similar to: Writing rules direct to Kernel

Displaying 20 results from an estimated 2000 matches similar to: "Writing rules direct to Kernel"

2005 Jan 26
10
Ssh flow does not go into correct class. Help!
I''m a new comer. I have problems using tc+htb. I run the following commands, and expect outgoing ssh flow goes into 1:11. But actually it goes into default 12. What''s wrong? tc qdisc add dev eth0 root handle 1: htb default 12 tc class add dev eth0 parent 1: classid 1:1 htb rate 1000kbit ceil 2000kbit prio 1 tc class add dev eth0 parent 1:1 classid 1:11 htb rate 100kbit ceil
2004 Nov 09
4
[PATCH] [TRY2] Use nfmark as a key in u32 classifier
Hello! This is the try number two. What was changed: - Added selectable choice in Kconfig file (thanks Jamal!) - Don''t abuse tc_u32_sel to not break backward compatibility (thanks Patrick!). Stephen, do you have any comments on iproute2 part? I know it''s not perfect but this is the best way, I think. "u32 match mark vvvv mmmm" it''s intuitive but breaks a
2005 Feb 01
6
combining fw and u32
Is it possible to create 1 filter rule using fw selectors AND u32 selectors? Richard. -- ___________________________________________________________________ Recursion: see recursion +------------------------------------------------------------------+ | Richard Lucassen, Utrecht | | Public key and email address: | |
2004 Nov 05
3
[PATCH] Use nfmark as a key for u32 classifier
Hello! I am glad to announce a patch for u32 to allow matches on nfmark. The patch is non intrusive (few lines). Why I did this? Because fw classifier cannot be used together with u32. For example, now, you cannot match a mark of 0x90 and a destination port of 80. I know you can do it with iptables to do the marking, but if you use Jamal actions to apply mark to policed packets, you need
2004 Sep 17
4
dummy interfaces limit?
Hi all, Is there anyway to have more than 2 dummy interfaces? I need more of them but the system refuses to create it :P How can avoid this issue? Thanks. Luis Miguel Cruz. _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
2004 Jun 25
4
more questions.
I forgot to ask a few more. Is there a relation between the hashtable ID /(parent,handle) so that if I used 2: for a hash table I could or couldn''t use 2: for a (parent,handle)ID? I also noticed that you type the hashtables like 2:2: can you have more levels with this? like 2:2:2:1: ? and I guess the same question with the parent/handles. thanks again. -- When dealing with a slow
2004 Jul 13
3
Data collection in Linux TC queue
Dear All, Would you guy have any advices concerning how to get some data like queue length, pkt size, and so forth, from the running queue. Right now, I modified the queue disc to print out some info I want using printk() and use syslogd to catch those info up. The problem is, in burst, syslogd can''t catch all the msg the queue sent out. Are there any standard or better way to
2004 Oct 15
4
Emulate WAN
Where can I find examples of configs to emulate WANs, I am looking for slow speeds and high latencies. Thanks
2005 Feb 16
5
Compiling sch_tbf.c in user space
Hi, I am new to kernel programming. My task is to route packets from different hosts through one single token bucket filter as we are trying to model a wireless scenario with many hosts communicating and sharing the same bandwidth.So the idea we came up with was to route packets from different hosts to user space using Netfilter and then send them through a common tbf implemented in user space in
2005 Apr 08
3
fw as filter broken?
Can someone verify that using fw as a filter in iproute2-2.6.11-050330 is broken. Doesn''t seem to work in any case and I saw an earlier post that would lead me to believe this is the case. If so does anyone have a temporary fix? Thanks, Troy
2005 Feb 16
9
DSCP, ToS and Egress
I''m successfully using HTB + GRED to shape traffic based on the DSCP field. I would like to strip the DSCP and possibly replace it with normal ToS bits on egress traffic leaving my network. Leaving DSCP set is pointless, and could potentially cause problems with some ISPs that use DSCP internally I suppose. Setting ToS bits would seem ideal as most networks still honor it to varying
2005 Jan 05
19
[PATCH] mark in u32
Hello, Stephen, List! Attached is the patch for iproute2 to add the possibility to use fwmark in u32 filters. The kernel part was included in 2.6.10. Please apply! Thank you! For more info: - Kernel patch (not needed for 2.6.10): http://kernel.umbrella.ro/net/mark_in_u32/net-match-nfmark-in-u32.patch - Examples: http://kernel.umbrella.ro/net/mark_in_u32/examples.txt --- Catalin(ux aka Dino)
2004 Jul 02
5
htb: class 10007 isn''t work conserving ?!
I''m getting the following error/warning at some point in my config script, and I''m not sure which class it is referring to. htb: class 10007 isn''t work conserving ?! I [think I] understand that htb is a non-work-conserving qdisc, and I [think I] have configured things so that every htb qdisc I instantiate limits the bandwidth, so I don''t understand why this
2004 Jun 22
3
[ANNOUNCE] sch_ooo - Out-of-order packet queue discipline
Hello! I like to announce sch_ooo, a new queue discipline that, attached to a class (or a device, as root) reorder the packets that pass by delaying some. Example: tc qdisc add dev eth0 root ooo limit 100 gap 4 wait 1100 This queue will create a pfifo with limit 100 and will delay every 4th packet with 1100ms. An stream of 6 packets like this: 1 2 3 4 5 6, generated by ping will be reordered
2005 Jan 27
2
netem bug?
Hi all, I''m running some tests with netem and I noticed some strange behaviour that looks like a bug: I''m pinging another machine and adding delay with netem. When I tell netem to give me a 10ms delay, it works fine. The problem is that when I ask for a 11ms delay, it gives me 20ms! It happens for any value between 11ms an 20ms, and it repeats for values over 20ms, now
2005 Jun 14
1
C/Java libraries for iproute
Anybody knows allready programmed libraries either java or C to create/destroy queues?
2005 Mar 11
1
tc filter rules matching source IP and route?
Hi, I''m trying to set up a tc filter rule matching the following conditons: source ip is 192.168.0.68 and only packets shall be matched going out on the internet connection. My first try was "protocol ip u32 match ip src 192.168.0.68 ! match ip dst 192.168.0.0/24" but obviously tc doesn''t like the NOT ... ;-) I also tried the route classifier, but it cannot be
2004 Nov 20
1
how to match TTL?
Hi! I can''t find anywhere correct syntax how to match TTL. All of I found refuse to work :( tc filter add dev eth1 parent 1:0 prio 10 u32 match u8 64 0xff at 8 flowid 1:11 tc filter add dev eth1 parent 1:0 prio 10 u32 match u8 0x10 0xff at nexthdr+13 protocol tcp flowid 1:11 tc filter add dev eth1 parent 1:0 prio 10 u32 match u8 0x10 0xff at nexthdr+13 flowid 1:11 All I need is to
2004 Aug 16
1
qdisc/filter to drop all packets
I''m looking for a way to configure a qdisc or filter to drop all packets. The logic behind this is that I''m using the u32 hashing tables to get move my filters from iptables to tc filters. This will translate into much less per-packet processing for me. However, I need a way to drop any packets that don''t match any of the filters. Paul C. Diem PCDiem@FoxValley.net
2004 Apr 06
1
hashing
Hi i have 2 class C 80.97.103.0/24 and 81.180.12.0/24 but i dont konw how to set hashing tables for HTB tc add dev eth0 parent 1: prio 0 handle 1: protocol ip u32 divisor 256 tc add dev eth0 parent 1: prio 0 protocol ip u32 match src 80.97.103.0/24 hashkey mask 0x000000FF at 12 link 1: but i want 2 hashkey for 80.97.103.0/24 and for 81.180.12.0/24 can somebody help me ?