similar to: per connection shaping

Is it possible to negate the "match" to the ip? I want to match all traffic to dport 80 NOT going to dst 1.2.3.4: $TC filter add dev ${DEV_IFB} parent 1:0 prio 2 protocol ip u32 \ match ip protocol 0x6 0xff \ match ip dport 80 0xffff \ match ip dst 1.2.3.4/32 \ classid 1:14 I can''t find it in the docs. I tried "!" "\!" and "not" in several

Hello list, Please don''t shoot me. I know I''m doing something with bonding that bonding wasn''t made for. I just want to give it a try. I want a simple mechanism to have a failover on a 24Mbit line to a 2Mbit line in case the 24Mbit line goes down. Between A and B there are two lines: a 24Mbit and a 2Mbit. I use two OpenVPN tunnels with tap devices: +-- tap0 (A)---

Hello list, I have these sorts of filters, putting traffic into the appropiate classid (1:15 is the default class): ${TC} filter add dev ${DEV_IFB} parent 1:0 prio 1 protocol ip u32 \ match ip protocol 0x6 0xff \ match ip sport 22 0xffff \ classid 1:11 # ssh ${TC} filter add dev ${DEV_IFB} parent 1:0 prio 1 protocol ip u32 \ match ip protocol 0x6 0xff \ match ip dport 22

Is it possible (one way or another) to guarantee or to limit bandwidth of 1 session? E.g.: RDP: 750kbit rate, 1Mbit ceil default: 250kbit rate, 1Mbit ceil max bw per RDP connection: 100kbit guaranteed bw per RDP session: 20kbit R. -- ___________________________________________________________________ It''s so simple to be wise. Just think of something stupid to say and say the

I set up this config: +------+ -+ ISP1 +--+ +------+ | +-------+ +--+ linux | +------+ | +-------+ -+ ISP2 +--+ +------+ No problem. Standard setup with two ISP''s. Both routed subnets. Default gateway is ISP1. No magic here. Now I put a server behind the Linux box. I want the server to be reachable on an /extra/ IP in the routed subnet of ISP2. +------+ -+ ISP1

Is it possible to create 1 filter rule using fw selectors AND u32 selectors? Richard. -- ___________________________________________________________________ Recursion: see recursion +------------------------------------------------------------------+ | Richard Lucassen, Utrecht | | Public key and email address: | |

What is the maximum value for "prio"? It seems that for htb its maximum is 7. Is that right? R. -- ___________________________________________________________________ It''s so simple to be wise. Just think of something stupid to say and say the opposite. +------------------------------------------------------------------+ | Richard Lucassen, Utrecht

Packets going to a 2.6 kernel IPSEC tunnel do not seem to pass the POSTROUTING chain. Is that correct? R. -- ___________________________________________________________________ It''s so simple to be wise. Just think of something stupid to say and say the opposite. +------------------------------------------------------------------+ | Richard Lucassen, Utrecht

I''m a newbie to tc and after some experimenting I have the following problem: # tc qdisc show qdisc sfq 8006: dev ipsec0 quantum 1514b perturb 15sec I can''t get rid of this entry. Is there a way to clear all entries? I tried all sorts of "tc qdisc del xxx" but nothing seems to work. It says: RTNETLINK answers: No such file or directory What syntax do I need to

I have 1 100MB NIC with two 2MB-subnets trough a router behind it. I''d like to create multiple default classes: 1: + |\_ 1:10 default, ceiling 100000kbit, rate 96000kbit | |\_ 1:11 ceiling 2048kbit, rate 2048kbit | | | |\_1:110 ceiling 2048kbit, rate 1536kbit | \_1:111 ceiling 2048kbit, rate 512kbit (default subnet1) | \_ 1:12 ceiling 2048kbit, rate

Hello list, I''d like to use teql with tap devices (two OpenVPN tunnels). This works, but the doc /usr/src/linux-<version>/net/sched/sch_teql.c says: "1. Slave devices MUST be active devices, i.e., they must raise the tbusy signal and generate EOI events. If you want to equalize virtual devices like tunnels, use a normal eql device." I can''t find if tap devices

>From the htb.init script: # <clsid> is class ID which is hexadecimal number in range 0x2-0xFFFF, # without the "0x" prefix. If a colon-delimited list of class IDs is # specified, the last <clsid> in the list represents ID of the class in # the config file. No problem of course, but what is the reason that a class-ID cannot be ''1''? R. --

Hi, I am trying to do some simple ingress limiting based on fwmark. I know the ability and sense to do INGRESS limiting is ehm... limited ;-) but still I want to try it. I tried several things. === 1 === tcq ingress handle ffff: tcf parent ffff: protocol ip prio 1 handle 1 fw police rate 12mbit burst 10k drop tcf parent ffff: protocol ip prio 1 handle 2 fw police rate 10mbit burst 10k drop

Dear List, I am wanting to perform some traffic shaping as the subject of this email suggests. What I am wanting to do is this; I would like to have traffic shaping performed on the following protocols: HTTP, RDP, GRE, PPTP, SIP and IAX. Obviously I would like to have highest priority set for voice packets so much so that the general http traffic does not impede on the voice packets. I

Second test after big upgrade.. -- http://www.PowerDNS.com Open source, database driven DNS Software http://netherlabs.nl Open and Closed source services

Dearfolks-- I have been told by an experienced R programmer and teacher whom I trust that it is easier to understand R code if you read it aloud, as the language that it is. However, she was clear that reading it aloud was not simply reading the marks on the screen: you read A.df[5,] as "the fifth row of A.df" (or "the fifth row of data frame A"), not as "A dot df left

I added a few features to openssh for my local use that I think would be more broadly useful. I basically added access control lists to control who would be allowed public key authentication. I added four config file entries for the server: PubkeyAllowUsers PubkeyDenyUsers PubkeyAllowGroups PubkeyDenyGroups These follow the same sematics as the already existing entries for

On Sat, 28 Dec 2019 17:02:09 +0100 richard lucassen via nsd-users <nsd-users at lists.nlnetlabs.nl> wrote: > The problem is (was) that I used "include:" statements in nsd.conf > to load zone information. Apparently nsd does not reread the include > files upon a SIGHUP. I scripted everything into 1 file and a HUP > rereads the zone info now. Wrong, I made a mistake it

I am using squid with pam_auth and delay pools to control the banwidth to the inet access. The problem, of course, is that 80% of the bandwidth is wasted. So the idea is to make the same rules but with HTB or IMQ. I did it by mac-address but the problem is that the users move from a side to another one so this doens''t work. I think to solve it using mark with iptables. For each user i

Hi there list, I got stuck when making tc rules to divide bandwidth between RDP client and the rest of our Internet traffic. Given the following problem: We have a school with around 900 students and staff in a temporary location (an old wodka factory ;)) on around 100 workstations. The maximum bandwidth we could get was 1536 kbit. So we decided to let the staff work in our normal network via