similar to: filter ingress policy based on nfmark

Hi, all I''ve got problems with tc qdisc ingress. I''m using vanillia kernel 2.6.14.4 patched with http://www.ssi.bg/~ja/routes-2.6.14-12.diff, and iproute2-2.6.14-051107. i am using ingress to limit incoming traffic : (DEV is eth1 / DOWNLINK is 7700) # attach ingress policer: tc qdisc add dev $DEV handle ffff: ingress # filter *everything* to it (0.0.0.0/0), drop everything

I''m having trouble getting ingress policing to work on a bridged device. The bridge contains several interfaces: peth0, vif0.0, vif[1-7]0.1, vif[25].1 . (This is under xen, in case the vif''s didn''t give that away, so peth0 is renamed eth0.) The tc rules I have are: tc qdisc del dev peth0 root tc qdisc del dev peth0 ingress handle ffff: tc qdisc add dev peth0 root

Hello, i try to limit the incoming traffic rate using the ingress qdisc, but it does not work for me. Here is what i have done: # sudo tc qdisc add dev eth1 ingress # tc filter add dev eth1 parent ffff:0 protocol ip prio 1 u32 match ip dst 172.17.0.101/32 police rate 10kbit buffer 10k drop The ingress qdisc is there: # tc -s qdisc show dev eth1 qdisc pfifo_fast 0: bands 3 priomap 1 2 2 2 1

I have to match my packets based on MAC address, which I cannot do in the POSTROUTING chain, so I do it in PREROUTING using MARK. Then, I match on the MARK in the POSTROUTING chain to do a CLASSIFY. But this does not seem to work: wireless-r1 bwlimit # iptables -L -v -n -t mangle Chain PREROUTING (policy ACCEPT 3353K packets, 941M bytes) pkts bytes target prot opt in out source

I have a Gentoo Linux (kernel 2.6.11) server. Several months ago, I made a traffic shaping setup for my box (running a 2.4 kernel then) that worked beautifully. It gave high priority to SSH and RealAudio traffic, and put HTTP downloading traffic on a lower prio so they could only use what bandwidth was left. However, I''ve only just realized that tc is no longer accepting the commands I

Hello, i noticed that the ingress qdisc is not working properly anymore in 3.0.4-1 (back in 3.0.2 the ingress qdisc was working for me): Install the ingress qdisc to peth0: # tc add qdisc dev peth0 ingress ... generate some traffic ... # tc -s qdisc show dev peth0 qdisc pfifo_fast 0: bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1 Sent 324884 bytes 1749 pkt (dropped 0, overlimits 0 requeues

Hi! Do you know somthing about hfsc and bps? There''s no output for speed only for packets. Doesn''t hfsc support such a field? tc -s class show dev eth0 class hfsc 1: root Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) rate 0bit 0pps backlog 0b 0p requeues 0 period 0 level 2 class hfsc 1:11 parent 1:1 sc m1 0bit d 18.0ms m2 1000Kbit ul m1 0bit d 0us m2

Hi folks...!!! I need to generate qdisc statistics to show my 4 class (10, 20, 30, 40), i`ve all working with HTB and so on, but i need to graph this results e.gwith RRDTOOL. I found a script made in perl, that can to graph my 4 class, but i need to know which IP address on my LAN are using the bandwidth too, in other hand i need to classify the traffic by IP to show. This is an out of my

With the below script, whenever I ping 10.0.16.10 (which matches the only filter I have), traffic still get''s sent to the default 1:2 class instead of 1:1 and I don''t know why... Any hints? (kernel 2.6.12, iproute2-2.6.15) tc qdisc del dev eth0 root > /dev/null 2>&1 tc qdisc add dev eth0 handle 1: root htb default 2 tc class add dev eth0 classid 1:1 parent 1: htb rate

Hello, I have recently started looking at tc and iptables. I have an htb-queue with two classes 1:10 and 1:20 where 1:20 is the default. Then I use iptables to mark all packets I send out on eth1. I then filter marked packets into class 1:10. I expected all packets sent on eth1 to end up in class 1:10, but some packets still go to 1:20. Did I do it wrong? Thank you for any help. regards, David

Hello! I am glad to announce a patch for u32 to allow matches on nfmark. The patch is non intrusive (few lines). Why I did this? Because fw classifier cannot be used together with u32. For example, now, you cannot match a mark of 0x90 and a destination port of 80. I know you can do it with iptables to do the marking, but if you use Jamal actions to apply mark to policed packets, you need

Hi, What exactly are the "tokens"? I thought each token allowed the sending of one byte, that tokens are stored in a bucket that can hold a max of "burst" tokens, and that this bucket is filled with tokens at "rate". But theory does not seem to explain the "tc -s .." output in the examples below. And I can''t figure out why or how... #tc qdisc

Hello! This is the try number two. What was changed: - Added selectable choice in Kconfig file (thanks Jamal!) - Don''t abuse tc_u32_sel to not break backward compatibility (thanks Patrick!). Stephen, do you have any comments on iproute2 part? I know it''s not perfect but this is the best way, I think. "u32 match mark vvvv mmmm" it''s intuitive but breaks a

Hi, I''m using tc and HTB to shape my outgoing ADSL traffic. I was trying to make some graphs on the classes by meassuring the "sent bytes" of each class using rrdtool to store the data (as kbps after conversion). I expected that meassuring the root class I would get values similar that the ones I get measuring the interface counters but they differ by a large amount. Is

Hi to all of you!!! I am a Computer Science student trying to do the pre-grade thesis. I am trying to develop a free software tool to help administrators to control the traffic. Right now this tool is based on tc and iptables. I am having some problems trying to understand tc and tc examples: - Why in almost every list of tc rules based on htb class, there is a "tc qdisc dev ... root ...

The docs[1][2] suggest it''s 1024, but tc says something else: # tc qdisc add dev eth0 root tbf rate 1kbps latency 50ms burst 1500 # tc -s qdisc ls dev eth0 qdisc tbf 8009: rate 8000bit burst 1499b lat 48.8ms ^^^^^^^ Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) rate 0bit 0pps backlog 0b 0p requeues 0 If 1k were 1024, then I would have 8192bit above.

Thanks for quick reply Andreas! > Every class is allowed to use bandwidth as long as it does not have to > borrow (the specified rate is guaranteed). Prio in HTB only affects > borrowing bandwidth from other classes... In the example below, the class > 1:5 should be allowed to borrow bandwidth before 1:14 does. Thats exactly what I want from HTB to do..to prio the borrowed bandwidth.

Hello list members, Finaly I''m here after a week of trying to subscribe to this list... pfew... Anyway... I have a rather strange problem with tc. I am trying to police the ingress traffic into my network using the iptables MARK feature (in mangle table, PREROUTING) but it seems that tc filters ignore this marks and they don''t work at all for me. Let me explain a bit more in

Hi all, Can you tell me where is the documentation for the new IFB (implemented in kernels > 2.6.16). Thanks in advance! Nikolay