* Re: [LARTC] Problem with marking packets...
2005-05-24 22:11 [LARTC] Problem with marking packets Konrad
@ 2005-05-26 8:39 ` Konrad
2005-05-26 10:18 ` Andy Furniss
` (4 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: Konrad @ 2005-05-26 8:39 UTC (permalink / raw)
To: lartc
Can I use u32 or route filter to throw in to class packets which are
going to some interface(eth0 or eth1)?
This is my route rules...
ip route add 83.17.20.10/29 dev eth0 table dsl1
ip route add default via 83.17.20.12 dev eth0 table dsl1
ip route add 80.53.64.128/29 dev eth1 table dsl2
ip route add default via 80.53.64.130/29 dev eth1 table dsl2
ip rule add fwmark 0x01 table dsl1
ip rule add fwmark 0x02 table dsl2
iptables -t mangle -A PREROUTING -i eth3 -p tcp -sport 80 -j MARK 0x01
iptables -t mangle -A PREROUTING -i eth3 -p tcp -sport 4000:65535 -j
MARK 0x02
... etc.
I must do this on IMQ device (POSTROUTING, AB mode), using whatever (u32
filter, route filter, MARK, CONNMARK, etc.)
Packets are being marked, but some packets on IMQ are being gone on
default interface (I'm not marking all traffic...) and I want to catch
this packets on suitable classes on IMQ.
How can I do this? :/ Any ideas? Anyone can help?
--
Konrad Cempura /Lenthir/
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 7+ messages in thread* Re: [LARTC] Problem with marking packets...
2005-05-24 22:11 [LARTC] Problem with marking packets Konrad
2005-05-26 8:39 ` Konrad
@ 2005-05-26 10:18 ` Andy Furniss
2005-05-26 12:50 ` Konrad
` (3 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: Andy Furniss @ 2005-05-26 10:18 UTC (permalink / raw)
To: lartc
Konrad wrote:
> Hello everyone...
>
> I have a little trouble and need some help :P
> How can I check on which interface the packet is going (eth0, eth1; I
> have two ISP and on eth3 little LAN), using to check it TC and IMQ? (HTB
> script)
If you meant eth2 rather than 3 and you are only shaping forwarded
traffic then you could get away without using imq.
> I tried to mark packets, but on chain POSTROUTING this does not work...
> Maybe because packets fall on IMQ before signing.
> I tried marking it on FORWARD but packets also didn't hit their class.
>
> PREROUTING is working(!), but with this I can only queued download traffic.
>
> Problem is very essential. I need to distinguish on which interface
> packet is going.
>
> Im routing packet using this:
> ip route add default via 192.168.10.1 dev eth0 table neo
> ip rule add fwmark 0x03 table neo
>
> ip route add 80.53.133.24/29 dev $DEV_DSL table dsl
> ip rule add fwmark 0x04 table dsl
> And I'm marking traffic as I want.
So I assume the routing is working OK.
>
> IMQ is working in AB mode. I have src IP before nat, and dst after nat.
>
> Upload traffic is going to IMQ1 here:
> iptables -t mangle -A POSTROUTING -j IMQ --todev 1
This rule will catch traffic headed for eth3(2) aswell.
For uplink why not just shape on eth0 and eth1 directly, if you do this
already and want to double queue for some reason then be more specific
about what you send to imq dev1.
iptables -t mangle -A POSTROUTING -o eth0 -j IMQ --todev 1
iptables -t mangle -A POSTROUTING -o eth1 -j IMQ --todev 1
Andy.
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 7+ messages in thread* Re: [LARTC] Problem with marking packets...
2005-05-24 22:11 [LARTC] Problem with marking packets Konrad
2005-05-26 8:39 ` Konrad
2005-05-26 10:18 ` Andy Furniss
@ 2005-05-26 12:50 ` Konrad
2005-05-26 19:20 ` Andy Furniss
` (2 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: Konrad @ 2005-05-26 12:50 UTC (permalink / raw)
To: lartc
[-- Attachment #1: Type: text/plain, Size: 1250 bytes --]
Andy Furniss wrote:
> If you meant eth2 rather than 3 and you are only shaping forwarded
> traffic then you could get away without using imq.
> So I assume the routing is working OK.
Yes... routing is working well.
>> IMQ is working in AB mode. I have src IP before nat, and dst after nat.
>> Upload traffic is going to IMQ1 here:
>> iptables -t mangle -A POSTROUTING -j IMQ --todev 1
> This rule will catch traffic headed for eth3(2) aswell.
Yep. I throw in class packets going outside my network in IMQ1.
Class packets which going inside my network I queue in IMQ0.
LAN traffic on LAN classes, Internet traffic on users classes.
> For uplink why not just shape on eth0 and eth1 directly, if you do this
> already and want to double queue for some reason then be more specific
> about what you send to imq dev1.
>
> iptables -t mangle -A POSTROUTING -o eth0 -j IMQ --todev 1
> iptables -t mangle -A POSTROUTING -o eth1 -j IMQ --todev 1
I'm including my not working HTB script.
As You see I want to classify trafic to link classes. Script is
working... for 1 link to Internet. I want to distribute traffic to
classes to several links, but I don't know how can I distinguish traffic
which is going to first or second Internet link.
[-- Attachment #2: htb0.6o --]
[-- Type: text/plain, Size: 23757 bytes --]
#!/bin/bash
#
# rc.htb 0.6, (C)Lenthir 2oo4-2oo5, GNU GPL
# 2005-05-17 12:20
VER="0.6"
DAT="2005-05-17 12:20"
MAX=65535;
#######################
# Konfiguracja
#######################
##
# 1. ������cze i adresy IP
##
dev_isp="eth1 eth2 eth3" #������cza ze ���wiatem zewn���trznym.
dev_ext="80.53.64.3" #IP zewn���trzne dla bramy.
ext_dwl[0]=600 #Pr���dko������ ������cza. (Liczone od zera, w kolejno���ci dev_isp.)
ext_upl[0]=120
ext_dwl[1]=1980
ext_upl[1]=220
ext_dwl[2]=490
ext_upl[2]=490
int="`/etc/router/0.cfg` `/etc/router/1.cfg` `/etc/router/2.cfg`" #Lista adres���w IP
lan_int="10.0.0.0/16" #Lista podsieci
ext[0]="" #Zewnetrzne adresy IP w podsieciach. (Liczone od zera, w kolejno���ci lan_int.)
ext[1]=""
ext[2]=""
##
# 2. Przepustowo������ ������cz, serwer proxy
##
int_dwl[0]=2; int_upl[0]=2 #Pr���dko������ transferu mi���dzy podsieciami. (Liczone od zera, w kolejno���ci lan_int.)
srv_ldwl=5; srv_lupl=5 #Pr���dko������ LAN serwera (0 = taka jak maksymalna LAN)
#p_squid="8080" #port w3cache ("" = brak serwera w3cache)
sqd_spd=0 #pr���dko������ uploadu ze squida (0 = z pr���dko���ci��� transferu serwera)
##
# 3. Porty priorytetowe, ograniczenie kolejki nieuprzywilejowanej
##
porty_tcp="21 22 23 25 53 80 110 143 220 443 993 995 27015" #uprzywilejowane porty tcp
porty_udp="53 4569" #uprzywilejowane porty udp
npriv_d=0; npriv_u=0 #maksymalna pr���dko������ kolejki nieuprzywilejowanej
# T 20 - ftp-data
# T 21 - ftp
# T 22 - ssh
# T 23 - telnet
# T 25 - SMTP
# TU 53 - DNS
# T 80 - HTTP
# T 110 - POP3
# T 143 - IMAP
# T 220 - IMAP3
# T 443 - HTTPS
# T 993 - IMAPS
# T 995 - POP3(SSL)
# U 4569 - Tele Gadu-Gadu
# T 8074 - Gadu-Gadu
# TU 27015, 27025, 27050 - Counter-Strike
##
# 4. Wykrywanie problem���w, inne opcje
##
pping=1 #0 - ping w kolejce normalnej / 1 - ping w kolejce priorytetowej
net_debug=0 #Info o tym jak wpadaj��� pakiety do kolejek dla u���ytkownik���w
lan_debug=0 #Info o tym jak wpadaj��� pakiety do kolejek LAN
#u_r2q=10 #r2q
u_quantum=1500 #quantum
TC="/sbin/tc" #���cie���ka do tc
MODPROBE="/sbin/modprobe" #���cie���ka do modprobe
RMMOD="/sbin/rmmod" #���cie���ka do rmmod
IPTABLES="/usr/local/sbin/iptables" #���cie���ka do iptables
FIREWALL="/etc/init.d/rc.iptables restart" #jak zrestartowa��� firewall
#######################
# Sprawdza czy wszystkie srv_ext s��� te��� w ext, jesli nie dopisuje
i=0;
for l in $lan_int
do
zew="$zew ${ext[$i]}"
let "i=$i+1"
done
ipki="$zew $int"
for srvip in $dev_ext
do
if [ `echo $ipki | grep $srvip` != $ipki ]; then
zew="$zew $srvip"
fi
done
# Zliczanie...
ile_int=`echo ${int}|awk '{print NF}'`
ile_ext=`echo ${zew}|awk '{print NF}'`
ile=$(echo "$ile_int + $ile_ext" | bc)
echo ""
if [[ $ile -ge $MAX ]]
then
echo "Maksymalna ilo������ komputer���w:"
exit 1
fi
stop()
{
$TC qdisc del root dev imq0 2> /dev/null
$TC qdisc del root dev imq1 2> /dev/null
$IP link set imq0 down
$IP link set imq1 down
}
start()
{ stop
if [ `lsmod | grep "imq" | cut -d" " -f1` != "imq" ]; then
$MODPROBE imq numdev=2 &> /dev/null
fi
echo " Ilo������ komputer���w: $ile"
echo "%===================================================================%"
# Download
echo " Ustawianie kolejki downloadu."
if [[ $u_r2q == "" ]]; then
$TC qdisc add dev imq0 root handle 1:0 htb
else
$TC qdisc add dev imq0 root handle 1:0 htb r2q $u_r2q
fi
isp=0; v=1
for device in $dev_isp
do
# Obliczenia
tmp=$(echo "scale=3; ${ext_dwl[$isp]}%$ile" | bc)
min=$(echo "scale=3; ${ext_dwl[$isp]}/$ile" | bc)
pri_min=$(echo "scale=3; $min/2+$min%2" | bc)
sec_min=$(echo "scale=3; $min/2" | bc)
max=${ext_dwl[$isp]}
echo " ������cze: $((isp+1)). $device"
echo " Minimalny download: $min kbit/s"
echo " Maksymalny download: $max kbit/s"
echo " Kolejka: -priorytetowa: $pri_min kbit/s -normalna: $sec_min kbit/s"
echo " Nieprzydzielone: $tmp kbit/s"
echo " "
qu0=`printf "%x\n" $v`
$TC class add dev imq0 parent 1:0 classid 1:$qu0 htb rate ${ext_dwl[$isp]}kbit ceil ${ext_dwl[$isp]}kbit
let "v=v+1"
for usr in $zew
do
qu1=`printf "%x\n" $v`
qu2=`printf "%x\n" $((v+1))`
qu3=`printf "%x\n" $((v+2))`
$TC class add dev imq0 parent 1:$qu0 classid 1:$qu1 htb rate ${min}kbit ceil ${max}kbit quantum $u_quantum
$TC class add dev imq0 parent 1:$qu1 classid 1:$qu2 htb rate ${pri_min}kbit ceil ${max}kbit prio 1 quantum $u_quantum
if [ $npriv_d -eq 0 ]; then
$TC class add dev imq0 parent 1:$qu1 classid 1:$qu3 htb rate ${sec_min}kbit ceil ${max}kbit prio 2 quantum $u_quantum
else
$TC class add dev imq0 parent 1:$qu1 classid 1:$qu3 htb rate ${sec_min}kbit ceil ${npriv_d}kbit prio 2 quantum $u_quantum
fi
$TC qdisc add dev imq0 parent 1:$qu2 sfq
$TC qdisc add dev imq0 parent 1:$qu3 sfq
$TC filter add dev imq0 protocol ip parent 1:0 pref 5 u32 match ip dst $usr flowid 1:$qu1
if [[ $p_squid != "" ]]; then
$TC filter add dev imq0 protocol ip parent 1:0 pref 1 u32 match ip dst $usr match ip sport $p_squid 0xffff match ip tos 8 0xff flowid 1:$qu2
fi
for prt in $porty_tcp
do
$TC filter add dev imq0 protocol ip parent 1:$qu1 pref 6 u32 match ip protocol 6 0xff match ip sport $prt 0xffff flowid 1:$qu2
$TC filter add dev imq0 protocol ip parent 1:$qu1 pref 6 u32 match ip protocol 6 0xff match ip dport $prt 0xffff flowid 1:$qu2
done
for prt in $porty_udp
do
$TC filter add dev imq0 protocol ip parent 1:$qu1 pref 6 u32 match ip protocol 17 0xff match ip sport $prt 0xffff flowid 1:$qu2
$TC filter add dev imq0 protocol ip parent 1:$qu1 pref 6 u32 match ip protocol 17 0xff match ip dport $prt 0xffff flowid 1:$qu2
done
if [[ $pping -eq 1 ]]; then
$TC filter add dev imq0 protocol ip parent 1:$qu1 pref 6 u32 match ip protocol 1 0xff flowid 1:$qu2
fi
$TC filter add dev imq0 protocol ip parent 1:$qu1 pref 7 u32 match ip dst $usr flowid 1:$qu3
let "v=v+3"
done
for usr in $int
do
qu1=`printf "%x\n" $v`
qu2=`printf "%x\n" $((v+1))`
qu3=`printf "%x\n" $((v+2))`
$TC class add dev imq0 parent 1:$qu0 classid 1:$qu1 htb rate ${min}kbit ceil ${max}kbit quantum $u_quantum
$TC class add dev imq0 parent 1:$qu1 classid 1:$qu2 htb rate ${pri_min}kbit ceil ${max}kbit prio 1 quantum $u_quantum
if [ $npriv_d -eq 0 ]; then
$TC class add dev imq0 parent 1:$qu1 classid 1:$qu3 htb rate ${sec_min}kbit ceil ${max}kbit prio 2 quantum $u_quantum
else
$TC class add dev imq0 parent 1:$qu1 classid 1:$qu3 htb rate ${sec_min}kbit ceil ${npriv_d}kbit prio 2 quantum $u_quantum
fi
$TC qdisc add dev imq0 parent 1:$qu2 sfq
$TC qdisc add dev imq0 parent 1:$qu3 sfq
$TC filter add dev imq0 protocol ip parent 1:0 pref 5 u32 match ip dst $usr flowid 1:$qu1
if [[ $p_squid != "" ]]; then
$TC filter add dev imq0 protocol ip parent 1:0 pref 1 u32 match ip dst $usr match ip sport $p_squid 0xffff match ip tos 8 0xff flowid 1:$qu2
fi
for prt in $porty_tcp
do
$TC filter add dev imq0 protocol ip parent 1:$qu1 pref 6 u32 match ip protocol 6 0xff match ip sport $prt 0xffff flowid 1:$qu2
done
for prt in $porty_udp
do
$TC filter add dev imq0 protocol ip parent 1:$qu1 pref 6 u32 match ip protocol 17 0xff match ip sport $prt 0xffff flowid 1:$qu2
done
if [[ $pping -eq 1 ]]; then
$TC filter add dev imq0 protocol ip parent 1:$qu1 pref 6 u32 match ip protocol 1 0xff flowid 1:$qu2
fi
$TC filter add dev imq0 protocol ip parent 1:$qu1 pref 7 u32 match ip dst $usr flowid 1:$qu3
let "v=v+3"
done
done
# Upload dla podsieci, download dla serwera
if [ $lan_debug -eq 1 ]; then
echo -e "P���tla\t���r���d���o\t\t\tCel"
fi
if [ $srv_ldwl -ne 0 ]; then
qu1=`printf "%x\n" $v`
$TC class add dev imq0 parent 1:0 classid 1:$qu1 htb rate ${srv_ldwl}Mbit ceil ${srv_ldwl}Mbit quantum $u_quantum
$TC qdisc add dev imq0 parent 1:$qu1 sfq
i=0
for ntr in $lan_int
do
for pri in ${ext[$i]}
do
for sec in $dev_ext
do
if [ $lan_debug -eq 1 ]; then echo -e " 1\t$pri\t\t$sec"; fi
$TC filter add dev imq0 protocol ip parent 1:0 pref 3 u32 match ip src $pri match ip dst $sec flowid 1:$qu1
done
done
for sec in $dev_ext
do
if [ $lan_debug -eq 1 ]; then echo -e " 2\t$ntr\t\t$sec"; fi
$TC filter add dev imq0 protocol ip parent 1:0 pref 3 u32 match ip src $ntr match ip dst $sec flowid 1:$qu1
done
let "i=i+1"
done
let "v=v+1"
fi
i=0
for ntr in $lan_int
do
qu1=`printf "%x\n" $v`
$TC class add dev imq0 parent 1:0 classid 1:$qu1 htb rate ${int_upl[$i]}Mbit ceil ${int_upl[$i]}Mbit quantum $u_quantum
$TC qdisc add dev imq0 parent 1:$qu1 sfq
for pri in ${ext[$i]}
do
for sec in ${zew/${ext[$i]}/}
do
if [ $lan_debug -eq 1 ]; then echo -e " 3\t$pri\t\t$sec"; fi
$TC filter add dev imq0 protocol ip parent 1:0 pref 4 u32 match ip src $pri match ip dst $sec flowid 1:$qu1
done
done
for sec in $dev_ext
do
if [ $lan_debug -eq 1 ]; then echo -e " 4\t$ntr\t\t$sec"; fi
$TC filter add dev imq0 protocol ip parent 1:0 pref 4 u32 match ip src $ntr match ip dst $sec flowid 1:$qu1
done
for ipek in $lan_int ${zew/$srv_ext/}
do
if [ $lan_debug -eq 1 ]; then echo -e " 3\t$ntr\t\t$ipek"; fi
$TC filter add dev imq0 protocol ip parent 1:0 pref 4 u32 match ip src $ntr match ip dst $ipek flowid 1:$qu1
done
let "v=v+1"
let "i=i+1"
done
if [ $lan_debug -eq 1 ]; then echo " "; fi
$IPTABLES -t mangle -A PREROUTING -j IMQ --todev 0
$IP link set imq0 up
# Upload
echo " Ustawianie kolejki uploadu."
if [[ $u_r2q == "" ]]; then
$TC qdisc add dev imq1 root handle 2:0 htb
else
$TC qdisc add dev imq1 root handle 2:0 htb r2q $u_r2q
fi
isp=0; v=1
for device in $dev_isp
do
# Obliczenia
tmp=$(echo "scale=3; ${ext_upl[$isp]}%$ile" | bc)
min=$(echo "scale=3; ${ext_upl[$isp]}/$ile" | bc)
pri_min=$(echo "scale=3; $min/2+$min%2" | bc)
sec_min=$(echo "scale=3; $min/2" | bc)
max=${ext_upl[$isp]}
if [ $isp -ne 0 ]; then echo " "; fi
echo " ������cze: $((isp+1)). $device"
echo " Maksymalny upload: $max kbit/s"
echo " Minimalny upload user���w: $min kbit/s"
echo " Kolejka: -priorytetowa: $pri_min kbit/s -normalna: $sec_min kbit/s"
echo " Nieprzydzielone: $tmp kbit/s"
qu0=`printf "%x\n" $v`
$TC class add dev imq1 parent 2:0 classid 2:$qu0 htb rate ${ext_upl[$isp]}kbit ceil ${ext_upl[$isp]}kbit
let "v=v+1"
for usr in $zew
do
qu1=`printf "%x\n" $v`
qu2=`printf "%x\n" $((v+1))`
qu3=`printf "%x\n" $((v+2))`
$TC class add dev imq1 parent 2:$qu0 classid 2:$qu1 htb rate ${min}kbit ceil ${max}kbit quantum $u_quantum
$TC class add dev imq1 parent 2:$qu1 classid 2:$qu2 htb rate ${pri_min}kbit ceil ${max}kbit prio 1 quantum $u_quantum
if [ $npriv_u -eq 0 ]; then
$TC class add dev imq1 parent 2:$qu1 classid 2:$qu3 htb rate ${sec_min}kbit ceil ${max}kbit prio 2 quantum $u_quantum
else
$TC class add dev imq1 parent 2:$qu1 classid 2:$qu3 htb rate ${sec_min}kbit ceil ${npriv_u}kbit prio 2 quantum $u_quantum
fi
$TC qdisc add dev imq1 parent 2:$qu2 sfq
$TC qdisc add dev imq1 parent 2:$qu3 sfq
$TC filter add dev imq1 protocol ip parent 2:0 pref 5 u32 match ip src $usr flowid 2:$qu1
if [[ $p_squid != "" ]]; then
$TC filter add dev imq1 protocol ip parent 2:0 pref 1 u32 match ip src $usr match ip dport $p_squid 0xffff flowid 2:$qu2
fi
for prt in $porty_tcp
do
$TC filter add dev imq1 protocol ip parent 2:$qu1 pref 6 u32 match ip protocol 6 0xff match ip dport $prt 0xffff flowid 2:$qu2
$TC filter add dev imq1 protocol ip parent 2:$qu1 pref 6 u32 match ip protocol 6 0xff match ip sport $prt 0xffff flowid 2:$qu2
done
for prt in $porty_udp
do
$TC filter add dev imq1 protocol ip parent 2:$qu1 pref 6 u32 match ip protocol 17 0xff match ip dport $prt 0xffff flowid 2:$qu2
$TC filter add dev imq1 protocol ip parent 2:$qu1 pref 6 u32 match ip protocol 17 0xff match ip sport $prt 0xffff flowid 2:$qu2
done
if [[ $pping -eq 1 ]]; then
$TC filter add dev imq1 protocol ip parent 2:$qu1 pref 6 u32 match ip protocol 1 0xff flowid 2:$qu2
fi
$TC filter add dev imq1 protocol ip parent 2:$qu1 pref 7 u32 match ip src $usr flowid 2:$qu3
let "v=v+3"
done
for usr in $int
do
qu1=`printf "%x\n" $v`
qu2=`printf "%x\n" $((v+1))`
qu3=`printf "%x\n" $((v+2))`
$TC class add dev imq1 parent 2:$qu0 classid 2:$qu1 htb rate ${min}kbit ceil ${max}kbit quantum $u_quantum
$TC class add dev imq1 parent 2:$qu1 classid 2:$qu2 htb rate ${pri_min}kbit ceil ${max}kbit prio 1 quantum $u_quantum
if [ $npriv_u -eq 0 ]; then
$TC class add dev imq1 parent 2:$qu1 classid 2:$qu3 htb rate ${sec_min}kbit ceil ${max}kbit prio 2 quantum $u_quantum
else
$TC class add dev imq1 parent 2:$qu1 classid 2:$qu3 htb rate ${sec_min}kbit ceil ${npriv_u}kbit prio 2 quantum $u_quantum
fi
$TC qdisc add dev imq1 parent 2:$qu2 sfq
$TC qdisc add dev imq1 parent 2:$qu3 sfq
$TC filter add dev imq1 protocol ip parent 2:0 pref 5 u32 match ip src $usr flowid 2:$qu1
if [[ $p_squid != "" ]]; then
$TC filter add dev imq1 protocol ip parent 2:0 pref 1 u32 match ip src $usr match ip dport $p_squid 0xffff flowid 2:$qu2
fi
for prt in $porty_tcp
do
$TC filter add dev imq1 protocol ip parent 2:$qu1 pref 6 u32 match ip protocol 6 0xff match ip dport $prt 0xffff flowid 2:$qu2
done
for prt in $porty_udp
do
$TC filter add dev imq1 protocol ip parent 2:$qu1 pref 6 u32 match ip protocol 17 0xff match ip dport $prt 0xffff flowid 2:$qu2
done
if [[ $pping -eq 1 ]]; then
$TC filter add dev imq1 protocol ip parent 2:$qu1 pref 6 u32 match ip protocol 1 0xff flowid 2:$qu2
fi
$TC filter add dev imq1 protocol ip parent 2:$qu1 pref 7 u32 match ip src $usr flowid 2:$qu3
let "v=v+3"
done
done
#Download dla podsieci, upload dla serwera
if [ $lan_debug -eq 1 ]; then
echo " "
echo -e "P���tla\t���r���d���o\t\t\tCel"
fi
if [ $srv_lupl -ne 0 ]; then
qu1=`printf "%x\n" $v`
$TC class add dev imq1 parent 2:0 classid 2:$qu1 htb rate ${srv_lupl}Mbit ceil ${srv_lupl}Mbit quantum $u_quantum
$TC qdisc add dev imq1 parent 2:$qu1 sfq
i=0
for ntr in $lan_int
do
for pri in ${ext[$i]}
do
for sec in $dev_ext
do
if [ $lan_debug -eq 1 ]; then echo -e " 1\t$pri\t\t$pri"; fi
$TC filter add dev imq1 protocol ip parent 2:0 pref 3 u32 match ip src $sec match ip dst $pri flowid 2:$qu1
done
done
for sec in $dev_ext
do
if [ $lan_debug -eq 1 ]; then echo -e " 2\t$sec\t\t$ntr"; fi
$TC filter add dev imq1 protocol ip parent 2:0 pref 3 u32 match ip src $sec match ip dst $ntr flowid 2:$qu1
done
let "i=i+1"
done
let "v=v+1"
fi
if [ $sqd_spd -ne 0 ] && [ $p_squid != "" ]; then
qu1=`printf "%x\n" $v`
$TC class add dev imq1 parent 2:0 classid 2:$qu1 htb rate ${sqd_spd}Mbit ceil ${sqd_spd}Mbit quantum $u_quantum
$TC qdisc add dev imq1 parent 2:$qu1 sfq
for ipek in $lan_int ${zew/$srv_ext/}
do
if [ $lan_debug -eq 1 ]; then echo -e " HIT\t$srv_ext:$p_squid\t\t$ipek"; fi
$TC filter add dev imq1 protocol ip parent 2:0 pref 2 u32 match ip dst $ipek match ip sport $p_squid 0xffff flowid 2:$qu1
done
let "v=v+1"
fi
i=0
for ntr in $lan_int
do
qu1=`printf "%x\n" $v`
$TC class add dev imq1 parent 2:0 classid 2:$qu1 htb rate ${int_dwl[$i]}Mbit ceil ${int_dwl[$i]}Mbit quantum $u_quantum
$TC qdisc add dev imq1 parent 2:$qu1 sfq
for pri in ${ext[$i]}
do
for sec in ${zew/${ext[$i]}/}
do
if [ $lan_debug -eq 1 ]; then echo -e " 3\t$sec\t\t$pri"; fi
$TC filter add dev imq1 protocol ip parent 2:0 pref 4 u32 match ip src $sec match ip dst $pri flowid 2:$qu1
done
done
for sec in $dev_ext
do
if [ $lan_debug -eq 1 ]; then echo -e " 4\t$sec\t\t$ntr"; fi
$TC filter add dev imq1 protocol ip parent 2:0 pref 4 u32 match ip src $sec match ip dst $ntr flowid 2:$qu1
done
for ipek in $lan_int ${zew/$srv_ext/}
do
if [ $lan_debug -eq 1 ]; then echo -e " 5\t$ipek\t\t$ntr"; fi
$TC filter add dev imq1 protocol ip parent 2:0 pref 4 u32 match ip src $ipek match ip dst $ntr flowid 2:$qu1
done
let "v=v+1"
let "i=i+1"
done
echo "%===================================================================%"
echo " "
$IPTABLES -t mangle -A POSTROUTING -j IMQ --todev 1
$IP link set imq1 up
}
echo "rc.htb $VER, (C)Lenthir 2oo4-2oo5, GNU GPL"
echo "$DAT"
case "$1" in
'start')
echo "Uruchamianie kolejkowania..."
start
echo "Gotowe."
exit 0
;;
'stop')
echo -n "Zatrzymywanie kolejkowania..."
stop
echo " wykonano."
;;
'restart')
echo "Restartowanie kolejkowania..."
$FIREWALL
start
echo "Gotowe."
;;
'status')
echo "Klasy na interfejsie imq0!"
echo "%====================================%"
$TC class show dev imq0 | grep root
$TC class show dev imq0 | grep -v root | sort | nl
echo "Klasy na interfejsie imq1!"
echo "%====================================%"
$TC class show dev imq1 | grep root
$TC class show dev imq1 | grep -v root | sort | nl
;;
'stat')
if [[ "$2" == "" ]]; then
echo "Script need second argument - adress IP"
exit 1
elif [[ "$2" == "lan" ]]; then
j=2
for usr in $zew
do
let "j=j+3"
done
for usr in $int
do
let "j=j+3"
done
i=0;pri=$j;sec=$j;trs="echo \"Transfer w LAN\""
if [ $srv_ldwl -ne 0 ] || [ $srv_lupl -ne 0 ]; then trs="$trs && echo \"Serwer:\""; fi
if [ $srv_ldwl -ne 0 ]; then
trs="$trs && tc -s class show dev imq0 | grep -A 3 \"htb 1:$pri \""
let "pri=pri+1"
fi
if [ $srv_lupl -ne 0 ]; then
trs="$trs && tc -s class show dev imq1 | grep -A 3 \"htb 2:$sec \""
let "sec=sec+1"
fi
if [ $sqd_spd -ne 0 ] && [ $p_squid != "" ]; then
trs="$trs && echo \"Squid HIT:\" && tc -s class show dev imq1 | grep -A 3 \"htb 2:$sec \""
let "sec=sec+1"
fi
for uvs in $lan_int
do
trs="$trs && echo \"Lan[$i]:\" && tc -s class show dev imq0 | grep -A 3 \"htb 1:$pri \" && tc -s class show dev imq1 | grep -A 3 \"htb 2:$sec \""
let "pri=pri+1"
let "sec=sec+1"
let "i=i+1"
done
watch -d -n 1 "$trs"
else
j=2
for usr in $zew
do
if [[ "$2" == "$usr" ]]; then
watch -d -n 1 "echo \"Download: \" && tc -s class show dev imq0 | grep -A 3 \"htb 1:$j \" && tc -s class show dev imq0 | grep -A 3 \"1:$((j+1)) \" && tc -s class show dev imq0 | grep -A 3 \"1:$((j+2)) \" && echo && echo \"Upload: \" && tc -s class show dev imq1 | grep -A 3 \"htb 2:$j \" && tc -s class show dev imq1 | grep -A 3 \"2:$((j+1)) \" && tc -s class show dev imq1 | grep -A 3 \"2:$((j+2)) \""
echo "Zako���czono."
exit 0
fi
let "j=j+3"
done
for usr in $int
do
if [[ "$2" == "$usr" ]]; then
watch -d -n 1 "echo \"Download: \" && tc -s class show dev imq0 | grep -A 3 \"htb 1:$j \" && tc -s class show dev imq0 | grep -A 3 \"1:$((j+1)) \" && tc -s class show dev imq0 | grep -A 3 \"1:$((j+2)) \" && echo && echo \"Upload: \" && tc -s class show dev imq1 | grep -A 3 \"htb 2:$j \" && tc -s class show dev imq1 | grep -A 3 \"2:$((j+1)) \" && tc -s class show dev imq1 | grep -A 3 \"2:$((j+2)) \""
echo "Zako���czono."
exit 0
fi
let "j=j+3"
done
fi
;;
*)
echo
echo "U���ycie: rc.htb start|stop|restart|status"
echo "rc.htb stat <lan|adress IP>"
exit 1
;;
esac
[-- Attachment #3: Type: text/plain, Size: 143 bytes --]
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 7+ messages in thread* Re: [LARTC] Problem with marking packets...
2005-05-24 22:11 [LARTC] Problem with marking packets Konrad
` (2 preceding siblings ...)
2005-05-26 12:50 ` Konrad
@ 2005-05-26 19:20 ` Andy Furniss
2005-05-26 23:19 ` Konrad
2005-05-30 15:29 ` Andy Furniss
5 siblings, 0 replies; 7+ messages in thread
From: Andy Furniss @ 2005-05-26 19:20 UTC (permalink / raw)
To: lartc
Konrad wrote:
> > So I assume the routing is working OK.
> Yes... routing is working well.
OK - I am still confused about what interfaces you have your script uses
1 2 and 3.
>
>>> IMQ is working in AB mode. I have src IP before nat, and dst after nat.
>
>
>>> Upload traffic is going to IMQ1 here:
>>> iptables -t mangle -A POSTROUTING -j IMQ --todev 1
>
>
>> This rule will catch traffic headed for eth3(2) aswell.
>
>
> Yep. I throw in class packets going outside my network in IMQ1.
> Class packets which going inside my network I queue in IMQ0.
That rule will send all packets going through postrouting to imq1
whether they are going inside or outside ...
>
> LAN traffic on LAN classes, Internet traffic on users classes.
>
>> For uplink why not just shape on eth0 and eth1 directly, if you do
>> this already and want to double queue for some reason then be more
>> specific about what you send to imq dev1.
>>
>> iptables -t mangle -A POSTROUTING -o eth0 -j IMQ --todev 1
>> iptables -t mangle -A POSTROUTING -o eth1 -j IMQ --todev 1
>
>
> I'm including my not working HTB script.
>
> As You see I want to classify trafic to link classes. Script is
> working... for 1 link to Internet. I want to distribute traffic to
> classes to several links, but I don't know how can I distinguish traffic
> which is going to first or second Internet link.
Ii don't really get what you are trying to do but if you shape on the
internet interfaces then you don't need to distinguish.
Andy.
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 7+ messages in thread* Re: [LARTC] Problem with marking packets...
2005-05-24 22:11 [LARTC] Problem with marking packets Konrad
` (3 preceding siblings ...)
2005-05-26 19:20 ` Andy Furniss
@ 2005-05-26 23:19 ` Konrad
2005-05-30 15:29 ` Andy Furniss
5 siblings, 0 replies; 7+ messages in thread
From: Konrad @ 2005-05-26 23:19 UTC (permalink / raw)
To: lartc
[-- Attachment #1: Type: text/plain, Size: 454 bytes --]
Andy wrote:
> Konrad wrote:
>
>> > So I assume the routing is working OK.
>> Yes... routing is working well.
>
>
> OK - I am still confused about what interfaces you have your script uses
> 1 2 and 3.
> That rule will send all packets going through postrouting to imq1
> whether they are going inside or outside ...
OK. You right... never mind.
I will try to explain You:P
I attached file... with code, and comments and explanation of problem.
[-- Attachment #2: inc_file.txt --]
[-- Type: text/plain, Size: 4959 bytes --]
isp=0; v=1
for device in $dev_isp #one time for one link...
do
# Calculations - in array ext_upl i have speed of interfaces.
tmp=$(echo "scale=3; ${ext_upl[$isp]}%$ile" | bc) #the rest from division. All users have guaranted speed.
min=$(echo "scale=3; ${ext_upl[$isp]}/$ile" | bc) #I divide by number of IP the maximum speed.
pri_min=$(echo "scale=3; $min/2+$min%2" | bc) #Divide by 2... to create two classes - prio 1 & prio 2.
sec_min=$(echo "scale=3; $min/2" | bc)
max=${ext_upl[$isp]} #Maximum speed...
(...)
qu0=`printf "%x\n" $v`#Hexadecimal numeration queues. - qu0 is the number of link queue.
$TC class add dev imq1 parent 2:0 classid 2:$qu0 htb rate ${ext_upl[$isp]}kbit ceil ${ext_upl[$isp]}kbit #link queue...
let "v=v+1" #counter:P
for usr in $zew
do #Hexadecimal numeration classes.
qu1=`printf "%x\n" $v` #qu1 is the number of user class.
qu2=`printf "%x\n" $((v+1))` #qu2 is the number of high priority traffic class.
qu3=`printf "%x\n" $((v+2))` #qu3 is the number of low priority traffic class.
$TC class add dev imq1 parent 2:$qu0 classid 2:$qu1 htb rate ${min}kbit ceil ${max}kbit quantum $u_quantum #users queues with user guaranted traffic rate and max link speed ceil.
$TC class add dev imq1 parent 2:$qu1 classid 2:$qu2 htb rate ${pri_min}kbit ceil ${max}kbit prio 1 quantum $u_quantum #high priority traffic...
(...)
$TC class add dev imq1 parent 2:$qu1 classid 2:$qu3 htb rate ${sec_min}kbit ceil ${max}kbit prio 2 quantum $u_quantum #low priority...
(...)
$TC qdisc add dev imq1 parent 2:$qu2 sfq
$TC qdisc add dev imq1 parent 2:$qu3 sfq
#This is the problem! Packets are being thrown to users class. I classify them using packets source IP.
#The problem doesn't exist if I do it for one link. But if I want second link - this rule match all traffic to first and second link:/
$TC filter add dev imq1 protocol ip parent 2:0 pref 5 u32 match ip src $usr flowid 2:$qu1
#That I tried to solve this problem that...
$TC filter add dev eth0 protocol ip parent 2:0 handle $((isp+1)) fw flowid 2:$qu0 #this match packets which going to interface, but unfortunately this doesn't working for POSTROUTING:/
$TC filter add dev imq1 protocol ip parent 2:qu0 pref 5 u32 match ip src $usr flowid 2:$qu1
#CUT here :P
(...) users filters...
$TC filter add dev imq1 protocol ip parent 2:0 pref 1 u32 match ip src $usr match ip dport $p_squid 0xffff flowid 2:$qu2 #If squid miss, traffic will go to user queue.
(...)
#Here I have LAN traffic queues.
(...)
if [ $sqd_spd -ne 0 ] && [ $p_squid != "" ]; then #Independent from LAN queue speed class for HIT Squid (I've patch... TOS). $p_squid = squid port...
qu1=`printf "%x\n" $v`
$TC class add dev imq1 parent 2:0 classid 2:$qu1 htb rate ${sqd_spd}Mbit ceil ${sqd_spd}Mbit quantum $u_quantum #sqd_spd - speed fo HIT traffic
$TC qdisc add dev imq1 parent 2:$qu1 sfq
for ipek in $lan_int ${zew/$srv_ext/}
do
$TC filter add dev imq1 protocol ip parent 2:0 pref 2 u32 match ip dst $ipek match ip sport $p_squid 0xffff flowid 2:$qu1 #this catch all traffic from source port Squid...
done
let "v=v+1"
fi
i=0
for ntr in $lan_int #LAN queues - $lan_int: 192.168.0.0/24 (eth2); 192.168.1.0/24 (eth3)... etc.
do
qu1=`printf "%x\n" $v` #Hexadecimal number of class..
$TC class add dev imq1 parent 2:0 classid 2:$qu1 htb rate ${int_dwl[$i]}Mbit ceil ${int_dwl[$i]}Mbit quantum $u_quantum
$TC qdisc add dev imq1 parent 2:$qu1 sfq
for pri in ${ext[$i]}
do
for sec in ${zew/${ext[$i]}/} #External IP adresses.
do
$TC filter add dev imq1 protocol ip parent 2:0 pref 4 u32 match ip src $sec match ip dst $pri flowid 2:$qu1
done
done
for sec in $dev_ext
do
$TC filter add dev imq1 protocol ip parent 2:0 pref 4 u32 match ip src $sec match ip dst $ntr flowid 2:$qu1
done
for ipek in $lan_int ${zew/$srv_ext/} #Traffic between subnets and external IP
do
$TC filter add dev imq1 protocol ip parent 2:0 pref 4 u32 match ip src $ipek match ip dst $ntr flowid 2:$qu1
done
let "v=v+1"
let "i=i+1"
done
#All traffic is going to classes, but only users upload traffic, server download and traffic between subnets is queued
$IPTABLES -t mangle -A POSTROUTING -j IMQ --todev 1
$IP link set imq1 up
Everything is working for one link.
I do not know how can I put traffic to suitable link queues.
All filters that I wrote in this script uses IP adresses, subnets range of IP, source ports, destination ports, and TOS.
Never checked on which interface packet goes.
I wonder how to solve this for my route table and for load balancing... :/
[-- Attachment #3: Type: text/plain, Size: 143 bytes --]
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 7+ messages in thread* Re: [LARTC] Problem with marking packets...
2005-05-24 22:11 [LARTC] Problem with marking packets Konrad
` (4 preceding siblings ...)
2005-05-26 23:19 ` Konrad
@ 2005-05-30 15:29 ` Andy Furniss
5 siblings, 0 replies; 7+ messages in thread
From: Andy Furniss @ 2005-05-30 15:29 UTC (permalink / raw)
To: lartc
Konrad wrote:
> Andy wrote:
>
>> Konrad wrote:
>>
>>> > So I assume the routing is working OK.
>>> Yes... routing is working well.
>>
>>
>>
>> OK - I am still confused about what interfaces you have your script
>> uses 1 2 and 3.
>
>
>> That rule will send all packets going through postrouting to imq1
>> whether they are going inside or outside ...
>
>
> OK. You right... never mind.
>
> I will try to explain You:P
>
> I attached file... with code, and comments and explanation of problem.
In theory you should be able to match marks set in postrouting mangle
with shapers on imq - but then you wouldn't need to if you used one imq
per link or shaped directly on the internet interfaces (though you
wouldn't be able to use local src ips then if you are doing nat).
It's possible mark isn't working for you - there was a post recently
from hareram who tried alot of things but couldn't get mark to work on
his distros kernel/iptables/iproute mix. He ended up using CLASSIFY.
I would try a simple test case to see if mark really is the problem - if
it is you can still use more imqs and use -i/-o ethx to seperate out the
traffic per link.
I see you are also using squid - see the recent thread about shaping
with that - AFAICT it's not that easy if you wan't per user fairness on
cache misses.
Andy.
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 7+ messages in thread