[LARTC] Problem with fw filters

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Aigars Mahinovs <aigarius@debian.org>
To: lartc@vger.kernel.org
Subject: [LARTC] Problem with fw filters
Date: Sat, 26 Oct 2002 13:44:13 +0000	[thread overview]
Message-ID: <marc-lartc-103563976509242@msgid-missing> (raw)

[-- Attachment #1: Type: text/plain, Size: 7667 bytes --]

Hi all,

I am trying to priorityse outgoing traffic basing on UID of the sender.
Script follows:

# First mark packets with their respective priority

iptables -t mangle -F OUTPUT

iptables -t mangle -A OUTPUT -m owner --uid-owner root -j MARK
--set-mark 1
iptables -t mangle -A OUTPUT -m owner --uid-owner aigarius -j MARK
--set-mark 2
iptables -t mangle -A OUTPUT -m owner --uid-owner bind -j MARK
--set-mark 3
iptables -t mangle -A OUTPUT -m owner --uid-owner proxy -j MARK
--set-mark 4
iptables -t mangle -A OUTPUT -m owner --uid-owner nobody -j MARK
--set-mark 5
iptables -t mangle -A OUTPUT -m owner --uid-owner www-data -j MARK
--set-mark 6
iptables -t mangle -A OUTPUT -m owner --uid-owner ftp -j MARK --set-mark
7
iptables -t mangle -A OUTPUT -m owner --uid-owner ivarix -j MARK
--set-mark 8
iptables -t mangle -A OUTPUT -m owner --uid-owner blacky -j MARK
--set-mark 9
iptables -t mangle -A OUTPUT -j MARK --set-mark 666

# now make outgoing traffic classes
# clean existing qdiscs, hide errors
/home/aigarius/bin/tc qdisc del dev eth0 root    2> /dev/null >
/dev/null

/home/aigarius/bin/tc qdisc add dev eth0 root handle 1: htb
/home/aigarius/bin/tc class add dev eth0 parent 1: classid 1:1 htb rate
100mbit burst 64k
/home/aigarius/bin/tc class add dev eth0 parent 1:1 classid 1:10 htb
rate 100mbit burst 64k prio 1
/home/aigarius/bin/tc class add dev eth0 parent 1:1 classid 1:20 htb
rate 100mbit burst 64k prio 2
/home/aigarius/bin/tc class add dev eth0 parent 1:1 classid 1:30 htb
rate 100mbit burst 64k prio 3
/home/aigarius/bin/tc class add dev eth0 parent 1:1 classid 1:40 htb
rate 100mbit burst 64k prio 4
/home/aigarius/bin/tc class add dev eth0 parent 1:1 classid 1:50 htb
rate 100mbit burst 64k prio 5
/home/aigarius/bin/tc class add dev eth0 parent 1:1 classid 1:60 htb
rate 100mbit burst 64k prio 6
/home/aigarius/bin/tc class add dev eth0 parent 1:1 classid 1:70 htb
rate 100mbit burst 64k prio 7
/home/aigarius/bin/tc class add dev eth0 parent 1:1 classid 1:80 htb
rate 100mbit burst 64k prio 8
/home/aigarius/bin/tc class add dev eth0 parent 1:1 classid 1:90 htb
rate 100mbit burst 64k prio 9
/home/aigarius/bin/tc class add dev eth0 parent 1:1 classid 1:666 htb
rate 10mbit burst 64k prio 20
# all get Stochastic Fairness:
/home/aigarius/bin/tc qdisc add dev eth0 parent 1:10 handle 10: sfq
perturb 10
/home/aigarius/bin/tc qdisc add dev eth0 parent 1:20 handle 20: sfq
perturb 10
/home/aigarius/bin/tc qdisc add dev eth0 parent 1:30 handle 30: sfq
perturb 10
/home/aigarius/bin/tc qdisc add dev eth0 parent 1:40 handle 40: sfq
perturb 10
/home/aigarius/bin/tc qdisc add dev eth0 parent 1:50 handle 50: sfq
perturb 10
/home/aigarius/bin/tc qdisc add dev eth0 parent 1:60 handle 60: sfq
perturb 10
/home/aigarius/bin/tc qdisc add dev eth0 parent 1:70 handle 70: sfq
perturb 10
/home/aigarius/bin/tc qdisc add dev eth0 parent 1:80 handle 80: sfq
perturb 10
/home/aigarius/bin/tc qdisc add dev eth0 parent 1:90 handle 90: sfq
perturb 10
/home/aigarius/bin/tc qdisc add dev eth0 parent 1:666 handle 666: sfq
perturb 10
# Filter traffic into classes
/home/aigarius/bin/tc filter add dev eth0 parent 1:0 protocol ip prio 10
handle 1 fw flowid 1:10
/home/aigarius/bin/tc filter add dev eth0 parent 1:0 protocol ip prio 10
handle 2 fw flowid 1:20
/home/aigarius/bin/tc filter add dev eth0 parent 1:0 protocol ip prio 10
handle 3 fw flowid 1:30
/home/aigarius/bin/tc filter add dev eth0 parent 1:0 protocol ip prio 10
handle 4 fw flowid 1:40
/home/aigarius/bin/tc filter add dev eth0 parent 1:0 protocol ip prio 10
handle 5 fw flowid 1:50
/home/aigarius/bin/tc filter add dev eth0 parent 1:0 protocol ip prio 10
handle 6 fw flowid 1:60
/home/aigarius/bin/tc filter add dev eth0 parent 1:0 protocol ip prio 10
handle 7 fw flowid 1:70
/home/aigarius/bin/tc filter add dev eth0 parent 1:0 protocol ip prio 10
handle 8 fw flowid 1:80
/home/aigarius/bin/tc filter add dev eth0 parent 1:0 protocol ip prio 10
handle 9 fw flowid 1:90
/home/aigarius/bin/tc filter add dev eth0 parent 1:0 protocol ip prio 10
handle 666 fw flowid 1:666
                       
--- END OF SCRIPT ---

Problem:
no shaping is done

# tc -s qdisc show
qdisc sfq 666: dev eth0 quantum 1514b limit 128p flows 128/1024 perturb
10sec 
 Sent 679086470 bytes 985634 pkts (dropped 0, overlimits 0) 

 qdisc sfq 90: dev eth0 quantum 1514b limit 128p flows 128/1024 perturb
10sec 
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0) 

 qdisc sfq 80: dev eth0 quantum 1514b limit 128p flows 128/1024 perturb
10sec 
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0) 

 qdisc sfq 70: dev eth0 quantum 1514b limit 128p flows 128/1024 perturb
10sec 
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0) 

 qdisc sfq 60: dev eth0 quantum 1514b limit 128p flows 128/1024 perturb
10sec 
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0) 

 qdisc sfq 50: dev eth0 quantum 1514b limit 128p flows 128/1024 perturb
10sec 
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0) 

 qdisc sfq 40: dev eth0 quantum 1514b limit 128p flows 128/1024 perturb
10sec 
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0) 

 qdisc sfq 30: dev eth0 quantum 1514b limit 128p flows 128/1024 perturb
10sec 
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0) 

 qdisc sfq 20: dev eth0 quantum 1514b limit 128p flows 128/1024 perturb
10sec 
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0) 

 qdisc sfq 10: dev eth0 quantum 1514b limit 128p flows 128/1024 perturb
10sec 
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0) 

 qdisc htb 1: dev eth0 r2q 10 default 0 direct_packets_stat 778 ver 3.6
 Sent 679175569 bytes 986412 pkts (dropped 0, overlimits 9647) 

#iptables -v -t mangle -L OUTPUT
Chain OUTPUT (policy ACCEPT 25M packets, 16G bytes)
 pkts bytes target     prot opt in     out     source              
destination         
 6782  802K MARK       all  --  any    any     anywhere            
anywhere           OWNER UID match root MARK set 0x1 
 7439  393K MARK       all  --  any    any     anywhere            
anywhere           OWNER UID match aigarius MARK set 0x2 
 7878 2018K MARK       all  --  any    any     anywhere            
anywhere           OWNER UID match bind MARK set 0x3 
65687   49M MARK       all  --  any    any     anywhere            
anywhere           OWNER UID match proxy MARK set 0x4 
 752K  524M MARK       all  --  any    any     anywhere            
anywhere           OWNER UID match nobody MARK set 0x5 
24388   35M MARK       all  --  any    any     anywhere            
anywhere           OWNER UID match www-data MARK set 0x6 
44401   62M MARK       all  --  any    any     anywhere            
anywhere           OWNER UID match ftp MARK set 0x7 
    7   600 MARK       all  --  any    any     anywhere            
anywhere           OWNER UID match ivarix MARK set 0x8 
    0     0 MARK       all  --  any    any     anywhere            
anywhere           OWNER UID match blacky MARK set 0x9 
1019K  680M MARK       all  --  any    any     anywhere            
anywhere           MARK set 0x29a 

As I see there is no shaping done -- the filters do not work.
I also do routing based on firewall key -> it doesn't work either, but
nothing shows any errors.

Please help. Thanks.

PS. I am using kernel 2.4.19 patched with htb3 and gr-security patch and
htb3 precompiled tc on Debian unstable system. 


-- 
Best regards,
    Aigars Mahinovs        mailto:aigarius@debian.org
 #--------------------------------------------------#
 |     .''`.                                        |
 |    : :' :           Debian GNU/Linux             |
 |    `. `'         http://www.debian.org           |
 |      `-                                          |
 #--------------------------------------------------#
 
 

[-- Attachment #2: Type: application/pgp-signature, Size: 831 bytes --]

next             reply	other threads:[~2002-10-26 13:44 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2002-10-26 13:44 Aigars Mahinovs [this message]
2002-10-26 14:09 ` [LARTC] Problem with fw filters Stef Coene
2002-10-26 16:06 ` Martin Josefsson
2002-10-26 16:44 ` Aigars Mahinovs

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=marc-lartc-103563976509242@msgid-missing \
    --to=aigarius@debian.org \
    --cc=lartc@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.