From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andy Furniss Date: Wed, 01 Jun 2016 16:45:14 +0000 Subject: Re: reroute icmp traffic from one interface to another Message-Id: <574F111A.2060106@gmail.com> List-Id: References: <20160531171329.Horde.SLfG6i6j_hmWsfb5FjpBZwP@ermis.noc.duth.gr> In-Reply-To: <20160531171329.Horde.SLfG6i6j_hmWsfb5FjpBZwP@ermis.noc.duth.gr> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit To: lartc@vger.kernel.org Ηλια Χατζηστυλη wrote: > the code used to rerout traffic and limmit bandwith is : > tc qdisc add dev $IF root handle 1:0 htb default 30 > echo "class 10(home) 20(guest)" > tc class add dev $IF parent 1: classid 1:1 htb rate 2mbit > tc class add dev $IF parent 1:1 classid 1:10 htb rate 2mbit > --home user bandwidth > tc class add dev $IF parent 1:1 classid 1:20 htb rate > 200kbit--guest user bw > tc class add dev $IF parent 1:1 classid 1:30 htb rate 2mbit > tc qdisc add dev $IF parent 1:10 handle 100: bfifo limit 75000 > tc qdisc add dev $IF parent 1:20 handle 200: bfifo limit 75000 > > #---- > #---QDISC gia to download > > tc qdisc add dev $IF handle ffff: ingress > tc filter add dev $IF parent ffff: protocol ip prio 50 u32 match ip > src 0.0.0.0/0 police rate 30mbit burst 30mbit drop flowid :1 Policers are not very good in practice, consider using ifb. Either way policing/shaping ingress traffic is not totally controllable like it is on egress. > I send this nping command with the --data-length extension so that the > ping will not be treated as a single bit. If htb/bfifo is not backlogged then the packet will get sent instantly whatever length it is.