From mboxrd@z Thu Jan 1 00:00:00 1970 From: Corey Rogers Date: Thu, 19 Dec 2002 12:50:51 +0000 Subject: Re: [LARTC] Filter in HTB not working MIME-Version: 1 Content-Type: multipart/mixed; boundary="=-5TIYiC74iNnj8mbYFLDv" Message-Id: List-Id: References: In-Reply-To: To: lartc@vger.kernel.org --=-5TIYiC74iNnj8mbYFLDv Content-Type: text/plain Content-Transfer-Encoding: quoted-printable =46rom what I see you are running a telnet daemon. If not it will never work. If you are doing this to shape telnet traffic from a telnet client then rather than sport it'll have to be dport. On Thu, 2002-12-19 at 08:06, Nestor S A Melo wrote: > I have a problem in setting up HTB. >=20 > It appears filters doesn't work at all, besides "tc filter show" show it = as=20 > being correctly configured. >=20 > Class 1:10 never sent any traffic, but as iptables show below, it should = be=20 > sending packets. >=20 > The HTB version I'm using is 3.3, with kernel 2.4.17. >=20 > The setup is as follows: > --------------------------------------------------------------- > tc qdisc del dev eth0 root > tc qdisc add dev eth0 root handle 1 htb default 20 r2q 10 >=20 > tc class add dev eth0 parent 1: classid 1:2 htb rate 256kbit >=20 > tc class add dev eth0 parent 1:2 classid 1:10 htb rate 26kbit ceil 128kbi= t=20 > prio > 1 > tc qdisc add dev eth0 parent 1:10 handle 10 sfq perturb 10 > tc filter add dev eth0 parent 1:0 protocol ip prio 100 u32 match ip sport= 23=20 > 0xffff classid 1:10 >=20 > tc class add dev eth0 parent 1:2 classid 1:20 htb rate 220kbit ceil 256kb= it=20 > prio 2 > tc qdisc add dev eth0 parent 1:20 handle 20 sfq perturb 10 > --------------------------------------------------------------- >=20 > The stats: > --------------------------------------------------------------- > [root@NL1000 htb]# tc -s -d qdisc show > qdisc sfq 20: dev eth0 quantum 1514b limit 128p flows 128/1024 perturb 10= sec > Sent 5116 bytes 94 pkts (dropped 0, overlimits 0) >=20 > qdisc sfq 10: dev eth0 quantum 1514b limit 128p flows 128/1024 perturb 1= 0sec > Sent 0 bytes 0 pkts (dropped 0, overlimits 0) >=20 > qdisc htb 1: dev eth0 r2q 10 default 20 direct_packets_stat 0 ver 3.6 > Sent 5116 bytes 94 pkts (dropped 0, overlimits 0) >=20 > [root@NL1000 htb]# tc -s -d class show dev eth0 > class htb 1:10 parent 1:2 leaf 10: prio 1 quantum 1000 rate 26Kbit ceil=20 > 128Kbit > burst 1632b/8 mpu 0b cburst 1762b/8 mpu 0b level 0 > Sent 0 bytes 0 pkts (dropped 0, overlimits 0) > lended: 0 borrowed: 0 giants: 0 > tokens: 401969 ctokens: 88149 >=20 > class htb 1:2 root rate 256Kbit ceil 256Kbit burst 1926b/8 mpu 0b cburst=20 > 1926b/8 mpu 0b level 7 > Sent 5116 bytes 94 pkts (dropped 0, overlimits 0) > lended: 0 borrowed: 0 giants: 0 > tokens: 46975 ctokens: 46975 >=20 > class htb 1:20 parent 1:2 leaf 20: prio 2 quantum 2816 rate 220Kbit ceil=20 > 256Kbit burst 1880b/8 mpu 0b cburst 1926b/8 mpu 0b level 0 > Sent 5116 bytes 94 pkts (dropped 0, overlimits 0) > lended: 94 borrowed: 0 giants: 0 > tokens: 53324 ctokens: 46975 >=20 > [root@NL1000 htb]# tc -s -d filter show dev eth0 > filter parent 1: protocol ip pref 100 u32 > filter parent 1: protocol ip pref 100 u32 fh 800: ht divisor 1 > filter parent 1: protocol ip pref 100 u32 fh 800::800 order 2048 key ht 8= 00=20 > bkt > 0 flowid 1:10 > match 00170000/ffff0000 at 20 >=20 > [root@NL1000 htb]# iptables -t mangle -L -nvx > Chain PREROUTING (policy ACCEPT 3590 packets, 557751 bytes) > pkts bytes target prot opt in out source = =20 > destination > 0 0 MARK tcp -- * * 0.0.0.0/0 = =20 > 0.0.0.0/0 tcp dpt:23 MARK set 0x6 > 146 12954 MARK tcp -- * * 0.0.0.0/0 = =20 > 0.0.0.0/0 tcp spt:23 MARK set 0x6 >=20 > Chain OUTPUT (policy ACCEPT 315 packets, 16936 bytes) > pkts bytes target prot opt in out source = =20 > destination > --------------------------------------------------------------- >=20 > So, what is going wrong? >=20 > Thanks in advance, --=20 Corey Rogers --=-5TIYiC74iNnj8mbYFLDv Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQA+AcCqA1zowARrmMYRAuPiAJ9COrPXrmVS/gvqooJu0WBGHjlwpACcDb5t 59SmSBurK2W7KqaWBxdf4Gk= =u/q7 -----END PGP SIGNATURE----- --=-5TIYiC74iNnj8mbYFLDv-- _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/