* Re: [LARTC] Does -j TOS actually do anything?
2003-11-05 12:34 [LARTC] Does -j TOS actually do anything? Thomas Worthington
@ 2003-11-05 14:03 ` Thomas Worthington
2003-11-05 20:11 ` Stef Coene
` (5 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: Thomas Worthington @ 2003-11-05 14:03 UTC (permalink / raw)
To: lartc
On Wed, 05 Nov 2003 12:34:20 -0000, Thomas Worthington <lartc@tww.cx>
wrote:
>
> iptables -t mangle -I OUTPUT -p icmp -s 192.168.0.198 -j TOS --set-tos 16
Sorry, that line crept in from one of the experimental setups: it should
of course be:
iptables -t mangle -I OUTPUT -s 192.168.0.198 -j TOS --set-tos 16
TWW
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 8+ messages in thread* Re: [LARTC] Does -j TOS actually do anything?
2003-11-05 12:34 [LARTC] Does -j TOS actually do anything? Thomas Worthington
2003-11-05 14:03 ` Thomas Worthington
@ 2003-11-05 20:11 ` Stef Coene
2003-11-05 21:26 ` Thomas Worthington
` (4 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: Stef Coene @ 2003-11-05 20:11 UTC (permalink / raw)
To: lartc
On Wednesday 05 November 2003 15:03, Thomas Worthington wrote:
> On Wed, 05 Nov 2003 12:34:20 -0000, Thomas Worthington <lartc@tww.cx>
>
> wrote:
> > iptables -t mangle -I OUTPUT -p icmp -s 192.168.0.198 -j TOS --set-tos 16
>
> Sorry, that line crept in from one of the experimental setups: it should
> of course be:
>
> iptables -t mangle -I OUTPUT -s 192.168.0.198 -j TOS --set-tos 16
What's the output of
iptables -L -v -n -t mangle
Stef
--
stef.coene@docum.org
"Using Linux as bandwidth manager"
http://www.docum.org/
#lartc @ irc.openprojects.net
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 8+ messages in thread* Re: [LARTC] Does -j TOS actually do anything?
2003-11-05 12:34 [LARTC] Does -j TOS actually do anything? Thomas Worthington
2003-11-05 14:03 ` Thomas Worthington
2003-11-05 20:11 ` Stef Coene
@ 2003-11-05 21:26 ` Thomas Worthington
2003-11-05 22:25 ` Patrick McHardy
` (3 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: Thomas Worthington @ 2003-11-05 21:26 UTC (permalink / raw)
To: lartc
On Wed, 5 Nov 2003 21:11:10 +0100, Stef Coene <stef.coene@docum.org> wrote:
> What's the output of
> iptables -L -v -n -t mangle
>
> Stef
>
Currently:
Chain PREROUTING (policy ACCEPT 6088 packets, 2069K bytes)
pkts bytes target prot opt in out source
destination
Chain INPUT (policy ACCEPT 1134 packets, 116K bytes)
pkts bytes target prot opt in out source
destination
Chain FORWARD (policy ACCEPT 4954 packets, 1953K bytes)
pkts bytes target prot opt in out source
destination
Chain OUTPUT (policy ACCEPT 805 packets, 97871 bytes)
pkts bytes target prot opt in out source
destination
0 0 TOS all -- * * 192.168.0.198
0.0.0.0/0 TOS set 0x10
Chain POSTROUTING (policy ACCEPT 5759 packets, 2051K bytes)
pkts bytes target prot opt in out source
destination
Thomas
--
Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 8+ messages in thread* Re: [LARTC] Does -j TOS actually do anything?
2003-11-05 12:34 [LARTC] Does -j TOS actually do anything? Thomas Worthington
` (2 preceding siblings ...)
2003-11-05 21:26 ` Thomas Worthington
@ 2003-11-05 22:25 ` Patrick McHardy
2003-11-06 8:54 ` Thomas Worthington
` (2 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: Patrick McHardy @ 2003-11-05 22:25 UTC (permalink / raw)
To: lartc
Where did you get the information that setting TOS with
netfilter would affect prio classification ? From what
I can see in the source, prio classifies by skb->priority
which only inheirits a value from tos field during the
forwarding process. I can recall skb->priority also
beeing affected by setsockopt(IP_TOS) (besides SO_PRIORITY)
but not by simply setting the tos field in the ip header.
Best regards,
Patrick
BTW: the netfilter CLASSIFY target from 2.6 or netfiler
patch-o-matic can set skb->priority which is what you need.
Thomas Worthington wrote:
> Very simple setup: I have several machines, one of which
> (192.168.0.198) is used exclusively as a vnc client to a remote site.
> I want it to get priority over guff like email and web etc.
>
> tc qdisc add dev eth1 root handle 1: prio
> tc qdisc add dev eth1 parent 1:1 handle 10: pfifo
> tc qdisc add dev eth1 parent 1:2 handle 20: pfifo
> tc qdisc add dev eth1 parent 1:3 handle 30: pfifo
>
> iptables -t mangle -I OUTPUT -p icmp -s 192.168.0.198 -j TOS --set-tos 16
>
> Effect: zero. All the vnc traffic from x.198 goes into 1:2.
>
> I've tried all the tables (PREROUTE etc) to no avail. I even tried
> applying the TOS change to ALL traffice bound for eth1 (the outside
> line) and still saw no change in the queuing despite tcpdump showing
> that the tos bits were being set.
>
> Why does this not work? It seems as if the priority is being set
> before iptables' mangle rules are applied.
>
> Thomas Worthington
>
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 8+ messages in thread* Re: [LARTC] Does -j TOS actually do anything?
2003-11-05 12:34 [LARTC] Does -j TOS actually do anything? Thomas Worthington
` (3 preceding siblings ...)
2003-11-05 22:25 ` Patrick McHardy
@ 2003-11-06 8:54 ` Thomas Worthington
2003-11-06 21:47 ` Stef Coene
2003-11-06 22:34 ` Thomas Worthington
6 siblings, 0 replies; 8+ messages in thread
From: Thomas Worthington @ 2003-11-06 8:54 UTC (permalink / raw)
To: lartc
On Wed, 05 Nov 2003 23:25:38 +0100, Patrick McHardy <kaber@trash.net>
wrote:
> Where did you get the information that setting TOS with
> netfilter would affect prio classification ? From what
> I can see in the source, prio classifies by skb->priority
> which only inheirits a value from tos field during the
> forwarding process. I can recall skb->priority also
> beeing affected by setsockopt(IP_TOS) (besides SO_PRIORITY)
> but not by simply setting the tos field in the ip header.
Well, it just seemed obvious. One man's "obvious" being another's "bloody
stupid idea", of course. Since prio is all based on tos bits it seems
logical that changing those bits would have some effect.
I was partly just asking the simple question: are the TOS bits used to
prioritise before netfilter gets its hand on them? The answer, from what
you say, seems to be "yes". It seems a shame since its such an eligant and
intuative way to do simple shaping of this sort
>
> Best regards,
> Patrick
>
> BTW: the netfilter CLASSIFY target from 2.6 or netfiler
> patch-o-matic can set skb->priority which is what you need.
This is for active duty so I'll not be running 2.6 until someone tells me
it's stable...
Thanks,
Thomas
> Thomas Worthington wrote:
>
>> Very simple setup: I have several machines, one of which
>> (192.168.0.198) is used exclusively as a vnc client to a remote site. I
>> want it to get priority over guff like email and web etc.
>>
>> tc qdisc add dev eth1 root handle 1: prio
>> tc qdisc add dev eth1 parent 1:1 handle 10: pfifo
>> tc qdisc add dev eth1 parent 1:2 handle 20: pfifo
>> tc qdisc add dev eth1 parent 1:3 handle 30: pfifo
>>
>> iptables -t mangle -I OUTPUT -p icmp -s 192.168.0.198 -j TOS --set-tos
>> 16
>>
>> Effect: zero. All the vnc traffic from x.198 goes into 1:2.
>>
>> I've tried all the tables (PREROUTE etc) to no avail. I even tried
>> applying the TOS change to ALL traffice bound for eth1 (the outside
>> line) and still saw no change in the queuing despite tcpdump showing
>> that the tos bits were being set.
>>
>> Why does this not work? It seems as if the priority is being set before
>> iptables' mangle rules are applied.
>>
>> Thomas Worthington
>>
>
>
--
Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 8+ messages in thread* Re: [LARTC] Does -j TOS actually do anything?
2003-11-05 12:34 [LARTC] Does -j TOS actually do anything? Thomas Worthington
` (4 preceding siblings ...)
2003-11-06 8:54 ` Thomas Worthington
@ 2003-11-06 21:47 ` Stef Coene
2003-11-06 22:34 ` Thomas Worthington
6 siblings, 0 replies; 8+ messages in thread
From: Stef Coene @ 2003-11-06 21:47 UTC (permalink / raw)
To: lartc
On Wednesday 05 November 2003 22:26, Thomas Worthington wrote:
> Chain OUTPUT (policy ACCEPT 805 packets, 97871 bytes)
> pkts bytes target prot opt in out source
> destination
> 0 0 TOS all -- * * 192.168.0.198
> 0.0.0.0/0 TOS set 0x10
None of the packets are matchde by the iptables rule.
Are you sure you have to do this in OUTPUT? See :
http://www.docum.org/stef.coene/qos/kptd/
If you are trying this on a router, try to change the tos in POSTROUTING.
Stef
--
stef.coene@docum.org
"Using Linux as bandwidth manager"
http://www.docum.org/
#lartc @ irc.openprojects.net
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 8+ messages in thread* Re: [LARTC] Does -j TOS actually do anything?
2003-11-05 12:34 [LARTC] Does -j TOS actually do anything? Thomas Worthington
` (5 preceding siblings ...)
2003-11-06 21:47 ` Stef Coene
@ 2003-11-06 22:34 ` Thomas Worthington
6 siblings, 0 replies; 8+ messages in thread
From: Thomas Worthington @ 2003-11-06 22:34 UTC (permalink / raw)
To: lartc
On Thu, 6 Nov 2003 22:47:06 +0100, Stef Coene <stef.coene@docum.org> wrote:
> On Wednesday 05 November 2003 22:26, Thomas Worthington wrote:
>> Chain OUTPUT (policy ACCEPT 805 packets, 97871 bytes)
>> pkts bytes target prot opt in out source
>> destination
>> 0 0 TOS all -- * * 192.168.0.198
>> 0.0.0.0/0 TOS set 0x10
> None of the packets are matchde by the iptables rule.
> Are you sure you have to do this in OUTPUT? See :
> http://www.docum.org/stef.coene/qos/kptd/
> If you are trying this on a router, try to change the tos in POSTROUTING.
>
> Stef
>
I tried all five tables! It appears that I was simply misguided: setting
TOS doe indeed have no effect as it happens after the priority has been
set; a different filter is needed.
I'm leaving the list now as it seems to be a great way to instantly sign
up for tons of spam (as you can imagine, this is the only thing that I've
ever used this email address for and after only two days it's become a
spam magnet).
Thanks to everyone that helped; I'll try some of the other methods.
Thomas Worthington
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 8+ messages in thread