search for: dragoi

Hello everyone, I want an opinion from people who tryed different matching modules to match diferent types of traffic, especially p2p ones. I would like to hear which scales better as CPU usage and latency : ipp2p, iptables-p2p or l7-filter with the p2p patterns. I want to use one of them to block most of p2p (except maybe dc++ and emule which i want to shape). I would use the matching rules in

I''ve got a linux router pushing 600-1000 pppoe connections through it. I''m getting a screen error "Neighbor Table Overflow" after this box has been up for between 1 week and 1 month. When this is happening, routing slows to a crawl if at all. Then dies. I''ve added: # Added to stop "neighbor table overflow" messages in the kernel

Is the 192.168.1.2 an ip on the router? If yes, you''ll have to mark in OUTPUT, not PREROUTING, also, after you set up the rules and routes, did you an ip route flush cache ? I hope these works On Wed, 21 Jul 2004 20:02:32 -0700, Jens <jens@pacificsun.ca> wrote: > I have a particular problem that has caused me grief for some time now and > even though the answer is probably

Hi guys , i am starting to "play" with qos in linux. Well , i am trying to setup an ingress filter but i do not know why it is not working. tc add qdisc dev eth0 ingress tc filter add dev eth0 parent ffff: protocol ip prio 1 handle 1 fw police rate 160kbit burst 256kbit drop flowid :1 After that : iptables -A PREROUTING -t mangle --sport 80 -j MARK --set-mark 1 So , i think this

Hi, Just a question, the rate values use for configure a class, are they a IP rate or a Ethernet rate ? Thanks, Edouard. _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Hello I have 2 class-B networks (172.22.0.0/16 and 172.23.0.0/16, over 130k of ip''s) and need to setup traffic tbf shapers with 64kb/s for each ip from 172.22.0.0/16 and 128kb/s for each ip from 172.23.0.0/16 just read lartc and don''t understand how to use u32 for decreasing number of rules and hashing

Hello list, I''m having problems with HTB on a machine. I noticed that after a while the machine seems off-line after i start the htb script. After some debugging i realised the problem stays in the arp packets send by the machine, which are delayed or dropped. Because of that i had to remove the default class. Is there a way to match arp packets ? because i want to add them to the class

Hello Everyone, I have this weird problem. I have 2.6.10-rc2-mm3 kernel with u32 compiled as module. I have the cls_u32 module loaded. I have different binaryes of tc, the one from iproute packaged from debian sarge, the Kaber''s one from trash.net, and also from another computer where u32 worked. When I run this: cyclops:~# /usr/local/sbin/tc filter add dev eth0 parent 6: protocol ip

Hello, Here is the situation. There is a machine with 3 intel gigabit card, 2 of them on PCI-X and in bridge, the 3rd is used only for management access. The machine is a dual Xeon 2.8GHz with HT. With 2.6.8 kernel from debian (testing) and htb with u32 on, i usually get about 30-40% software interrupts on CPU0 and CPU2, and without htb and u32, 10% less. Now, if I boot with 2.6.17.9 kernel,

We currently use iptables, matching packets based on IP address and marking them with an ID. Multiple IP addresses can be marked with the same ID. We then filter based on the ID. We have close to 2000 filters now and I''m looking into hashing tables. Is there any way to create a hashing filter based on the fwmark? Paul C. Diem PCDiem@FoxValley.net

Hi all. I have a simple question. Is that a way to limit the number os TCP or UDP connection of a single HOST in my network? For exemple: I have a host with IP 192.168.1.202 and he is using edonkey, Kazaa, and Bittorrent at the same time, and he also is infected by a virus that opens more than 500 TCP ports at the same time. So, i want to limit that host to be able to open no more then 30 TCP

Hi there, I have a little problem. I had this some months ago but didn''t solve it back then. I have patched my kernel with Layer 7 support and patched my iptables to support it, too. Now I inserted this line in my firewall script on my router for testing purpose: $IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -p tcp -m layer7 --l7proto http -j DROP It works, BUT only if the

I''m using HFSC to limit bandwidth for our wireless customers. However, I''d also like the bandwidth prioritized based on packet type. This is what I''m trying right now, and I''d just like some input from anyone out there knowledgeable in this on whether it does what I want it to do: Eth1 -> HFSC ........|-> HFSC (User1) (Min 512 Kb, Max 1024 Kb, Burst 1536

Hi all! I have a problem setting up HTB on my home network. I have a network: 192.168.1.0/24 and I want to limit the download to 200 KB to every IP from my city ( I have the IP''s of most ISPs). The thing is that I I want to limit the international traffic too (I do not use BGP) and set it to 15 KB. Can someone help with this setup? Thanks! Best regards, -- George -- This message

I''m successfully using HTB + GRED to shape traffic based on the DSCP field. I would like to strip the DSCP and possibly replace it with normal ToS bits on egress traffic leaving my network. Leaving DSCP set is pointless, and could potentially cause problems with some ISPs that use DSCP internally I suppose. Setting ToS bits would seem ideal as most networks still honor it to varying

Hi, I am trying to categorize the network traffic and to send it out across two different providers. For this I mark the packets in the firewall (in the PREROUTING chain of table mangle), and then use another routing table for the marked packets, which has a different gateway from the main routing table. Basicaly I am following the cookbook example in this page:

Hello, I wonder if there is a way to have a divisor bigger than 256 when creating hash tables with u32. It would really be great. Thanks

_______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Hello, I need to do the following: make a htb qdisc with its class of 70mbit then add some classes, one of 10mbit, another of 10mbit, one of 5mbit and the rest in last class (with also child classes). The 5mbit class is a quaranteed one, and it is marked with a special dscp. I will add an HFSC qdisc on this one, and then several classes to it. When i add filters, what should i use as parent to