similar to: filter fw and ingress qdisc

Hi, all I''ve got problems with tc qdisc ingress. I''m using vanillia kernel 2.6.14.4 patched with http://www.ssi.bg/~ja/routes-2.6.14-12.diff, and iproute2-2.6.14-051107. i am using ingress to limit incoming traffic : (DEV is eth1 / DOWNLINK is 7700) # attach ingress policer: tc qdisc add dev $DEV handle ffff: ingress # filter *everything* to it (0.0.0.0/0), drop everything

Hello, i try to limit the incoming traffic rate using the ingress qdisc, but it does not work for me. Here is what i have done: # sudo tc qdisc add dev eth1 ingress # tc filter add dev eth1 parent ffff:0 protocol ip prio 1 u32 match ip dst 172.17.0.101/32 police rate 10kbit buffer 10k drop The ingress qdisc is there: # tc -s qdisc show dev eth1 qdisc pfifo_fast 0: bands 3 priomap 1 2 2 2 1

Hello, I am using the following iptables POSTROUTING rule to NAT some RFC 1918 addresses: iptables -t nat -A POSTROUTING -s 192.168.19.23 ! 192.168.0.0/255.255.0.0 -p tcp --dport 80 -j SNAT --to-source 10.32.4.2 (I am using SNAT instead of MASQUERADE for performance reasons). I have several addresses on the 192.168.0.0/16 subnet that I am SNAT''ing similarly. Problem is, ''tc

Hi, I am trying to do some simple ingress limiting based on fwmark. I know the ability and sense to do INGRESS limiting is ehm... limited ;-) but still I want to try it. I tried several things. === 1 === tcq ingress handle ffff: tcf parent ffff: protocol ip prio 1 handle 1 fw police rate 12mbit burst 10k drop tcf parent ffff: protocol ip prio 1 handle 2 fw police rate 10mbit burst 10k drop

On Thu, Jul 18, 2013 at 12:15 AM, Ben Pfaff <blp@nicira.com> wrote: > On Wed, Jul 17, 2013 at 6:06 AM, Qiu Yu <unicell@gmail.com> wrote: >> After some digging in openvswitch code. My wild guess is that vlan tag >> reconfiguring triggered iface_configure_qos (vswitchd/bridge.c), which >> in turn called netdev_set_policing to reset ingress policing rate. >>

After some digging in openvswitch code. My wild guess is that vlan tag reconfiguring triggered iface_configure_qos (vswitchd/bridge.c), which in turn called netdev_set_policing to reset ingress policing rate. Although there's no ingress_policing_rate set in my case, existing ingress qdisc still remove by default. Could some openvswitch guy help to confirm and suggest how to fix or workaround?

Hello, i noticed that the ingress qdisc is not working properly anymore in 3.0.4-1 (back in 3.0.2 the ingress qdisc was working for me): Install the ingress qdisc to peth0: # tc add qdisc dev peth0 ingress ... generate some traffic ... # tc -s qdisc show dev peth0 qdisc pfifo_fast 0: bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1 Sent 324884 bytes 1749 pkt (dropped 0, overlimits 0 requeues

With outbound QoS setting in Libvirt XML, libvirt will add a tc ingress qdisc for traffic shaping. Then if you set VLAN tag to that tap device, this qdisc will automatically gone by no reason. Could anyone shed some lights where should I look into? I'm really confused and got no clue here. Thanks! Steps to reproduce -- # virsh start instance-name # virsh dumpxml instance-name ...

On Wed, Jul 17, 2013 at 6:06 AM, Qiu Yu <unicell@gmail.com> wrote: > After some digging in openvswitch code. My wild guess is that vlan tag > reconfiguring triggered iface_configure_qos (vswitchd/bridge.c), which > in turn called netdev_set_policing to reset ingress policing rate. > Although there's no ingress_policing_rate set in my case, existing > ingress qdisc still

Hello all! I''ve just subscribed to the list after looking around on Google and checking out the TC source code a bit. Here''s my situation: I have a megabit DSL line that I''d like to set up some shaping on. I only have access to the linux router on my (client) end. Because of that, I was looking to do some shaping using the ''ingress'' qdisc. However,

After digging, strace´ing ... etc I found that the common error with eg.: # tc qdisc add dev eth0 handle ffff: ingress RTNETLINK answers: No such file or directory is due to *iproute2* tool default configuration (and most iproute precompiled packages) in addition to correct kernel setup. You must change in iproute2/Config: TC_CONFIG_DIFFSERV=y and recompile, etc

Hi, I have a question about policy filters. All I want is incoming traffic being restricted to a specific rate. At the moment, I get way lower rates than specified. So far, I did use a filter much like Wondershaper does: tc filter add dev $DEV parent ffff: protocol ip prio 50 \ u32 match ip src 0.0.0.0/0 \ police rate ${DOWNLINK}kbit burst 10k drop flowid :1

Hi there, i tried to setup up a Linuxbridge for prioritize some interactive (Citrix / https) Traffic to 1.2.3.4 on my ADSL Link, but i think it work not correct. Overview: Router <->Linux Bridge<->internal Net eth1 eth0 This is my Script (with friendly support from the Linux Advanced Routing & Traffic control Howto) #!/bin/sh # # ADSL

I''m having trouble getting ingress policing to work on a bridged device. The bridge contains several interfaces: peth0, vif0.0, vif[1-7]0.1, vif[25].1 . (This is under xen, in case the vif''s didn''t give that away, so peth0 is renamed eth0.) The tc rules I have are: tc qdisc del dev peth0 root tc qdisc del dev peth0 ingress handle ffff: tc qdisc add dev peth0 root

Hi stef and all I want measure the policy perfomance for video traffic on mpls diffserv network. there are two different polices for video packet 1. Video packets that are marked that are over the limit are to be rejected at the edge router. 2. Video packets that are marked that are over the limit are to be downgraded as best effort and are sent through. Before video enter my mpls

$tc filter add dev $eth parent ffff: \ protocol ip prio 1 \ u32 match ip sport 1863 0xffff \ police rate 124kbit burst 1k drop \ flowid :1 ____________________________________________________ Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs

Hi all, Whenever I start up TC and implement traffic policing using ingress, I get logs that goes something like this: Classifier actions preferred over ingress. What does that mean?? This are the relevent lines : tc qdisc add dev $DEV handle ffff: ingress tc filter add dev $DEV parent ffff: protocol ip prio 50 u32 match ip src 0.0.0.0/0 police rate ${DOWNLINK}kbit burst 10k drop flowid :1

Hi all I am attempting to police the incoming rate by using the ingress filter based on the TOS of the incoming packet. I used the following commands: tc qdisc add dev eth0 handle ffff: ingress tc filter add dev eth0 parent ffff: protocol ip prio 6 u32 match ip tos 0x10 0xff police rate 24kbit burst 1k drop flowid :1 On downloading a 6 Mb file which was TCP and TOS 0x10, this filter made on

Hi, Thanks for the fast response, .)Okay I tried your suggestion for my port 8099 and nothing happened: The tcp ip information goes from a firewall to my port 8099 and this port is than routed to the original 8080, I do that because I don`t want to dirturb my port 8080. But it seams the ingress filter doesn`t work on it!! iptables -L -t nat Chain PREROUTING (policy ACCEPT) target prot opt

Hi all. Since I move on to 2.6 kernel , filter ingress policy based on nfmark won´t work. Sorry for my english. Simple example: iptables -t mangle -I PREROUTING -j MARK --set-mark 1 ${QDISC_ADD} handle ffff: ingress ${FILTER_ADD} parent ffff: protocol ip prio 100 handle 1 fw \ police rate 128Kbit burst 10k drop flowid 2:11 # tc -s -d qdisc ls dev eth0 qdisc ingress ffff: ----------------