All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Harry Westerman" <hwesterman@cistron.nl>
To: lartc@vger.kernel.org
Subject: [LARTC] Extending Wondershaper a bit
Date: Sun, 24 Nov 2002 13:09:38 +0000	[thread overview]
Message-ID: <marc-lartc-103814345313280@msgid-missing> (raw)

Hello everyone.

I've been trying to get Qos to work here for two days now, but it REALLY
doesn't seem to work the way I want to. Here is my situation:

                         Internet

Wireless LAN   Firewall        DMZ

                         Local lan

As you can see, I got a Debian box in the middle as my firewall with 3
network interfaces and a wireless one. I use Shorewall to configure
everything and it works. I masquerade LAN, LOC and DMZ towards internet and
have extra rules for hiding the local lan from the wlan, etc. I have a
Cistron MAXX abo to the internet (8192/512kbits).

Then I wanted to use QOS, so I patched my 2.4.18 kernel with HTB, and used
the Wondershaper 1.1a. It works! I see three classes, with traffic in all
three of them. But it only diferentiates between types of traffic, and I
would like it to diferentiate based on the source of the packets. I would
like to have my DMZ and LOC a high priority, and a low priority for the
mldonkey program on the firewall itself, or for the users on the wlan. So I
tried this:

$DEV=eth1
tc qdisc add dev $DEV root handle 1: htb default 40
tc class add dev $DEV parent 1: classid 1:1 htb rate 480kbit burst 6k
tc class add dev $DEV parent 1:1 classid 1:10 htb rate 80kbit ceil 480kbit
burst 6k
tc class add dev $DEV parent 1:1 classid 1:20 htb rate 120kbit ceil 480kbit
burst 6k
tc class add dev $DEV parent 1:1 classid 1:30 htb rate 270kbit ceil 480kbit
burst 6k
tc class add dev $DEV parent 1:1 classid 1:40 htb rate 1kbit ceil 480kbit
burst 6k

# all get Stochastic Fairness:
tc qdisc add dev $DEV parent 1:10 handle 10: sfq perturb 10
tc qdisc add dev $DEV parent 1:20 handle 20: sfq perturb 10
tc qdisc add dev $DEV parent 1:30 handle 30: sfq perturb 10
tc qdisc add dev $DEV parent 1:40 handle 40: sfq perturb 10

# TOS Minimum Delay (ssh, NOT scp) in 1:10:
tc filter add dev $DEV parent 1:0 protocol ip prio 10 u32 \
      match ip tos 0x10 0xff  flowid 1:10

# ICMP (ip protocol 1) in the interactive class 1:10 so we
# can do measurements & impress our friends:
tc filter add dev $DEV parent 1:0 protocol ip prio 10 u32 \
        match ip protocol 1 0xff flowid 1:10

# To speed up downloads while an upload is going on, put ACK packets in
# the interactive class:
tc filter add dev $DEV parent 1:0 protocol ip prio 10 u32 \
   match ip protocol 6 0xff \
   match u8 0x05 0x0f at 0 \
   match u16 0x0000 0xffc0 at 2 \
   match u8 0x10 0xff at 33 \
   flowid 1:10

# loc
#iptables -A PREROUTING -t mangle -i $DEV -p tcp -s 192.168.0.0/24 -j
MARK --set-mark 2
tc filter add dev eth1 parent 1:0 protocol ip prio 1 handle 2 fw classid
1:20
#tc filter add dev $DEV parent 1: protocol ip prio 16 u32 \
#   match ip src 192.168.0.0/24 flowid 1:20

# dmz
#iptables -A PREROUTING -t mangle -i $DEV -p tcp -s 10.0.0.0/8 -j
MARK --set-mark 3
tc filter add dev eth1 parent 1:0 protocol ip prio 1 handle 3 fw classid
1:30
#tc filter add dev $DEV parent 1: protocol ip prio 16 u32 \
#   match ip src 10.0.0.0/8 flowid 1:30

# rest is 'non-interactive' ie 'bulk' and ends up in 1:40
tc filter add dev $DEV parent 1: protocol ip prio 18 u32 \
   match ip dst 0.0.0.0/0 flowid 1:40

Ok. Well, this is almost the same as the wondershaper itself. The only
problem (as you can see) is to mark the packets coming from the DMZ or the
LOCal lan.

First I tried to mark the packets with the TCRules file of Shorewall and use
a tc filter to move the packets to the right class id. As you can see, I
also tried to mark them with iptables, but I suspect that doesn't work
because Shorewall doesn't have a PREROUTING table? Of am I wrong? Maybe the
reason it doesn't work is that I use masquerading from the DMZ and the loc?
So the FROM adresses are already rewritten?
Also the tc filter on the src match doesn't seem to work, I have NEVER seen
any traphic on the 1:20 of 1:30 classes.

This is driving me crazy. Especially since the normal wondershaper works, so
my htb patch and/or the TC program seem to be ok.

Any help?

Greetings,
Harry Westerman

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

             reply	other threads:[~2002-11-24 13:09 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2002-11-24 13:09 Harry Westerman [this message]
2002-11-24 15:44 ` [LARTC] Extending Wondershaper a bit Stef Coene
2002-11-24 16:22 ` Harry Westerman

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=marc-lartc-103814345313280@msgid-missing \
    --to=hwesterman@cistron.nl \
    --cc=lartc@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.