[LARTC] Packets Redirection

[LARTC] Packets Redirection

[Tom]

Hi all,

I use a Debian Woody with Kernel 2.4.18 patched with the HTB queue. I use 
the tc binay given within the HTB targz. Iptables 1.2.6a
I wrote this script based on the ADSL Bandwith management howto :

DEV=eth0
RATEUP\x128

tc qdisc add dev $DEV root handle 1: htb default 22
tc class add dev $DEV parent 1: classid 1:1 htb rate ${RATEUP}kbit
tc class add dev $DEV parent 1:1 classid 1:20 htb rate $[$RATEUP/7]kbit 
ceil ${RATEUP}kbit prio 0
tc class add dev $DEV parent 1:1 classid 1:21 htb rate $[$RATEUP/7]kbit 
ceil 88kbit prio 1
tc class add dev $DEV parent 1:1 classid 1:22 htb rate $[$RATEUP/7]kbit 
ceil 88kbit prio 2

tc qdisc add dev $DEV parent 1:20 handle 20: sfq perturb 10
tc qdisc add dev $DEV parent 1:21 handle 21: sfq perturb 10
tc qdisc add dev $DEV parent 1:22 handle 22: sfq perturb 10
tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 20 fw flowid 1:20
tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 21 fw flowid 1:21
tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 22 fw flowid 1:22

iptables -t mangle -N MYSHAPER-OUT
iptables -t mangle -I POSTROUTING -o $DEV -j MYSHAPER-OUT
iptables -t mangle -A MYSHAPER-OUT -p tcp --dport 20 -j MARK --set-mark 22
iptables -t mangle -A MYSHAPER-OUT -p icmp -j MARK --set-mark 20
iptables -t mangle -A MYSHAPER-OUT -p udp -j MARK --set-mark 21

I transfered a file by ftp. The packets was sent through the class 22 and 
its bandwith limited to 88kbits, which is normal. But i sent pings and 
thoose packets were sent through the class 22 too which is not normal due 
to the mangle packets marking.
I know which class was used by looking the tc classes status. Why icmp 
packets was not sent through class 20 ?

Any help would be appriciated. Thanks and have a nice day.



_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Packets Redirection

[Walter Haidinger]

On Thu, 24 Oct 2002, Tom wrote:

> tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 20 fw flowid 1:20
> tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 21 fw flowid 1:21
> tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 22 fw flowid 1:22

This odd. With my setup (2.4.20pre10 and tc from the 3.6 tarball) I need
to specify classid instead of flowid:

# tc filter add fw help
Usage: ... fw [ classid CLASSID ] [ police POLICE_SPEC ]
       POLICE_SPEC := ... look at TBF
       CLASSID := X:Y

> iptables -t mangle -N MYSHAPER-OUT
> iptables -t mangle -I POSTROUTING -o $DEV -j MYSHAPER-OUT

Tried OUTPUT chain for locally generated packets?

> I transfered a file by ftp. The packets was sent through the class 22 and
> its bandwith limited to 88kbits, which is normal.

Yes if normal = default.

> But i sent pings and thoose packets were sent through the class 22 too
> which is not normal due to the mangle packets marking. I know which
> class was used by looking the tc classes status. Why icmp packets was
> not sent through class 20 ?

To see which chain you're required to use, append your MYSHAPER-OUT chain
to all default chains in the mangle table and see if it works.
Then have a look at the packet counts and remove the unused.

Walter

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Packets Redirection

[Stef Coene]

On Thursday 24 October 2002 10:43, Walter Haidinger wrote:
> On Thu, 24 Oct 2002, Tom wrote:
> > tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 20 fw flowid
> > 1:20 tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 21 fw
> > flowid 1:21 tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle
> > 22 fw flowid 1:22
>
> This odd. With my setup (2.4.20pre10 and tc from the 3.6 tarball) I need
> to specify classid instead of flowid:
>
> # tc filter add fw help
> Usage: ... fw [ classid CLASSID ] [ police POLICE_SPEC ]
>        POLICE_SPEC := ... look at TBF
>        CLASSID := X:Y
from f_fw.c : 
                if (matches(*argv, "classid") == 0 ||
                    matches(*argv, "flowid") == 0) {

So both can be used.

> > iptables -t mangle -N MYSHAPER-OUT
> > iptables -t mangle -I POSTROUTING -o $DEV -j MYSHAPER-OUT
>
> Tried OUTPUT chain for locally generated packets?
You can use OUTPUT and POSTROUTING.  See www.docum.org under KPTD.

Stef

-- 

stef.coene@docum.org
 "Using Linux as bandwidth manager"
     http://www.docum.org/
     #lartc @ irc.oftc.net

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Packets Redirection

[Tom]

Rehi all,

I continue to search and now it's work. There is what i did :
- I change my interface from eth0 to ppp0
- I change the chain from POSTROUTING to OUTPUT (evene if the both possibly 
work)
- I add the quantum to the SFQ queue, it was 1492 now it's 1500 (the same 
as my MTU)
- I reduce the bandwith from 128kbps to 104kbps according to the howto
- I change priority of all the handle from 0 to respectivly 0,1,2,3,4,5 and 6
and I changed the flowid to classid.

Now, i'm going to try back my old config step by step to see what exactly 
made problem.

Thanks a lot for your advises.

Best regards, Tom.

At 13:17 24/10/2002 +0200, you wrote:
>On Thursday 24 October 2002 10:43, Walter Haidinger wrote:
> > On Thu, 24 Oct 2002, Tom wrote:
> > > tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 20 fw flowid
> > > 1:20 tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 21 fw
> > > flowid 1:21 tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle
> > > 22 fw flowid 1:22
> >
> > This odd. With my setup (2.4.20pre10 and tc from the 3.6 tarball) I need
> > to specify classid instead of flowid:
> >
> > # tc filter add fw help
> > Usage: ... fw [ classid CLASSID ] [ police POLICE_SPEC ]
> >        POLICE_SPEC := ... look at TBF
> >        CLASSID := X:Y
>from f_fw.c :
>                 if (matches(*argv, "classid") = 0 ||
>                     matches(*argv, "flowid") = 0) {
>
>So both can be used.
>
> > > iptables -t mangle -N MYSHAPER-OUT
> > > iptables -t mangle -I POSTROUTING -o $DEV -j MYSHAPER-OUT
> >
> > Tried OUTPUT chain for locally generated packets?
>You can use OUTPUT and POSTROUTING.  See www.docum.org under KPTD.
>
>Stef
>
>--
>
>stef.coene@docum.org
>  "Using Linux as bandwidth manager"
>      http://www.docum.org/
>      #lartc @ irc.oftc.net
>
>_______________________________________________
>LARTC mailing list / LARTC@mailman.ds9a.nl
>http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Packets Redirection

[Stef Coene]

On Thursday 24 October 2002 08:22, Tom wrote:
> Hi all,
>
> I use a Debian Woody with Kernel 2.4.18 patched with the HTB queue. I use
> the tc binay given within the HTB targz. Iptables 1.2.6a
> I wrote this script based on the ADSL Bandwith management howto :
>
> DEV=eth0
> RATEUP=128
>
> tc qdisc add dev $DEV root handle 1: htb default 22
> tc class add dev $DEV parent 1: classid 1:1 htb rate ${RATEUP}kbit
> tc class add dev $DEV parent 1:1 classid 1:20 htb rate $[$RATEUP/7]kbit
> ceil ${RATEUP}kbit prio 0
> tc class add dev $DEV parent 1:1 classid 1:21 htb rate $[$RATEUP/7]kbit
> ceil 88kbit prio 1
> tc class add dev $DEV parent 1:1 classid 1:22 htb rate $[$RATEUP/7]kbit
> ceil 88kbit prio 2
a tip : make sure the sum of the rates = ceil of the parent.  It's not needed, 
but it's more logic.   And you have to be sure YOU are the bottleneck on the 
link.  It's possible that you have to set RATE=120 to get results.

> tc qdisc add dev $DEV parent 1:20 handle 20: sfq perturb 10
> tc qdisc add dev $DEV parent 1:21 handle 21: sfq perturb 10
> tc qdisc add dev $DEV parent 1:22 handle 22: sfq perturb 10
> tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 20 fw flowid
> 1:20 tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 21 fw
> flowid 1:21 tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 22
> fw flowid 1:22
>
> iptables -t mangle -N MYSHAPER-OUT
> iptables -t mangle -I POSTROUTING -o $DEV -j MYSHAPER-OUT
> iptables -t mangle -A MYSHAPER-OUT -p tcp --dport 20 -j MARK --set-mark 22
> iptables -t mangle -A MYSHAPER-OUT -p icmp -j MARK --set-mark 20
> iptables -t mangle -A MYSHAPER-OUT -p udp -j MARK --set-mark 21
>
> I transfered a file by ftp. The packets was sent through the class 22 and
> its bandwith limited to 88kbits, which is normal. But i sent pings and
> thoose packets were sent through the class 22 too which is not normal due
> to the mangle packets marking.
> I know which class was used by looking the tc classes status. Why icmp
> packets was not sent through class 20 ?
Can you check out the iptables counters to see if the packets are really 
marked like you want ?
And you can get the same filter results if you add a fw filter with no option.  
The mark will be used as classid :
tc filter add dev $DEV parent 1:0 prio 0 protocol ip fw

Stef

-- 

stef.coene@docum.org
 "Using Linux as bandwidth manager"
     http://www.docum.org/
     #lartc @ irc.oftc.net

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/