similar to: ingress filter

Hi there, i tried to setup up a Linuxbridge for prioritize some interactive (Citrix / https) Traffic to 1.2.3.4 on my ADSL Link, but i think it work not correct. Overview: Router <->Linux Bridge<->internal Net eth1 eth0 This is my Script (with friendly support from the Linux Advanced Routing & Traffic control Howto) #!/bin/sh # # ADSL

Hi I have outgoing speed 128kbit and 5 users. So I want to cat outgoing traffic to 50kbit per user. The best Idea is make HTB queue 10kbit ceil 50kbit but one user (the Donkey one :) ) who using P2P take all the outgoing band. When I make HTB is trafic was very low Donkey doesn''t get any data or take only a little, outgoing traffic was about 1-2K, but In HTB trafic I have full outgoing

Hello, i''ve found this page (lartc currently down) http://www.lartc.org/howto/lartc.cookbook.synflood-protect.html where someone used iptables firewall mark to mark specific packets which will be shaped thru ingress qdisc with a fw filter and rate policy appended. I''ve tried similar this way, but it don''t work. Now i''m belief this could''nt work

Hi all. Since I move on to 2.6 kernel , filter ingress policy based on nfmark won´t work. Sorry for my english. Simple example: iptables -t mangle -I PREROUTING -j MARK --set-mark 1 ${QDISC_ADD} handle ffff: ingress ${FILTER_ADD} parent ffff: protocol ip prio 100 handle 1 fw \ police rate 128Kbit burst 10k drop flowid 2:11 # tc -s -d qdisc ls dev eth0 qdisc ingress ffff: ----------------

Hi, I have set a ingress filter to reduce the inbound traffic on one specific port and also i check the packages (buffer). No i want to test the ingress filter if it is working how i a expect. Which tool (can be windows also) can i use to test the ingress filter (tcpip load generator or something else), and set the packet length size and so on! Thanks, Gernot

Hi, I have a question about policy filters. All I want is incoming traffic being restricted to a specific rate. At the moment, I get way lower rates than specified. So far, I did use a filter much like Wondershaper does: tc filter add dev $DEV parent ffff: protocol ip prio 50 \ u32 match ip src 0.0.0.0/0 \ police rate ${DOWNLINK}kbit burst 10k drop flowid :1

Hi all I am attempting to police the incoming rate by using the ingress filter based on the TOS of the incoming packet. I used the following commands: tc qdisc add dev eth0 handle ffff: ingress tc filter add dev eth0 parent ffff: protocol ip prio 6 u32 match ip tos 0x10 0xff police rate 24kbit burst 1k drop flowid :1 On downloading a 6 Mb file which was TCP and TOS 0x10, this filter made on

Hello, I want to ask what am I doing wrong. A few seconds after running this script my gateway freezes. I use the 2.4.1 kernel compiled on RH 7.0 system using the kgcc (egcs-1.1.2) compiler. I have two ethernet cards. The Internet interface eth1 is connected to the ISP, who shapes out traffic to 128Kbit. I would like to give the high priority to the e-mail and ssh traffic and to shape others

Hi, I''m having issues with policing my incoming traffic by matching packet marks made by iptables. I''ve checked as many sites and guides as I can find, and I seem to be doing the exact same thing as they all are, but there''s still no success. As such, I was wondering if anyone can have a quick look to see if I''ve done anything obviously stupid? Essentially, I

I''ve been trying to match multiple public IPs in an ingress qdisc. The idea is to allow these specific IPs and aggregate value of 256 kbits incoming to the interface. Can anyone tell me how this can be effectively done if at all possible with tc? Thanks in advance -- Corey Rogers <jrog@sunbeach.net> _______________________________________________ LARTC mailing list /

Hallo Group, i want to implement a syn Flood Protection on our linux Router. on our Cisco we have this Access-list and rat-limit rate-limit input access-group 190 128000 128000 128000 conform-action transmit exceed-action drop access-list 190 deny tcp any any established access-list 190 permit tcp any any access-list 190 deny ip any any now i was trying to wrote the same config with

Hi! I''ll try to set the incoming rate for one ip on a server (with more than one ip) to 17Mbit, but if I activate it, I got in the beginning only 5mbit. I than increased the mtu and burst (as you see below) but I still can''t get more than 8MBit to the server. any ideas? tc qdisc add dev eth0 handle ffff: ingress tc filter add dev eth0 parent ffff: protocol ip prio 50 u32

Hi guys , i am starting to "play" with qos in linux. Well , i am trying to setup an ingress filter but i do not know why it is not working. tc add qdisc dev eth0 ingress tc filter add dev eth0 parent ffff: protocol ip prio 1 handle 1 fw police rate 160kbit burst 256kbit drop flowid :1 After that : iptables -A PREROUTING -t mangle --sport 80 -j MARK --set-mark 1 So , i think this

hi, I have two situation where I need two targets in one rule ....... First one iptables -N syn-flood iptables -A syn-flood -m limit --limit ${synConns} --limit-burst ${synBurst} -j RETURN iptables -A syn-flood -j DROP iptables -A protect -p tcp --syn -j syn-flood Now I want to be able to say : iptables -A syn-flood -m limit --limit ${synConns} --limit-burst ${synBurst} -j LOG --log-prefix

John, I''m taking the liberty of copying the Shorwall Development list since I believe that these issues will be of interest. On Tue, 6 Aug 2002, Links at Momsview wrote: > Tom, > I''m not sure if you ever saw this document but it describes some of the > reasons you are seeing strange packets > after setting up NEW not SYN >

On a Linux Server running tincd I noticed the following log message in /var/log/messages kernel: possible SYN flooding on port 655. Sending cookies. I found this on the web: If SYN cookies are enabled, then the kernel doesn't track half open connections at all. Instead it knows from the sequence number in the following ACK datagram that the ACK very probably follows a SYN and a SYN-ACK.

Hi, My home setup is as following: - 1024/128 kbit ADSL - FC3 I set up HTB to prioritize traffic. I am not very pleased with the obtained results. The scope of my setup is to have some ssh sessions with remote servers while browsing websites and running aMule Nothing complicated (I think... ;). The very high priority traffic (ssh), gets stuck when I start aMule and make an FTP download.

Hello, i noticed that the ingress qdisc is not working properly anymore in 3.0.4-1 (back in 3.0.2 the ingress qdisc was working for me): Install the ingress qdisc to peth0: # tc add qdisc dev peth0 ingress ... generate some traffic ... # tc -s qdisc show dev peth0 qdisc pfifo_fast 0: bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1 Sent 324884 bytes 1749 pkt (dropped 0, overlimits 0 requeues

After some digging in openvswitch code. My wild guess is that vlan tag reconfiguring triggered iface_configure_qos (vswitchd/bridge.c), which in turn called netdev_set_policing to reset ingress policing rate. Although there's no ingress_policing_rate set in my case, existing ingress qdisc still remove by default. Could some openvswitch guy help to confirm and suggest how to fix or workaround?

On Thu, Jul 18, 2013 at 12:15 AM, Ben Pfaff <blp@nicira.com> wrote: > On Wed, Jul 17, 2013 at 6:06 AM, Qiu Yu <unicell@gmail.com> wrote: >> After some digging in openvswitch code. My wild guess is that vlan tag >> reconfiguring triggered iface_configure_qos (vswitchd/bridge.c), which >> in turn called netdev_set_policing to reset ingress policing rate. >>