similar to: [patch] Raw sockets in jails

Hi all I started playing with tcng to generate my tc rules, but I have some difficulty implementing my rules... The script below generates an error: # Device eth0 tc qdisc add dev eth0 ingress beginner.tc:2: don''t know how to build meter for this The script is below, I changed the real IP numbers for XXs and YYs, since it doesn''t really matter what they are. eth0 is the

Colleagues, one of my servers had to be rebooted uncleanly and then I have backgrounded fsck locked for more than an our in snaplk: 742 root 1 -4 4 1320K 688K snaplk 0:02 0.00% fsck_ufs File system in question is 200G gmirror on SATA. Usually making a snapshot (e.g., for making dumps) consumes 3-4 minutes for that fs, so it seems to me that filesystem is in a deadlock. Any

Martin, If I understand whay you are suggesting, there is a problem in your design: It will only work if you use Hide NAT. The problem is that the ip_src == IP0 rule is wrong: The ip_src is not changed by the router and it is not equal to the IP of any of the machine interfaces. Can you think of a solution that will work in the following reasonabl scenario: Lets say I have two T1 internet

Hi all. I''ve written a small htb script that uses U32 and FW (marked by IPTABLES) filters, but TC doesn''t seem to be using the "cls_fw.o" module !!! I''m using redhat v9.0, kernel 2.4.8-20, iproute 2.4.7-7. Here is my script: ========================================================== ##################### #Interface definition #####################

Hi all, We have 2 class C networks that are connected by a Linux router with the internet. We want to apply traffic control (bandwidth control). For that we wrote the tcc script below. We have 2 problems: 1. To establish a 2 megagit download we must actually set the value to 2500kbps. Is there a possible reason for that? 2. If we enable the WAN device we get very hight ping times (they change

Greetings all, OK - just started playing around with traffic shaping - have imq and htb and (I think) everything else I need in the kernel and running well. My initial lab task was to protect a H.323 session over a simulated half T1 while adding bulk traffic - got that accomplished after slogging through learning tc and decided in short order that a more intuitive interface would be

Hi. I understand that device aliases (e.g. eth2:3) are not shapeable. Does anybody know if this functionality is planned in the future? Anyway, for the time being the only option that seems to leave is to fwmark packets differently for each device alias and then shape based on that. Is it possible to set multiple marks on the packets? Alternatively, is it possible to check for a specific

Is there a flow diagram as to where tc actions take place with respect to NAT and other iptables functions on a multihomed box (private & public NICs) ? Are tc filter rules consulted before or after NATing? My real interest is in basic understanding first, and then solving a real problem second. Example: Firewall Public NIC 123.123.123.1 Firewall Private NIC 192.168.168.1 Dedicated Video

Hello all, I am trying to set up a simple htb based system, where packets with source ip 10.0.0.1 should have their own class. I plan to use tcng to set it up easier. Is there something wrong in my tcng file ? ~/tcng$ cat htb /* */ #include "fields.tc" #include "ports.tc" dev eth0 { htb ( ) { class ( rate 600kbps, ceil 600kbps ) {

Hello I am trying to redirect all http traffic of unauthorized wifi users on a wireless hotspot to a login page. The problem I have is that I can not disable the regular address translation (I want the source address to stay the same). 10.0.0.7 is the wifi client 195.250.155.29 is the web wifi user tries to access from his browser 195.113.17.94 is my login page 10.0.0.1 is the wifi

Hi all, I have setup two multipath route tables on my system for doing failover routing, What I want it''s that if GW at route1 of the MP is dead, traffic goes by route2, for doing that I have created the multipath routes as follows: ip route add table mail.traffic proto static nexthop via ${GW1} dev eth1 weight 1 nexthop via ${GW2} dev eth1 weight 250 But it does not run as I

Hi all, It is my understanding that with HTB, the rate and the ceiling are divided over the elements of the class. E.g. using a rate of 100 kb and a ceiling of 2000 kb for a class with 10 elements on a 100Mb NIC, the effect of the ceiling will be that if all elements are generating their maximimum possible trafic they will be effectively limited to ~ ceiling / number of elements, in this case

This question is not about linux usage. But still i think user list is a good crowd for linux programmer. So here it goes. I have this libnetfilter_queue application which receives packets from kernel based on some iptables rule. Before going straight to my problem, i'm giving a sample workable code and other tools to set up a test environment so that We problem definition and possible

Hey all, i have a class. class ( <$call1> ) if ip_dst == 10.100.1.6 && tcp_dport == 22 if ip_src == 10.100.1.4 && tcp_sport == 22 ; Now when i apply this traffic TO 6 on port 22 is indeed limited to the speed i specify BUT it doesn''t seem to take the src into account at all. If i change the src to anything, even an address that

this is 6.0-STABLE as for Mar 17. KDB: debugger backends: ddb KDB: current backend: ddb Copyright (c) 1992-2006 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 6.1-PRERELEASE #2: Fri Mar 17 11:05:32 UTC 2006 vlad@host:/usr/src/sys/amd64/compile/DEF_WEB Timecounter

Two machines (NFS Server: running ZFS / Client: disk-less), both are running FreeBSD r253506. The NFS client starts to deadlock processes within a few hours. It usually gets worse from there on. The processes stay in "D" state. I haven't been able to reproduce it when I want it to happen. I only have to wait a few hours until the deadlocks occur when traffic to the client machine