1:3
for metropolitan.
When I watch -n1 tc -s -d qdisc show, the classes that belong to metropolitan
traffic (FE) on the two interfaces are not sending nor receiving any byte...
Can someone help me out this situation? I list my tc and iptables scripts below
(for some reason I could''t attach them - "Invalid file").
Thank you in advance!
---------------------------------------------------------------------------------------------------------------------
my_script.sh:
#!/bin/bash tc=/sbin/tc u=kbit U=Mbit RATE=256 metro=1 for eth in ` echo eth0
eth1 `; do $tc qdisc del dev $eth root &>/dev/null $tc qdisc add
dev $eth root handle 1: htb default FF # class default - non-priorized
traffic $tc class add dev $eth parent 1: classid 1:1 htb rate $RATE$u ceil
$[$RATE-16]$u $tc class add dev $eth parent 1:1 classid 1:FF htb rate 1$u
ceil $[$RATE-16]$u prio 1 $tc qdisc add dev $eth parent 1:FF handle FF: sfq
perturb 10 # priorized traffic - Internet (TOS = Minimize-Delay) $tc
class add dev $eth parent 1:1 classid 1:2 htb rate $[$RATE-16]$u ceil
$[$RATE-16]$u burst 16k prio 0 $tc filter add dev $eth parent 1: protocol ip
prio 1 u32 match ip tos 0x10 0xff flowid 1:2 $tc qdisc add dev $eth parent
1:2 handle 2: sfq perturb 10 # metropolitan (MARK = 1) $tc class add
dev $eth parent 1: classid 1:3 htb rate 100$U ceil 99$U $tc class add dev
$eth parent 1:3 classid 1:FE htb rate 99$U ceil 99$U $tc qdisc
add dev $eth parent 1:FE handle FE: sfq perturb 10 $tc filter add dev $eth
parent 1: protocol ip prio 0 handle $metro fw flowid 1:FE done
----------------------------------------------------------------------------------------------------------------------
output of iptables-save (mangle PREROUTING):
-A PREROUTING -p tcp -m tcp --sport 80 -j TOS --set-tos 0x10
-A PREROUTING -p tcp -m tcp --dport 80 -j TOS --set-tos 0x10
-A PREROUTING -p tcp -m tcp --dport 443 -j TOS --set-tos 0x10
-A PREROUTING -p tcp -m tcp --sport 443 -j TOS --set-tos 0x10
-A PREROUTING -p tcp -m tcp --sport 5050 -j TOS --set-tos 0x10
-A PREROUTING -p tcp -m tcp --dport 5050 -j TOS --set-tos 0x10
-A PREROUTING -p tcp -m tcp --dport 6667 -j TOS --set-tos 0x10
-A PREROUTING -p tcp -m tcp --sport 6667 -j TOS --set-tos 0x10
-A PREROUTING -p tcp -m tcp --tcp-flags SYN ACK -j TOS --set-tos 0x10
-A PREROUTING -s 82.77.124.128/255.255.255.224 -d 82.77.124.128/255.255.255.224
-j MARK --set-mark 0x1
-A PREROUTING -s 82.77.124.128/255.255.255.224 -d 193.226.0.0/255.255.0.0 -j
MARK --set-mark 0x1
-A PREROUTING -s 193.226.0.0/255.255.0.0 -d 82.77.124.128/255.255.255.224 -j
MARK --set-mark 0x1
-A PREROUTING -s 192.129.0.0/255.255.0.0 -d 82.77.124.128/255.255.255.224 -j
MARK --set-mark 0x1
-A PREROUTING -s 82.77.124.128/255.255.255.224 -d 192.129.0.0/255.255.0.0 -j
MARK --set-mark 0x1
---------------------------------
Yahoo! FareChase - Search multiple travel sites in one click.
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
panca sorin wrote:> Hello lartc maintainers and users! > I have a router with two NICs. One NIC is connected to the Internet and the other to my internal LAN. I made a script for priorizing interactive traffic. The script matches TOS Minimize-Delay for priorizing interactive trafic, and fwmark for metropolitan packets. > I have two root classes (simulating two circuits) : 1:1 for internet and 1:3 for metropolitan. > When I watch -n1 tc -s -d qdisc show, the classes that belong to metropolitan traffic (FE) on the two interfaces are not sending nor receiving any byte... > Can someone help me out this situation? I list my tc and iptables scripts below (for some reason I could''t attach them - "Invalid file"). > Thank you in advance! > --------------------------------------------------------------------------------------------------------------------- > my_script.sh:I only skimmed through - the lack of CRs make it a bit difficult to read. One thing to note is that unlike htb, prio 1 is the top prio for filters - and you use prio 0 for the metro so this filter won''t see traffic that has already been fclassified by the prio 1 tos filter. Also when using tos be aware that some apps set it - so there could be other traffic than that set by the iptables rules. Andy.
Andy Furniss <andy.furniss@dsl.pipex.com> wrote:
I only skimmed through - the lack of CRs make it a bit difficult to read.
One thing to note is that unlike htb, prio 1 is the top prio for filters
- and you use prio 0 for the metro so this filter won''t see traffic
that
has already been fclassified by the prio 1 tos filter.
Also when using tos be aware that some apps set it - so there could be
other traffic than that set by the iptables rules.
Andy.
I pasted the script from kwrite to Mozilla suite composer. I don''t
know why there are no CRs. :(
I know that applications set the tos field (and I hope programmers
know if they are supposed to set it or not, and that they don''t
cheat). I rely on this.
I will correct the prio error. My question still remains: is it
possible to use tos AND fwmark in the same rule (and the effect be an
AND - like in iptables, not an OR)?
My script:
#!/bin/bash
tc=/sbin/tc
u=kbit;U=Mbit
RATE=256
metro=1
for dev in ` echo eth0 eth1 `; do
$tc qdisc del dev $dev root &>/dev/null
$tc qdisc add dev $dev root handle 1: htb default FF
# class default - non-priorized traffic
$tc class add dev $dev parent 1: classid 1:1 \
htb rate $RATE$u ceil $[$RATE-16]$u
$tc class add dev $dev parent 1:1 classid 1:FF \
htb rate 1$u ceil $[$RATE-16]$u prio 1
$tc qdisc add dev $dev parent 1:FF handle FF: sfq perturb 10
# priorized traffic - Internet (TOS = Minimize-Delay)
$tc class add dev $dev parent 1:1 classid 1:2\
htb rate $[$RATE-16]$u ceil $[$RATE-16]$u burst 16k prio 0
$tc filter add dev $dev parent 1: protocol ip prio 1\
u32 match ip tos 0x10 0xff flowid 1:2
$tc qdisc add dev $dev parent 1:2 handle 2: sfq perturb 10
# metropolitan (MARK = 1)
$tc class add dev $dev parent 1: classid 1:3 htb rate 100$U ceil 99$U
$tc class add dev $dev parent 1:3 classid 1:FE htb rate 99$U ceil 99$U
$tc qdisc add dev $dev parent 1:FE handle FE: sfq perturb 10
$tc filter add dev $dev parent 1: protocol ip prio 0\
handle $metro fw flowid 1:FE
done
EOF
The output of iptables-save (mangle PREROUTING):
-A PREROUTING -p tcp -m tcp --sport 21:22 -j TOS --set-tos 0x10
-A PREROUTING -p tcp -m tcp --dport 21:22 -j TOS --set-tos 0x10
-A PREROUTING -p tcp -m tcp --sport 80 -j TS --set-tos 0x10
-A PREROUTING -p tcp -m tcp --dport 80 -j TOS --set-tos 0x10
-A PREROUTING -p tcp -m tcp --dport 443 -j TOS --set-tos 0x10
-A PREROUTING -p tcp -m tcp --sport 443 -j TOS --set-tos 0x10
-A PREROUTING -p tcp -m tcp --sport 5050 -j TOS --set-tos 0x10
-A PREROUTING -p tcp -m tcp --dport 5050 -j TOS --set-tos 0x10
-A PREROUTING -p tcp -m tcp --dport 6667:7000 -j TOS --set-tos 0x10
-A PREROUTING -p tcp -m tcp --sport 6667:7000 -j TOS --set-tos 0x10
-A PREROUTING -p tcp -m tcp --tcp-flags SYN ACK -j TOS --set-tos 0x10
-A PREROUTING -s 82.77.124.128/255.255.255.224\
-d 82.77.124.128/255.255.255.224 -j MARK --set-mark 0x1
-A PREROUTING -s 82.77.124.128/255.255.255.224 -d 193.226.0.0/255.255.0.0\
-j MARK --set-mark 0x1
-A PREROUTING -s 193.226.0.0/255.255.0.0 -d 82.77.124.128/255.255.255.224\
-j MARK --set-mark 0x1
-A PREROUTING -s 192.129.0.0/255.255.0.0 -d 82.77.124.128/255.255.255.224\
-j MARK --set-mark 0x1
-A PREROUTING -s 82.77.124.128/255.255.255.224 -d 192.129.0.0/255.255.0.0\
-j MARK --set-mark 0x1
Thank you!
Sorin.
P.S. I changed my registered e-mail address and I think I cannot post
from the old one, from which I received the message I now reply.
Please BCC my new address. Thank you!
psihozefir wrote:> I pasted the script from kwrite to Mozilla suite composer. I don''t > know why there are no CRs. :( > I know that applications set the tos field (and I hope programmers > know if they are supposed to set it or not, and that they don''t > cheat). I rely on this. > I will correct the prio error. My question still remains: is it > possible to use tos AND fwmark in the same rule (and the effect be an > AND - like in iptables, not an OR)?Yes you just make it part of the same filter - though I couldn''t get it to work with handle X fw. You can do it like this - tc filter add dev $DEV parent $WHATEVER protocol ip prio 1 u32 match ip tos 0x10 0xff match mark 1 0xffffffff flowid $MYID. Another way would be to setup a tree structure. Andy.