Hello Tom, In tcrules'' tos field, what would be the right way of specifying a numerical value ? Both ''16'' and ''0x10'' sucessfully pass the ''shorewall check'' test - does this mean that both are valid ? I''ve looked at the configuration_file_basics page but did not seem to find an explicit reference about a numerical format such as the one used for this tos field. I''m asking as I''m getting into troubleshooting what seems at first outlook a problem in not having the same result when for instance the string ''Minimize-Delay'' is used when compared to using the string ''0x10''. Also, is there a system command that can be used to verify that the tos value is actually observed in a tcrule ? A command such as ''tc -s -d class show dev <name>'' does not provide this information. Thanks again for your help, it''s much appreciated. ------------------------------------------------------------------------------ Keep yourself connected to Go Parallel: INSIGHTS What''s next for parallel hardware, programming and related areas? Interviews and blogs by thought leaders keep you ahead of the curve. http://goparallel.sourceforge.net
On 11/28/12 6:21 AM, Fred Maillou wrote:> In tcrules'' tos field, what would be the right way of > specifying a numerical value ? Both ''16'' and ''0x10'' sucessfully > pass the ''shorewall check'' test - does this mean that both are > valid ?Yes, and they are equivalent. I''ve looked at the configuration_file_basics page but> did not seem to find an explicit reference about a numerical > format such as the one used for this tos field.All numbers in Shorewall input default to decimal except those dealing with tc devices and classes; those are always interpreted as hex (because that is how tc interprets them).> I''m asking as > I''m getting into troubleshooting what seems at first outlook a > problem in not having the same result when for instance the > string ''Minimize-Delay'' is used when compared to using the string > ''0x10''.Those are different - 0x10 assumes a mask of 0xff while ''Minimize-Delay'' assumes a mask of 0x3f; that is clearly described in the tcrules manpage.> > Also, is there a system command that can be used to verify that > the tos value is actually observed in a tcrule ? A command such > as ''tc -s -d class show dev <name>'' does not provide this > information.''shorewall show filters''. The complex TC article includes a tutorial about understanding the output. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Keep yourself connected to Go Parallel: INSIGHTS What''s next for parallel hardware, programming and related areas? Interviews and blogs by thought leaders keep you ahead of the curve. http://goparallel.sourceforge.net
>> I''m asking as I''m getting into troubleshooting what seems at first >> outlook a problem in not having the same result when for instance >> the string ''Minimize-Delay'' is used when compared to using the >> string ''0x10''.> Those are different - 0x10 assumes a mask of 0xff while > ''Minimize-Delay'' assumes a mask of 0x3f; that is clearly described > in the tcrules manpage.Wouldn''t that be the same anyways when having either the string ''0x10'' or the string ''Minimize-Delay'' (which is equal to 0x10 as shown in tcrules) ? I''m afraid I don''t see the nuance in there. I''d appreciate if you can detail how it works.>> Also, is there a system command that can be used to verify that >> the tos value is actually observed in a tcrule ? A command such as >> ''tc -s -d class show dev <name>'' does not provide this information.> ''shorewall show filters''. The complex TC article includes a tutorial > about understanding the output.Thanks. Although I only get the following output for the only device under TC: % shorewall show filters Device fe-4-2: filter parent 1: protocol all pref 276 fw filter parent 1: protocol all pref 276 fw handle 0x1 classid 1:11 filter parent 1: protocol all pref 276 fw handle 0x2 classid 1:12 Whereas the tc command would confirm that TC is applied: % tc -s -d class show dev fe-4-2 class htb 1:11 parent 1:1 leaf 2: prio 1 quantum 2500 rate 7500Kbit ceil 67500Kbit burst 2535b/8 mpu 0b overhead Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) rate 0bit 0pps backlog 0b 0p requeues 0 lended: 0 borrowed: 0 giants: 0 tokens: 42281 ctokens: 18578 [...] tc config being: tcrules #MARK SOURCE DEST PROTO DPORT SPORT USER TEST LENGTH TOS 1 172.30.159.102 0.0.0.0/0 all - - - - - Minimize-Delay tcclasses #INTERFACE MARK RATE CEIL PRIO OPTIONS fe-4-2 1 full*1/10 full*9/10 1 fe-4-2 2 full*1/10 full*7/10 1 default ------------------------------------------------------------------------------ Keep yourself connected to Go Parallel: INSIGHTS What''s next for parallel hardware, programming and related areas? Interviews and blogs by thought leaders keep you ahead of the curve. http://goparallel.sourceforge.net
On 11/28/2012 07:48 AM, Fred Maillou wrote:> >>> I''m asking as I''m getting into troubleshooting what seems at first >>> outlook a problem in not having the same result when for instance >>> the string ''Minimize-Delay'' is used when compared to using the >>> string ''0x10''. > >> Those are different - 0x10 assumes a mask of 0xff while >> ''Minimize-Delay'' assumes a mask of 0x3f; that is clearly described >> in the tcrules manpage. > > Wouldn''t that be the same anyways when having either the string ''0x10'' > or the string ''Minimize-Delay'' (which is equal to 0x10 as shown in > tcrules) ? I''m afraid I don''t see the nuance in there. I''d > appreciate if you can detail how it works. > >>> Also, is there a system command that can be used to verify that >>> the tos value is actually observed in a tcrule ? A command such as >>> ''tc -s -d class show dev <name>'' does not provide this information. > >> ''shorewall show filters''. The complex TC article includes a tutorial >> about understanding the output. > > Thanks. Although I only get the following output for the only device > under TC: >My bad -- I was thinking of TOS specification in tcclasses/tcfilters. For tcrules, simply type ''shorewall show mangle''. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Keep yourself connected to Go Parallel: INSIGHTS What''s next for parallel hardware, programming and related areas? Interviews and blogs by thought leaders keep you ahead of the curve. http://goparallel.sourceforge.net
> My bad -- I was thinking of TOS specification in > tcclasses/tcfilters. For tcrules, simply type ''shorewall show > mangle''.Thanks. Do you know if there''s any side effect to specify a value of 0x24 ? As far as I see it from the Shorewall use, 0x20 would be an off-limit value as it is associated with nothing defined. In other words, would there be any reason wny these two would not equate the same behaviour: Chain tcfor (1 references) pkts bytes target prot opt in out source destination 0 0 MARK all -- * * 172.30.159.102 0.0.0.0/0 tos match 0x04/0xff MARK set 0x1 Chain tcfor (1 references) pkts bytes target prot opt in out source destination 0 0 MARK all -- * * 172.30.159.102 0.0.0.0/0 tos match 0x24/0xff MARK set 0x1 Thanks again. ------------------------------------------------------------------------------ Keep yourself connected to Go Parallel: INSIGHTS What''s next for parallel hardware, programming and related areas? Interviews and blogs by thought leaders keep you ahead of the curve. http://goparallel.sourceforge.net
On 11/28/2012 08:36 AM, Fred Maillou wrote:>> My bad -- I was thinking of TOS specification in >> tcclasses/tcfilters. For tcrules, simply type ''shorewall show >> mangle''. > > Thanks. Do you know if there''s any side effect to specify a value of > 0x24 ? As far as I see it from the Shorewall use, 0x20 would be an > off-limit value as it is associated with nothing defined. > > In other words, would there be any reason wny these two would not equate > the same behaviour: >The 0x24 will only match if those two bits are set in the entire 8-bit field. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Keep yourself connected to Go Parallel: INSIGHTS What''s next for parallel hardware, programming and related areas? Interviews and blogs by thought leaders keep you ahead of the curve. http://goparallel.sourceforge.net