From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Dmytro Redchuk" Date: Tue, 16 Apr 2002 15:37:44 +0000 Subject: RE: [LARTC] filters order - are they ordered? Message-Id: List-Id: References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org > > So, in my current scenario it's optimal (as I think now) > > to use both u32 and fw, but I wonder can I line-up my filters > > in any order I wish? > The prio parameters the order the filters are checked. So, I guess, I can set with "prio" and check "prefs" then? Something is very strange for me ;-) - just take a look, please. so.. (in more details, very sorry, if there is too much) =========== MY "HTB INIT" SCRIPT =========== #!/bin/bash # # # addresses here, of course: PARTNER='blah_blah' BIG_BOSS='foo_foo' FAT_ADMN='moo_moo' INTRANET='192.168.100.0/24' DMZ_NET='bar_bar/29' tc=/root/tc tc_cadd="$tc class add dev eth0" default=20 # add root qdisc: $tc qdisc add dev eth0 root handle 1: htb default $default # root class (whole eth0): $tc_cadd parent 1: classid 1:1 htb rate 100Mbit ceil 100Mbit # local traffic (almost whole eth0): $tc_cadd parent 1:1 classid 1:$default htb rate 100Mbit ceil 100Mbit # ppp bandwidth: $tc_cadd parent 1:1 classid 1:10 htb rate 128kbit ceil 128kbit burst 12k prio 0 # add for BIG_BOSS and FAT_ADMN: $tc_cadd parent 1:10 classid 1:100 htb rate 20kbit ceil 128kbit burst 2k prio 0 # for one of them: $tc_cadd parent 1:100 classid 1:210 htb rate 10kbit ceil 128kbit burst 2k prio 0 $tc qdisc add dev eth0 parent 1:210 handle 21: sfq perturb 10 # for second one: $tc_cadd parent 1:100 classid 1:220 htb rate 10kbit ceil 128kbit burst 2k prio 0 $tc qdisc add dev eth0 parent 1:220 handle 22: sfq perturb 10 # add for localnet and proxy: $tc_cadd parent 1:10 classid 1:300 htb rate 34kbit ceil 120kbit burst 2k prio 8 $tc qdisc add dev eth0 parent 1:300 handle 30: sfq perturb 10 # add for traffic to mail & pop: $tc_cadd parent 1:10 classid 1:400 htb rate 10kbit ceil 120kbit burst 2k prio 8 $tc qdisc add dev eth0 parent 1:400 handle 40: sfq perturb 10 # add for traffic from $PARTNER: $tc_cadd parent 1:10 classid 1:500 htb rate 64kbit ceil 128kbit burst 12k prio 0 $tc qdisc add dev eth0 parent 1:500 handle 50: sfq perturb 10 ############################# ## filters: ############################# tc_fadd="$tc filter add dev eth0 protocol ip" ## from $PARTNER: # $tc_fadd parent 1:0 prio 0 u32 \ match ip src $PARTNER match tcp src 80 0xffff flowid 1:500 $tc_fadd parent 1:0 prio 0 handle 8 fw flowid 1:500 ## pass local traffic unshaped: # $tc_fadd parent 1:0 prio 1 u32 \ match ip src $INTRANET match ip dst $INTRANET flowid 1:$default $tc_fadd parent 1:0 prio 1 u32 \ match ip src $DMZ_NET match ip dst $INTRANET flowid 1:$default $tc_fadd parent 1:0 prio 1 u32 \ match ip src $DMZ_NET match ip dst $DMZ_NET flowid 1:$default $tc_fadd parent 1:0 prio 1 u32 \ match ip src $INTRANET match ip dst $DMZ_NET flowid 1:$default ## admins: # $tc_fadd parent 1:0 prio 3 u32 \ match ip dst $BIG_BOSS flowid 1:210 $tc_fadd parent 1:0 prio 3 u32 \ match ip dst $FAT_ADMN flowid 1:220 ## localnet masq'ed: # # one subnet: $tc_fadd parent 1:0 prio 0 handle 4 fw flowid 1:300 # another one: $tc_fadd parent 1:0 prio 0 handle 5 fw flowid 1:300 ## from BAD to proxy server: # $tc_fadd parent 1:0 prio 0 handle 1 fw flowid 1:300 ## from BAD to http & smtp & pop: # $tc_fadd parent 1:0 prio 0 handle 2 fw flowid 1:400 $tc_fadd parent 1:0 prio 0 handle 3 fw flowid 1:400 # END OF SCRIPT =========== END OF MY "HTB INIT" SCRIPT =========== And, please, take a look at my filters. (I changed addresses there for clarity;) =========== tc filter show dev eth0 =========== filter parent 1: protocol ip pref 1 u32 filter parent 1: protocol ip pref 1 u32 fh 802: ht divisor 1 filter parent 1: protocol ip pref 1 u32 fh 802::800 order 2048 key ht 802 bkt 0 flowid 1:210 match $BIG_BOSS at 16 filter parent 1: protocol ip pref 1 u32 fh 802::801 order 2049 key ht 802 bkt 0 flowid 1:220 match $FAT_ADMN at 16 filter parent 1: protocol ip pref 1 u32 fh 801: ht divisor 1 filter parent 1: protocol ip pref 1 u32 fh 801::800 order 2048 key ht 801 bkt 0 flowid 1:20 match $INTRANET at 12 match $INTRANET at 16 filter parent 1: protocol ip pref 1 u32 fh 801::801 order 2049 key ht 801 bkt 0 flowid 1:20 match $DMZ_NET at 12 match $INTRANET at 16 filter parent 1: protocol ip pref 1 u32 fh 801::802 order 2050 key ht 801 bkt 0 flowid 1:20 match $DMZ_NET at 12 match $DMZ_NET at 16 filter parent 1: protocol ip pref 1 u32 fh 801::803 order 2051 key ht 801 bkt 0 flowid 1:20 match $INTRANET at 12 match $DMZ_NET at 16 filter parent 1: protocol ip pref 1 u32 fh 800: ht divisor 1 filter parent 1: protocol ip pref 1 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:500 match $PARTNER at 12 match 00500000/ffff0000 at nexthdr+0 filter parent 1: protocol ip pref 3 u32 filter parent 1: protocol ip pref 3 u32 fh 802: ht divisor 1 filter parent 1: protocol ip pref 3 u32 fh 802::800 order 2048 key ht 802 bkt 0 flowid 1:210 match $BIG_BOSS at 16 filter parent 1: protocol ip pref 3 u32 fh 802::801 order 2049 key ht 802 bkt 0 flowid 1:220 match $FAT_ADMN at 16 filter parent 1: protocol ip pref 3 u32 fh 801: ht divisor 1 filter parent 1: protocol ip pref 3 u32 fh 801::800 order 2048 key ht 801 bkt 0 flowid 1:20 match $INTRANET at 12 match $INTRANET at 16 filter parent 1: protocol ip pref 3 u32 fh 801::801 order 2049 key ht 801 bkt 0 flowid 1:20 match $DMZ_NET at 12 match $INTRANET at 16 filter parent 1: protocol ip pref 3 u32 fh 801::802 order 2050 key ht 801 bkt 0 flowid 1:20 match $DMZ_NET at 12 match $DMZ_NET at 16 filter parent 1: protocol ip pref 3 u32 fh 801::803 order 2051 key ht 801 bkt 0 flowid 1:20 match $INTRANET at 12 match $DMZ_NET at 16 filter parent 1: protocol ip pref 3 u32 fh 800: ht divisor 1 filter parent 1: protocol ip pref 3 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:500 match 3f4dd600/ffffff00 at 12 match 00500000/ffff0000 at nexthdr+0 filter parent 1: protocol ip pref 49151 fw filter parent 1: protocol ip pref 49151 fw handle 0x3 classid 1:400 filter parent 1: protocol ip pref 49151 fw filter parent 1: protocol ip pref 49151 fw handle 0x2 classid 1:400 filter parent 1: protocol ip pref 49151 fw filter parent 1: protocol ip pref 49151 fw handle 0x1 classid 1:300 filter parent 1: protocol ip pref 49151 fw filter parent 1: protocol ip pref 49151 fw handle 0x5 classid 1:300 filter parent 1: protocol ip pref 49151 fw filter parent 1: protocol ip pref 49151 fw handle 0x4 classid 1:300 filter parent 1: protocol ip pref 49151 fw filter parent 1: protocol ip pref 49151 fw handle 0x8 classid 1:500 filter parent 1: protocol ip pref 49152 u32 filter parent 1: protocol ip pref 49152 u32 fh 802: ht divisor 1 filter parent 1: protocol ip pref 49152 u32 fh 802::800 order 2048 key ht 802 bkt 0 flowid 1:210 match $BIG_BOSS at 16 filter parent 1: protocol ip pref 49152 u32 fh 802::801 order 2049 key ht 802 bkt 0 flowid 1:220 match $FAT_ADMN at 16 filter parent 1: protocol ip pref 49152 u32 fh 801: ht divisor 1 filter parent 1: protocol ip pref 49152 u32 fh 801::800 order 2048 key ht 801 bkt 0 flowid 1:20 match $INTRANET at 12 match $INTRANET at 16 filter parent 1: protocol ip pref 49152 u32 fh 801::801 order 2049 key ht 801 bkt 0 flowid 1:20 match $DMZ_NET at 12 match $INTRANET at 16 filter parent 1: protocol ip pref 49152 u32 fh 801::802 order 2050 key ht 801 bkt 0 flowid 1:20 match $DMZ_NET at 12 match $DMZ_NET at 16 filter parent 1: protocol ip pref 49152 u32 fh 801::803 order 2051 key ht 801 bkt 0 flowid 1:20 match $INTRANET at 12 match $DMZ_NET at 16 filter parent 1: protocol ip pref 49152 u32 fh 800: ht divisor 1 filter parent 1: protocol ip pref 49152 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:500 match $PARTNER at 12 match 00500000/ffff0000 at nexthdr+0 =========== END OF "tc filter show dev eth0" =========== So, I can see here my filters three times! And their priorities slightly differs from specified. I'm confused... It works, except one thing. Filters order is not that I wish I had. > > Stef Thanks a lot. > > -- > > stef.coene@docum.org > "Using Linux as bandwidth manager" > http://www.docum.org/ > #lartc @ irc.openprojects.net -- _,-=._ /|_/| Where curiosity comes into play -- `-.} `=._,.-=-._., @ @._, always foxes are there. `._ _,-. ) _,.-' ` G.m-"^m`m' Dmytro O. Redchuk _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/