Hi All
I am fighting this for 3 days and could not find any reason it is not working
the way I want to (or I the way think it should).
Internet output interface = eth2 (htb qdisc)
Internet input interface = imq0 (eth2 attached - htb qdisc)
main class = imq0 1:1
sub1 = 1:ffff (default)
sub2 = 1:10 (src ports 1433/tcp or 1434/tcp or 81/tcp or 82/tcp)
sub3 = 1:11 (src and dst port 25/tcp )
sub4 = 1:12 (src and dst ports 80/tcp or 53/any or 443/tcp)
sub5 = 1:99 (packets less than 64 bytes)
main class = eth2 2:1
sub1 = 2:ffff (default)
sub2 = 2:10 (src ports 1433/tcp or 1434/tcp or 81/tcp or 82/tcp)
sub3 = 2:11 (src and dst port 25/tcp )
sub4 = 2:12 (src and dst ports 80/tcp or 53/any or 443/tcp)
sub5 = 2:99 (packets less than 64 bytes)
I then created the script bellow. The problem is I can''t
''see'' any traffic
(Sent 0 bytes) on classes 1:11 1:12 on imq0. Classes 2:11 and 2:12 on eth2
has its counters increased and seems to make sence.
Any help will be greatly appreciated.
Thaks a lot.
#!/bin/sh
#
# Regras para HTB geradas em Thu Dec 22 11:16:01 2005
#
#
# htbgen version 0.0.1 - 2005/12/16
#
IP=/sbin/ip
TC=/sbin/tc
#
# Rules for input via eth2 (output via imq0)
#
$TC qdisc del dev imq0 root >&/dev/null
$TC qdisc add dev imq0 root handle 1: htb default ffff r2q 1
IPT=/usr/sbin/iptables
RMMOD=/sbin/rmmod
MODPROBE=/sbin/modprobe
$IPT -t mangle -F PREROUTING
$IP link set imq0 down
$IPT -t mangle -A PREROUTING -i eth2 -j IMQ --todev 0
$IP link set imq0 up
$TC class add dev imq0 parent 1: classid 1:1 htb prio 1 rate 500kbit ceil
500kbit
#
# default imq0
#
$TC class add dev imq0 parent 1:1 classid 1:ffff htb prio 7 rate 50kbit ceil
100kbit
$TC qdisc add dev imq0 parent 1:ffff handle ffff sfq perturb 10
#
# ADMASTER
#
$TC class add dev imq0 parent 1:1 classid 1:10 htb prio 2 rate 150kbit ceil
500kbit
$TC filter add dev imq0 protocol ip parent 1: prio 2 \
u32 \
match ip dport 1433 0xffff \
match u8 6 0xff at 9 \
flowid 1:10
$TC filter add dev imq0 protocol ip parent 1: prio 2 \
u32 \
match ip dport 1434 0xffff \
match u8 6 0xff at 9 \
flowid 1:10
$TC filter add dev imq0 protocol ip parent 1: prio 2 \
u32 \
match ip dport 81 0xffff \
match u8 6 0xff at 9 \
flowid 1:10
$TC filter add dev imq0 protocol ip parent 1: prio 2 \
u32 \
match ip dport 82 0xffff \
match u8 6 0xff at 9 \
flowid 1:10
$TC filter add dev imq0 protocol ip parent 1: prio 2 \
u32 \
match mark 0x1 0xffff \
flowid 1:10
#
# SMTP
#
$TC class add dev imq0 parent 1:1 classid 1:11 htb prio 3 rate 125kbit ceil
500kbit
$TC filter add dev imq0 protocol ip parent 1: prio 3 \
u32 \
match ip dport 25 0xffff \
match u8 6 0xff at 9 \
flowid 1:11
$TC filter add dev imq0 protocol ip parent 1: prio 3 \
u32 \
match ip sport 25 0xffff \
match u8 6 0xff at 9 \
flowid 1:11
#
# Navegation & Co.
#
$TC class add dev imq0 parent 1:1 classid 1:12 htb prio 4 rate 125kbit ceil
500kbit
$TC filter add dev imq0 protocol ip parent 1: prio 4 \
u32 \
match ip dport 80 0xffff \
match u8 6 0xff at 9 \
flowid 1:12
$TC filter add dev imq0 protocol ip parent 1: prio 4 \
u32 \
match ip sport 80 0xffff \
match u8 6 0xff at 9 \
flowid 1:12
$TC filter add dev imq0 protocol ip parent 1: prio 4 \
u32 \
match ip dport 443 0xffff \
match u8 6 0xff at 9 \
flowid 1:12
$TC filter add dev imq0 protocol ip parent 1: prio 4 \
u32 \
match ip sport 443 0xffff \
match u8 6 0xff at 9 \
flowid 1:12
$TC filter add dev imq0 protocol ip parent 1: prio 4 \
u32 \
match ip dport 53 0xffff \
match u8 6 0xff at 9 \
flowid 1:12
$TC filter add dev imq0 protocol ip parent 1: prio 4 \
u32 \
match ip dport 53 0xffff \
match u8 17 0xff at 9 \
flowid 1:12
#
# Interactivity
#
$TC class add dev imq0 parent 1:1 classid 1:99 htb prio 1 rate 50kbit ceil
250kbit
$TC filter add dev imq0 protocol ip parent 1: prio 1 \
u32 \
match u16 0x0000 0xffc0 at 2 \
flowid 1:99
#
# Rules for ouput via eth2
#
$TC qdisc del dev eth2 root >&/dev/null
$TC qdisc add dev eth2 root handle 2: htb default ffff r2q 1
$TC class add dev eth2 parent 2: classid 2:1 htb prio 1 rate 500kbit ceil
500kbit
#
# default eth2
#
$TC class add dev eth2 parent 2:1 classid 2:ffff htb prio 7 rate 50kbit ceil
100kbit
$TC qdisc add dev eth2 parent 2:ffff handle ffff sfq perturb 10
#
# ADMASTER
#
$TC class add dev eth2 parent 2:1 classid 2:10 htb prio 2 rate 40kbit ceil
500kbit
$TC filter add dev eth2 protocol ip parent 2: prio 2 \
u32 \
match ip sport 1433 0xffff \
match u8 6 0xff at 9 \
flowid 2:10
$TC filter add dev eth2 protocol ip parent 2: prio 2 \
u32 \
match ip sport 1434 0xffff \
match u8 6 0xff at 9 \
flowid 2:10
$TC filter add dev eth2 protocol ip parent 2: prio 2 \
u32 \
match ip sport 81 0xffff \
match u8 6 0xff at 9 \
flowid 2:10
$TC filter add dev eth2 protocol ip parent 2: prio 2 \
u32 \
match ip sport 82 0xffff \
match u8 6 0xff at 9 \
flowid 2:10
#
# SMTP
#
$TC class add dev eth2 parent 2:1 classid 2:11 htb prio 3 rate 75kbit ceil
500kbit
$TC filter add dev eth2 protocol ip parent 2: prio 3 \
u32 \
match ip sport 25 0xffff \
match u8 6 0xff at 9 \
flowid 2:11
$TC filter add dev eth2 protocol ip parent 2: prio 3 \
u32 \
match ip dport 25 0xffff \
match u8 6 0xff at 9 \
flowid 2:11
#
# Navegation & Co.
#
$TC class add dev eth2 parent 2:1 classid 2:12 htb prio 4 rate 250kbit ceil
500kbit
$TC filter add dev eth2 protocol ip parent 2: prio 4 \
u32 \
match ip sport 80 0xffff \
match u8 6 0xff at 9 \
flowid 2:12
$TC filter add dev eth2 protocol ip parent 2: prio 4 \
u32 \
match ip dport 80 0xffff \
match u8 6 0xff at 9 \
flowid 2:12
$TC filter add dev eth2 protocol ip parent 2: prio 4 \
u32 \
match ip sport 443 0xffff \
match u8 6 0xff at 9 \
flowid 2:12
$TC filter add dev eth2 protocol ip parent 2: prio 4 \
u32 \
match ip dport 443 0xffff \
match u8 6 0xff at 9 \
flowid 2:12
$TC filter add dev eth2 protocol ip parent 2: prio 4 \
u32 \
match ip dport 53 0xffff \
flowid 2:12
#
# Interactivity
#
$TC class add dev eth2 parent 2:1 classid 2:99 htb prio 1 rate 50kbit ceil
250kbit
$TC filter add dev eth2 protocol ip parent 2: prio 1 \
u32 \
match u16 0x0000 0xffc0 at 2 \
flowid 2:99
--
Ethy H. Brito /"\
InterNexo Ltda. \ / CAMPANHA DA FITA ASCII - CONTRA MAIL HTML
+55 (12) 3941-6860 X ASCII RIBBON CAMPAIGN - AGAINST HTML MAIL
S.J.Campos - Brasil / \
Ethy H. Brito wrote:> Hi All > > I am fighting this for 3 days and could not find any reason it is not working > the way I want to (or I the way think it should).> I then created the script bellow. The problem is I can''t ''see'' any traffic > (Sent 0 bytes) on classes 1:11 1:12 on imq0. Classes 2:11 and 2:12 on eth2 > has its counters increased and seems to make sence.See if you can see traffic there if you temporarily demote to prio 5 the < 64 size filter. Andy.
On Fri, 23 Dec 2005 02:58:50 +0000 Andy Furniss <andy.furniss@dsl.pipex.com> wrote:> Ethy H. Brito wrote: > > Hi All > > > > I am fighting this for 3 days and could not find any reason it is not working > > the way I want to (or I the way think it should). > > > I then created the script bellow. The problem is I can''t ''see'' any traffic > > (Sent 0 bytes) on classes 1:11 1:12 on imq0. Classes 2:11 and 2:12 on eth2 > > has its counters increased and seems to make sence. > > See if you can see traffic there if you temporarily demote to prio 5 the > < 64 size filter.All/Andy I found the problem but not sure where the bug is. In class 1:10 of imq0 I have this filter among other (see original post): $TC filter add dev imq0 protocol ip parent 1: pref 2 \ u32 \ match mark 0x1 0xffff \ flowid 1:10 If I remove this filter, packets goes correctly directed by *all* filters. With this in place, it seems it grabs all traffic to class 1:10. Not even class 1:ffff (htb''s defaults) receive any trafic. I removed the iptables code that marks the packet (which should leave packet with a zero mark) and also changed MARK to 0xA5A5 keeping the filter unchanged, for instance, but the grabbing remained. Any Ideas?? Anyone using ''match mark'' with success?? Regards Ethy