All of lore.kernel.org
 help / color / mirror / Atom feed
* [LARTC] Re: HTB and filters on many levels - Workaround found
@ 2003-07-26  7:49 Daniel Brahneborg
  2003-09-16 17:59 ` Steen Suder, privat
  2003-09-16 18:45 ` Stef Coene
  0 siblings, 2 replies; 3+ messages in thread
From: Daniel Brahneborg @ 2003-07-26  7:49 UTC (permalink / raw)
  To: lartc

I found a little workaround, but I'm not really happy with it.

On Fri, Jul 25, 2003 at 12:03:21AM +0200, Daniel Brahneborg wrote:
> My setup is like this:
> 
>   ISP - [ eth0  'firewall machine'  eth1 ] - LAN
> 
> I'd like to split the traffic evenly between the firewall and the LAN,
> and then prioritize traffic within those classes, similarly to the
> example in the HTB User Guide.  I want something like this:
> 
>  qdisc root 1: htb default 2
> 	1:9 htb rate 240
> 		1:1 htb rate 120 ceil 240
> 			1:11 htb rate 20 ceil 80 prio 1
> 				filter: ssh, ack, etc
> 				11: pfifo
> 			1:12 htb rate 60 ceil 200 prio 2
> 				no filter
> 				12: pfifo
> 			1:13 htb rate 20 ceil 80 prio 3
> 				filter: direct connect
> 				13: pfifo
> 		1:2 htb rate 120 ceil 240
> 			1:21 htb rate 20 ceil 80 prio 1
> 				21: pfifo
> 			1:22 htb rate 60 ceil 200 prio 2
> 				22: pfifo
> 			1:23 htb rate 20 ceil 80 prio 3
> 				23: pfifo
> 
> I then use iptables -j MARK to set a '1' if the traffic comes from
> eth1.  If not, it should end up in 1:2, and 1:1 and 1:2 should be able
> to borrow from each other.

What I do now is to use ipfilter to set marks on the packets for all six
classes, and then set all filters on 1:0.  A bit more work for iptables,
but it seems to work.  Is it a bug that a fiter can't be added to a class?

/Basic

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [LARTC] Re: HTB and filters on many levels - Workaround found
  2003-07-26  7:49 [LARTC] Re: HTB and filters on many levels - Workaround found Daniel Brahneborg
@ 2003-09-16 17:59 ` Steen Suder, privat
  2003-09-16 18:45 ` Stef Coene
  1 sibling, 0 replies; 3+ messages in thread
From: Steen Suder, privat @ 2003-09-16 17:59 UTC (permalink / raw)
  To: lartc

Daniel Brahneborg wrote:
> I found a little workaround, but I'm not really happy with it.

<SNIP>

>>I then use iptables -j MARK to set a '1' if the traffic comes from
>>eth1.  If not, it should end up in 1:2, and 1:1 and 1:2 should be able
>>to borrow from each other.
> 
> 
> What I do now is to use ipfilter to set marks on the packets for all six
> classes, and then set all filters on 1:0.  A bit more work for iptables,
> but it seems to work.  Is it a bug that a fiter can't be added to a class?

It's by design AFAIK.
Packets are enqueued at qdiscs and, thus, it is only meaningful to be 
able to attach filters to qdiscs.

I may be wrong though...

Also, the HTB docs instructs the user to attach filters to the root.

-- 
Mvh. / Best regards,
Steen Suder		<http://www.suder.dk/>
ICQ UIN			4133803

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [LARTC] Re: HTB and filters on many levels - Workaround found
  2003-07-26  7:49 [LARTC] Re: HTB and filters on many levels - Workaround found Daniel Brahneborg
  2003-09-16 17:59 ` Steen Suder, privat
@ 2003-09-16 18:45 ` Stef Coene
  1 sibling, 0 replies; 3+ messages in thread
From: Stef Coene @ 2003-09-16 18:45 UTC (permalink / raw)
  To: lartc

On Tuesday 16 September 2003 19:59, Steen Suder, privat wrote:
> Daniel Brahneborg wrote:
> > I found a little workaround, but I'm not really happy with it.
>
> <SNIP>
>
> >>I then use iptables -j MARK to set a '1' if the traffic comes from
> >>eth1.  If not, it should end up in 1:2, and 1:1 and 1:2 should be able
> >>to borrow from each other.
> >
> > What I do now is to use ipfilter to set marks on the packets for all six
> > classes, and then set all filters on 1:0.  A bit more work for iptables,
> > but it seems to work.  Is it a bug that a fiter can't be added to a
> > class?
>
> It's by design AFAIK.
> Packets are enqueued at qdiscs and, thus, it is only meaningful to be
> able to attach filters to qdiscs.
>
> I may be wrong though...
>
> Also, the HTB docs instructs the user to attach filters to the root.
You don't have to.  You can add the filters to classes and "stack" them.  If a 
packet is enqueued in the htb qdisc, all filters attached to the root qdisc 
are checked.  If a packet is redirected to a leaf class, it's dequeued in the 
qdisc attached to the class.  If a packet is redirected to a class, the 
filters attached to that class are examined.

In previously htb versions, htb hangs if you redirect a packet to a non-leaf 
class.  That's solved in later versions.

Stef

-- 
stef.coene@docum.org
 "Using Linux as bandwidth manager"
     http://www.docum.org/
     #lartc @ irc.openprojects.net

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2003-09-16 18:45 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-07-26  7:49 [LARTC] Re: HTB and filters on many levels - Workaround found Daniel Brahneborg
2003-09-16 17:59 ` Steen Suder, privat
2003-09-16 18:45 ` Stef Coene

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.