making QoS for FTP traffic using tc HTB

All of lore.kernel.org
 help / color / mirror / Atom feed

* making QoS for FTP traffic using tc HTB
@ 2010-07-19 23:17 Mamadou Touré
  2010-07-27  6:31 ` Andrew Beverley
  0 siblings, 1 reply; 3+ messages in thread
From: Mamadou Touré @ 2010-07-19 23:17 UTC (permalink / raw)
  To: netfilter

Hi list,
I've some problem with making Qos.
All my pass through a linux box which is in Bridge mode.
I'd to implement a QoS to allocate 25Kbit of bandwith to the FTP
traffic. So I've made these commands:
--------------------------------------------------------------
tc qdisc add dev  eth1  root handle 1: htb default 1 tc  class add dev
eth1  parent 1: classid  1:1  htb rate 50kbit ceil 50kbit tc qdisc add
dev eth1  parent  1:1  handle 10:  sfq perturb 10

tc qdisc add dev  eth2  root handle 1: htb default 1

tc  class add dev  eth2  parent 1: classid  1:1 htb rate 50kbit ceil
50kbit tc qdisc add dev  eth2  parent  1:1  handle 10: sfq perturb 10

tc  class add dev  eth1  parent 1:0 classid  1:1007  htb rate 512kbit
ceil 512kbit

tc  class add dev  eth2  parent 1:0 classid  1:1007  htb rate 512kbit
ceil 512kbit

tc  class add dev  eth1  parent 1:1007 classid  1:8170  htb rate
25kbit ceil 25kbit

tc qdisc add dev  eth1  parent  1:8170  handle 8170:  sfq perturb 10
tc  class add dev  eth2  parent 1:1007 classid  1:8170  htb rate
25kbit ceil 25kbit

tc qdisc add dev  eth2  parent  1:8170  handle 8170: sfq perturb 10

tc filter add dev  eth1  protocol ip parent 1:  prio 1 u32   match ip  src
192.168.2.88/32  match ip dport  20  0xffff flowid  1:8170
tc filter add dev  eth1  protocol ip parent 1:  prio 1 u32   match ip  dst
192.168.2.88/32    0xff match ip dport  21  0xffff flowid  1:8170
--------------------------------------------------------------------
The filter tc filter add dev  eth1.....
Is never match for the FTP downstream.
Can someone help me troubleshoot.
Regards.

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: making QoS for FTP traffic using tc HTB
  2010-07-19 23:17 making QoS for FTP traffic using tc HTB Mamadou Touré
@ 2010-07-27  6:31 ` Andrew Beverley
  2010-07-27  7:09   ` Jan Engelhardt
  0 siblings, 1 reply; 3+ messages in thread
From: Andrew Beverley @ 2010-07-27  6:31 UTC (permalink / raw)
  To: Mamadou Touré; +Cc: netfilter

> I've some problem with making Qos.
> All my pass through a linux box which is in Bridge mode.
> I'd to implement a QoS to allocate 25Kbit of bandwith to the FTP
> traffic. So I've made these commands:

<snip>

> tc filter add dev  eth1  protocol ip parent 1:  prio 1 u32   match ip  src
> 192.168.2.88/32  match ip dport  20  0xffff flowid  1:8170
> tc filter add dev  eth1  protocol ip parent 1:  prio 1 u32   match ip  dst
> 192.168.2.88/32    0xff match ip dport  21  0xffff flowid  1:8170
> --------------------------------------------------------------------
> The filter tc filter add dev  eth1.....
> Is never match for the FTP downstream.

FTP is quite a complex protocol that jumps around port numbers
(especially passive FTP - see http://slacksite.com/other/ftp.html). I've
not looked at your rules close enough to see whether that is the
problem, but I would recommend using the iptables FTP connection
tracking module with iptables to track the connection, then MARK it, and
then use the mark in the filter.

Andy



^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: making QoS for FTP traffic using tc HTB
  2010-07-27  6:31 ` Andrew Beverley
@ 2010-07-27  7:09   ` Jan Engelhardt
  0 siblings, 0 replies; 3+ messages in thread
From: Jan Engelhardt @ 2010-07-27  7:09 UTC (permalink / raw)
  To: Andrew Beverley; +Cc: Mamadou Touré, netfilter


On Tuesday 2010-07-27 08:31, Andrew Beverley wrote:

>> I've some problem with making Qos.
>> All my pass through a linux box which is in Bridge mode.
>> I'd to implement a QoS to allocate 25Kbit of bandwith to the FTP
>> traffic. So I've made these commands:
>
><snip>
>
>> tc filter add dev  eth1  protocol ip parent 1:  prio 1 u32   match ip  src
>> 192.168.2.88/32  match ip dport  20  0xffff flowid  1:8170
>> tc filter add dev  eth1  protocol ip parent 1:  prio 1 u32   match ip  dst
>> 192.168.2.88/32    0xff match ip dport  21  0xffff flowid  1:8170
>> --------------------------------------------------------------------
>> The filter tc filter add dev  eth1.....
>> Is never match for the FTP downstream.
>
>FTP is quite a complex protocol that jumps around port numbers
>(especially passive FTP - see http://slacksite.com/other/ftp.html). I've
>not looked at your rules close enough to see whether that is the
>problem, but I would recommend using the iptables FTP connection
>tracking module with iptables to track the connection, then MARK it, and
>then use the mark in the filter.

Port 20 is generally no longer used - because it's a privileged lowport.
You can use -m conntrack --ctstate RELATED -m helper --helper ftp
-j CONNMARK to tag the data stream with a ctmark, plus
another rule with -j CONNMARK --restore-mark
to put it back onto the nfmark for use with tc.

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2010-07-27  7:09 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-07-19 23:17 making QoS for FTP traffic using tc HTB Mamadou Touré
2010-07-27  6:31 ` Andrew Beverley
2010-07-27  7:09   ` Jan Engelhardt

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.