thr3ads.net - Shorewall users - Re: Traffic Shaping [Jun 2009]

If this information is useful, please help other people find it:
Share via:

Mike Lander

2009-Jun-21 01:49 UTC

Re: Traffic Shaping

> Mike Lander wrote:
> 
> >>>
> >>> In the meantime, see if the attached patch corrects your
problem.
> >>>
> >>>   patch /usr/share/shorewall-perl/Shorewall/Tc.pm <
tcpriority.diff
> >>>
> >> Also in 4.4, the priority of the fw and the option-generated
classifiers
> >> are adjusted in a way that is similar to the simple patch I
posted.
> > 
> > I think I will try 4.4 and I will let you know.
> 
> Please don''t if you are going to put this into production. 4.4 is
still
> in Beta.
> 
> It would help me if you could test the patch ....
> 
> -Tom
Been to see someone off at seatac. Back now
I applied the patch and defintely changed the classifiers. 
Below is firewall with that sends 14 tos the other firewall below this

Device eth1:
filter parent 2: protocol ip pref 10 u32 
filter parent 2: protocol ip pref 10 u32 fh 800: ht divisor 1 
filter parent 2: protocol ip pref 10 u32 fh 800::800 order 2048 key ht 800 bkt 0
flowid 2:11  (rule hit 349 success 220)
  match 00140000/00fc0000 at 0 (success 220 ) 
filter parent 2: protocol ip pref 10 u32 fh 800::801 order 2049 key ht 800 bkt 0
flowid 2:11  (rule hit 129 success 0)
  match 001c0000/00fc0000 at 0 (success 0 ) 
filter parent 2: protocol ip pref 10 u32 fh 800::802 order 2050 key ht 800 bkt 0
flowid 2:12  (rule hit 129 success 22)
 protocol 6 (success 99 ) 
  match 05000000/0f00ffc0 at 0 (success 77 ) 
  match 00100000/00ff0000 at 32 (success 22 ) 
filter parent 2: protocol ip pref 10 u32 fh 800::803 order 2051 key ht 800 bkt 0
flowid 2:12  (rule hit 107 success 0)
  match 00100000/00100000 at 0 (success 0 ) 
filter parent 2: protocol all pref 20 fw 
filter parent 2: protocol all pref 20 fw handle 0x1 classid 2:11 
filter parent 2: protocol all pref 20 fw handle 0x2 classid 2:12 
filter parent 2: protocol all pref 20 fw handle 0x3 classid 2:13 
filter parent 2: protocol all pref 20 fw handle 0x4 classid 2:14 

Device tun0:
filter parent 3: protocol ip pref 10 u32 
filter parent 3: protocol ip pref 10 u32 fh 800: ht divisor 1 
filter parent 3: protocol ip pref 10 u32 fh 800::800 order 2048 key ht 800 bkt 0
flowid 3:11  (rule hit 175 success 175)
  match 00140000/00fc0000 at 0 (success 175 ) 
filter parent 3: protocol ip pref 10 u32 fh 800::801 order 2049 key ht 800 bkt 0
flowid 3:11  (rule hit 0 success 0)
  match 001c0000/00fc0000 at 0 (success 0 ) 
filter parent 3: protocol ip pref 10 u32 fh 800::802 order 2050 key ht 800 bkt 0
flowid 3:12  (rule hit 0 success 0)
 protocol 6 (success 0 ) 
  match 05000000/0f00ffc0 at 0 (success 0 ) 
  match 00100000/00ff0000 at 32 (success 0 ) 
filter parent 3: protocol ip pref 10 u32 fh 800::803 order 2051 key ht 800 bkt 0
flowid 3:12  (rule hit 0 success 0)
  match 00100000/00100000 at 0 (success 0 ) 
filter parent 3: protocol all pref 20 fw 
filter parent 3: protocol all pref 20 fw handle 0x1 classid 3:11 
filter parent 3: protocol all pref 20 fw handle 0x2 classid 3:12 
filter parent 3: protocol all pref 20 fw handle 0x3 classid 3:13 
filter parent 3: protocol all pref 20 fw handle 0x4 classid 3:14 

Mothership firewall 1c tos

Device eth1:
filter parent 2: protocol ip pref 10 u32 
filter parent 2: protocol ip pref 10 u32 fh 800: ht divisor 1 
filter parent 2: protocol ip pref 10 u32 fh 800::800 order 2048 key ht 800 bkt 0
flowid 2:11  (rule hit 1179 success 0)
  match 00140000/00fc0000 at 0 (success 0 ) 
filter parent 2: protocol ip pref 10 u32 fh 800::801 order 2049 key ht 800 bkt 0
flowid 2:11  (rule hit 1179 success 205)
  match 001c0000/00fc0000 at 0 (success 205 ) 
filter parent 2: protocol ip pref 10 u32 fh 800::802 order 2050 key ht 800 bkt 0
flowid 2:12  (rule hit 974 success 0)
  match 00060000/00ff0000 at 8 (success 0 ) 
  match 05000000/0f00ffc0 at 0 (success 0 ) 
  match 00100000/00ff0000 at 32 (success 0 ) 
filter parent 2: protocol ip pref 10 u32 fh 800::803 order 2051 key ht 800 bkt 0
flowid 2:12  (rule hit 974 success 0)
  match 00100000/00100000 at 0 (success 0 ) 
filter parent 2: protocol all pref 20 fw 
filter parent 2: protocol all pref 20 fw handle 0x1 classid 2:11 
filter parent 2: protocol all pref 20 fw handle 0x2 classid 2:12 
filter parent 2: protocol all pref 20 fw handle 0x3 classid 2:13 
filter parent 2: protocol all pref 20 fw handle 0x4 classid 2:14 

Device tun2:
filter parent 5: protocol ip pref 10 u32 
filter parent 5: protocol ip pref 10 u32 fh 800: ht divisor 1 
filter parent 5: protocol ip pref 10 u32 fh 800::800 order 2048 key ht 800 bkt 0
flowid 5:11  (rule hit 158 success 0)
  match 00140000/00fc0000 at 0 (success 0 ) 
filter parent 5: protocol ip pref 10 u32 fh 800::801 order 2049 key ht 800 bkt 0
flowid 5:11  (rule hit 158 success 158)
  match 001c0000/00fc0000 at 0 (success 158 ) 
filter parent 5: protocol ip pref 10 u32 fh 800::802 order 2050 key ht 800 bkt 0
flowid 5:12  (rule hit 0 success 0)
  match 00060000/00ff0000 at 8 (success 0 ) 
  match 05000000/0f00ffc0 at 0 (success 0 ) 
  match 00100000/00ff0000 at 32 (success 0 ) 
filter parent 5: protocol ip pref 10 u32 fh 800::803 order 2051 key ht 800 bkt 0
flowid 5:12  (rule hit 0 success 0)
  match 00100000/00100000 at 0 (success 0 ) 
filter parent 5: protocol all pref 20 fw 
filter parent 5: protocol all pref 20 fw handle 0x1 classid 5:11 
filter parent 5: protocol all pref 20 fw handle 0x2 classid 5:12 
filter parent 5: protocol all pref 20 fw handle 0x3 classid 5:13 
filter parent 5: protocol all pref 20 fw handle 0x4 classid 5:14 


Does this look better?


Thank you,
Mike

> -- 



------------------------------------------------------------------------------
Are you an open source citizen? Join us for the Open Source Bridge conference!
Portland, OR, June 17-19. Two days of sessions, one day of unconference: $250.
Need another reason to go? 24-hour hacker lounge. Register today!
http://ad.doubleclick.net/clk;215844324;13503038;v?http://opensourcebridge.org

Tom Eastep

2009-Jun-21 02:33 UTC

head link

Re: Traffic Shaping

Mike Lander wrote:
> 
> Does this look better?
It did what I expected

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________



------------------------------------------------------------------------------
Are you an open source citizen? Join us for the Open Source Bridge conference!
Portland, OR, June 17-19. Two days of sessions, one day of unconference: $250.
Need another reason to go? 24-hour hacker lounge. Register today!
http://ad.doubleclick.net/clk;215844324;13503038;v?http://opensourcebridge.org

Shorewall users - Jun 2009 - Re: Traffic Shaping

Re: Traffic Shaping

Re: Traffic Shaping