* [LARTC] Better filtering to a class
@ 2002-06-17 10:11 Adi Nugroho
2002-06-17 10:31 ` Alex Bennee
2002-06-17 15:30 ` mdew
0 siblings, 2 replies; 3+ messages in thread
From: Adi Nugroho @ 2002-06-17 10:11 UTC (permalink / raw)
To: lartc
Dear all,
I want to make a filter for all IRC-Dalnet traffic, so I want to put all
traffic for port 6660, 6661, 6662, 6663, 6664, 6665, 6666, 6667, 6668, 6669,
7000, 7001, 7002, and 8000 to a class. So, I create a TC script as below.
I'm sure, it is not effective, and we can write it in simpler.
I need help, how to make my script below are simpler.
The simpler, the better.
Thank you for your help.
--
Regards,
Adi Nugroho
Here is my script....
# Down Stream
tc class add dev eth0 parent 1:1 classid 1:123 htb rate 12kbit burst 64k
ceil 64kbit prio 3
tc class add dev eth0 parent 1:123 classid 1:1231 htb rate 1.2kbit burst 3.2k
ceil 64kbit
tc class add dev eth0 parent 1:123 classid 1:1232 htb rate 2.4kbit burst 6.4k
ceil 64kbit
tc class add dev eth0 parent 1:123 classid 1:1233 htb rate 8.4kbit burst 54.4k
ceil 64kbit
tc qdisc add dev eth0 parent 1:1231 handle 1231: sfq perturb 5 quantum 1514
tc qdisc add dev eth0 parent 1:1232 handle 1232: sfq perturb 5 quantum 1514
tc qdisc add dev eth0 parent 1:1233 handle 1233: sfq perturb 5 quantum 1514
tc filter add dev eth0 protocol ip parent 1:0 prio 4 u32 match ip dst
203.112.65.54 match ip sport 6660 0xffff flowid 1:1232
tc filter add dev eth0 protocol ip parent 1:0 prio 4 u32 match ip dst
203.112.65.54 match ip sport 6661 0xffff flowid 1:1232
tc filter add dev eth0 protocol ip parent 1:0 prio 4 u32 match ip dst
203.112.65.54 match ip sport 6662 0xffff flowid 1:1232
tc filter add dev eth0 protocol ip parent 1:0 prio 4 u32 match ip dst
203.112.65.54 match ip sport 6663 0xffff flowid 1:1232
tc filter add dev eth0 protocol ip parent 1:0 prio 4 u32 match ip dst
203.112.65.54 match ip sport 6664 0xffff flowid 1:1232
tc filter add dev eth0 protocol ip parent 1:0 prio 4 u32 match ip dst
203.112.65.54 match ip sport 6665 0xffff flowid 1:1232
tc filter add dev eth0 protocol ip parent 1:0 prio 4 u32 match ip dst
203.112.65.54 match ip sport 6666 0xffff flowid 1:1232
tc filter add dev eth0 protocol ip parent 1:0 prio 4 u32 match ip dst
203.112.65.54 match ip sport 6667 0xffff flowid 1:1232
tc filter add dev eth0 protocol ip parent 1:0 prio 4 u32 match ip dst
203.112.65.54 match ip sport 6668 0xffff flowid 1:1232
tc filter add dev eth0 protocol ip parent 1:0 prio 4 u32 match ip dst
203.112.65.54 match ip sport 6669 0xffff flowid 1:1232
tc filter add dev eth0 protocol ip parent 1:0 prio 4 u32 match ip dst
203.112.65.54 match ip sport 7000 0xffff flowid 1:1232
tc filter add dev eth0 protocol ip parent 1:0 prio 4 u32 match ip dst
203.112.65.54 match ip sport 7001 0xffff flowid 1:1232
tc filter add dev eth0 protocol ip parent 1:0 prio 4 u32 match ip dst
203.112.65.54 match ip sport 7002 0xffff flowid 1:1232
tc filter add dev eth0 protocol ip parent 1:0 prio 4 u32 match ip dst
203.112.65.54 match ip sport 8000 0xffff flowid 1:1232
tc filter add dev eth0 protocol ip parent 1:0 prio 5 u32 match ip dst
203.112.65.54 match ip protocol 6 0xff flowid 1:1231
tc filter add dev eth0 protocol ip parent 1:0 prio 6 u32 match ip dst
203.112.65.54 flowid 1:1233
# Up Stream
tc class add dev eth2 parent 1:1 classid 1:123 htb rate 4kbit burst 16k ceil
64kbit prio 3
tc class add dev eth2 parent 1:123 classid 1:1231 htb rate 0.4kbit burst 0.8k
ceil 64kbit
tc class add dev eth2 parent 1:123 classid 1:1232 htb rate 0.8kbit burst 1.6k
ceil 64kbit
tc class add dev eth2 parent 1:123 classid 1:1233 htb rate 2.8kbit burst 13.6k
ceil 64kbit
tc qdisc add dev eth2 parent 1:1231 handle 1231: sfq perturb 5 quantum 1514
tc qdisc add dev eth2 parent 1:1232 handle 1232: sfq perturb 5 quantum 1514
tc qdisc add dev eth2 parent 1:1233 handle 1233: sfq perturb 5 quantum 1514
tc filter add dev eth2 protocol ip parent 1:0 prio 4 u32 match ip dst
203.112.65.54 match ip dport 6660 0xffff flowid 1:1232
tc filter add dev eth2 protocol ip parent 1:0 prio 4 u32 match ip dst
203.112.65.54 match ip dport 6661 0xffff flowid 1:1232
tc filter add dev eth2 protocol ip parent 1:0 prio 4 u32 match ip dst
203.112.65.54 match ip dport 6662 0xffff flowid 1:1232
tc filter add dev eth2 protocol ip parent 1:0 prio 4 u32 match ip dst
203.112.65.54 match ip dport 6663 0xffff flowid 1:1232
tc filter add dev eth2 protocol ip parent 1:0 prio 4 u32 match ip dst
203.112.65.54 match ip dport 6664 0xffff flowid 1:1232
tc filter add dev eth2 protocol ip parent 1:0 prio 4 u32 match ip dst
203.112.65.54 match ip dport 6665 0xffff flowid 1:1232
tc filter add dev eth2 protocol ip parent 1:0 prio 4 u32 match ip dst
203.112.65.54 match ip dport 6666 0xffff flowid 1:1232
tc filter add dev eth2 protocol ip parent 1:0 prio 4 u32 match ip dst
203.112.65.54 match ip dport 6667 0xffff flowid 1:1232
tc filter add dev eth2 protocol ip parent 1:0 prio 4 u32 match ip dst
203.112.65.54 match ip dport 6668 0xffff flowid 1:1232
tc filter add dev eth2 protocol ip parent 1:0 prio 4 u32 match ip dst
203.112.65.54 match ip dport 6669 0xffff flowid 1:1232
tc filter add dev eth2 protocol ip parent 1:0 prio 4 u32 match ip dst
203.112.65.54 match ip dport 7000 0xffff flowid 1:1232
tc filter add dev eth2 protocol ip parent 1:0 prio 4 u32 match ip dst
203.112.65.54 match ip dport 7001 0xffff flowid 1:1232
tc filter add dev eth2 protocol ip parent 1:0 prio 4 u32 match ip dst
203.112.65.54 match ip dport 7002 0xffff flowid 1:1232
tc filter add dev eth2 protocol ip parent 1:0 prio 4 u32 match ip dst
203.112.65.54 match ip dport 8000 0xffff flowid 1:1232
tc filter add dev eth2 protocol ip parent 1:0 prio 5 u32 match ip src
203.112.65.54 match ip protocol 6 0xff flowid 1:1231
tc filter add dev eth2 protocol ip parent 1:0 prio 6 u32 match ip src
203.112.65.54 flowid 1:1233
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [LARTC] Better filtering to a class
2002-06-17 10:11 [LARTC] Better filtering to a class Adi Nugroho
@ 2002-06-17 10:31 ` Alex Bennee
2002-06-17 15:30 ` mdew
1 sibling, 0 replies; 3+ messages in thread
From: Alex Bennee @ 2002-06-17 10:31 UTC (permalink / raw)
To: lartc
Adi Nugroho said:
> Dear all,
>
> I want to make a filter for all IRC-Dalnet traffic, so I want to put
> all traffic for port 6660, 6661, 6662, 6663, 6664, 6665, 6666, 6667,
> 6668, 6669, 7000, 7001, 7002, and 8000 to a class. So, I create a TC
> script as below.
>
> I'm sure, it is not effective, and we can write it in simpler.
> I need help, how to make my script below are simpler.
> The simpler, the better.
One approach would be to use iptables/ipchains to mark your packets and then
select the tc class based on the fw mark. There some examples posted in the
archives of this list or you could look as my firewall script (on my site)
for an example.
Alex
www.bennee.com/~alex/
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [LARTC] Better filtering to a class
2002-06-17 10:11 [LARTC] Better filtering to a class Adi Nugroho
2002-06-17 10:31 ` Alex Bennee
@ 2002-06-17 15:30 ` mdew
1 sibling, 0 replies; 3+ messages in thread
From: mdew @ 2002-06-17 15:30 UTC (permalink / raw)
To: lartc
[-- Attachment #1: Type: text/plain, Size: 1975 bytes --]
On Mon, 2002-06-17 at 22:31, Alex Bennee wrote:
> Adi Nugroho said:
> > Dear all,
> >
> > I want to make a filter for all IRC-Dalnet traffic, so I want to put
> > all traffic for port 6660, 6661, 6662, 6663, 6664, 6665, 6666, 6667,
> > 6668, 6669, 7000, 7001, 7002, and 8000 to a class. So, I create a TC
> > script as below.
> >
> > I'm sure, it is not effective, and we can write it in simpler.
> > I need help, how to make my script below are simpler.
> > The simpler, the better.
>
> One approach would be to use iptables/ipchains to mark your packets and then
> select the tc class based on the fw mark. There some examples posted in the
> archives of this list or you could look as my firewall script (on my site)
> for an example.
/sbin/tc qdisc add dev ppp0 root handle 1: htb default 60
# add a rate limiting class underneath - this ensure we don't send
# packets to the dsl modem faster than its going to send them
/sbin/tc class add dev ppp0 parent 1: classid 1:1 htb rate 250kbps
ceil 260kbps burst 6k
#sub classes for each traffic type
/sbin/tc class add dev ppp0 parent 1:1 classid 1:10 htb prio 1 rate
250kbps burst 6k
/sbin/tc class add dev ppp0 parent 1:1 classid 1:20 htb prio 2 rate
250kbps burst 6k
/sbin/tc class add dev ppp0 parent 1:1 classid 1:30 htb prio 3 rate
250kbps burst 6k
/sbin/tc class add dev ppp0 parent 1:1 classid 1:40 htb prio 4 rate
250kbps burst 6k
/sbin/tc class add dev ppp0 parent 1:1 classid 1:50 htb prio 5 rate
250kbps burst 6k
/sbin/tc class add dev ppp0 parent 1:1 classid 1:60 htb prio 6 rate
250kbps burst 6k
anychance showing me an alternative to htb (and does the exactly the
samething using cbq..) ? unless its possible to use a stock 2.4.18
without the htb-patch...since hdd space isnt an option.
--
ph33r!
Linux mdew 2.4.19-pre10-xfs-aa2 #10 Mon Jun 17 11:06:06 NZST 2002 i686
unknown
GPG Key: http://mdew.orcon.net.nz/gpg
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2002-06-17 15:30 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-06-17 10:11 [LARTC] Better filtering to a class Adi Nugroho
2002-06-17 10:31 ` Alex Bennee
2002-06-17 15:30 ` mdew
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.