From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Matias Namiot" Date: Wed, 28 Jul 2004 14:58:59 +0000 Subject: Re: [LARTC] IP ROUTE Message-Id: <006201c474b3$6df3aab0$1410a8c0@Wireless> MIME-Version: 1 Content-Type: multipart/mixed; boundary="----=_NextPart_000_005F_01C4749A.44BA6B70" List-Id: References: In-Reply-To: To: lartc@vger.kernel.org This is a multi-part message in MIME format. ------=_NextPart_000_005F_01C4749A.44BA6B70 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable I need resolv this problem now, because I haven't any time, and my = problem is: server2 root # ip route add default scope global nexthop via 192.168.5.1 = dev eth2 weight 1 nexthop via 192.168.160.1 dev eth0 weight 1 RTNETLINK answers: Invalid argument I want make this is my configuration: # Configuraci=F3n TC para Bariloche Wireless # Salida a internet eth1 # Subida 128k y bajada 128k # Valores: # mbps =3D 1024 kbps =3D 1024 * 1024 bps =3D> byte/s # mbit =3D 1024 kbit =3D> kilobit/s. # mb =3D 1024 kb =3D 1024 * 1024 b =3D> byte # mbit =3D 1024 kbit =3D> kilobit. # Internamente, los n=FAmeros se almacenan en bps, pero cuando tc = imprime las tasas, usa lo siguiente: # 1Mbit =3D 1024 Kbit =3D 1024 * 1024 bps =3D> byte/s ##### Limpiamos reglas anteriores tc qdisc del dev eth1 root 2> /dev/null > /dev/null tc qdisc del dev eth1 ingress 2> /dev/null > /dev/null ##### Definimos las qdisc # Definimos tasa superior y dispositivo de internet CEIL=3D128 DEV_INT=3Deth1 # Esta l=EDnea se encargar=E1 de enviar por defecto a la clase 1:15 tc qdisc add dev eth1 root handle 1: htb default 15 # Qdisc padre tc class add dev eth1 parent 1: classid 1:1 htb rate ${CEIL}kbit ceil = ${CEIL}kbit # Esta l=EDnea se encargar=E1 de enviar paquetes de baja latencia = (telnet, ssh, SYN, etc) como interactivas tc class add dev eth1 parent 1:1 classid 1:10 htb rate 80kbit ceil = 80kbit prio 0 # Esta l=EDnea se encargar=E1 de tr=E1fico masivo WEB tc class add dev eth1 parent 1:1 classid 1:11 htb rate 80kbit ceil = ${CEIL}kbit prio 1 # Esta l=EDnea se encargar=E1 de tr=E1fico TOS de maximizar = transferencia y el tr=E1fico local #tc class add dev eth1 parent 1:1 classid 1:12 htb rate 20kbit ceil = ${CEIL}kbit prio 2 # Esta l=EDnea se encargar=E1 de las m=E1quinas con NAT tc class add dev eth1 parent 1:1 classid 1:13 htb rate 80kbit ceil = ${CEIL}kbit prio 2 # Esta l=EDnea se encargar=E1 del correo SMTP y POP3 con un TOS de = minimizar costo. tc class add dev eth1 parent 1:1 classid 1:14 htb rate 20kbit ceil = ${CEIL}kbit prio 3 # Esta l=EDnea se encargar=E1 de tr=E1fico masivo de las m=E1quinas con = NAT con Kazaa, e-Donkey, etc tc class add dev eth1 parent 1:1 classid 1:15 htb rate 10kbit ceil = ${CEIL}kbit prio 3 # Aplicamos SFQ para el tr=E1fico pesado con hash cada 10 segundos #tc qdisc add dev eth1 parent 1:12 handle 120: sfq perturb 10 tc qdisc add dev eth1 parent 1:13 handle 130: sfq perturb 10 tc qdisc add dev eth1 parent 1:14 handle 140: sfq perturb 10 tc qdisc add dev eth1 parent 1:15 handle 150: sfq perturb 10 ##### Clasificaci=F3n de paquetes con iptables # Se prefiere por los paquetes porque son muy flexibles y puedes hacer = conteo de paquetes por cada regla, y con el objetivo=20 # RETURN los paquetes no necesitan pasar por todas las reglas. Los = paquetes con FWMARK (handle x fw) van en la clase indicada=20 tc filter add dev eth0 parent 1:0 protocol ip prio 1 handle 1 fw classid = 1:10 tc filter add dev eth0 parent 1:0 protocol ip prio 2 handle 2 fw classid = 1:11 #tc filter add dev eth0 parent 1:0 protocol ip prio 3 handle 3 fw = classid 1:12 tc filter add dev eth0 parent 1:0 protocol ip prio 4 handle 4 fw classid = 1:13 tc filter add dev eth0 parent 1:0 protocol ip prio 5 handle 5 fw classid = 1:14 tc filter add dev eth0 parent 1:0 protocol ip prio 6 handle 6 fw classid = 1:15 ##### Ac=E1 hay que hacer NAT con iptables. ##### Marcando paquetes # No olvidarse el -j RETURN de manera que los paquetes no atraviesen = todas las reglas ##### Para clase 10 # Marcando iptables para paquetes ICMP iptables -t mangle -A PREROUTING -p icmp -j MARK --set-mark 0x1 iptables -t mangle -A PREROUTING -p icmp -j RETURN iptables -t mangle -A OUTPUT -p icmp -j MARK --set-mark 0x1 iptables -t mangle -A OUTPUT -p icmp -j RETURN # Marcando iptables para paquetes con TOS para Minimizar el tiempo iptables -t mangle -A PREROUTING -m tos --tos Minimize-Delay -j MARK = --set-mark 0x1 iptables -t mangle -A PREROUTING -m tos --tos Minimize-Delay -j RETURN iptables -t mangle -A OUTPUT -m tos --tos Minimize-Delay -j MARK = --set-mark 0x1 iptables -t mangle -A OUTPUT -m tos --tos Minimize-Delay -j RETURN # Marcando iptables para paquetes SSH iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 22 -j MARK = --set-mark 0x1 iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 22 -j RETURN iptables -t mangle -A OUTPUT -p tcp -m tcp --sport 22 -j MARK --set-mark = 0x1 iptables -t mangle -A OUTPUT -p tcp -m tcp --sport 22 -j RETURN =20 # Marcando iptables para paquetes de sincronismo iptables -t mangle -I PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK = SYN -j MARK --set-mark 0x1 iptables -t mangle -I PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK = SYN -j RETURN iptables -t mangle -I OUTPUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN = -j MARK --set-mark 0x1 iptables -t mangle -I OUTPUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN = -j RETURN ##### Para clase 11 iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 80 -j MARK = --set-mark 0x2 iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 80 -j RETURN iptables -t mangle -A OUTPUT -p tcp -m tcp --sport 80 -j MARK --set-mark = 0x2 iptables -t mangle -A OUTPUT -p tcp -m tcp --sport 80 -j RETURN ##### Para clase 13 # Marcando iptables para paquetes FTP y FTP-DATA iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 21 -j MARK = --set-mark 0x4 iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 21 -j RETURN iptables -t mangle -A OUTPUT -p tcp -m tcp --sport 21 -j MARK --set-mark = 0x4 iptables -t mangle -A OUTPUT -p tcp -m tcp --sport 21 -j RETURN iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 20 -j MARK = --set-mark 0x4 iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 20 -j RETURN iptables -t mangle -A OUTPUT -p tcp -m tcp --sport 20 -j MARK --set-mark = 0x4 iptables -t mangle -A OUTPUT -p tcp -m tcp --sport 20 -j RETURN ##### Para clase 14 # Marcando iptables para paquetes con TOS para Minimizar el costo iptables -t mangle -A PREROUTING -m tos --tos Minimize-Cost -j MARK = --set-mark 0x5 iptables -t mangle -A PREROUTING -m tos --tos Minimize-Cost -j RETURN iptables -t mangle -A OUTPUT -m tos --tos Minimize-Cost -j MARK = --set-mark 0x5 iptables -t mangle -A OUTPUT -m tos --tos Minimize-Cost -j RETURN # Marcando iptables para paquetes SMTP iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 25 -j MARK = --set-mark 0x5 iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 25 -j RETURN iptables -t mangle -A OUTPUT -p tcp -m tcp --sport 25 -j MARK --set-mark = 0x5 iptables -t mangle -A OUTPUT -p tcp -m tcp --sport 25 -j RETURN # Marcando iptables para paquetes POP3 iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 110 -j MARK = --set-mark 0x5 iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 110 -j RETURN iptables -t mangle -A OUTPUT -p tcp -m tcp --sport 110 -j MARK = --set-mark 0x5 iptables -t mangle -A OUTPUT -p tcp -m tcp --sport 110 -j RETURN ##### Para clase 15 # Marcando iptables para paquetes con TOS para Maximizar transferencias iptables -t mangle -A PREROUTING -m tos --tos Maximize-Throughput -j = MARK --set-mark 0x6 iptables -t mangle -A PREROUTING -m tos --tos Maximize-Throughput -j = RETURN iptables -t mangle -A OUTPUT -m tos --tos Maximize-Throughput -j MARK = --set-mark 0x6 iptables -t mangle -A OUTPUT -m tos --tos Maximize-Throughput -j RETURN # Marcando iptables para paquetes por defecto (es redundante) iptables -t mangle -A PREROUTING -j MARK --set-mark 0x6 iptables -t mangle -A OUTPUT -j MARK --set-mark 0x6 My kernel config is: CONFIG_X86=3Dy CONFIG_UID16=3Dy CONFIG_EXPERIMENTAL=3Dy CONFIG_MODULES=3Dy CONFIG_MODVERSIONS=3Dy CONFIG_KMOD=3Dy CONFIG_MXP31=3Dy CONFIG_X86_WP_WORKS_OK=3Dy CONFIG_X86_INVLPG=3Dy CONFIG_X86_CMPXCHG=3Dy CONFIG_X86_XADD=3Dy CONFIG_X86_BSWAP=3Dy CONFIG_X86_POPAD_OK=3Dy CONFIG_RWSEM_XCHGADD_ALGORITHM=3Dy CONFIG_X86_L1_CACHE_SHIFT=3D6 CONFIG_X86_HAS_TSC=3Dy CONFIG_X86_GOOD_APIC=3Dy CONFIG_X86_USE_3DNOW=3Dy CONFIG_X86_PGE=3Dy CONFIG_X86_USE_PPRO_CHECKSUM=3Dy CONFIG_X86_MCE=3Dy CONFIG_NOHIGHMEM=3Dy CONFIG_1GB=3Dy CONFIG_PREEMPT=3Dy CONFIG_X86_TSC=3Dy CONFIG_HAVE_DEC_LOCK=3Dy CONFIG_NET=3Dy CONFIG_PCI=3Dy CONFIG_PCI_GOANY=3Dy CONFIG_PCI_BIOS=3Dy CONFIG_PCI_DIRECT=3Dy CONFIG_PCI_NAMES=3Dy CONFIG_HOTPLUG=3Dy CONFIG_SYSVIPC=3Dy CONFIG_SYSCTL=3Dy CONFIG_KCORE_ELF=3Dy CONFIG_BINFMT_AOUT=3Dy CONFIG_BINFMT_ELF=3Dy CONFIG_BINFMT_MISC=3Dy CONFIG_PACKET=3Dy CONFIG_PACKET_MMAP=3Dy CONFIG_NETLINK_DEV=3Dy CONFIG_NETFILTER=3Dy CONFIG_NETFILTER_DEBUG=3Dy CONFIG_FILTER=3Dy CONFIG_UNIX=3Dy CONFIG_INET=3Dy CONFIG_IP_MULTICAST=3Dy CONFIG_IP_ADVANCED_ROUTER=3Dy CONFIG_IP_MULTIPLE_TABLES=3Dy CONFIG_IP_ROUTE_FWMARK=3Dy CONFIG_IP_ROUTE_NAT=3Dy CONFIG_IP_ROUTE_MULTIPATH=3Dy CONFIG_IP_ROUTE_TOS=3Dy CONFIG_IP_ROUTE_VERBOSE=3Dy CONFIG_NET_IPIP=3Dy CONFIG_IP_MROUTE=3Dy CONFIG_IP_PIMSM_V1=3Dy CONFIG_IP_PIMSM_V2=3Dy CONFIG_INET_ECN=3Dy CONFIG_IP_NF_CONNTRACK=3Dy CONFIG_IP_NF_FTP=3Dy CONFIG_IP_NF_QUEUE=3Dy CONFIG_IP_NF_IPTABLES=3Dy CONFIG_IP_NF_MATCH_LIMIT=3Dy CONFIG_IP_NF_MATCH_MAC=3Dy CONFIG_IP_NF_MATCH_PKTTYPE=3Dy CONFIG_IP_NF_MATCH_MARK=3Dy CONFIG_IP_NF_MATCH_MULTIPORT=3Dy CONFIG_IP_NF_MATCH_TOS=3Dy CONFIG_IP_NF_MATCH_RECENT=3Dy CONFIG_IP_NF_MATCH_LENGTH=3Dy CONFIG_IP_NF_MATCH_TTL=3Dy CONFIG_IP_NF_MATCH_TCPMSS=3Dy CONFIG_IP_NF_MATCH_STEALTH=3Dy CONFIG_IP_NF_MATCH_HELPER=3Dy CONFIG_IP_NF_MATCH_STATE=3Dy CONFIG_IP_NF_MATCH_CONNTRACK=3Dy CONFIG_IP_NF_FILTER=3Dy CONFIG_IP_NF_TARGET_REJECT=3Dy CONFIG_IP_NF_TARGET_MIRROR=3Dy CONFIG_IP_NF_NAT=3Dy CONFIG_IP_NF_NAT_NEEDED=3Dy CONFIG_IP_NF_TARGET_MASQUERADE=3Dy CONFIG_IP_NF_TARGET_REDIRECT=3Dy CONFIG_IP_NF_NAT_FTP=3Dy CONFIG_IP_NF_MANGLE=3Dy CONFIG_IP_NF_TARGET_TOS=3Dy CONFIG_IP_NF_TARGET_MARK=3Dy CONFIG_IP_NF_TARGET_LOG=3Dy CONFIG_IP_NF_TARGET_TCPMSS=3Dy CONFIG_IP_NF_ARPTABLES=3Dy CONFIG_IP_NF_ARPFILTER=3Dy CONFIG_NET_DIVERT=3Dy CONFIG_NET_FASTROUTE=3Dy CONFIG_NET_SCHED=3Dy CONFIG_NET_SCH_CBQ=3Dy CONFIG_NET_SCH_HTB=3Dy CONFIG_NET_SCH_CSZ=3Dy CONFIG_NET_SCH_HFSC=3Dy CONFIG_NET_SCH_PRIO=3Dy CONFIG_NET_SCH_RED=3Dy CONFIG_NET_SCH_SFQ=3Dy CONFIG_NET_SCH_TEQL=3Dy CONFIG_NET_SCH_TBF=3Dy CONFIG_NET_SCH_GRED=3Dy CONFIG_NET_SCH_DELAY=3Dy CONFIG_NET_SCH_DSMARK=3Dy CONFIG_NET_SCH_INGRESS=3Dy CONFIG_NET_QOS=3Dy CONFIG_NET_ESTIMATOR=3Dy CONFIG_NET_CLS=3Dy CONFIG_NET_CLS_TCINDEX=3Dy CONFIG_NET_CLS_ROUTE4=3Dy CONFIG_NET_CLS_ROUTE=3Dy CONFIG_NET_CLS_FW=3Dy CONFIG_NET_CLS_U32=3Dy CONFIG_NET_CLS_RSVP=3Dy CONFIG_NET_CLS_POLICE=3Dy CONFIG_IDE=3Dy CONFIG_BLK_DEV_IDE=3Dy CONFIG_BLK_DEV_IDEDISK=3Dy CONFIG_IDEDISK_MULTI_MODE=3Dy CONFIG_BLK_DEV_IDECD=3Dy CONFIG_BLK_DEV_CMD640=3Dy CONFIG_BLK_DEV_IDEPCI=3Dy CONFIG_BLK_DEV_GENERIC=3Dy CONFIG_IDEPCI_SHARE_IRQ=3Dy CONFIG_BLK_DEV_IDEDMA_PCI=3Dy CONFIG_IDEDMA_PCI_AUTO=3Dy CONFIG_BLK_DEV_IDEDMA=3Dy CONFIG_BLK_DEV_PIIX=3Dy CONFIG_IDEDMA_AUTO=3Dy CONFIG_NETDEVICES=3Dy CONFIG_DUMMY=3Dm CONFIG_NET_ETHERNET=3Dy CONFIG_NET_VENDOR_3COM=3Dy CONFIG_VORTEX=3Dy CONFIG_R8169=3Dy CONFIG_PPP=3Dy CONFIG_PPP_MULTILINK=3Dy CONFIG_PPP_ASYNC=3Dy CONFIG_PPP_SYNC_TTY=3Dy CONFIG_PPPOE=3Dy CONFIG_NET_RADIO=3Dy CONFIG_HERMES=3Dy CONFIG_PLX_HERMES=3Dy CONFIG_TMD_HERMES=3Dy CONFIG_PCI_HERMES=3Dy CONFIG_NET_WIRELESS=3Dy CONFIG_VT=3Dy CONFIG_VT_CONSOLE=3Dy CONFIG_SERIAL=3Dy CONFIG_UNIX98_PTYS=3Dy CONFIG_UNIX98_PTY_COUNT=3D256 CONFIG_AGP=3Dy CONFIG_AGP_NVIDIA=3Dy CONFIG_AUTOFS4_FS=3Dy CONFIG_REISERFS_FS=3Dy CONFIG_REISERFS_CHECK=3Dy CONFIG_REISERFS_PROC_INFO=3Dy CONFIG_EXT3_FS=3Dy CONFIG_JBD=3Dy CONFIG_JBD_DEBUG=3Dy CONFIG_TMPFS=3Dy CONFIG_RAMFS=3Dy CONFIG_ISO9660_FS=3Dy CONFIG_JOLIET=3Dy CONFIG_PROC_FS=3Dy CONFIG_DEVFS_FS=3Dy CONFIG_DEVFS_MOUNT=3Dy CONFIG_MSDOS_PARTITION=3Dy CONFIG_NLS=3Dy CONFIG_NLS_DEFAULT=3D"iso8859-1" CONFIG_VGA_CONSOLE=3Dy CONFIG_VIDEO_SELECT=3Dy CONFIG_FB=3Dy CONFIG_DUMMY_CONSOLE=3Dy CONFIG_FB_LOGO_TUX=3Dy CONFIG_FB_VESA=3Dy CONFIG_VIDEO_SELECT=3Dy CONFIG_FBCON_CFB8=3Dy CONFIG_FBCON_CFB16=3Dy CONFIG_FBCON_CFB24=3Dy CONFIG_FBCON_CFB32=3Dy CONFIG_FONT_8x8=3Dy CONFIG_FONT_8x16=3Dy CONFIG_LOG_BUF_SHIFT=3D0 CONFIG_CRC32=3Dy ----- Original Message -----=20 From: mjoachimiak@poczta.onet.pl=20 To: Matias Namiot=20 Sent: Wednesday, July 28, 2004 10:21 AM Subject: Re: [LARTC] IP ROUTE Please send earlier commands you are doing before that tc filter = add.... --- Original Message -----=20 From: Matias Namiot=20 To: lartc@mailman.ds9a.nl=20 Sent: Tuesday, July 27, 2004 4:01 PM Subject: Re: [LARTC] IP ROUTE The problem was the module CONFIG_IP_ROUTE_MULTIPATH of the kernel Thanks for all, now I fight with what is de module of tc filter = because I can't do that: server2 linux # tc filter add dev eth0 parent 1:0 protocol ip prio 2 = handle 2 fw classid 1:11 RTNETLINK answers: Invalid argument server2 linux # ----- Original Message -----=20 From: Matias Namiot=20 To: lartc@mailman.ds9a.nl=20 Sent: Monday, July 26, 2004 3:47 PM Subject: [LARTC] IP ROUTE Hello, my linux show me that: server2 root # ip route add default scope global nexthop via = 192.168.5.1 dev eth2 weight 1 nexthop via 192.168.160.1 dev eth0 weight = 1 RTNETLINK answers: Invalid argument What can I do???? Thanks Matias --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.726 / Virus Database: 481 - Release Date: 22/07/2004 ------=_NextPart_000_005F_01C4749A.44BA6B70 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
I need resolv this problem now, because = I haven't=20 any time, and my problem is:
 
server2 root # ip route add default = scope=20 global nexthop via 192.168.5.1 dev eth2 weight 1 nexthop via = 192.168.160.1 dev=20 eth0 weight 1
RTNETLINK answers: Invalid argument
 
 
I want make this is my = configuration:
 
# Configuraci=F3n TC para Bariloche = Wireless
#=20 Salida a internet eth1
# Subida 128k y bajada 128k
 
# Valores:
# mbps =3D 1024 kbps =3D = 1024 * 1024 bps=20 =3D> byte/s
# mbit =3D 1024 kbit =3D> kilobit/s.
# mb =3D = 1024 kb =3D 1024 *=20 1024 b =3D> byte
# mbit =3D 1024 kbit =3D> kilobit.
# = Internamente, los=20 n=FAmeros se almacenan en bps, pero cuando tc imprime las tasas, usa lo=20 siguiente:
# 1Mbit =3D 1024 Kbit =3D 1024 * 1024 bps =3D> = byte/s
 
##### Limpiamos reglas anteriores
tc = qdisc del=20 dev eth1 root    2> /dev/null > /dev/null
tc = qdisc del=20 dev eth1 ingress 2> /dev/null > /dev/null
 
##### Definimos las qdisc
 
# Definimos tasa superior y dispositivo = de=20 internet
CEIL=3D128
DEV_INT=3Deth1
 
# Esta l=EDnea se encargar=E1 de enviar = por defecto a=20 la clase 1:15
tc qdisc add dev eth1 root handle 1: htb default=20 15
 
# Qdisc padre
tc class add dev eth1 = parent 1:=20 classid 1:1 htb rate ${CEIL}kbit ceil ${CEIL}kbit
 
# Esta l=EDnea se encargar=E1 de enviar = paquetes de=20 baja latencia (telnet, ssh, SYN, etc) como interactivas
tc class add = dev eth1=20 parent 1:1 classid 1:10 htb rate 80kbit ceil 80kbit prio 0
 
# Esta l=EDnea se encargar=E1 de = tr=E1fico masivo=20 WEB
tc class add dev eth1 parent 1:1 classid 1:11 htb rate 80kbit = ceil=20 ${CEIL}kbit prio 1
 
# Esta l=EDnea se encargar=E1 de = tr=E1fico TOS de=20 maximizar transferencia y el tr=E1fico local
#tc class add dev eth1 = parent 1:1=20 classid 1:12 htb rate 20kbit ceil ${CEIL}kbit prio 2
 
# Esta l=EDnea se encargar=E1 de las = m=E1quinas con=20 NAT
tc class add dev eth1 parent 1:1 classid 1:13 htb rate 80kbit = ceil=20 ${CEIL}kbit prio 2
 
# Esta l=EDnea se encargar=E1 del = correo SMTP y POP3=20 con un TOS de minimizar costo.
tc class add dev eth1 parent 1:1 = classid 1:14=20 htb rate 20kbit ceil ${CEIL}kbit prio 3
 
# Esta l=EDnea se encargar=E1 de = tr=E1fico masivo de las=20 m=E1quinas con NAT con Kazaa, e-Donkey, etc
tc class add dev eth1 = parent 1:1=20 classid 1:15 htb rate 10kbit ceil ${CEIL}kbit prio 3
 
# Aplicamos SFQ para el tr=E1fico = pesado con hash=20 cada 10 segundos
#tc qdisc add dev eth1 parent 1:12 handle 120: sfq = perturb=20 10
tc qdisc add dev eth1 parent 1:13 handle 130: sfq perturb 10
tc = qdisc=20 add dev eth1 parent 1:14 handle 140: sfq perturb 10
tc qdisc add dev = eth1=20 parent 1:15 handle 150: sfq perturb 10
 
##### Clasificaci=F3n de paquetes con = iptables
#=20 Se prefiere por los paquetes porque son muy flexibles y puedes hacer = conteo de=20 paquetes por cada regla, y con el objetivo
# RETURN los paquetes no=20 necesitan pasar por todas las reglas. Los paquetes con FWMARK (handle x = fw) van=20 en la clase indicada
 
tc filter add dev eth0 parent 1:0 = protocol ip prio=20 1 handle 1 fw classid 1:10
tc filter add dev eth0 parent 1:0 protocol = ip prio=20 2 handle 2 fw classid 1:11
#tc filter add dev eth0 parent 1:0 = protocol ip=20 prio 3 handle 3 fw classid 1:12
tc filter add dev eth0 parent 1:0 = protocol ip=20 prio 4 handle 4 fw classid 1:13
tc filter add dev eth0 parent 1:0 = protocol ip=20 prio 5 handle 5 fw classid 1:14
tc filter add dev eth0 parent 1:0 = protocol ip=20 prio 6 handle 6 fw classid 1:15
 
##### Ac=E1 hay que hacer NAT con=20 iptables.
 
##### Marcando paquetes
# No = olvidarse el -j=20 RETURN de manera que los paquetes no atraviesen todas las = reglas
 
##### Para clase 10
 
# Marcando iptables para paquetes = ICMP
iptables=20 -t mangle -A PREROUTING -p icmp -j MARK --set-mark 0x1
iptables -t = mangle -A=20 PREROUTING -p icmp -j RETURN
iptables -t mangle -A OUTPUT -p icmp -j = MARK=20 --set-mark 0x1
iptables -t mangle -A OUTPUT -p icmp -j = RETURN
 
# Marcando iptables para paquetes con = TOS para=20 Minimizar el tiempo
iptables -t mangle -A PREROUTING -m tos --tos=20 Minimize-Delay -j MARK --set-mark 0x1
iptables -t mangle -A = PREROUTING -m tos=20 --tos Minimize-Delay -j RETURN
iptables -t mangle -A OUTPUT -m tos = --tos=20 Minimize-Delay -j MARK --set-mark 0x1
iptables -t mangle -A OUTPUT -m = tos=20 --tos Minimize-Delay -j RETURN
 
# Marcando iptables para paquetes = SSH
iptables=20 -t mangle -A PREROUTING -p tcp -m tcp --sport 22 -j MARK --set-mark=20 0x1
iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 22 -j=20 RETURN
iptables -t mangle -A OUTPUT -p tcp -m tcp --sport 22 -j MARK=20 --set-mark 0x1
iptables -t mangle -A OUTPUT -p tcp -m tcp --sport 22 = -j=20 RETURN
   
# Marcando iptables para paquetes de=20 sincronismo
iptables -t mangle -I PREROUTING -p tcp -m tcp = --tcp-flags=20 SYN,RST,ACK SYN -j MARK --set-mark 0x1
iptables -t mangle -I = PREROUTING -p=20 tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j RETURN
iptables -t mangle = -I OUTPUT=20 -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-mark = 0x1
iptables -t=20 mangle -I OUTPUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j=20 RETURN
 
##### Para clase 11
iptables -t = mangle -A=20 PREROUTING -p tcp -m tcp --sport 80 -j MARK --set-mark 0x2
iptables = -t mangle=20 -A PREROUTING -p tcp -m tcp --sport 80 -j RETURN
iptables -t mangle = -A OUTPUT=20 -p tcp -m tcp --sport 80 -j MARK --set-mark 0x2
iptables -t mangle -A = OUTPUT=20 -p tcp -m tcp --sport 80 -j RETURN
 
##### Para clase 13
# Marcando = iptables para=20 paquetes FTP y FTP-DATA
iptables -t mangle -A PREROUTING -p tcp -m = tcp=20 --sport 21 -j MARK --set-mark 0x4
iptables -t mangle -A PREROUTING -p = tcp -m=20 tcp --sport 21 -j RETURN
iptables -t mangle -A OUTPUT -p tcp -m tcp = --sport=20 21 -j MARK --set-mark 0x4
iptables -t mangle -A OUTPUT -p tcp -m tcp = --sport=20 21 -j RETURN
iptables -t mangle -A PREROUTING -p tcp -m tcp --sport = 20 -j=20 MARK --set-mark 0x4
iptables -t mangle -A PREROUTING -p tcp -m tcp = --sport 20=20 -j RETURN
iptables -t mangle -A OUTPUT -p tcp -m tcp --sport 20 -j = MARK=20 --set-mark 0x4
iptables -t mangle -A OUTPUT -p tcp -m tcp --sport 20 = -j=20 RETURN
 
##### Para clase 14
# Marcando = iptables para=20 paquetes con TOS para Minimizar el costo
iptables -t mangle -A = PREROUTING -m=20 tos --tos Minimize-Cost -j MARK --set-mark 0x5
iptables -t mangle -A=20 PREROUTING -m tos --tos Minimize-Cost -j RETURN
iptables -t mangle -A = OUTPUT=20 -m tos --tos Minimize-Cost -j MARK --set-mark 0x5
iptables -t mangle = -A=20 OUTPUT -m tos --tos Minimize-Cost -j RETURN
 
# Marcando iptables para paquetes = SMTP
iptables=20 -t mangle -A PREROUTING -p tcp -m tcp --sport 25 -j MARK --set-mark=20 0x5
iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 25 -j=20 RETURN
iptables -t mangle -A OUTPUT -p tcp -m tcp --sport 25 -j MARK=20 --set-mark 0x5
iptables -t mangle -A OUTPUT -p tcp -m tcp --sport 25 = -j=20 RETURN
 
# Marcando iptables para paquetes = POP3
iptables=20 -t mangle -A PREROUTING -p tcp -m tcp --sport 110 -j MARK --set-mark=20 0x5
iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 110 -j=20 RETURN
iptables -t mangle -A OUTPUT -p tcp -m tcp --sport 110 -j MARK = --set-mark 0x5
iptables -t mangle -A OUTPUT -p tcp -m tcp --sport 110 = -j=20 RETURN
 
##### Para clase 15
# Marcando = iptables para=20 paquetes con TOS para Maximizar transferencias
iptables -t mangle -A=20 PREROUTING -m tos --tos Maximize-Throughput -j MARK --set-mark = 0x6
iptables=20 -t mangle -A PREROUTING -m tos --tos Maximize-Throughput -j = RETURN
iptables=20 -t mangle -A OUTPUT -m tos --tos Maximize-Throughput -j MARK --set-mark=20 0x6
iptables -t mangle -A OUTPUT -m tos --tos Maximize-Throughput -j=20 RETURN
 
# Marcando iptables para paquetes por = defecto (es=20 redundante)
iptables -t mangle -A PREROUTING -j MARK --set-mark=20 0x6
iptables -t mangle -A OUTPUT -j MARK --set-mark = 0x6
My kernel config is:
 
CONFIG_X86=3Dy
CONFIG_UID16=3Dy
CONFIG_EXPERIMENTAL=3Dy
CONFIG_MODULES=3Dy
CONFIG_MODVERSIONS=3Dy
CONFIG_KMOD=3Dy<= /FONT>
CONFIG_MXP31=3Dy
CONFIG_X86_WP_WORKS_OK=3Dy
CONFIG_X86_INV= LPG=3Dy
CONFIG_X86_CMPXCHG=3Dy
CONFIG_X86_XADD=3Dy
CONFIG_X86_BS= WAP=3Dy
CONFIG_X86_POPAD_OK=3Dy
CONFIG_RWSEM_XCHGADD_ALGORITHM=3Dy<= BR>CONFIG_X86_L1_CACHE_SHIFT=3D6
CONFIG_X86_HAS_TSC=3Dy
CONFIG_X86_= GOOD_APIC=3Dy
CONFIG_X86_USE_3DNOW=3Dy
CONFIG_X86_PGE=3Dy
CONFIG= _X86_USE_PPRO_CHECKSUM=3Dy
CONFIG_X86_MCE=3Dy
CONFIG_NOHIGHMEM=3Dy<= BR>CONFIG_1GB=3Dy
CONFIG_PREEMPT=3Dy
CONFIG_X86_TSC=3Dy
CONFIG_H= AVE_DEC_LOCK=3Dy
CONFIG_NET=3Dy
CONFIG_PCI=3Dy
CONFIG_PCI_GOANY=3Dy
CONF= IG_PCI_BIOS=3Dy
CONFIG_PCI_DIRECT=3Dy
CONFIG_PCI_NAMES=3Dy
CONFI= G_HOTPLUG=3Dy
CONFIG_SYSVIPC=3Dy
CONFIG_SYSCTL=3Dy
CONFIG_KCORE_ELF=3Dy<= BR>CONFIG_BINFMT_AOUT=3Dy
CONFIG_BINFMT_ELF=3Dy
CONFIG_BINFMT_MISC=3D= y
CONFIG_PACKET=3Dy
CONFIG_PACKET_MMAP=3Dy
CONFIG_NETLINK_DE= V=3Dy
CONFIG_NETFILTER=3Dy
CONFIG_NETFILTER_DEBUG=3Dy
CONFIG_FIL= TER=3Dy
CONFIG_UNIX=3Dy
CONFIG_INET=3Dy
CONFIG_IP_MULTICAST=3Dy<= BR>CONFIG_IP_ADVANCED_ROUTER=3Dy
CONFIG_IP_MULTIPLE_TABLES=3Dy
CONF= IG_IP_ROUTE_FWMARK=3Dy
CONFIG_IP_ROUTE_NAT=3Dy
CONFIG_IP_ROUTE_MULT= IPATH=3Dy
CONFIG_IP_ROUTE_TOS=3Dy
CONFIG_IP_ROUTE_VERBOSE=3Dy
CO= NFIG_NET_IPIP=3Dy
CONFIG_IP_MROUTE=3Dy
CONFIG_IP_PIMSM_V1=3Dy
CO= NFIG_IP_PIMSM_V2=3Dy
CONFIG_INET_ECN=3Dy
CONFIG_IP_NF_CONNTRACK=3Dy=
CONFIG_IP_NF_FTP=3Dy
CONFIG_IP_NF_QUEUE=3Dy
CONFIG_IP_NF_IPTABL= ES=3Dy
CONFIG_IP_NF_MATCH_LIMIT=3Dy
CONFIG_IP_NF_MATCH_MAC=3Dy
C= ONFIG_IP_NF_MATCH_PKTTYPE=3Dy
CONFIG_IP_NF_MATCH_MARK=3Dy
CONFIG_IP= _NF_MATCH_MULTIPORT=3Dy
CONFIG_IP_NF_MATCH_TOS=3Dy
CONFIG_IP_NF_MAT= CH_RECENT=3Dy
CONFIG_IP_NF_MATCH_LENGTH=3Dy
CONFIG_IP_NF_MATCH_TTL=3D= y
CONFIG_IP_NF_MATCH_TCPMSS=3Dy
CONFIG_IP_NF_MATCH_STEALTH=3Dy
C= ONFIG_IP_NF_MATCH_HELPER=3Dy
CONFIG_IP_NF_MATCH_STATE=3Dy
CONFIG_IP= _NF_MATCH_CONNTRACK=3Dy
CONFIG_IP_NF_FILTER=3Dy
CONFIG_IP_NF_TARGET= _REJECT=3Dy
CONFIG_IP_NF_TARGET_MIRROR=3Dy
CONFIG_IP_NF_NAT=3Dy
= CONFIG_IP_NF_NAT_NEEDED=3Dy
CONFIG_IP_NF_TARGET_MASQUERADE=3Dy
CONF= IG_IP_NF_TARGET_REDIRECT=3Dy
CONFIG_IP_NF_NAT_FTP=3Dy
CONFIG_IP_NF_= MANGLE=3Dy
CONFIG_IP_NF_TARGET_TOS=3Dy
CONFIG_IP_NF_TARGET_MARK=3Dy=
CONFIG_IP_NF_TARGET_LOG=3Dy
CONFIG_IP_NF_TARGET_TCPMSS=3Dy
CONF= IG_IP_NF_ARPTABLES=3Dy
CONFIG_IP_NF_ARPFILTER=3Dy
CONFIG_NET_DIVERT=3Dy
CONFIG_NET_FASTROUTE=3Dy
CONFIG_NET_SCHED=3Dy
CONFIG_NET_SCH_CBQ=3Dy
CONFIG_NET_SCH= _HTB=3Dy
CONFIG_NET_SCH_CSZ=3Dy
CONFIG_NET_SCH_HFSC=3Dy
CONFIG_N= ET_SCH_PRIO=3Dy
CONFIG_NET_SCH_RED=3Dy
CONFIG_NET_SCH_SFQ=3Dy
CO= NFIG_NET_SCH_TEQL=3Dy
CONFIG_NET_SCH_TBF=3Dy
CONFIG_NET_SCH_GRED=3D= y
CONFIG_NET_SCH_DELAY=3Dy
CONFIG_NET_SCH_DSMARK=3Dy
CONFIG_NET_= SCH_INGRESS=3Dy
CONFIG_NET_QOS=3Dy
CONFIG_NET_ESTIMATOR=3Dy
CONF= IG_NET_CLS=3Dy
CONFIG_NET_CLS_TCINDEX=3Dy
CONFIG_NET_CLS_ROUTE4=3Dy=
CONFIG_NET_CLS_ROUTE=3Dy
CONFIG_NET_CLS_FW=3Dy
CONFIG_NET_CLS_U= 32=3Dy
CONFIG_NET_CLS_RSVP=3Dy
CONFIG_NET_CLS_POLICE=3Dy
CONFIG_= IDE=3Dy
CONFIG_BLK_DEV_IDE=3Dy
CONFIG_BLK_DEV_IDEDISK=3Dy
CONFIG_I= DEDISK_MULTI_MODE=3Dy
CONFIG_BLK_DEV_IDECD=3Dy
CONFIG_BLK_DEV_CMD64= 0=3Dy
CONFIG_BLK_DEV_IDEPCI=3Dy
CONFIG_BLK_DEV_GENERIC=3Dy
CONFI= G_IDEPCI_SHARE_IRQ=3Dy
CONFIG_BLK_DEV_IDEDMA_PCI=3Dy
CONFIG_IDEDMA_= PCI_AUTO=3Dy
CONFIG_BLK_DEV_IDEDMA=3Dy
CONFIG_BLK_DEV_PIIX=3Dy
C= ONFIG_IDEDMA_AUTO=3Dy
CONFIG_NETDEVICES=3Dy
CONFIG_DUMMY=3Dm
CONFIG_NET_ETHERNET=3Dy
CONFIG_NET_VENDOR_3COM=3Dy
CONFIG_= VORTEX=3Dy
CONFIG_R8169=3Dy
CONFIG_PPP=3Dy
CONFIG_PPP_MULTILINK=3D= y
CONFIG_PPP_ASYNC=3Dy
CONFIG_PPP_SYNC_TTY=3Dy
CONFIG_PPPOE=3Dy<= BR>CONFIG_NET_RADIO=3Dy
CONFIG_HERMES=3Dy
CONFIG_PLX_HERMES=3D= y
CONFIG_TMD_HERMES=3Dy
CONFIG_PCI_HERMES=3Dy
CONFIG_NET_WIRELES= S=3Dy
CONFIG_VT=3Dy
CONFIG_VT_CONSOLE=3Dy
CONFIG_SERIAL=3Dy
C= ONFIG_UNIX98_PTYS=3Dy
CONFIG_UNIX98_PTY_COUNT=3D256
CONFIG_AGP=3Dy<= BR>CONFIG_AGP_NVIDIA=3Dy
CONFIG_AUTOFS4_FS=3Dy
CONFIG_REISERFS_FS=3Dy
CONFIG_REISER= FS_CHECK=3Dy
CONFIG_REISERFS_PROC_INFO=3Dy
CONFIG_EXT3_FS=3Dy
CO= NFIG_JBD=3Dy
CONFIG_JBD_DEBUG=3Dy
CONFIG_TMPFS=3Dy
CONFIG_RAMFS=3D= y
CONFIG_ISO9660_FS=3Dy
CONFIG_JOLIET=3Dy
CONFIG_PROC_FS=3Dy
= CONFIG_DEVFS_FS=3Dy
CONFIG_DEVFS_MOUNT=3Dy
CONFIG_MSDOS_PARTITION=3D= y
CONFIG_NLS=3Dy
CONFIG_NLS_DEFAULT=3D"iso8859-1"
CONFIG_VGA_CONSOLE=3Dy
CO= NFIG_VIDEO_SELECT=3Dy
CONFIG_FB=3Dy
CONFIG_DUMMY_CONSOLE=3Dy
CONFIG_FB_LOGO_TUX=3D= y
CONFIG_FB_VESA=3Dy
CONFIG_VIDEO_SELECT=3Dy
CONFIG_FBCON_CFB8=3D= y
CONFIG_FBCON_CFB16=3Dy
CONFIG_FBCON_CFB24=3Dy
CONFIG_FBCON_CFB= 32=3Dy
CONFIG_FONT_8x8=3Dy
CONFIG_FONT_8x16=3Dy
CONFIG_LOG_BUF_S= HIFT=3D0
CONFIG_CRC32=3Dy
----- Original Message -----
From:=20 mjoachimiak@poczta.onet.pl=
To: Matias Namiot
Sent: Wednesday, July 28, 2004 = 10:21=20 AM
Subject: Re: [LARTC] IP = ROUTE

Please send earlier commands you are = doing before=20 that tc filter add....
--- Original Message -----
From:=20 Matias=20 Namiot
Sent: Tuesday, July 27, 2004 = 4:01=20 PM
Subject: Re: [LARTC] IP = ROUTE

The problem was the module=20 CONFIG_IP_ROUTE_MULTIPATH of the kernel
Thanks for all, now I fight with = what is de=20 module of tc filter because I can't do that:
 
server2 linux # tc filter add = dev eth0=20 parent 1:0 protocol ip prio 2 handle 2 fw classid 1:11
RTNETLINK = answers:=20 Invalid argument
server2 linux #
 
 
 
----- Original Message ----- =
From:=20 Matias=20 Namiot
Sent: Monday, July 26, 2004 = 3:47=20 PM
Subject: [LARTC] IP = ROUTE

Hello, my linux show me = that:
 
 
server2 root # ip route add = default scope=20 global nexthop via 192.168.5.1 dev eth2 weight 1 nexthop via = 192.168.160.1=20 dev eth0 weight 1
RTNETLINK answers: Invalid=20 argument
 
What can I do????
Thanks
Matias
 

---
Outgoing mail is = certified Virus=20 Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: = 6.0.726 / Virus Database: 481 - Release Date:=20 = 22/07/2004
------=_NextPart_000_005F_01C4749A.44BA6B70-- _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/