I am trying to set up traffic shaping for incoming traffic by using the IFB to give SSH traffic priority. However, there seems to be no traffic going through the IFB. The result of tc -s -d class show dev ifb0: class htb 2:11 parent 2:1 leaf 11: prio 1 quantum 3825 rate 153000bit ceil 307000bit burst 1618b/8 mpu 0b overhead 0b cburst 1637b/8 mpu 0b overhead 0b level 0 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) rate 0bit 0pps backlog 0b 0p requeues 0 lended: 0 borrowed: 0 giants: 0 tokens: 84653 ctokens: 42684 class htb 2:1 root rate 512000bit ceil 512000bit burst 1664b/8 mpu 0b overhead 0b cburst 1664b/8 mpu 0b overhead 0b level 7 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) rate 0bit 0pps backlog 0b 0p requeues 0 lended: 0 borrowed: 0 giants: 0 tokens: 26000 ctokens: 26000 class htb 2:12 parent 2:1 leaf 12: prio 2 quantum 8950 rate 358000bit ceil 512000bit burst 1643b/8 mpu 0b overhead 0b cburst 1664b/8 mpu 0b overhead 0b level 0 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) rate 0bit 0pps backlog 0b 0p requeues 0 lended: 0 borrowed: 0 giants: 0 tokens: 36737 ctokens: 26000 My settings are as follows: init: qt modprobe ifb numifbs=1 qt ip link set ifb0 up tcdevices: #NUMBER: IN-BANDWITH OUT-BANDWIDTH OPTIONS REDIRECTED #INTERFACE INTERFACES 1:eth2 - 256kbit classify 2:ifb0 - 512kbit - eth2 tcclasses: #INTERFACE:CLASS MARK RATE CEIL PRIORITY OPTIONS 1:11 - 3*full/10 6*full/10 1 tos-minimize-delay 1:12 - 7*full/10 full 2 default 2:11 - 3*full/10 6*full/10 1 tos-minimize-delay 2:12 - 7*full/10 full 2 default tcfilter: #INTERFACE: SOURCE DEST PROTO DEST SOURCE #CLASS PORT(S) PORT(S) 1:11 0.0.0.0/0 0.0.0.0/0 tcp - 22 2:11 0.0.0.0/0 0.0.0.0/0 tcp 22 Are there anything I''m missing in the settings? ------------------------------------------------------------------------------ This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword
Moses Truong wrote:> I am trying to set up traffic shaping for incoming traffic by using the > IFB to give SSH traffic priority. However, there seems to be no traffic > going through the IFB. > > Are there anything I''m missing in the settings? >There is no way to tell from the information that you sent. AFAIK, there is no way to determine if traffic entering on one interface is being sent through an IFB at all! If anyone knows a wayu, please tell us the secret. Moses: You can send us the /var/lib/shorewall/.restore file so we can see what commands were executed at the last ''shorewall start/restart''. But that won''t be definitive. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword
Tom Eastep wrote:> > Moses: You can send us the /var/lib/shorewall/.restore file so we can > see what commands were executed at the last ''shorewall start/restart''. > But that won''t be definitive. >Wouldn''t hurt to include the output of "shorewall dump" as an attachment; and be sure that you have generated traffic that you believe will go through the IFB. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword
Well, according to http://www.linuxfoundation.org/en/Net:IFB#IFB_Example, TC -s qdisc show dev ifb0 i assume that it will show the packets sent from the device. But when I ran that on my machine, the number of bytes and packets sent shows 0. The .restore and shorewall dump were bigger than 50k, so I''ve uploaded them to: http://www.truong.id.au/files/restore.bz2 http://www.truong.id.au/files/shorewall_dump.bz2 Tom Eastep wrote:> Tom Eastep wrote: > > >> Moses: You can send us the /var/lib/shorewall/.restore file so we can >> see what commands were executed at the last ''shorewall start/restart''. >> But that won''t be definitive. >> >> > > Wouldn''t hurt to include the output of "shorewall dump" as an > attachment; and be sure that you have generated traffic that you believe > will go through the IFB. > > -Tom > > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------------ > This SF.net email is sponsored by: > SourcForge Community > SourceForge wants to tell your story. > http://p.sf.net/sfu/sf-spreadtheword > ------------------------------------------------------------------------ > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >------------------------------------------------------------------------------ Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM) software. With Adobe AIR, Ajax developers can use existing skills and code to build responsive, highly engaging applications that combine the power of local resources and data with the reach of the web. Download the Adobe AIR SDK and Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com
Moses Truong wrote:> Well, according to > http://www.linuxfoundation.org/en/Net:IFB#IFB_Example, TC -s qdisc show > dev ifb0 i assume that it will show the packets sent from the device. > But when I ran that on my machine, the number of bytes and packets sent > shows 0. > > The .restore and shorewall dump were bigger than 50k, so I''ve uploaded > them to: > http://www.truong.id.au/files/restore.bz2 > http://www.truong.id.au/files/shorewall_dump.bz2What happens when you execute this command (all on one line, of course)? tc filter add dev eth2 parent ffff: protocol ip u32 match u32 0 0 action mirred egress redirect dev ifb0 -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM) software. With Adobe AIR, Ajax developers can use existing skills and code to build responsive, highly engaging applications that combine the power of local resources and data with the reach of the web. Download the Adobe AIR SDK and Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com
Tom Eastep wrote:> Moses Truong wrote: > >> Well, according to >> http://www.linuxfoundation.org/en/Net:IFB#IFB_Example, TC -s qdisc show >> dev ifb0 i assume that it will show the packets sent from the device. >> But when I ran that on my machine, the number of bytes and packets sent >> shows 0. >> >> The .restore and shorewall dump were bigger than 50k, so I''ve uploaded >> them to: >> http://www.truong.id.au/files/restore.bz2 >> http://www.truong.id.au/files/shorewall_dump.bz2 >> > > What happens when you execute this command (all on one line, of course)? > > tc filter add dev eth2 parent ffff: protocol ip u32 match u32 0 0 action > mirred egress redirect dev ifb0 > > -Tom > >I Get the following response: Action 4 device ifb0 ifindex 8> ------------------------------------------------------------------------ > > ------------------------------------------------------------------------------ > Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM) > software. With Adobe AIR, Ajax developers can use existing skills and code to > build responsive, highly engaging applications that combine the power of local > resources and data with the reach of the web. Download the Adobe AIR SDK and > Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com > ------------------------------------------------------------------------ > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >------------------------------------------------------------------------------ Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM) software. With Adobe AIR, Ajax developers can use existing skills and code to build responsive, highly engaging applications that combine the power of local resources and data with the reach of the web. Download the Adobe AIR SDK and Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com
Moses Truong wrote:> Tom Eastep wrote: >>> >> What happens when you execute this command (all on one line, of course)? >> >> tc filter add dev eth2 parent ffff: protocol ip u32 match u32 0 0 action >> mirred egress redirect dev ifb0 >> >> -Tom >> >> > I Get the following response: > Action 4 device ifb0 ifindex 8That is the command to redirect packets entering from eth2 to be mirrored into ifb0. So if that isn''t working, I don''t know what to tell you. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM) software. With Adobe AIR, Ajax developers can use existing skills and code to build responsive, highly engaging applications that combine the power of local resources and data with the reach of the web. Download the Adobe AIR SDK and Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com
Tom Eastep wrote:> Moses Truong wrote: >> Tom Eastep wrote: >>>> >>> What happens when you execute this command (all on one line, of course)? >>> >>> tc filter add dev eth2 parent ffff: protocol ip u32 match u32 0 0 action >>> mirred egress redirect dev ifb0 >>> >>> -Tom >>> >>> >> I Get the following response: >> Action 4 device ifb0 ifindex 8FWIW, the "Action 4 ..." message is debugging output that should have been removed long ago but has not been. Shorewall sends the output of the command to /dev/null to suppress it.> > That is the command to redirect packets entering from eth2 to be > mirrored into ifb0. So if that isn''t working, I don''t know what to tell you.I booted up a Centos 5.2 system this morning and I couldn''t make an IFB work on it either :-( -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM) software. With Adobe AIR, Ajax developers can use existing skills and code to build responsive, highly engaging applications that combine the power of local resources and data with the reach of the web. Download the Adobe AIR SDK and Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com
Tom Eastep wrote:> Tom Eastep wrote: > >> Moses Truong wrote: >> >>> Tom Eastep wrote: >>> >>>>> >>>>> >>>> What happens when you execute this command (all on one line, of course)? >>>> >>>> tc filter add dev eth2 parent ffff: protocol ip u32 match u32 0 0 action >>>> mirred egress redirect dev ifb0 >>>> >>>> -Tom >>>> >>>> >>>> >>> I Get the following response: >>> Action 4 device ifb0 ifindex 8 >>> > > FWIW, the "Action 4 ..." message is debugging output that should have > been removed long ago but has not been. Shorewall sends the output of > the command to /dev/null to suppress it. > > >> That is the command to redirect packets entering from eth2 to be >> mirrored into ifb0. So if that isn''t working, I don''t know what to tell you. >> > > I booted up a Centos 5.2 system this morning and I couldn''t make an IFB > work on it either :-( > > -Tom >I am working on a CentOS 5 box as well, I''ll see if I can find anything at CentOS forum on IFB then. Thanks.> ------------------------------------------------------------------------ > > ------------------------------------------------------------------------------ > Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM) > software. With Adobe AIR, Ajax developers can use existing skills and code to > build responsive, highly engaging applications that combine the power of local > resources and data with the reach of the web. Download the Adobe AIR SDK and > Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com > ------------------------------------------------------------------------ > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >------------------------------------------------------------------------------ Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM) software. With Adobe AIR, Ajax developers can use existing skills and code to build responsive, highly engaging applications that combine the power of local resources and data with the reach of the web. Download the Adobe AIR SDK and Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com
Moses Truong wrote:> > I am working on a CentOS 5 box as well, I''ll see if I can find anything > at CentOS forum on IFB then. Thanks.I could tell from the ''shorewall dump'' output that you were using centos; that''s why I tried that OS here. Please let us know if you find a solution. Thanks, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM) software. With Adobe AIR, Ajax developers can use existing skills and code to build responsive, highly engaging applications that combine the power of local resources and data with the reach of the web. Download the Adobe AIR SDK and Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com