[LARTC] Filter in HTB not working

[LARTC] Filter in HTB not working

[Nestor S A Melo]

I have a problem in setting up HTB.

It appears filters doesn't work at all, besides "tc filter show" show it as 
being correctly configured.

Class 1:10 never sent any traffic, but as iptables show below, it should be 
sending packets.

The HTB version I'm using is 3.3, with kernel 2.4.17.

The setup is as follows:
---------------------------------------------------------------
tc qdisc del dev eth0 root
tc qdisc add dev eth0 root handle 1 htb default 20 r2q 10

tc class add dev eth0 parent 1: classid 1:2 htb rate 256kbit

tc class add dev eth0 parent 1:2 classid 1:10 htb rate 26kbit ceil 128kbit 
prio
1
tc qdisc add dev eth0 parent 1:10 handle 10 sfq perturb 10
tc filter add dev eth0 parent 1:0 protocol ip prio 100 u32 match ip sport 23 
0xffff classid 1:10

tc class add dev eth0 parent 1:2 classid 1:20 htb rate 220kbit ceil 256kbit 
prio 2
tc qdisc add dev eth0 parent 1:20 handle 20 sfq perturb 10
---------------------------------------------------------------

The stats:
---------------------------------------------------------------
[root@NL1000 htb]# tc -s -d qdisc show
qdisc sfq 20: dev eth0 quantum 1514b limit 128p flows 128/1024 perturb 10sec
 Sent 5116 bytes 94 pkts (dropped 0, overlimits 0)

 qdisc sfq 10: dev eth0 quantum 1514b limit 128p flows 128/1024 perturb 10sec
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0)

 qdisc htb 1: dev eth0 r2q 10 default 20 direct_packets_stat 0 ver 3.6
 Sent 5116 bytes 94 pkts (dropped 0, overlimits 0)

 [root@NL1000 htb]# tc -s -d class show dev eth0
class htb 1:10 parent 1:2 leaf 10: prio 1 quantum 1000 rate 26Kbit ceil 
128Kbit
burst 1632b/8 mpu 0b cburst 1762b/8 mpu 0b level 0
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
 lended: 0 borrowed: 0 giants: 0
 tokens: 401969 ctokens: 88149

class htb 1:2 root rate 256Kbit ceil 256Kbit burst 1926b/8 mpu 0b cburst 
1926b/8 mpu 0b level 7
 Sent 5116 bytes 94 pkts (dropped 0, overlimits 0)
 lended: 0 borrowed: 0 giants: 0
 tokens: 46975 ctokens: 46975

class htb 1:20 parent 1:2 leaf 20: prio 2 quantum 2816 rate 220Kbit ceil 
256Kbit burst 1880b/8 mpu 0b cburst 1926b/8 mpu 0b level 0
 Sent 5116 bytes 94 pkts (dropped 0, overlimits 0)
 lended: 94 borrowed: 0 giants: 0
 tokens: 53324 ctokens: 46975

[root@NL1000 htb]# tc -s -d filter show dev eth0
filter parent 1: protocol ip pref 100 u32
filter parent 1: protocol ip pref 100 u32 fh 800: ht divisor 1
filter parent 1: protocol ip pref 100 u32 fh 800::800 order 2048 key ht 800 
bkt
0 flowid 1:10
  match 00170000/ffff0000 at 20

[root@NL1000 htb]# iptables -t mangle -L -nvx
Chain PREROUTING (policy ACCEPT 3590 packets, 557751 bytes)
    pkts      bytes target     prot opt in     out     source               
destination
       0        0 MARK       tcp  --  *      *       0.0.0.0/0            
0.0.0.0/0          tcp dpt:23 MARK set 0x6
     146    12954 MARK       tcp  --  *      *       0.0.0.0/0            
0.0.0.0/0          tcp spt:23 MARK set 0x6

Chain OUTPUT (policy ACCEPT 315 packets, 16936 bytes)
    pkts      bytes target     prot opt in     out     source               
destination
---------------------------------------------------------------

So, what is going wrong?

Thanks in advance,
-- 
_____________________
Nestor S A Melo
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Filter in HTB not working

[Corey Rogers]

[-- Attachment #1: Type: text/plain, Size: 3739 bytes --]

From what I see you are running a telnet daemon. If not it will never
work. If you are doing this to shape telnet traffic from a telnet client
then rather than sport it'll have to be dport.


On Thu, 2002-12-19 at 08:06, Nestor S A Melo wrote:
> I have a problem in setting up HTB.
> 
> It appears filters doesn't work at all, besides "tc filter show" show it as 
> being correctly configured.
> 
> Class 1:10 never sent any traffic, but as iptables show below, it should be 
> sending packets.
> 
> The HTB version I'm using is 3.3, with kernel 2.4.17.
> 
> The setup is as follows:
> ---------------------------------------------------------------
> tc qdisc del dev eth0 root
> tc qdisc add dev eth0 root handle 1 htb default 20 r2q 10
> 
> tc class add dev eth0 parent 1: classid 1:2 htb rate 256kbit
> 
> tc class add dev eth0 parent 1:2 classid 1:10 htb rate 26kbit ceil 128kbit 
> prio
> 1
> tc qdisc add dev eth0 parent 1:10 handle 10 sfq perturb 10
> tc filter add dev eth0 parent 1:0 protocol ip prio 100 u32 match ip sport 23 
> 0xffff classid 1:10
> 
> tc class add dev eth0 parent 1:2 classid 1:20 htb rate 220kbit ceil 256kbit 
> prio 2
> tc qdisc add dev eth0 parent 1:20 handle 20 sfq perturb 10
> ---------------------------------------------------------------
> 
> The stats:
> ---------------------------------------------------------------
> [root@NL1000 htb]# tc -s -d qdisc show
> qdisc sfq 20: dev eth0 quantum 1514b limit 128p flows 128/1024 perturb 10sec
>  Sent 5116 bytes 94 pkts (dropped 0, overlimits 0)
> 
>  qdisc sfq 10: dev eth0 quantum 1514b limit 128p flows 128/1024 perturb 10sec
>  Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
> 
>  qdisc htb 1: dev eth0 r2q 10 default 20 direct_packets_stat 0 ver 3.6
>  Sent 5116 bytes 94 pkts (dropped 0, overlimits 0)
> 
>  [root@NL1000 htb]# tc -s -d class show dev eth0
> class htb 1:10 parent 1:2 leaf 10: prio 1 quantum 1000 rate 26Kbit ceil 
> 128Kbit
> burst 1632b/8 mpu 0b cburst 1762b/8 mpu 0b level 0
>  Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
>  lended: 0 borrowed: 0 giants: 0
>  tokens: 401969 ctokens: 88149
> 
> class htb 1:2 root rate 256Kbit ceil 256Kbit burst 1926b/8 mpu 0b cburst 
> 1926b/8 mpu 0b level 7
>  Sent 5116 bytes 94 pkts (dropped 0, overlimits 0)
>  lended: 0 borrowed: 0 giants: 0
>  tokens: 46975 ctokens: 46975
> 
> class htb 1:20 parent 1:2 leaf 20: prio 2 quantum 2816 rate 220Kbit ceil 
> 256Kbit burst 1880b/8 mpu 0b cburst 1926b/8 mpu 0b level 0
>  Sent 5116 bytes 94 pkts (dropped 0, overlimits 0)
>  lended: 94 borrowed: 0 giants: 0
>  tokens: 53324 ctokens: 46975
> 
> [root@NL1000 htb]# tc -s -d filter show dev eth0
> filter parent 1: protocol ip pref 100 u32
> filter parent 1: protocol ip pref 100 u32 fh 800: ht divisor 1
> filter parent 1: protocol ip pref 100 u32 fh 800::800 order 2048 key ht 800 
> bkt
> 0 flowid 1:10
>   match 00170000/ffff0000 at 20
> 
> [root@NL1000 htb]# iptables -t mangle -L -nvx
> Chain PREROUTING (policy ACCEPT 3590 packets, 557751 bytes)
>     pkts      bytes target     prot opt in     out     source               
> destination
>        0        0 MARK       tcp  --  *      *       0.0.0.0/0            
> 0.0.0.0/0          tcp dpt:23 MARK set 0x6
>      146    12954 MARK       tcp  --  *      *       0.0.0.0/0            
> 0.0.0.0/0          tcp spt:23 MARK set 0x6
> 
> Chain OUTPUT (policy ACCEPT 315 packets, 16936 bytes)
>     pkts      bytes target     prot opt in     out     source               
> destination
> ---------------------------------------------------------------
> 
> So, what is going wrong?
> 
> Thanks in advance,
-- 
Corey Rogers <jrog@sunbeach.net>

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [LARTC] Filter in HTB not working

[Miguel Figueiredo]

Em Qui, 2002-12-19 às 10:06, Nestor S A Melo escreveu:

Nestor,

First: If my english is poor, you can contact me direct by email in
portuguese since I`m Brazilian too :)

So, somebody correct me if I`m wrong ( Stef? ):

1 - I think you share more bandwidth than you have allocated.  
2 - In sfq directive, you should write:
    #tc qdisc add dev eth0 parent 1:10 handle 10: sfq perturb 10
3 - You've marked packets with iptables -t mangle, but you're using u32
instead fw.I'm not sure if you did the correct u32 configuration too.

Probably you must use:

#tc filter add dev eth0 parent 1: protocol ip prio 100 handle 6 fw classid 1:10

The handle is the parameter that says to tc what mark you're using and
fw is the parameter that says to tc that you're using a firewall mark.

I hope I have helped you

Miguel Figueiredo
Linux Suport Analist

> I have a problem in setting up HTB.
> 
> It appears filters doesn't work at all, besides "tc filter show" show it as 
> being correctly configured.
> 
> Class 1:10 never sent any traffic, but as iptables show below, it should be 
> sending packets.
> 
> The HTB version I'm using is 3.3, with kernel 2.4.17.
> 
> The setup is as follows:
> ---------------------------------------------------------------
> tc qdisc del dev eth0 root
> tc qdisc add dev eth0 root handle 1 htb default 20 r2q 10
> 
> tc class add dev eth0 parent 1: classid 1:2 htb rate 256kbit
> 
> tc class add dev eth0 parent 1:2 classid 1:10 htb rate 26kbit ceil 128kbit 
> prio
> 1
> tc qdisc add dev eth0 parent 1:10 handle 10 sfq perturb 10
> tc filter add dev eth0 parent 1:0 protocol ip prio 100 u32 match ip sport 23 
> 0xffff classid 1:10
> 
> tc class add dev eth0 parent 1:2 classid 1:20 htb rate 220kbit ceil 256kbit 
> prio 2
> tc qdisc add dev eth0 parent 1:20 handle 20 sfq perturb 10

> ---------------------------------------------------------------
> 
> The stats:
> ---------------------------------------------------------------
> [root@NL1000 htb]# tc -s -d qdisc show
> qdisc sfq 20: dev eth0 quantum 1514b limit 128p flows 128/1024 perturb 10sec
>  Sent 5116 bytes 94 pkts (dropped 0, overlimits 0)
> 
>  qdisc sfq 10: dev eth0 quantum 1514b limit 128p flows 128/1024 perturb 10sec
>  Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
> 
>  qdisc htb 1: dev eth0 r2q 10 default 20 direct_packets_stat 0 ver 3.6
>  Sent 5116 bytes 94 pkts (dropped 0, overlimits 0)
> 
>  [root@NL1000 htb]# tc -s -d class show dev eth0
> class htb 1:10 parent 1:2 leaf 10: prio 1 quantum 1000 rate 26Kbit ceil 
> 128Kbit
> burst 1632b/8 mpu 0b cburst 1762b/8 mpu 0b level 0
>  Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
>  lended: 0 borrowed: 0 giants: 0
>  tokens: 401969 ctokens: 88149
> 
> class htb 1:2 root rate 256Kbit ceil 256Kbit burst 1926b/8 mpu 0b cburst 
> 1926b/8 mpu 0b level 7
>  Sent 5116 bytes 94 pkts (dropped 0, overlimits 0)
>  lended: 0 borrowed: 0 giants: 0
>  tokens: 46975 ctokens: 46975
> 
> class htb 1:20 parent 1:2 leaf 20: prio 2 quantum 2816 rate 220Kbit ceil 
> 256Kbit burst 1880b/8 mpu 0b cburst 1926b/8 mpu 0b level 0
>  Sent 5116 bytes 94 pkts (dropped 0, overlimits 0)
>  lended: 94 borrowed: 0 giants: 0
>  tokens: 53324 ctokens: 46975
> 
> [root@NL1000 htb]# tc -s -d filter show dev eth0
> filter parent 1: protocol ip pref 100 u32
> filter parent 1: protocol ip pref 100 u32 fh 800: ht divisor 1
> filter parent 1: protocol ip pref 100 u32 fh 800::800 order 2048 key ht 800 
> bkt
> 0 flowid 1:10
>   match 00170000/ffff0000 at 20
> 
> [root@NL1000 htb]# iptables -t mangle -L -nvx
> Chain PREROUTING (policy ACCEPT 3590 packets, 557751 bytes)
>     pkts      bytes target     prot opt in     out     source               
> destination
>        0        0 MARK       tcp  --  *      *       0.0.0.0/0            
> 0.0.0.0/0          tcp dpt:23 MARK set 0x6
>      146    12954 MARK       tcp  --  *      *       0.0.0.0/0            
> 0.0.0.0/0          tcp spt:23 MARK set 0x6
> 
> Chain OUTPUT (policy ACCEPT 315 packets, 16936 bytes)
>     pkts      bytes target     prot opt in     out     source               
> destination
> ---------------------------------------------------------------
> 
> So, what is going wrong?
> 
> Thanks in advance,
> -- 
> _____________________
> Nestor S A Melo
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> 


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Filter in HTB not working

[Stef Coene]

On Friday 20 December 2002 03:31, Miguel Figueiredo wrote:
> Em Qui, 2002-12-19 às 10:06, Nestor S A Melo escreveu:
>
> Nestor,
>
> First: If my english is poor, you can contact me direct by email in
> portuguese since I`m Brazilian too :)
>
> So, somebody correct me if I`m wrong ( Stef? ):
>
> 1 - I think you share more bandwidth than you have allocated.
That's no problem.  Rate of class 1:10 and 1:20 = 26+220=246kbit and rate of 
parent class is 256kbit.

> 2 - In sfq directive, you should write:
>     #tc qdisc add dev eth0 parent 1:10 handle 10: sfq perturb 10
His command will work too.

> 3 - You've marked packets with iptables -t mangle, but you're using u32
> instead fw.I'm not sure if you did the correct u32 configuration too.
>
> Probably you must use:
>
> #tc filter add dev eth0 parent 1: protocol ip prio 100 handle 6 fw classid
> 1:10
>
> The handle is the parameter that says to tc what mark you're using and
> fw is the parameter that says to tc that you're using a firewall mark.
And it's all in hex.

Stef

-- 

stef.coene@docum.org
 "Using Linux as bandwidth manager"
     http://www.docum.org/
     #lartc @ irc.oftc.net


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/