From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jonathan Gazeley Date: Mon, 30 Jul 2007 13:16:22 +0000 Subject: [LARTC] Re: tc n00b Message-Id: <46ADE4A6.1020808@bristol.ac.uk> MIME-Version: 1 Content-Type: multipart/mixed; boundary="------------040701040301000107090704" List-Id: References: <20070730121432.GB30519@toroid.org> In-Reply-To: <20070730121432.GB30519@toroid.org> To: lartc@vger.kernel.org This is a multi-part message in MIME format. --------------040701040301000107090704 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Hi Abhijit, Thanks a lot for your advice - I didn't realise that the source IP was re-written before the traffic was shaped. I have attached the script I wrote. As I said before, the download limit does successfully work and each client (I am using 2 test clients) gets 512kbit each. However the upload is still unlimited. But I don't believe this is currently due to the source IP being re-written - tc itself doesn't like my commands. They were literally copied and pasted from the download commands and altered as appropriate, as you see in the script. When I run this script, for each iteration of lines 48-49 produces the following error: 137.222.235.125 Error: Qdisc "tbf" is classless. Error: Qdisc "1:" is classless. Unknown filter "1:", hence option "protocol" is unparsable I don't really understand that error - especially as the identical code does work for the download limits. If you can offer any more help, I'd be most grateful. Cheers, Jonathan Abhijit Menon-Sen wrote: > Hello Jonathan. > > At 2007-07-30 12:40:00 +0100, jonathan.gazeley@bristol.ac.uk wrote: > >> So far I have managed to get the download limits working. However I >> need to shape on both interfaces so I recycled the same code to apply >> to uploads but it didn't work and I can't figure out why >> > > That's not really enough information to try to debug your problem, but I > can think of one problem you might encounter. Since you're doing NAT for > your clients, you should be aware that the source address is rewritten > (i.e. in nat/POSTROUTING) _before_ egress QoS processing. > > So if you're trying to classify outgoing traffic based on their source > IP address, it won't work. > > One alternative is to mark packets from the internal network (i.e. use > -J MARK --set-mark N in mangle/PREROUTING), and write a filter on the > outgoing interface that assigns traffic to classes based on how it's > marked (u32 match mark ...). (If you want more details, ask.) > > (If anyone has other suggestions, I would be interested in them too.) > > -- ams > -- ------------------------ Jonathan Gazeley Wireless & VPN Team Information Systems & Computing University of Bristol ------------------------ --------------040701040301000107090704 Content-Type: text/plain; name="newtcscript.sh" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="newtcscript.sh" #!/bin/sh ## JONATHAN'S TC SCRIPT # LAN interfaces LAN=eth0 WAN=eth1 # Maximum global uplink and downlink in mbit/s GLOBAL_DOWN=100 GLOBAL_UP=100 # Maximum per-user download & upload speed in kbit/s DOWNLINK=512 UPLINK=256 # Subnets to be stamped down upon, delimited by spaces SUBNETS='235' # IP range in each subnet LOW_IP=1 HIGH_IP=125 #-----------------Don't mess with stuff below---------------| #-----------------this line or you'll break it--------------| # Flush existing rules tc qdisc del dev $LAN root tc qdisc del dev $WAN root # Create root class for 100mbit interface - total traffic can't exceed this tc qdisc add dev $LAN root handle 1: cbq avpkt 1000 bandwidth ${GLOBAL_DOWN}mbit tc qdisc add dev $WAN root handle 1: cbq avpkt 1000 bandwidth ${GLOBAL_UP}mbit # Set useful counters jcount=1 icount=1 total=0 # Apply rules for all included subnets for j in $SUBNETS do for i in `seq $LOW_IP $HIGH_IP` do total=$((total+1)) echo 137.222.$j.$i tc class add dev $LAN parent 1: classid 1:$total tbf rate ${DOWNLINK}kbit allot 1500 prio 5 bounded isolated tc filter add dev $LAN parent 1: protocol ip prio 16 u32 match ip dst 137.222.$j.$i flowid 1:$total tc class add dev $wAN parent 1: classid 1:$total tbf rate ${UPLINK}kbit allot 1500 prio 5 bounded isolated tc filter add dev $wAN parent 1: protocol ip prio 16 u32 match ip src 137.222.$j.$i flowid 1:$total i=i+1 done j=j+1 done echo echo $total miscreants were stamped down upon. Good work Pokey! echo Their IP addresses were in the following ranges: for j in $SUBNETS do echo 137.222.$j.$LOW_IP-$HIGH_IP done --------------040701040301000107090704 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc --------------040701040301000107090704--