Re: Antwort: Re: [LARTC] tc and masquerading probs

From: organix <organix@neoterra.de>
To: lartc@vger.kernel.org
Subject: Re: Antwort: Re: [LARTC] tc and masquerading probs
Date: Tue, 22 May 2001 23:57:17 +0000	[thread overview]
Message-ID: <marc-lartc-99057583708288@msgid-missing> (raw)
In-Reply-To: <marc-lartc-99045859130110@msgid-missing>

Hi,

ok, first to all, I've changed my email address to get mails from this
list. Before the change I was m.dages@avk.net.
Ok, now. I've wrote a small shell script to setup my tc config. It
should give you a small overview how I handle different conditions with
the u32 filter. In my setup I give all traffic that comes directly from
the router and destined to a machine of my lan the full bandwidth. Other
traffic for specific destination ip's is limited to 128kbit.
This works because the filter for traffic from the router to the lan
have a higher prio of 15 (smaller value) as the other filters.

Greetings,

Organix 'Markus'

#!/bin/bash
TC=/sbin/tc
DEVICE=eth0
LAN_BW\x100Mbit
LAN_WEIGHT\x10Mbit
SHAPE1_BW\x128Kbit
SHAPE1_WEIGHT\x13Kbit
SHAPE1_ID\x128
DST_IP="192.168.100.7/32 192.168.100.5/32 192.168.100.34/32"
LAN_NET\x192.168.100.0/24
ROUTER_IP\x192.168.100.250/32

# Setup the root qdiscipline
echo "setup root qdisc on $DEVICE"
$TC qdisc add dev $DEVICE root handle 100: cbq bandwidth $LAN_BW avpkt
1000

# Generate the root class
echo "generate root class 100:1"
$TC class add dev $DEVICE parent 100:0 classid 100:1 cbq bandwidth
$LAN_BW rate $LAN_BW allot 1514 weight $LAN_WEIGHT prio 8 maxburst 20
avpkt 1000

# Generate a class for 128Kbit
echo "generate class 100:$SHAPE1_ID"
$TC class add dev $DEVICE parent 100:1 classid 100:$SHAPE1_ID cbq
bandwidth $LAN_BW rate $SHAPE1_BW allot 1513 weight $SHAPE1_WEIGHT prio
5 maxburst 20 avpkt 1000 bounded

# Setup the queues
echo "setup queue for 100:$SHAPE1_ID"
$TC qdisc add dev $DEVICE parent 100:$SHAPE1_ID sfq quantum 1514b
perturb 15

# Setup the filter
echo "setup filter for traffic that comes from this host to lan - PRIO
15"
$TC filter add dev $DEVICE parent 100:0 protocol ip prio 15 u32 match ip
src $ROUTER_IP match ip dst $LAN_NET flowid 100:1

for dstip in $DST_IP
do
echo "setup filter for traffic to $dstip - PRIO 30"
$TC filter add dev $DEVICE parent 100:0 protocol ip prio 30 u32 match ip
dst $dstip flowid 100:$SHAPE1_ID
done

On 22 May 2001 11:27:24 +1000, Manfred Bartz wrote:
> m.dages@avk.net writes:
> 
> > wningtung.leung wrote:
> 
> > > The solution I propose (haven't tested it though):
> > > 
> > > Don't use firewall marks, but use the u32 filter instead.
> > > 
> > > Look at the source and target IP and redirect the pakket to the
> > > correct class.
> > > 
> > > (source != router && dest = low_prio_host)  ->  slow_class
> > > (source != router && dest = hi_prio_host)  ->  no_limit
> > > (source = router)  ->  no_limit
> > > 
> > > This is only an idea for the downstream, I haven't been thinking
> > > about limitimg the upstream.
> 
> > ... looking also at the source ip with the u32 filter works very
> > well.
> 
> I would like to do just that, but I can't figure out how to specify
> multiple conditions for u32 filtering.  Could you give an example?
> 
> Currently I have specified filters like:
> 
> tc filter add dev eth2 parent 2:0 protocol ip prio 20 u32 \
>      match ip dst 192.168.2.12 flowid 2:212
> 
> Also, I assume lower ``prio'' values mean the rule takes preference
> over rules with higher values?
> 
> -- 
> Manfred
> 
> 
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/