From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andy Furniss Date: Tue, 03 May 2005 13:38:58 +0000 Subject: Re: [LARTC] problem with filters - packets 'slipping' through them Message-Id: <42777EF2.6040403@dsl.pipex.com> List-Id: References: <200505031358.54107.marcin_ml@sekretarka.no-ip.org> In-Reply-To: <200505031358.54107.marcin_ml@sekretarka.no-ip.org> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable To: lartc@vger.kernel.org Marcin Ka=B3u=BFa wrote: > Hi! > I'm trying to shape my internet connection traffic using hsfc and I've=20 > encountered the following problem (may not be connected with hfsc). > on my lan interface I shape incoming traffic like this: >=20 > tc qdisc add root dev eth1 handle 1: hfsc default 1003 > tc class add dev eth1 parent 1:0 classid 1:1003 hfsc ls rate 10kbit ul ra= te=20 > 10kbit > tc class add dev eth1 parent 1: classid 1:1001 hfsc ls rate 70Mbit ul rat= e=20 > 70Mbit >=20 > tc filter add dev eth1 parent 1: protocol ip prio 1 u32 \ > match ip src 192.168.0.1 \ > flowid 1:1001 >=20 > tc class add dev eth1 parent 1: classid 1:1002 hfsc ls rate 1Mbit ul rate= =20 > 1Mbit > tc filter add dev eth1 parent 1: protocol ip prio 2 u32 \ > match ip dst 192.168.0.0/24 \ > flowid 1:1002 >=20 > class 1001 recievs the traffic generated by the server > class 1002 gets incoming traffic from the internet=20 > class 1003 is the default >=20 > And that's where my problem is - 1003 shouldn't get any traffic since (as= I=20 > think) the above filters should in total match everything and direct it t= o=20 > 1001/2. But there are some packets that go to 1003 and if I delete it, mo= st=20 > of the traffic dies (even ping 192.168.0.2 doesn't work - whats even more= =20 > wierd, not immediately, but after a minute or so from installing new queu= e) It's arp traffic - your filters are catching IP it stops working when=20 the cache expires. Unlike htb hfsc drops traffic it doesn't know what to=20 do with if you don't specify a default class. >=20 > Can anybody help me? Am I missing something in the filters? I've tried do= ing=20 > the same with iptables and mark in the postrouting chain and with fw filt= ers.=20 > The situation was strange as well - every packet got marked either for th= e=20 > first or the second class, and in spite of this 1003 got traffic anyway... If you don't want use default you could classify with a TC filter .... protocol arp u32 match u32 0 0 .... Andy. _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc