I''m having trouble getting ingress policing to work on a bridged
device.
The bridge contains several interfaces: peth0, vif0.0, vif[1-7]0.1,
vif[25].1 . (This is under xen, in case the vif''s didn''t give
that
away, so peth0 is renamed eth0.)
The tc rules I have are:
tc qdisc del dev peth0 root
tc qdisc del dev peth0 ingress handle ffff:
tc qdisc add dev peth0 root handle 1: htb default 1
tc class add dev peth0 parent 1: classid 1:1 htb rate 1mbit ceil 1mbit
mtu 100000 burst 3000 cburst 3000
tc qdisc add dev peth0 ingress handle ffff:
tc filter add dev peth0 parent ffff: protocol ip prio 10 u32 match ip
protocol 6 0xff police rate 1mbit buffer 3k drop flowid ffff:
The egress filter has such a large mtu to deal with "giants."
Otherwise it seems like these rules should work without a problem.
However, when I do tc -s qdisc show dev peth0 I get 0 bytes of the
ingress qdisc:
qdisc htb 1: r2q 10 default 1 direct_packets_stat 0
Sent 33055549 bytes 232260 pkt (dropped 0, overlimits 3661 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
qdisc ingress ffff: ----------------
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
Furthermore, when I run tc filter ls dev peth0 root , the ref value on
the police rule changes each time I run the command:
filter parent ffff: protocol ip pref 10 u32
filter parent ffff: protocol ip pref 10 u32 fh 800: ht divisor 1
filter parent ffff: protocol ip pref 10 u32 fh 800::800 order 2048 key
ht 800 bkt 0 flowid ffff:
match 00060000/00ff0000 at 8
police 0xf rate 1000Kbit burst 3Kb mtu 2Kb action drop
ref -561105860 bind 4
...
ref -952640528 bind 4
...
ref -540461920 bind 4
Any help would be appreciated.
--
Steve
