From: Andy Furniss <andy.furniss@dsl.pipex.com>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Rules OK (?), no filtering...
Date: Tue, 17 May 2005 20:27:57 +0000 [thread overview]
Message-ID: <428A53CD.4020409@dsl.pipex.com> (raw)
In-Reply-To: <20050516221144.GC879@zebra.tango.charly>
karcinox@globetrotter.net wrote:
> Hi
>
> I have defined a single HTB qdisc on eth0 with one root class 1:1 further subdivided as below, nothing complicated.
>
>
> 1: (root qdisc)
> |
> |
> 1:1 (root class)
> /\
> / \
> / \
> / \
> / \
> 1:10 \ }
> / | \ 1:20 }
> / | \ / \ } <------ subclasses
> / | \ / \ }
> 1:100 1:200 1:300 1:201 1:202 }
> | | | | |
> | | | | |
> 101: 102: 103: 201: 202: <------ sqf qdiscs
>
>
>
> I have a filtering rule on 1: directing everything from/to IP_address.xx.yy.zz to class 1:20.
> There is a filtering rule on (subclass) 1:20
From the filter stats it looks like you have everything on 1:0 some
should have parent 1:20
directing everything to/from ports 25, 80, 110, 119 to (subclass) 1:201.
> n
> Also, there are further filtering rules on 1:10 towards 1:200 and 1:300, based on src ip addresses.
> That's it for filtering rules.
> In my definition for htb 1: I included "default 10"
>
> I have enclosed the details (but not the script that generated this configuration) at the end.
Seeing that would be easier.
As you can see, even though the qdiscs and classes are properly
defined with (seemingly) proper filters, there is traffic only on
subclass 1:201, sqf 201: and on htb 1:, rootclass 1:1. None on the other
branches...
>
> But a capture of the traffic confirms that there is indeed activity on those other branches.
>
> I have assumed (wrongly?) that defining two filter rules on 1:10 would send all unmatched traffic on the third branch (same assumption for the filter on 1: and on 1:20). When I tried the following (as mentioned in the documentation):
>
> tc filter add dev eth0 protocol ip parent 1:10 prio 2 flowid 1:100
tc filter add dev eth0 protocol ip parent 1:10 prio 3 u32 match u32 0 0
flowid 1:100 should do it make the other 2 on 1:10 prio 1 and 2 to be
sure (though it will probably be OK with all at same prio if they get
installed in the right order)
>
> on the line following my two filter definitions, hoping to send "packets not matched so far" to 1:100, tc complained: "unknown filter "flowid" hence opion "1:100" is unparsable"...
>
> Can one define filtering rules on classes as well as on qdiscs?
yes
Does the target have to be a qdisc or can it also be a class?
can be a class.
What about default behaviour?
not sure about htb default I only ever set it to a leaf - remember arp
will go there if you shape eth unless you filter it elsewhere.
Andy.
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
prev parent reply other threads:[~2005-05-17 20:27 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-05-16 22:11 [LARTC] Rules OK (?), no filtering karcinox
2005-05-17 20:27 ` Andy Furniss [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=428A53CD.4020409@dsl.pipex.com \
--to=andy.furniss@dsl.pipex.com \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox