* Re: [LARTC] bridging shaper
2004-03-29 17:27 [LARTC] bridging shaper Ryan Rothert
@ 2004-03-29 18:13 ` Jon Anderson
2004-03-29 19:07 ` Ryan Rothert
` (4 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: Jon Anderson @ 2004-03-29 18:13 UTC (permalink / raw)
To: lartc
Ryan Rothert wrote:
>Any thoughts as to why this doesnt seem to work on a bridge? It does work
>if the box is setup to be a router.
>
>
I have tried to do bridged traffic control with 2.6. It just doesn't
seem to work. u32 matches won't work, marking packets with
iptables/ebtables then trying to catch them with tc's fw match doesn't
work. Filters just won't catch anything in 2.6, and all traffic just
leaves through the default class. There are reports of people getting
this working, but no real details have emerged.
With 2.4, it works without problems. I have a few machines running
bridging firewalls with traffic control using 2.4. Works without issues.
Any developers want to shed some light on why 2.6 doesn't seem to go?
(Config options?)
jon
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 7+ messages in thread* Re: [LARTC] bridging shaper
2004-03-29 17:27 [LARTC] bridging shaper Ryan Rothert
2004-03-29 18:13 ` Jon Anderson
@ 2004-03-29 19:07 ` Ryan Rothert
2004-03-29 19:33 ` Jon Anderson
` (3 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: Ryan Rothert @ 2004-03-29 19:07 UTC (permalink / raw)
To: lartc
On Mon, 29 Mar 2004, Jon Anderson wrote:
> Ryan Rothert wrote:
>
> >Any thoughts as to why this doesnt seem to work on a bridge? It does work
> >if the box is setup to be a router.
> >
> >
> I have tried to do bridged traffic control with 2.6. It just doesn't
> seem to work. u32 matches won't work, marking packets with
> iptables/ebtables then trying to catch them with tc's fw match doesn't
> work. Filters just won't catch anything in 2.6, and all traffic just
> leaves through the default class. There are reports of people getting
> this working, but no real details have emerged.
>
> With 2.4, it works without problems. I have a few machines running
> bridging firewalls with traffic control using 2.4. Works without issues.
>
> Any developers want to shed some light on why 2.6 doesn't seem to go?
> (Config options?)
>
> jon
>
Jon,
I dont really need to run 2.6, 2.4 would be fine, what version are you
using? Did you compile it yourself? Did you have to apply any extra
patches if you compiled it yourself?
Thanks,
Ryan
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 7+ messages in thread* Re: [LARTC] bridging shaper
2004-03-29 17:27 [LARTC] bridging shaper Ryan Rothert
2004-03-29 18:13 ` Jon Anderson
2004-03-29 19:07 ` Ryan Rothert
@ 2004-03-29 19:33 ` Jon Anderson
2004-03-29 19:49 ` Bart De Schuymer
` (2 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: Jon Anderson @ 2004-03-29 19:33 UTC (permalink / raw)
To: lartc
Ryan Rothert wrote:
>I dont really need to run 2.6, 2.4 would be fine, what version are you
>using? Did you compile it yourself? Did you have to apply any extra
>patches if you compiled it yourself?
>
>
2.4.25+brnf-5 (Patch here:
http://sourceforge.net/project/showfiles.php?group_id9571 ) Yes,
compiled myself - almost has to be.
If you look through the archive for earlier this month, possibly last
(look for "bridge") there's a little more detail about it.
If you have any specific questions, I'd be glad to try and help if I can.
jon
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 7+ messages in thread* Re: [LARTC] bridging shaper
2004-03-29 17:27 [LARTC] bridging shaper Ryan Rothert
` (2 preceding siblings ...)
2004-03-29 19:33 ` Jon Anderson
@ 2004-03-29 19:49 ` Bart De Schuymer
2004-03-30 1:38 ` Jon Anderson
2004-03-30 11:13 ` miller69
5 siblings, 0 replies; 7+ messages in thread
From: Bart De Schuymer @ 2004-03-29 19:49 UTC (permalink / raw)
To: lartc
On Monday 29 March 2004 20:13, Jon Anderson wrote:
> With 2.4, it works without problems. I have a few machines running
> bridging firewalls with traffic control using 2.4. Works without issues.
>
> Any developers want to shed some light on why 2.6 doesn't seem to go?
> (Config options?)
There are no real differences, except that arptables doesn't see bridged
traffic, between the 2.4 bridge-nf/ebtables patch and the code in 2.6. So my
guess is the problem isn't the bridge filtering code.
cheers,
Bart
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 7+ messages in thread* Re: [LARTC] bridging shaper
2004-03-29 17:27 [LARTC] bridging shaper Ryan Rothert
` (3 preceding siblings ...)
2004-03-29 19:49 ` Bart De Schuymer
@ 2004-03-30 1:38 ` Jon Anderson
2004-03-30 11:13 ` miller69
5 siblings, 0 replies; 7+ messages in thread
From: Jon Anderson @ 2004-03-30 1:38 UTC (permalink / raw)
To: lartc
Bart De Schuymer wrote:
> There are no real differences, except that arptables doesn't see bridged
>
>traffic, between the 2.4 bridge-nf/ebtables patch and the code in 2.6. So my
>guess is the problem isn't the bridge filtering code.
>
>
I don't doubt that the bridging code, and iptables/ebtables is nearly
the same, but _something_ is different. (Kernel .config options, QoS
code, 2.4/2.6 interface, aliens abducting sk_buff->nfmark, I dunno...)
The same system booted with a 2.4 kernel and a 2.6 kernel behave
differently. 2.6 was configured with similar options to 2.4. (make
oldconfig -> Maybe there's a new option somewhere that I'm missing?)
As far as I can see, bridged traffic control on 2.4 works, 2.6 doesn't:
"tc -s class show dev eth0" on a 2.4 kernel shows packets being
classified properly, whereas on 2.6, they are not classified properly.
I actually think iptables/ebtables is working properly; In 2.6, ebtables
does indeed count the correct number of packets passing through each
rule, and assuming that "-j mark" actually marks them, the only possibly
answer would be that the tc stuff isn't catching those marks.
I'd be really happy to hear any suggestions or ideas, 'cause I'd really
love to get 2.6 working! If there's _anything_ I can do that might help
debug this stuff, I'd be glad to try.
Cheers,
jon
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 7+ messages in thread* Re: [LARTC] bridging shaper
2004-03-29 17:27 [LARTC] bridging shaper Ryan Rothert
` (4 preceding siblings ...)
2004-03-30 1:38 ` Jon Anderson
@ 2004-03-30 11:13 ` miller69
5 siblings, 0 replies; 7+ messages in thread
From: miller69 @ 2004-03-30 11:13 UTC (permalink / raw)
To: lartc
Hi,
> I actually think iptables/ebtables is working properly; In 2.6, ebtables
> does indeed count the correct number of packets passing through each
> rule, and assuming that "-j mark" actually marks them, the only possibly
> answer would be that the tc stuff isn't catching those marks.
I'm using kernel 2.6.3 (just patched with CONNMARK) here and everything
works great. Using iptables and CONNMARK to mark packets and CLASSIFY to sort it
into different HTB (and CBQ) classes is running flawless.
box:~ # uname -a
Linux ipp2p 2.6.3 #3 Mon Mar 8 12:56:15 CET 2004 i686 i686 i386 GNU/Linux
box:~ # tc -s class show dev eth0
class htb 1:11 parent 1:1 prio 5 rate 100Kbit ceil 2000Kbit burst 1727b
cburst 4159b
Sent 3187475 bytes 55392 pkts (dropped 0, overlimits 0)
lended: 55392 borrowed: 0 giants: 0
tokens: 219818 ctokens: 26900
class htb 1:1 root rate 100Mbit ceil 100Mbit burst 132657b cburst 132657b
Sent 235605755 bytes 776816 pkts (dropped 0, overlimits 0)
rate 1340bps 8pps
lended: 0 borrowed: 0 giants: 0
tokens: 16939 ctokens: 16939
class htb 1:10 parent 1:1 prio 1 rate 102300Kbit ceil 100Mbit burst 132528b
cburst 132657b
Sent 232418280 bytes 721424 pkts (dropped 0, overlimits 0)
rate 1340bps 8pps
lended: 721424 borrowed: 0 giants: 0
tokens: 16939 ctokens: 16939
box:~ # iptables -t mangle -L -n -v
Chain MARKED (1 references)
pkts bytes target prot opt in out source
destination
55392 2412K CLASSIFY all -- * * 0.0.0.0/0
0.0.0.0/0 PHYSDEV match --physdev-out eth0 CLASSIFY set 1:11
Also using tc filter rules instead of CLASSIFY put traffic in the
appropiated classes. For me everything works just as fine as it did with kernel 2.4.x
Regards,
--
+++ NEU bei GMX und erstmalig in Deutschland: TÜV-geprüfter Virenschutz +++
100% Virenerkennung nach Wildlist. Infos: http://www.gmx.net/virenschutz
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 7+ messages in thread