Good Evening-
I''m having some trouble (once again) with traffic control under
shorewall 3.0.8 and Gentoo linux 2.6.17-r8.
I''m trying to catch all bittorrent traffic and put it into its own
class, which is severely limited on outgoing bandwidth (so as not to
interfere with my voip system). The tcclasses are as follows:
#INTERFACE MARK RATE CEIL PRIORITY OPTIONS
eth1 61 250kbit 7*full/8 0 eth1
62 full/4 5*full/6 1 eth1 63
full/6 3*full/4 2 default
eth1 64 80kbit 80kbit 3
...and the tcrules are as follows:
#MARK SOURCE DEST PROTO PORT(S) CLIENT USER
TEST
# PORT(S)
61 0.0.0.0/0 0.0.0.0/0 icmp echo-request
61 0.0.0.0/0 0.0.0.0/0 icmp echo-reply
61 $FW 0.0.0.0/0 icmp echo-request
61 $FW 0.0.0.0/0 icmp echo-reply
61 $FW 0.0.0.0/0 tcp 4569
61 $FW 0.0.0.0/0 udp 4569
61 192.168.0.148 0.0.0.0/0 tcp 4569
61 192.168.0.148 0.0.0.0/0 udp 4569
62 0.0.0.0/0 0.0.0.0/0 tcp 22
64 0.0.0.0/0 0.0.0.0/0 tcp 6881:6889,3527,2663,1301
64 0.0.0.0/0 0.0.0.0/0 udp 6881:6889,3527,2663,1301
SAVE 0.0.0.0/0 0.0.0.0/0 all - -
- !0
So far, I''ve been unable to get ipp2p working with my kernel, so
I''m
trying to handle it manually as best I can. To test out the setup, I
restarted shorewall then started a bittorrent download (of Fedora core
6, incidentally). I manually stopped it when the uploaded size reached
1.0Mbytes. I then ran `shorewall show tc` and got the following:
class htb 1:164 parent 1:1 leaf 164: prio 3 quantum 1500 rate
80000bit ceil 80000bit burst 1540b/8 mpu 0b overhead 0b cburst
1540b/8 mpu 0b overhead 0b level 0
Sent 528821 bytes 7211 pkt (dropped 0, overlimits 0 requeues 0)
rate 53048bit 93pps backlog 0b 0p requeues 0
lended: 7211 borrowed: 0 giants: 0
tokens: 147600 ctokens: 147600
class htb 1:163 parent 1:1 leaf 163: prio 2 quantum 1500 rate
68000bit ceil 307000bit burst 1533b/8 mpu 0b overhead 0b cburst
1652b/8 mpu 0b overhead 0b level 0
Sent 1609927 bytes 6855 pkt (dropped 0, overlimits 0 requeues
0)
rate 132472bit 87pps backlog 0b 0p requeues 0
lended: 4295 borrowed: 2560 giants: 0
tokens: 174823 ctokens: 41824
class htb 1:162 parent 1:1 leaf 162: prio 1 quantum 1500 rate
102000bit ceil 341000bit burst 1550b/8 mpu 0b overhead 0b cburst
1669b/8 mpu 0b overhead 0b level 0
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
lended: 0 borrowed: 0 giants: 0
tokens: 121647 ctokens: 39178
class htb 1:161 parent 1:1 leaf 161: prio 0 quantum 3200 rate
250000bit ceil 358000bit burst 1625b/8 mpu 0b overhead 0b cburst
1678b/8 mpu 0b overhead 0b level 0
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
lended: 0 borrowed: 0 giants: 0
tokens: 52000 ctokens: 37519
If my math is serving me correctly, nowhere near 1.0Mbytes of data
flowed through these classes. Classes 62 and 61 sent 0 bytes, since I
made no voip calls or SSH connections during this time period. Class 63
(the default class) shows 196Kbytes sent, and class 64 (the bittorrent
class) shows a whopping 64Kbytes sent. Something doesn''t add up here!
I''m at a loss on how to troubleshoot this further. I tried installing
wireshark (formerly ethereal) on the firewall box, to monitor my WAN
interface and see what sorts of traffic were flowing, but it''s MIA.
How is all this traffic getting around my default tcclass???
Thanks Much,
Dave
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Prasanna Krishnamoorthy
2006-Dec-28 03:43 UTC
Re: Traffic Control: Traffic is escaping my grasp!
On 12/28/06, David Rea <dave@daverea.com> wrote:> class htb 1:163 parent 1:1 leaf 163: prio 2 quantum 1500 rate > 68000bit ceil 307000bit burst 1533b/8 mpu 0b overhead 0b cburst > 1652b/8 mpu 0b overhead 0b level 0 > Sent 1609927 bytes 6855 pkt (dropped 0, overlimits 0 requeues > 0)Isn''t that 1.6Mbytes? In which case there''s no ''missing'' traffic :-) Prasanna. ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
David Rea wrote:> > #INTERFACE MARK RATE CEIL PRIORITY OPTIONS > eth1 61 250kbit 7*full/8 0 eth1 > 62 full/4 5*full/6 1 eth1 63 > full/6 3*full/4 2 default > eth1 64 80kbit 80kbit 3The above is a mess -- totally unfathomable without pasting it into a text editor and massaging it...> class htb 1:163 parent 1:1 leaf 163: prio 2 quantum 1500 rate > 68000bit ceil 307000bit burst 1533b/8 mpu 0b overhead 0b cburst > 1652b/8 mpu 0b overhead 0b level 0 > Sent 1609927 bytes 6855 pkt (dropped 0, overlimits 0 requeues-------------> > If my math is serving me correctly, nowhere near 1.0Mbytes of data > flowed through these classes. Classes 62 and 61 sent 0 bytes, since I > made no voip calls or SSH connections during this time period. Class 63 > (the default class) shows 196Kbytes1,609,927 bytes == 196kbytes? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
On Thu, 2006-12-28 at 09:13 +0530, Prasanna Krishnamoorthy wrote:> On 12/28/06, David Rea <dave@daverea.com> wrote: > > class htb 1:163 parent 1:1 leaf 163: prio 2 quantum 1500 rate > > 68000bit ceil 307000bit burst 1533b/8 mpu 0b overhead 0b cburst > > 1652b/8 mpu 0b overhead 0b level 0 > > Sent 1609927 bytes 6855 pkt (dropped 0, overlimits 0 requeues > > 0) > Isn''t that 1.6Mbytes? In which case there''s no ''missing'' traffic :-) > > Prasanna.Wjowsa...don''t know how I let that one get by me!!! Thank you for the correction. Frusteration can sometimes result in momentary incompetence... So now I''m left with figuring out why so much of the bittorrent traffic is falling into the default class 63, and not going through class 64 the way it (theoretically) should. Could bittorrent be negotiating outgoing transfers on some other port outside the 6881..6889 range? I''m back to testing...will report back soon... [Dave] ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
David Rea wrote:> On Thu, 2006-12-28 at 09:13 +0530, Prasanna Krishnamoorthy wrote: > >> On 12/28/06, David Rea <dave@daverea.com> wrote: >> >>> class htb 1:163 parent 1:1 leaf 163: prio 2 quantum 1500 rate >>> 68000bit ceil 307000bit burst 1533b/8 mpu 0b overhead 0b cburst >>> 1652b/8 mpu 0b overhead 0b level 0 >>> Sent 1609927 bytes 6855 pkt (dropped 0, overlimits 0 requeues >>> 0) >>> >> Isn''t that 1.6Mbytes? In which case there''s no ''missing'' traffic :-) >> >> Prasanna. >> > > Wjowsa...don''t know how I let that one get by me!!! Thank you for the > correction. Frusteration can sometimes result in momentary > incompetence... > > So now I''m left with figuring out why so much of the bittorrent traffic > is falling into the default class 63, and not going through class 64 the > way it (theoretically) should. Could bittorrent be negotiating outgoing > transfers on some other port outside the 6881..6889 range? >Yes for sure. This feature was implemented to avoid guys like you. Probably the best will be to give the bandwidth to VoIP and leave the rest to all other. Maybe you can use snort-inline to detect and block bittorrent, but it becomes more complex if you want to throttle it.> I''m back to testing...will report back soon... > > [Dave] > > > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net''s Techsay panel and you''ll get the chance to share your > opinions on IT & business topics through brief surveys - and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >-- Hristo Benev IT Manager WAVEROAD Partners in Telecommunications 514-935-2020 x225 T 514-935-1001 F www.waveroad.ca hristo.benev@waveroad.ca ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV