[LARTC] Does -j TOS actually do anything?

[LARTC] Does -j TOS actually do anything?

[Thomas Worthington]

Very simple setup: I have several machines, one of which (192.168.0.198) 
is used exclusively as a vnc client to a remote site. I want it to get 
priority over guff like email and web etc.

tc qdisc add dev eth1 root handle 1: prio
tc qdisc add dev eth1 parent 1:1 handle 10: pfifo
tc qdisc add dev eth1 parent 1:2 handle 20: pfifo
tc qdisc add dev eth1 parent 1:3 handle 30: pfifo

iptables -t mangle -I OUTPUT -p icmp -s 192.168.0.198 -j TOS --set-tos 16

Effect: zero. All the vnc traffic from x.198 goes into 1:2.

I've tried all the tables (PREROUTE etc) to no avail. I even tried 
applying the TOS change to ALL traffice bound for eth1 (the outside line) 
and still saw no change in the queuing despite tcpdump showing that the 
tos bits were being set.

Why does this not work? It seems as if the priority is being set before 
iptables' mangle rules are applied.

Thomas Worthington

-- 
Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Does -j TOS actually do anything?

[Thomas Worthington]

On Wed, 05 Nov 2003 12:34:20 -0000, Thomas Worthington <lartc@tww.cx> 
wrote:

>
> iptables -t mangle -I OUTPUT -p icmp -s 192.168.0.198 -j TOS --set-tos 16

Sorry, that line crept in from one of the experimental setups: it should 
of course be:

iptables -t mangle -I OUTPUT -s 192.168.0.198 -j TOS --set-tos 16

TWW
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Does -j TOS actually do anything?

[Stef Coene]

On Wednesday 05 November 2003 15:03, Thomas Worthington wrote:
> On Wed, 05 Nov 2003 12:34:20 -0000, Thomas Worthington <lartc@tww.cx>
>
> wrote:
> > iptables -t mangle -I OUTPUT -p icmp -s 192.168.0.198 -j TOS --set-tos 16
>
> Sorry, that line crept in from one of the experimental setups: it should
> of course be:
>
> iptables -t mangle -I OUTPUT -s 192.168.0.198 -j TOS --set-tos 16
What's the output of
iptables -L -v -n -t mangle

Stef

-- 
stef.coene@docum.org
 "Using Linux as bandwidth manager"
     http://www.docum.org/
     #lartc @ irc.openprojects.net

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Does -j TOS actually do anything?

[Thomas Worthington]

On Wed, 5 Nov 2003 21:11:10 +0100, Stef Coene <stef.coene@docum.org> wrote:
> What's the output of
> iptables -L -v -n -t mangle
>
> Stef
>

Currently:

Chain PREROUTING (policy ACCEPT 6088 packets, 2069K bytes)
  pkts bytes target     prot opt in     out     source               
destination

Chain INPUT (policy ACCEPT 1134 packets, 116K bytes)
  pkts bytes target     prot opt in     out     source               
destination

Chain FORWARD (policy ACCEPT 4954 packets, 1953K bytes)
  pkts bytes target     prot opt in     out     source               
destination

Chain OUTPUT (policy ACCEPT 805 packets, 97871 bytes)
  pkts bytes target     prot opt in     out     source               
destination
     0     0 TOS        all  --  *      *       192.168.0.198        
0.0.0.0/0          TOS set 0x10

Chain POSTROUTING (policy ACCEPT 5759 packets, 2051K bytes)
  pkts bytes target     prot opt in     out     source               
destination

Thomas

-- 
Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Does -j TOS actually do anything?

[Patrick McHardy]

Where did you get the information that setting TOS with
netfilter would affect prio classification ? From what
I can see in the source, prio classifies by skb->priority
which only inheirits a value from tos field during the
forwarding process. I can recall skb->priority also
beeing affected by setsockopt(IP_TOS) (besides SO_PRIORITY)
but not by simply setting the tos field in the ip header.

Best regards,
Patrick

BTW: the netfilter CLASSIFY target from 2.6 or netfiler
patch-o-matic can set skb->priority which is what you need.

Thomas Worthington wrote:

> Very simple setup: I have several machines, one of which 
> (192.168.0.198) is used exclusively as a vnc client to a remote site. 
> I want it to get priority over guff like email and web etc.
>
> tc qdisc add dev eth1 root handle 1: prio
> tc qdisc add dev eth1 parent 1:1 handle 10: pfifo
> tc qdisc add dev eth1 parent 1:2 handle 20: pfifo
> tc qdisc add dev eth1 parent 1:3 handle 30: pfifo
>
> iptables -t mangle -I OUTPUT -p icmp -s 192.168.0.198 -j TOS --set-tos 16
>
> Effect: zero. All the vnc traffic from x.198 goes into 1:2.
>
> I've tried all the tables (PREROUTE etc) to no avail. I even tried 
> applying the TOS change to ALL traffice bound for eth1 (the outside 
> line) and still saw no change in the queuing despite tcpdump showing 
> that the tos bits were being set.
>
> Why does this not work? It seems as if the priority is being set 
> before iptables' mangle rules are applied.
>
> Thomas Worthington
>

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Does -j TOS actually do anything?

[Thomas Worthington]

On Wed, 05 Nov 2003 23:25:38 +0100, Patrick McHardy <kaber@trash.net> 
wrote:

> Where did you get the information that setting TOS with
> netfilter would affect prio classification ? From what
> I can see in the source, prio classifies by skb->priority
> which only inheirits a value from tos field during the
> forwarding process. I can recall skb->priority also
> beeing affected by setsockopt(IP_TOS) (besides SO_PRIORITY)
> but not by simply setting the tos field in the ip header.

Well, it just seemed obvious. One man's "obvious" being another's "bloody 
stupid idea", of course. Since prio is all based on tos bits it seems 
logical that changing those bits would have some effect.

I was partly just asking the simple question: are the TOS bits used to 
prioritise before netfilter gets its hand on them? The answer, from what 
you say, seems to be "yes". It seems a shame since its such an eligant and 
intuative way to do simple shaping of this sort

>
> Best regards,
> Patrick
>
> BTW: the netfilter CLASSIFY target from 2.6 or netfiler
> patch-o-matic can set skb->priority which is what you need.

This is for active duty so I'll not be running 2.6 until someone tells me 
it's stable...

Thanks,

Thomas

> Thomas Worthington wrote:
>
>> Very simple setup: I have several machines, one of which 
>> (192.168.0.198) is used exclusively as a vnc client to a remote site. I 
>> want it to get priority over guff like email and web etc.
>>
>> tc qdisc add dev eth1 root handle 1: prio
>> tc qdisc add dev eth1 parent 1:1 handle 10: pfifo
>> tc qdisc add dev eth1 parent 1:2 handle 20: pfifo
>> tc qdisc add dev eth1 parent 1:3 handle 30: pfifo
>>
>> iptables -t mangle -I OUTPUT -p icmp -s 192.168.0.198 -j TOS --set-tos 
>> 16
>>
>> Effect: zero. All the vnc traffic from x.198 goes into 1:2.
>>
>> I've tried all the tables (PREROUTE etc) to no avail. I even tried 
>> applying the TOS change to ALL traffice bound for eth1 (the outside 
>> line) and still saw no change in the queuing despite tcpdump showing 
>> that the tos bits were being set.
>>
>> Why does this not work? It seems as if the priority is being set before 
>> iptables' mangle rules are applied.
>>
>> Thomas Worthington
>>
>
>

-- 
Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Does -j TOS actually do anything?

[Stef Coene]

On Wednesday 05 November 2003 22:26, Thomas Worthington wrote:
> Chain OUTPUT (policy ACCEPT 805 packets, 97871 bytes)
>   pkts bytes target     prot opt in     out     source
> destination
>      0     0 TOS        all  --  *      *       192.168.0.198
> 0.0.0.0/0          TOS set 0x10
None of the packets are matchde by the iptables rule.  
Are you sure you have to do this in OUTPUT?  See :
http://www.docum.org/stef.coene/qos/kptd/
If you are trying this on a router, try to change the tos in POSTROUTING.

Stef

-- 
stef.coene@docum.org
 "Using Linux as bandwidth manager"
     http://www.docum.org/
     #lartc @ irc.openprojects.net

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Does -j TOS actually do anything?

[Thomas Worthington]

On Thu, 6 Nov 2003 22:47:06 +0100, Stef Coene <stef.coene@docum.org> wrote:

> On Wednesday 05 November 2003 22:26, Thomas Worthington wrote:
>> Chain OUTPUT (policy ACCEPT 805 packets, 97871 bytes)
>>   pkts bytes target     prot opt in     out     source
>> destination
>>      0     0 TOS        all  --  *      *       192.168.0.198
>> 0.0.0.0/0          TOS set 0x10
> None of the packets are matchde by the iptables rule.
> Are you sure you have to do this in OUTPUT?  See :
> http://www.docum.org/stef.coene/qos/kptd/
> If you are trying this on a router, try to change the tos in POSTROUTING.
>
> Stef
>

I tried all five tables! It appears that I was simply misguided: setting 
TOS doe indeed have no effect as it happens after the priority has been 
set; a different filter is needed.

I'm leaving the list now as it seems to be a great way to instantly sign 
up for tons of spam (as you can imagine, this is the only thing that I've 
ever used this email address for and after only two days it's become a 
spam magnet).

Thanks to everyone that helped; I'll try some of the other methods.

Thomas Worthington
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/