Re: [LARTC] Filter in HTB not working

[Corey Rogers <jrog@sunbeach.net>]

[-- Attachment #1: Type: text/plain, Size: 3739 bytes --]

From what I see you are running a telnet daemon. If not it will never
work. If you are doing this to shape telnet traffic from a telnet client
then rather than sport it'll have to be dport.


On Thu, 2002-12-19 at 08:06, Nestor S A Melo wrote:
> I have a problem in setting up HTB.
> 
> It appears filters doesn't work at all, besides "tc filter show" show it as 
> being correctly configured.
> 
> Class 1:10 never sent any traffic, but as iptables show below, it should be 
> sending packets.
> 
> The HTB version I'm using is 3.3, with kernel 2.4.17.
> 
> The setup is as follows:
> ---------------------------------------------------------------
> tc qdisc del dev eth0 root
> tc qdisc add dev eth0 root handle 1 htb default 20 r2q 10
> 
> tc class add dev eth0 parent 1: classid 1:2 htb rate 256kbit
> 
> tc class add dev eth0 parent 1:2 classid 1:10 htb rate 26kbit ceil 128kbit 
> prio
> 1
> tc qdisc add dev eth0 parent 1:10 handle 10 sfq perturb 10
> tc filter add dev eth0 parent 1:0 protocol ip prio 100 u32 match ip sport 23 
> 0xffff classid 1:10
> 
> tc class add dev eth0 parent 1:2 classid 1:20 htb rate 220kbit ceil 256kbit 
> prio 2
> tc qdisc add dev eth0 parent 1:20 handle 20 sfq perturb 10
> ---------------------------------------------------------------
> 
> The stats:
> ---------------------------------------------------------------
> [root@NL1000 htb]# tc -s -d qdisc show
> qdisc sfq 20: dev eth0 quantum 1514b limit 128p flows 128/1024 perturb 10sec
>  Sent 5116 bytes 94 pkts (dropped 0, overlimits 0)
> 
>  qdisc sfq 10: dev eth0 quantum 1514b limit 128p flows 128/1024 perturb 10sec
>  Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
> 
>  qdisc htb 1: dev eth0 r2q 10 default 20 direct_packets_stat 0 ver 3.6
>  Sent 5116 bytes 94 pkts (dropped 0, overlimits 0)
> 
>  [root@NL1000 htb]# tc -s -d class show dev eth0
> class htb 1:10 parent 1:2 leaf 10: prio 1 quantum 1000 rate 26Kbit ceil 
> 128Kbit
> burst 1632b/8 mpu 0b cburst 1762b/8 mpu 0b level 0
>  Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
>  lended: 0 borrowed: 0 giants: 0
>  tokens: 401969 ctokens: 88149
> 
> class htb 1:2 root rate 256Kbit ceil 256Kbit burst 1926b/8 mpu 0b cburst 
> 1926b/8 mpu 0b level 7
>  Sent 5116 bytes 94 pkts (dropped 0, overlimits 0)
>  lended: 0 borrowed: 0 giants: 0
>  tokens: 46975 ctokens: 46975
> 
> class htb 1:20 parent 1:2 leaf 20: prio 2 quantum 2816 rate 220Kbit ceil 
> 256Kbit burst 1880b/8 mpu 0b cburst 1926b/8 mpu 0b level 0
>  Sent 5116 bytes 94 pkts (dropped 0, overlimits 0)
>  lended: 94 borrowed: 0 giants: 0
>  tokens: 53324 ctokens: 46975
> 
> [root@NL1000 htb]# tc -s -d filter show dev eth0
> filter parent 1: protocol ip pref 100 u32
> filter parent 1: protocol ip pref 100 u32 fh 800: ht divisor 1
> filter parent 1: protocol ip pref 100 u32 fh 800::800 order 2048 key ht 800 
> bkt
> 0 flowid 1:10
>   match 00170000/ffff0000 at 20
> 
> [root@NL1000 htb]# iptables -t mangle -L -nvx
> Chain PREROUTING (policy ACCEPT 3590 packets, 557751 bytes)
>     pkts      bytes target     prot opt in     out     source               
> destination
>        0        0 MARK       tcp  --  *      *       0.0.0.0/0            
> 0.0.0.0/0          tcp dpt:23 MARK set 0x6
>      146    12954 MARK       tcp  --  *      *       0.0.0.0/0            
> 0.0.0.0/0          tcp spt:23 MARK set 0x6
> 
> Chain OUTPUT (policy ACCEPT 315 packets, 16936 bytes)
>     pkts      bytes target     prot opt in     out     source               
> destination
> ---------------------------------------------------------------
> 
> So, what is going wrong?
> 
> Thanks in advance,
-- 
Corey Rogers <jrog@sunbeach.net>

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]