All of lore.kernel.org
 help / color / mirror / Atom feed
* [LARTC] tc filter question
@ 2003-02-14 10:19 philipp.berndt
  2003-02-14 15:09 ` Bartek Krajnik
                   ` (5 more replies)
  0 siblings, 6 replies; 12+ messages in thread
From: philipp.berndt @ 2003-02-14 10:19 UTC (permalink / raw)
  To: lartc

Hello.

I tried this:

$ ./tc qdisc add dev ppp0 root handle 1:0 htb default 12
$ ./tc class add dev ppp0 parent 1:0 classid 1:1 htb rate 125kbit ceil 125kbit
$ ./tc class add dev ppp0 parent 1:1 classid 1:10 htb rate 10kbit ceil 125kbit 
prio 0

$ iptables .... -j MARK --set-mark 11

$ ./tc filter add dev ppp0 parent 1:0 prio 0 protocol ip handle 10 fw flowid 
1:10
RTNETLINK answers: Invalid argument

Can anybody tell me what's wrong with the last line?

I tried it with tc from
http://luxik.cdi.cz/~devik/qos/htb/v3/htb3.6-020525.tgz
and from iproute2-2.4.7-340.rpm (SuSE 8.1).

Do I need some other kernel module?

Regards,
Philipp
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 12+ messages in thread
* Re: [LARTC] tc filter question
  2003-02-14 10:19 philipp.berndt
@ 2003-02-14 15:09 ` Bartek Krajnik
  2003-02-14 16:15 ` Philipp Berndt
                   ` (4 subsequent siblings)
  5 siblings, 0 replies; 12+ messages in thread
From: Bartek Krajnik @ 2003-02-14 15:09 UTC (permalink / raw)
  To: lartc

[-- Attachment #1: Type: text/plain, Size: 908 bytes --]

On 14-02-2003 at 11:19:10AM +0100, philipp.berndt@gmx.net wrote:
> Hello.
> 
> I tried this:
> 
> $ ./tc qdisc add dev ppp0 root handle 1:0 htb default 12
> $ ./tc class add dev ppp0 parent 1:0 classid 1:1 htb rate 125kbit ceil 125kbit
> $ ./tc class add dev ppp0 parent 1:1 classid 1:10 htb rate 10kbit ceil 125kbit 
> prio 0
> 
> $ iptables .... -j MARK --set-mark 11
> 
> $ ./tc filter add dev ppp0 parent 1:0 prio 0 protocol ip handle 10 fw flowid 
> 1:10
> RTNETLINK answers: Invalid argument
> 
> Can anybody tell me what's wrong with the last line?
> 
> I tried it with tc from
> http://luxik.cdi.cz/~devik/qos/htb/v3/htb3.6-020525.tgz
> and from iproute2-2.4.7-340.rpm (SuSE 8.1).
> 
> Do I need some other kernel module?
Recompile Your kernel with option CONFIG_NET_CLS_FW.
Networking options  --->QoS and/or fair queueing  --->Firewall based classifier

Rgds,
  Bartek.

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

^ permalink raw reply	[flat|nested] 12+ messages in thread
* Re: [LARTC] tc filter question
  2003-02-14 10:19 philipp.berndt
  2003-02-14 15:09 ` Bartek Krajnik
@ 2003-02-14 16:15 ` Philipp Berndt
  2007-10-28 17:48 ` Daniel
                   ` (3 subsequent siblings)
  5 siblings, 0 replies; 12+ messages in thread
From: Philipp Berndt @ 2003-02-14 16:15 UTC (permalink / raw)
  To: lartc

Hello Bartek,

Thanks a lot!

Philipp

> > Do I need some other kernel module?
>
> Recompile Your kernel with option CONFIG_NET_CLS_FW.
> Networking options  --->QoS and/or fair queueing  --->Firewall based
> classifier
>
> Rgds,
>   Bartek.

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 12+ messages in thread
* [LARTC] tc filter question.
@ 2003-06-30 14:42 Σταμάτης Κεκές
  2003-06-30 14:50 ` Ethy H. Brito
                   ` (3 more replies)
  0 siblings, 4 replies; 12+ messages in thread
From: Σταμάτης Κεκές @ 2003-06-30 14:42 UTC (permalink / raw)
  To: lartc

Well so far I've used tc with htb with success, installed on a machine 
with two ethernet interfaces acting as a bridge. On eth0 I applied the 
ougoing policy and on eth1 the incomming.
 My users ussualy they use lot of protocols ( IRC, KAZAA and many more ) 
the IRC protocol by itself is from port 6667 up to 7000. So as you 
understand I have to write 300 and more lines for filtering the IRC 
traffic to feed it in a class that I've made up for the minimal 
bandwidth allocation.
 My problem is on how to make a filter to accept sport 6667-7000. I've 
searched but I didn't found anything usefull in the list archives.
 Is there any way to do that or I have to make one filter per port ?

 Best regards
  Stamatis

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 12+ messages in thread
* Re: [LARTC] tc filter question.
  2003-06-30 14:42 [LARTC] tc filter question Σταμάτης Κεκές
@ 2003-06-30 14:50 ` Ethy H. Brito
  2003-06-30 15:05 ` ???????? ?????
                   ` (2 subsequent siblings)
  3 siblings, 0 replies; 12+ messages in thread
From: Ethy H. Brito @ 2003-06-30 14:50 UTC (permalink / raw)
  To: lartc

On Mon, 30 Jun 2003 17:42:18 +0300
Σταμάτης Κεκές <skekes@pylones.gr> wrote:

>  My problem is on how to make a filter to accept sport 6667-7000. I've
> searched but I didn't found anything usefull in the list archives.
>  Is there any way to do that or I have to make one filter per port ?

You can use iptables (for example) to mark the packets in the range of
ports you want and issue one filter for this mark


Ethy H. Brito         /"\
InterNexo Ltda.       \ /  CAMPANHA DA FITA ASCII - CONTRA MAIL HTML
+55 (12) 3941-6860     X   ASCII RIBBON CAMPAIGN - AGAINST HTML MAIL
S.J.Campos - Brasil   / \
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 12+ messages in thread
* Re: [LARTC] tc filter question.
  2003-06-30 14:42 [LARTC] tc filter question Σταμάτης Κεκές
  2003-06-30 14:50 ` Ethy H. Brito
@ 2003-06-30 15:05 ` ???????? ?????
  2003-06-30 15:23 ` Ethy H. Brito
  2003-07-01  6:00 ` ???????? ?????
  3 siblings, 0 replies; 12+ messages in thread
From: ???????? ????? @ 2003-06-30 15:05 UTC (permalink / raw)
  To: lartc

Ethy H. Brito wrote:

>On Mon, 30 Jun 2003 17:42:18 +0300
>Σταμάτης Κεκές <skekes@pylones.gr> wrote:
>
>  
>
>> My problem is on how to make a filter to accept sport 6667-7000. I've
>>searched but I didn't found anything usefull in the list archives.
>> Is there any way to do that or I have to make one filter per port ?
>>    
>>
>
>You can use iptables (for example) to mark the packets in the range of
>ports you want and issue one filter for this mark
>  
>
Thanks for the answer.
Well I thought that solution but I want to have all the filtering 
related with QoS in one machine.
Otherwise I have to keep lot of docs up2date dor the firewall and the 
shaper too.
Any other suggestion ?

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 12+ messages in thread
* Re: [LARTC] tc filter question.
  2003-06-30 14:42 [LARTC] tc filter question Σταμάτης Κεκές
  2003-06-30 14:50 ` Ethy H. Brito
  2003-06-30 15:05 ` ???????? ?????
@ 2003-06-30 15:23 ` Ethy H. Brito
  2003-07-01  6:00 ` ???????? ?????
  3 siblings, 0 replies; 12+ messages in thread
From: Ethy H. Brito @ 2003-06-30 15:23 UTC (permalink / raw)
  To: lartc

On Mon, 30 Jun 2003 18:05:07 +0300
???????? ????? <skekes@pylones.gr> wrote:

> >You can use iptables (for example) to mark the packets in the range
> >of ports you want and issue one filter for this mark
> >  
> >
> Thanks for the answer.
> Well I thought that solution but I want to have all the filtering 
> related with QoS in one machine.
> Otherwise I have to keep lot of docs up2date dor the firewall and the 
> shaper too.

Didn't got it! Why do you think you can't have all in one machine?
You can have your FW *and* traffic control in one machine or split it in
two if you want.
Its up to you to decide. Obviously you cannot pass marks between two
machines if you choose the splitted solution. Marks and bwcontrol must
reside in the same machine.

-- 
Ethy H. Brito         /"\
InterNexo Ltda.       \ /  CAMPANHA DA FITA ASCII - CONTRA MAIL HTML
+55 (12) 3941-6860     X   ASCII RIBBON CAMPAIGN - AGAINST HTML MAIL
S.J.Campos - Brasil   / \
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 12+ messages in thread
* Re: [LARTC] tc filter question.
  2003-06-30 14:42 [LARTC] tc filter question Σταμάτης Κεκές
                   ` (2 preceding siblings ...)
  2003-06-30 15:23 ` Ethy H. Brito
@ 2003-07-01  6:00 ` ???????? ?????
  3 siblings, 0 replies; 12+ messages in thread
From: ???????? ????? @ 2003-07-01  6:00 UTC (permalink / raw)
  To: lartc

>
>
>Didn't got it! Why do you think you can't have all in one machine?
>
No I want them separate. The spaher is in one machine and the firewall 
is on the second machine.
When I spoke about filtering I ment the classification rules and not the 
netfilter.

>You can have your FW *and* traffic control in one machine or split it in
>two if you want.
>Its up to you to decide. Obviously you cannot pass marks between two
>machines if you choose the splitted solution. Marks and bwcontrol must
>reside in the same machine.
>
>  
>
I want to classify the packets without the need of firewall. Thats what 
I ment.
Anyway thanks for the advice
 Stamatis


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 12+ messages in thread
* [LARTC] tc filter question
  2003-02-14 10:19 philipp.berndt
  2003-02-14 15:09 ` Bartek Krajnik
  2003-02-14 16:15 ` Philipp Berndt
@ 2007-10-28 17:48 ` Daniel
  2007-10-28 18:55 ` Peter V. Saveliev
                   ` (2 subsequent siblings)
  5 siblings, 0 replies; 12+ messages in thread
From: Daniel @ 2007-10-28 17:48 UTC (permalink / raw)
  To: lartc

Dear all,

I have big question in my mind about "tc filter" sintax. If I give "tc -s -d 
filter sh dev eth0" command, then the output is like below :

filter parent 1: protocol ip pref 1 u32
filter parent 1: protocol ip pref 1 u32 fh 800: ht divisor 1
filter parent 1: protocol ip pref 1 u32 fh 800::800 order 2048 key ht 800 bkt 
0 flowid 1:2  (rule hit 21553629
 success 37907)
  match 00160000/ffff0000 at 20 (success 37907 )

...

My question is :
1. What is "fh 800:" and "fh 800::800" mean ?
2. How I change the value "800" in "fh 800::800" ? I'm guessing this is 
default value and I need to change that because my filter rule can be more 
than 0xfff line.

Thanks for all,

Daniel
PadiNet Makassar
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

^ permalink raw reply	[flat|nested] 12+ messages in thread
* Re: [LARTC] tc filter question
  2003-02-14 10:19 philipp.berndt
                   ` (2 preceding siblings ...)
  2007-10-28 17:48 ` Daniel
@ 2007-10-28 18:55 ` Peter V. Saveliev
  2007-10-28 18:56 ` Andreas Mueller
  2007-10-29  5:32 ` Michal Soltys
  5 siblings, 0 replies; 12+ messages in thread
From: Peter V. Saveliev @ 2007-10-28 18:55 UTC (permalink / raw)
  To: lartc

В сообщении от Sunday 28 October 2007 20:48:13 Daniel написал(а):
> Dear all,
>
> I have big question in my mind about "tc filter" sintax. If I give "tc -s
> -d filter sh dev eth0" command, then the output is like below :
>
> filter parent 1: protocol ip pref 1 u32
> filter parent 1: protocol ip pref 1 u32 fh 800: ht divisor 1
> filter parent 1: protocol ip pref 1 u32 fh 800::800 order 2048 key ht 800
> bkt 0 flowid 1:2  (rule hit 21553629
>  success 37907)
>   match 00160000/ffff0000 at 20 (success 37907 )
>
> ...
>
> My question is :
> 1. What is "fh 800:" and "fh 800::800" mean ?
> 2. How I change the value "800" in "fh 800::800" ? I'm guessing this is
> default value and I need to change that because my filter rule can be more
> than 0xfff line.
<skip />

There is a rather unclear howto chapter: 
http://lartc.org/howto/lartc.adv-filter.hashing.html

But it is very correct. Try it (actually, I understood it not from the first 
attempt ;))

-- 
Peter V. Saveliev
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

^ permalink raw reply	[flat|nested] 12+ messages in thread
* Re: [LARTC] tc filter question
  2003-02-14 10:19 philipp.berndt
                   ` (3 preceding siblings ...)
  2007-10-28 18:55 ` Peter V. Saveliev
@ 2007-10-28 18:56 ` Andreas Mueller
  2007-10-29  5:32 ` Michal Soltys
  5 siblings, 0 replies; 12+ messages in thread
From: Andreas Mueller @ 2007-10-28 18:56 UTC (permalink / raw)
  To: lartc

Hi Daniel.

Daniel wrote:
> Dear all,
> 
> I have big question in my mind about "tc filter" sintax. If I give "tc -s -d 
> filter sh dev eth0" command, then the output is like below :
> 
> filter parent 1: protocol ip pref 1 u32
> filter parent 1: protocol ip pref 1 u32 fh 800: ht divisor 1
> filter parent 1: protocol ip pref 1 u32 fh 800::800 order 2048 key ht 800 bkt 
> 0 flowid 1:2  (rule hit 21553629
>  success 37907)
>   match 00160000/ffff0000 at 20 (success 37907 )
> 
> ...
> 
> My question is :
> 1. What is "fh 800:" and "fh 800::800" mean ?
> 2. How I change the value "800" in "fh 800::800" ? I'm guessing this is 
> default value and I need to change that because my filter rule can be more 
> than 0xfff line.
Hi, that values are for the hash-tables of u32, see:
http://lartc.org/howto/lartc.adv-filter.hashing.html


> 
> Thanks for all,
> 
> Daniel
> PadiNet Makassar

Bye,
 Andreas.
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

^ permalink raw reply	[flat|nested] 12+ messages in thread
* Re: [LARTC] tc filter question
  2003-02-14 10:19 philipp.berndt
                   ` (4 preceding siblings ...)
  2007-10-28 18:56 ` Andreas Mueller
@ 2007-10-29  5:32 ` Michal Soltys
  5 siblings, 0 replies; 12+ messages in thread
From: Michal Soltys @ 2007-10-29  5:32 UTC (permalink / raw)
  To: lartc

Daniel wrote:
> 
> My question is :
> 1. What is "fh 800:" and "fh 800::800" mean ?
> 2. How I change the value "800" in "fh 800::800" ? I'm guessing this is 
> default value and I need to change that because my filter rule can be more 
> than 0xfff line.
> 

Also check http://ace-host.stuart.id.au/russell/files/tc/doc/cls_u32.txt

Old howto misses a few important things.
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

^ permalink raw reply	[flat|nested] 12+ messages in thread
end of thread, other threads:[~2007-10-29  5:32 UTC | newest]

Thread overview: 12+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-06-30 14:42 [LARTC] tc filter question Σταμάτης Κεκές
2003-06-30 14:50 ` Ethy H. Brito
2003-06-30 15:05 ` ???????? ?????
2003-06-30 15:23 ` Ethy H. Brito
2003-07-01  6:00 ` ???????? ?????
  -- strict thread matches above, loose matches on Subject: below --
2003-02-14 10:19 philipp.berndt
2003-02-14 15:09 ` Bartek Krajnik
2003-02-14 16:15 ` Philipp Berndt
2007-10-28 17:48 ` Daniel
2007-10-28 18:55 ` Peter V. Saveliev
2007-10-28 18:56 ` Andreas Mueller
2007-10-29  5:32 ` Michal Soltys

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.