[LARTC] Pakets marked but no shapeing is done - =?unknown-8bit?q?Drago=C2=BA_Cintez=C3=A3?=

From: =?unknown-8bit?q?Drago=C2=BA_Cintez=C3=A3?= <Dragos_Cinteza@web.de>
To: lartc@vger.kernel.org
Subject: [LARTC] Pakets marked but no shapeing is done
Date: Sun, 19 Oct 2003 09:31:23 +0000	[thread overview]
Message-ID: <marc-lartc-106655646120686@msgid-missing> (raw)

<html><head>
<style>
body { FONT-FAMILY:'georgia' ; FONT-SIZE:12 ; }
</style>
</head>
<body align=>
 Hello lartc users, 
 
I mark pakets (by MAC and IP), works on my lan except for 1 single host. 
This host is able to fuck-up the entire network because not a single bit of 
his traffic is shaped. this way when he is downloading there is no more 
internet in the entire LAN. 
 
 
Here is what I get: 
 
~ # iptables -L -n -v 
Chain INPUT (policy DROP 129 packets, 18244 bytes) 
 pkts bytes target prot opt in out source destination 
 121K 89M ipac~o all -- * * 0.0.0.0/0 0.0.0.0/0

   0     0 PSCAN      tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          tcp flags:0x3F/0x3F <br>

   0     0 PSCAN      tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          tcp flags:0x3F/0x00 <br>

2106  103K            tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          tcp flags:0x16/0x02 limit: avg 10/sec burst 5 <br>
 121K   89M CUSTOMINPUT  all  --  *      *       0.0.0.0/0            0.0.0.0/0 <br>

117K   88M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0          state RELATED,ESTABLISHED <br>
  215  7951 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0 <br>
   21  1260 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0 <br>

 671 40197 ACCEPT     all  --  eth0   *       192.168.1.1          0.0.0.0/0          MAC 00:02:44:67:30:30 <br>

  54  4471 ACCEPT     all  --  eth0   *       192.168.1.2          0.0.0.0/0          MAC 00:02:44:67:30:5E <br>

1417 87806 ACCEPT     all  --  eth0   *       192.168.1.3          0.0.0.0/0          MAC 00:02:44:59:71:40 <br>

 734 56195 ACCEPT     all  --  eth0   *       192.168.1.4          0.0.0.0/0          MAC 00:D0:09:D5:6B:12 <br>

 394 28308 ACCEPT     all  --  eth0   *       192.168.1.5          0.0.0.0/0          MAC 00:50:FC:9D:7A:5B <br>

   0     0 ACCEPT     all  --  eth0   *       192.168.1.6          0.0.0.0/0          MAC 00:80:5F:8F:C2:48 <br>

 109 11947 ACCEPT     all  --  eth0   *       192.168.1.7          0.0.0.0/0          MAC 00:06:4F:05:FB:16 <br>
    0     0 ACCEPT     all  --  ipsec+ *       0.0.0.0/0            0.0.0.0/0 <br>
  129 18244 RED        all  --  *      *       0.0.0.0/0            0.0.0.0/0 <br>
  129 18244 XTACCESS   all  --  *      *       0.0.0.0/0            0.0.0.0/0 <br>

 113 16529 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0          limit: avg 10/min burst 5 LOG flags 0 level 4 prefix `INPUT ' <br>
 <br>
Chain FORWARD (policy DROP 0 packets, 0 bytes) <br>
 pkts bytes target     prot opt in     out     source               destination <br>
 198K   62M ipac~fi    all  --  *      *       0.0.0.0/0            0.0.0.0/0 <br>
 198K   62M ipac~fo    all  --  *      *       0.0.0.0/0            0.0.0.0/0 <br>

   0     0 PSCAN      tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          tcp flags:0x3F/0x3F <br>

   0     0 PSCAN      tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          tcp flags:0x3F/0x00 <br>

198K   62M CUSTOMFORWARD  all  --  *      *       0.0.0.0/0            0.0.0.0/0 <br>

190K   61M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0          state RELATED,ESTABLISHED <br>

   0     0 ACCEPT     all  --  eth0   *       192.168.1.1          0.0.0.0/0          MAC 00:02:44:67:30:30 <br>

   1    48 ACCEPT     all  --  eth0   *       192.168.1.2          0.0.0.0/0          MAC 00:02:44:67:30:5E <br>

 429 54514 ACCEPT     all  --  eth0   *       192.168.1.3          0.0.0.0/0          MAC 00:02:44:59:71:40 <br>

6831  832K ACCEPT     all  --  eth0   *       192.168.1.4          0.0.0.0/0          MAC 00:D0:09:D5:6B:12 <br>

 478 28669 ACCEPT     all  --  eth0   *       192.168.1.5          0.0.0.0/0          MAC 00:50:FC:9D:7A:5B <br>

   0     0 ACCEPT     tcp  --  eth1   *       0.0.0.0/0            192.168.1.5        tcp dpt:19995 <br>

   0     0 ACCEPT     tcp  --  eth1   *       0.0.0.0/0            192.168.1.5        tcp dpt:19995 <br>

   0     0 ACCEPT     all  --  eth0   *       192.168.1.6          0.0.0.0/0          MAC 00:80:5F:8F:C2:48 <br>

  72  5774 ACCEPT     all  --  eth0   *       192.168.1.7          0.0.0.0/0          MAC 00:06:4F:05:FB:16 <br>
    0     0 ACCEPT     all  --  ipsec+ *       0.0.0.0/0            0.0.0.0/0 <br>

   0     0 PORTFWACCESS  all  --  *      *       0.0.0.0/0            0.0.0.0/0 <br>
    0     0 DMZHOLES   all  --  *      eth0    0.0.0.0/0            0.0.0.0/0 <br>

   0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0          limit: avg 10/min burst 5 LOG flags 0 level 4 prefix `OUTPUT ' <br>
 <br>
Chain OUTPUT (policy ACCEPT 141K packets, 85M bytes) <br>
 pkts bytes target     prot opt in     out     source               destination <br>
 141K   85M ipac~i     all  --  *      *       0.0.0.0/0            0.0.0.0/0 <br>
 <br>
Chain CUSTOMFORWARD (1 references) <br>
 pkts bytes target     prot opt in     out     source               destination <br>
 <br>
The
bad host is 192.168. 1.1. As you can see his pakets are marked, but then the shapeing is not done at all.<br>
 <br>
~ # tc -d -s class show dev eth1 <br>
class
htb 10:10 root rate 125Kbit ceil 125Kbit burst 40Kb/8 mpu 0b cburst 1759b/8 mpu 0b level 7 <br>
 Sent 45405999 bytes 110084 pkts (dropped 0, overlimits 0) <br>
 rate 90bps 1pps <br>
 lended: 35284 borrowed: 0 giants: 0 <br>
 tokens: 2086912 ctokens: 79872 <br>
 <br>
class
htb 10:1 parent 10:10 prio 2 quantum 1500 rate 18Kbit ceil 125Kbit burst 40Kb/8 mpu 0b cburst 1759b/8 mpu 0b level 0 <br>
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0) <br>
 lended: 0 borrowed: 0 giants: 0 <br>
 tokens: 14563554 ctokens: 90112 <br>
 <br>
class
htb 10:2 parent 10:10 prio 2 quantum 1500 rate 18Kbit ceil 125Kbit burst 40Kb/8 mpu 0b cburst 1759b/8 mpu 0b level 0 <br>
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0) <br>
 lended: 0 borrowed: 0 giants: 0 <br>
 tokens: 14563554 ctokens: 90112 <br>
 <br>
class
htb 10:3 parent 10:10 prio 2 quantum 1500 rate 18Kbit ceil 125Kbit burst 40Kb/8 mpu 0b cburst 1759b/8 mpu 0b level 0 <br>
 Sent 446562 bytes 6804 pkts (dropped 0, overlimits 0) <br>
 rate 5bps <br>
 lended: 6804 borrowed: 0 giants: 0 <br>
 tokens: 14344532 ctokens: 58573 <br>
 <br>
class
htb 10:4 parent 10:10 prio 2 quantum 1500 rate 18Kbit ceil 125Kbit burst 40Kb/8 mpu 0b cburst 1759b/8 mpu 0b level 0 <br>
 Sent 44734592 bytes 102026 pkts (dropped 0, overlimits 0) <br>
 rate 37bps <br>
 lended: 66742 borrowed: 35284 giants: 0 <br>
 tokens: 14518044 ctokens: 83560 <br>
 <br>
class
htb 10:5 parent 10:10 prio 2 quantum 1500 rate 20Kbit ceil 125Kbit burst 40Kb/8 mpu 0b cburst 1759b/8 mpu 0b level 0 <br>
 Sent 216317 bytes 1153 pkts (dropped 0, overlimits 0) <br>
 rate 60bps <br>
 lended: 1153 borrowed: 0 giants: 0 <br>
 tokens: 12304384 ctokens: 79872 <br>
 <br>
class
htb 10:6 parent 10:10 prio 2 quantum 1500 rate 18Kbit ceil 125Kbit burst 40Kb/8 mpu 0b cburst 1759b/8 mpu 0b level 0 <br>
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0) <br>
 lended: 0 borrowed: 0 giants: 0 <br>
 tokens: 14563554 ctokens: 90112 <br>
 <br>
class
htb 10:7 parent 10:10 prio 2 quantum 1500 rate 18Kbit ceil 125Kbit burst 40Kb/8 mpu 0b cburst 1759b/8 mpu 0b level 0 <br>
 Sent 8528 bytes 101 pkts (dropped 0, overlimits 0) <br>
 lended: 101 borrowed: 0 giants: 0 <br>
 tokens: 14546488 ctokens: 87655 <br>
  <br>
And this is the version I use<br>
kernel HTB init, kernel part version 3.10 </body></html>

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/