Displaying 20 results from an estimated 5000 matches similar to: "Policing IPv6 traffic"
2006 Jun 16
3
tc ingress policing with multiple subnets
Hello everybody on the list,
I have the following situation where I want to police the speed of incoming
packets from specific subnets to 1024kbps and then police all the rest to
256kbps, which is the speed my ISP grants for the rest of the internet.
So, eth1 is the one connected to the cable modem and then to the internet.
I do:
tc qdisc add dev eth1 ingress handle ffff:
then:
tc filter
2006 Dec 14
1
[announce] iproute2 2.6.19-061214
This is an update to the iproute2 command set.
It can be downloaded from:
http://developer.osdl.org/dev/iproute2/download/iproute2-2.6.18-061214.tar.gz
Repository:
git://git.kernel.org/pub/scm/linux/kernel/git/shemminger/iproute2.git
For more info on iproute2 see:
http://linux-net.osdl.org/index.php/Iproute2
The version number includes the kernel version to denote what features are
2008 May 21
0
[ANNOUNCE] libpciaccess 0.10.2
Adam Jackson (1):
Linux: Fail gracefully on machines without PCI.
Alan Coopersmith (3):
Initialize err to 0 in pci_device_solx_devfs_map_range
Add pci_system_solx_devfs_create prototype to pciaccess_private.h
Fix lint warnings in solx_devfs.c
Danny van Dyk (1):
Fix function prototypes for C++
Dave Airlie (2):
linux: add pci_device_enable entrypoint and sysfs
2007 Nov 21
0
Problem with ingress policing on bridged device
I''m having trouble getting ingress policing to work on a bridged device.
The bridge contains several interfaces: peth0, vif0.0, vif[1-7]0.1,
vif[25].1 . (This is under xen, in case the vif''s didn''t give that
away, so peth0 is renamed eth0.)
The tc rules I have are:
tc qdisc del dev peth0 root
tc qdisc del dev peth0 ingress handle ffff:
tc qdisc add dev peth0 root
2004 Jan 13
1
ingress policing
Hi,
I''m trying to police the incoming traffic by using ingress qdisc,this is what I have in my script
tc qdisc add dev eth0 handle ffff: ingress
tc filter add dev eth0 parent ffff: protocol ip prio 4 \
handle 1: u32 divisor 1
tc filter add dev eth0 parent ffff: protocol ip prio 4 u32 \
match ip dport 4001 0xffff \
police rate 2000kbit burst 50k drop \
flowid
2004 Sep 06
0
example/dsmark+policing => tcsim outputs are different
Hi folks
I have created a script file (dsmark+policing.sh attached) to check graphic
an text outputs of simutations, against original examples/dsmark+policing
coding (see TCNG Reference Manual-pg.90).
It uses tcng coding (*.tcsim file attached) and old tc coding (*.tcsim_old
file attached) inserted in tcsim files.
Observation 1: The graphic outputs from (*.tc included in *.tcsim) and
(*.tc_old
2007 Apr 11
4
Policing based on port numbers
Hi,
I''m trying to police ingress traffic based on port numbers and IP
addresses. The u32 match based on IP addresses seems to work without
issues and I''m am able to police incoming packets. However, the same
isn''t working with u32 matches based on TCP port numbers. For port
numbers, I added exactly one ''u32 match'' rule:
common for both:
# tc qdisc add
2008 Jun 10
0
[ANNOUNCE] xorg-server 1.4.1
Suspend your disbelief, it's 1.4.1. Better imperfect than never at all,
I guess. Contains a few security and input fixes, some memory leak
fixes, and a few misc bits.
git tag: xorg-server-1.4.1
http://xorg.freedesktop.org/archive/individual/xserver/xorg-server-1.4.1.tar.bz2
MD5: 0d638b6857408bb2e564e0c7b772d9a1 xorg-server-1.4.1.tar.bz2
SHA1: b5a020f6a5cc4b16296dadbc9c82073201d7d01a
2007 Jul 20
1
newbie needs policing help
Hi listizens,
Complete tc newbie here. I''m in a pinch because of a mail assault on a
server. I''ve firewalled away many of the most egregious offenders but
non-smtp services are still being DOS''ed because of all the mail traffic.
Here is what I''ve tried. (I did say newbie ;)
-----------------
#!/bin/sh
#
# policing parent
tc qdisc add dev eth0 handle
2004 Oct 26
0
Policing
My attempts to configure policing are stopping incoming traffic all
together.
From the LARTC HOWTO, I gather that the following lines should limit
incoming traffic on eth0 to 32kbit by dropping packets above this
threshold:
tc qdisc add dev eth0 ingress
tc filter add dev eth0 parent ffff: protocol ip u32 \
match u8 0x0 0x0 \
police rate 32kbit burst 10k drop \
classid :1
Instead,
2004 Apr 22
2
ingress policing based on source address?
Hi all
I''m new to this list, but not exactly to iproute stuff.
I''d like to solve a specific problem with bandwidth coming from
different external sources towards the internal network (also the other
way around, but I figure that''s not so much a problem, since that is
egress traffic shaping).
The network looks like this:
internet ------ ISP-------[shaping/router]
2008 May 22
0
[ANNOUNCE] xorg-server 1.4.99.902
Aaron Plattner (2):
Bug #14692: Allow drivers to have a say in Xinerama visual consolidation.
Short-circuit PanoramiXTranslateVisualID after verifying that the visual actually exists first.
Adam Jackson (25):
Fix segfault when a monitor exists but has no modes.
Size xf86DefaultModes explicitly.
Bug #14927: Fix the math for xf86NumDefaultModes.
Add the
2011 Feb 22
0
Re: iproute 2010-2011 - tree problem (udp, quid, action police + action mirred)
On Tue, 22 Feb 2011 11:15:39 +0100
"PIOTREK H." <komarekmz@tlen.pl> wrote:
> Welcome
>
> I have a problem with the new iproute "iproute2-2.6.37.tar.bz2 07-Jan-2011 9:18 (the problem from version 2010 to 2011).
> Three problems:
> a) with filters for UDP traffic
> problem affects only the queuing traffic to the machine on which you work qos
> In the case
2005 Dec 27
3
Ingress policing (matching netfilter marks)
Hi,
I''m having issues with policing my incoming traffic by matching packet marks
made by iptables. I''ve checked as many sites and guides as I can find, and I
seem to be doing the exact same thing as they all are, but there''s still no
success. As such, I was wondering if anyone can have a quick look to see if
I''ve done anything obviously stupid?
Essentially, I
2002 May 24
0
multiple ingresses
Is it possible to have multiple filters around an ingress so that you
can police your downloads more specific. What I''m trying to achieve is
to have all my ftp-traffic limited to 1024kbit on downloads. I included
some commands below so that you might better understand my thoughts on
the matter.
tc qdisc add dev eth0 root handle 1: htb default 2
tc class add dev eth0 parent 1: classid 1:1
2004 Nov 23
0
fw mark and policers on 2.6 not working ?
I just noticed that policers don''t seem to work with marks in 2.6 .
Can anyone get -
iptables -A PREROUTING -t mangle -p tcp -j MARK --set-mark 1
tc qdisc add dev eth0 handle ffff: ingress
tc filter add dev eth0 parent ffff: protocol ip prio 1 handle 1 fw
police rate 100kbit burst 10k drop flowid :1
To work on a 2.6 - it''s OK on 2.4.26, version of tc used makes no
2004 Sep 18
0
TCNG syntax for ingress / policing questions
Hi all,
I have 2 questions regarding policing
1. What is the problem with policing as in most mesages I can find people say don''t but I have not found a why?
2. I have the egress below working (numbers in example are bogus, I know). How do I add an ingress policy?
/* compile this file with tcc filename > limit.sh and run that file */
dev eth1
{
egress
{
class (
2004 Jul 06
7
Simply IMQ
I''ve followed this list for quite a long time and have even posted a couple
of times. I used the early versions of IMQ from Devik (I think that was his
name), and it worked well. I only ever got the chance to implement it in my
test environment. I now need to implement it in my production environment.
My Linux core router has nine interfaces and has a 27 megabit connection to
the
2004 Jun 08
11
how flexible is ingress traffic policing to bandwidth limit?
[I sent this earlier but I guess the list is subscriber-only?]
I just set up wondershaper, it has a simple filter on the downstream
direction to limit the bandwidth usage:
tc qdisc add dev $DEV handle ffff: ingress
tc filter add dev $DEV parent ffff: protocol ip prio 50 u32 match ip src \
0.0.0.0/0 police rate ${DOWNLINK}kbit burst 10k drop flowid :1
This is effective but is there any way to
2004 May 11
0
reclassify option on policing
Hello,
What exactly is the use of the "reclassify" option in the policing
options of tc filters?
According to LARTC:
"
reclassify
Most often comes down to reclassification to Best Effort. This is the
default action.
"
I don''t quite get the meaning of that.
It could mean to let other filters handle it, but that is exactly the
"continue" option.
Could