[LARTC] TC Filtering Problems

From: "Christian Bauer" <christian.bauer.muenchen@web.de>
To: lartc@vger.kernel.org
Subject: [LARTC] TC Filtering Problems
Date: Wed, 01 Jun 2005 12:51:20 +0000	[thread overview]
Message-ID: <490877975@web.de> (raw)

Dear Admins and Hackers,

maybe i am to stupid to use 'tc'. But i having logical Problems to understand the Filter Rules in tc.

Common Config:
There is a Linux Engine (Debian) with a 2.6.11.11 Kernel which act as Packetshaper. 
Two Interfaces eth0 and eth1 are installed. Interface 'eth0' is the Firewall Side Net
195.185.185.0/24. Interface 'eth1' goes to the Internet (switch and Routers to the isps).
Both Interfaces are bridged. The TEST Client is located on the eth0 Device of the Packetshaper. 

Kernel Module: (lsmod)

Module Size Used by
mirred 7744 0 
sch_dsmark 7424 0 
police 10976 0 
pedit 7648 0 
gact 7008 0 
cls_rsvp 7424 0 
cls_route 7808 0 
sch_prio 5888 0 
ipt_state 2048 0 
ipt 8288 0 
sch_htb 18816 0 
cls_tcindex 8192 0 
cls_u32 9220 0 
cls_fw 5504 0 

TC Config (a htb Qdisc):

for d in eth0 eth1;
do
tc qdisc add dev $d root handle 1:0 htb default 12

tc class add dev $d parent 1:2 classid 1:2 htb rate 8096mbit
tc class add dev $d parent 1:2 classid 1:10 htb rate 64kbit ceil 64kbit prio 0
tc class add dev $d parent 1:2 classid 1:12 htb rate 1024mbit ceil 1024mbit prio 0
done

Http Filter ( looks for (Source)Port 80 on Offset 20 in the Ip Packet (Httpserver Answer) ):

tc filter add dev eth0 parent 1:0 protocol ip prio 100 u32 match u32 0x500000
0xffff0000 at 20 classid 1:10

This Filter is working and the http download on the Firewall Side is resticted to 64 kbit 
as you can see below.

tc -s filter show dev eth0 :
filter parent 1: protocol ip pref 100 u32 
filter parent 1: protocol ip pref 100 u32 fh 800: ht divisor 1 
filter parent 1: protocol ip pref 100 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:10 (rule hit 151 success 129)
match 00500000/ffff0000 at 20 (success 129 ) 

But why i !cant! filter Packets with dstPort 80 or Src Ip on eth0:

Dstport 80:
tc filter add dev eth0 parent 1:0 protocol ip prio 0 u32 match u32 0x50 0xffff at nexthdr+0 classid 1:10

or

Source Ipaddress:
tc filter add dev eth0 parent 1:0 protocol ip prio 0 u32 match ip src 195.185.185.2/32 classid 1:10

On these Filters are no success Counters. Our Firewall cant it be. I connect our Testlaptop directly to
the eth0 Packetshaper Device. When i run a "tcpdump -i eth0" on the Packetshaper i saw the Src
Ipaddress 195.185.185.2 and dstport 80 Packets. I cant understand why tc not able to find the
SRC IP Fields in the Packets on eth0 of the Packetshaper. At first i thought the problem will be
the br_fw (bridgerouter) Option in the Kernel. Without these Option the Problem is still alive.
In my Eyes it´s not logical! Please can anyone help me? Have no Idea left.

I hope there is a Hacker or Admin which can me tell the Filterlogic.

thanks in advance

Christian

______________________________________________________________
Verschicken Sie romantische, coole und witzige Bilder per SMS!
Jetzt bei WEB.DE FreeMail: http://f.web.de/?mc\x021193

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc