* [LARTC] Re: HTB and filters on many levels - Workaround found
@ 2003-07-26 7:49 Daniel Brahneborg
2003-09-16 17:59 ` Steen Suder, privat
2003-09-16 18:45 ` Stef Coene
0 siblings, 2 replies; 3+ messages in thread
From: Daniel Brahneborg @ 2003-07-26 7:49 UTC (permalink / raw)
To: lartc
I found a little workaround, but I'm not really happy with it.
On Fri, Jul 25, 2003 at 12:03:21AM +0200, Daniel Brahneborg wrote:
> My setup is like this:
>
> ISP - [ eth0 'firewall machine' eth1 ] - LAN
>
> I'd like to split the traffic evenly between the firewall and the LAN,
> and then prioritize traffic within those classes, similarly to the
> example in the HTB User Guide. I want something like this:
>
> qdisc root 1: htb default 2
> 1:9 htb rate 240
> 1:1 htb rate 120 ceil 240
> 1:11 htb rate 20 ceil 80 prio 1
> filter: ssh, ack, etc
> 11: pfifo
> 1:12 htb rate 60 ceil 200 prio 2
> no filter
> 12: pfifo
> 1:13 htb rate 20 ceil 80 prio 3
> filter: direct connect
> 13: pfifo
> 1:2 htb rate 120 ceil 240
> 1:21 htb rate 20 ceil 80 prio 1
> 21: pfifo
> 1:22 htb rate 60 ceil 200 prio 2
> 22: pfifo
> 1:23 htb rate 20 ceil 80 prio 3
> 23: pfifo
>
> I then use iptables -j MARK to set a '1' if the traffic comes from
> eth1. If not, it should end up in 1:2, and 1:1 and 1:2 should be able
> to borrow from each other.
What I do now is to use ipfilter to set marks on the packets for all six
classes, and then set all filters on 1:0. A bit more work for iptables,
but it seems to work. Is it a bug that a fiter can't be added to a class?
/Basic
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [LARTC] Re: HTB and filters on many levels - Workaround found
2003-07-26 7:49 [LARTC] Re: HTB and filters on many levels - Workaround found Daniel Brahneborg
@ 2003-09-16 17:59 ` Steen Suder, privat
2003-09-16 18:45 ` Stef Coene
1 sibling, 0 replies; 3+ messages in thread
From: Steen Suder, privat @ 2003-09-16 17:59 UTC (permalink / raw)
To: lartc
Daniel Brahneborg wrote:
> I found a little workaround, but I'm not really happy with it.
<SNIP>
>>I then use iptables -j MARK to set a '1' if the traffic comes from
>>eth1. If not, it should end up in 1:2, and 1:1 and 1:2 should be able
>>to borrow from each other.
>
>
> What I do now is to use ipfilter to set marks on the packets for all six
> classes, and then set all filters on 1:0. A bit more work for iptables,
> but it seems to work. Is it a bug that a fiter can't be added to a class?
It's by design AFAIK.
Packets are enqueued at qdiscs and, thus, it is only meaningful to be
able to attach filters to qdiscs.
I may be wrong though...
Also, the HTB docs instructs the user to attach filters to the root.
--
Mvh. / Best regards,
Steen Suder <http://www.suder.dk/>
ICQ UIN 4133803
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [LARTC] Re: HTB and filters on many levels - Workaround found
2003-07-26 7:49 [LARTC] Re: HTB and filters on many levels - Workaround found Daniel Brahneborg
2003-09-16 17:59 ` Steen Suder, privat
@ 2003-09-16 18:45 ` Stef Coene
1 sibling, 0 replies; 3+ messages in thread
From: Stef Coene @ 2003-09-16 18:45 UTC (permalink / raw)
To: lartc
On Tuesday 16 September 2003 19:59, Steen Suder, privat wrote:
> Daniel Brahneborg wrote:
> > I found a little workaround, but I'm not really happy with it.
>
> <SNIP>
>
> >>I then use iptables -j MARK to set a '1' if the traffic comes from
> >>eth1. If not, it should end up in 1:2, and 1:1 and 1:2 should be able
> >>to borrow from each other.
> >
> > What I do now is to use ipfilter to set marks on the packets for all six
> > classes, and then set all filters on 1:0. A bit more work for iptables,
> > but it seems to work. Is it a bug that a fiter can't be added to a
> > class?
>
> It's by design AFAIK.
> Packets are enqueued at qdiscs and, thus, it is only meaningful to be
> able to attach filters to qdiscs.
>
> I may be wrong though...
>
> Also, the HTB docs instructs the user to attach filters to the root.
You don't have to. You can add the filters to classes and "stack" them. If a
packet is enqueued in the htb qdisc, all filters attached to the root qdisc
are checked. If a packet is redirected to a leaf class, it's dequeued in the
qdisc attached to the class. If a packet is redirected to a class, the
filters attached to that class are examined.
In previously htb versions, htb hangs if you redirect a packet to a non-leaf
class. That's solved in later versions.
Stef
--
stef.coene@docum.org
"Using Linux as bandwidth manager"
http://www.docum.org/
#lartc @ irc.openprojects.net
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2003-09-16 18:45 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-07-26 7:49 [LARTC] Re: HTB and filters on many levels - Workaround found Daniel Brahneborg
2003-09-16 17:59 ` Steen Suder, privat
2003-09-16 18:45 ` Stef Coene
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.