RE: [LARTC] How could I do this?

From: devik <devik@cdi.cz>
To: lartc@vger.kernel.org
Subject: RE: [LARTC] How could I do this?
Date: Sat, 08 Dec 2001 15:11:42 +0000	[thread overview]
Message-ID: <marc-lartc-100782722613975@msgid-missing> (raw)
In-Reply-To: <marc-lartc-100778030300718@msgid-missing>

I only wanted to mention it as interesting possibility
but it can't be done in O(1). However it can be simply done
in O(N^(1/M)) where M is integer > 1. You can do it by (untested):

ipchains -N sub
ipchains -A sub -s 0.0.0.1/0.0.0.255 -m +1
ipchains -A sub -s 0.0.0.2/0.0.0.255 -m +2
..
..
ipchains -A input 192.168.1.0/24 -m 0x10000 -j sub
ipchains -A input 192.168.2.0/24 -m 0x10100 -j sub
..
..

you would need 512 lines to handle 65536 adresses
in 256 lookups on average. By creating another '-j subsub'
level then you will end up with 96 rules for 65536
addresses with 60 lookups on average.

I didn't tested it, it is only idea. But should work.

hth, devik

On Sat, 8 Dec 2001, yangrunhua wrote:

> But how I design a filter( O(1) ) to classify based on fwmark(hash on fwmark)?
>
> -----Original Message-----
> From: lartc-admin@mailman.ds9a.nl [mailto:lartc-admin@mailman.ds9a.nl] On Behalf Of devik
> Sent: 2001年12月8日 18:18
> To: yangrunhua
> Cc: lartc@mailman.ds9a.nl
> Subject: RE: [LARTC] How could I do this?
>
> Ehh sorry it is a lot of writting. Look at LARTC HOWTO
> 12.4 section. Basicaly if you have ip A.B.C.D then you
> can base hash source on D for several fixed A.B.C.
> Then you will end with at most N/256+1 lookups for N
> ip addresses.
>
> devik
>
> On Sat, 8 Dec 2001, yangrunhua wrote:
>
> > Can you give me an example?
> > Thanks.
> >
> > -----Original Message-----
> > From: lartc-admin@mailman.ds9a.nl [mailto:lartc-admin@mailman.ds9a.nl]
> > On Behalf Of Martin Devera
> > Sent: 2001Äę12ÔÂ8ČŐ 15:58
> > To: yangrunhua
> > Cc: lartc@mailman.ds9a.nl
> > Subject: Re: [LARTC] How could I do this?
> >
> > IMHO u32 with hashes could be used for this. Other interesting
> > way is that CBQ & HTB allows you to set packet's class from
> > priority. When priority is 0x10003 then the packet is queued
> > directly into 1:3 queue.
> > You can simly modify classifier (in fact I will do it for
> > HTB) to allow such selection thru fwmark.
> > You can then mark flows by iptables .... --set-mark 0x10003 to
> > assign packet into 1:3 class ..
> >
> > HTH, devik
> >
> > On Sat, 8 Dec 2001, yangrunhua wrote:
> >
> > > If I want to limit bandwidth from a lot of ip addresses( every ip has
> > a
> > > limit),
> > > How could I improve performance( If I could use netfilter  to mark the
> > > ip packet with the bandwidth assigned to
> > > the src ip of packet), normally, this could only be done only by: one
> > > qdisc per ip, then there will be too many
> > > filters to classify them based on fwmark(and u32 + hash can't satisfy
> > my
> > > demand that limit bandwidth for every ip, not for ip group),
> > > but it try to match line by line, then if many, the performance will
> > go
> > > down.
> > > Many thanks
> > >
> >
> >
> > _______________________________________________
> > LARTC mailing list / LARTC@mailman.ds9a.nl
> > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO:
> > http://ds9a.nl/2.4Routing/
> >
> >
>
>
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/
>
>

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/