From: jamal <hadi@cyberus.ca>
To: lartc@vger.kernel.org
Subject: [LARTC] Re: [Linux Diffserv] ANNOUNCE: tc filter extensions
Date: Sat, 04 Jan 2003 22:17:39 +0000 [thread overview]
Message-ID: <marc-lartc-104177897501287@msgid-missing> (raw)
In-Reply-To: <marc-lartc-104177881301182@msgid-missing>
Ok, i tested basic stuff and it works. Not very useful example but
should serve to illustrate things:
Example below will log every packet with src ip 127.1.1.1/32 seen at
ingres of dev lo every time it exceeds its allocated rate. the nfmark
is also set to 2 every time the rate is exceeded.
---------- script -------
#
tc qdisc add dev lo ingress
#
tc filter add dev lo parent ffff: protocol ip prio 1 u32 \
match ip src 127.1.1.1/32 \
action police mtu 5000 rate 2500kbit burst 90k pipe \
action ipt -j LOG --log-prefix "1:20 exceeded 2.5mbps" \
action ipt -j mark --set-mark 2
-----------------------------------------------
Now try to list what we installed
------------------ listing ----------------
jroot# tc filter show parent ffff: dev lo
filter protocol ip pref 1 u32
filter protocol ip pref 1 u32 fh 800: ht divisor 1
filter protocol ip pref 1 u32 fh 800::800 order 2048 key ht 800 bkt 0
flowid 1:20
action order 1: police 1 action pipe rate 2500Kbit burst 86153b mtu 5000b
action order 2: tablename: mangle hook: NF_IP_PRE_ROUTING
target LOG level warning prefix `1:20 exceded 2.5mbps' index 1
action order 3: tablename: mangle hook: NF_IP_PRE_ROUTING
target MARK set 0x2 index 2
match 7f010101/ffffffff at 12
-----------------------------
Of course this is a 5 minute test.
cheers,
jamal
On Sat, 4 Jan 2003, jamal wrote:
>
>
> Yes, thats is a useful feature.
> Should be able to able use the iptables LOG; I am trying to avoid
> replicating things which already exist; it is very easy to replicate it.
> I'll test iptables LOG sometimes today; if you beat me to it, let me know
> if it works.
>
> cheers,
> jamal
>
> On Sat, 4 Jan 2003, Ciprian Niculescu wrote:
>
> > hello,
> >
> > if someone can develop a feature like -j LOG from iptables, for the tc
> > filter
> >
> > for ex i have
> >
> > tc filter ...... match dport 80 0xffff flowid 1:1
> >
> > i want to write to syslog the headers of the packets that matched this rule.
> >
> > C
> >
> > jamal wrote:
> > >
> > > I guess holidays means idle time which means idle minds which leads to
> > > thumb twiddling which then leads to some work (which is sometimes useful)
> > >
> > > Ive updated the traffic control patches i posted about six months ago.
> > > Note, the current release does not break anything in tc. It is fully
> > > backward compatible so you can choose not to use it and things will work
> > > as they do today. Of course, it is very useful so you cant choose to
> > > ignore it!
> > >
> > > It's now upgraded to better than "use at your own risk" category.
> > > tested on both uni and SMP 2.4.18 and 2.4.20.
> > >
> > > http://www.cyberus.ca/~hadi/patches/action/
> > >
> > > Bug reports and feedback are appreaciated.
> > > A lot more goodies coming up, so this is just the tip. First steps are to
> > > prove sanity of the idea.
> > >
> > > cheers,
> > > jamal
> > >
> > >
> > > -------------------------------------------------------
> > > This sf.net email is sponsored by:ThinkGeek
> > > Welcome to geek heaven.
> > > http://thinkgeek.com/sf
> > > _______________________________________________
> > > Diffserv-general mailing list
> > > Diffserv-general@lists.sourceforge.net
> > > https://lists.sourceforge.net/lists/listinfo/diffserv-general
> >
> >
> >
> >
> > -------------------------------------------------------
> > This sf.net email is sponsored by:ThinkGeek
> > Welcome to geek heaven.
> > http://thinkgeek.com/sf
> > _______________________________________________
> > Diffserv-general mailing list
> > Diffserv-general@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/diffserv-general
> >
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Diffserv-general mailing list
> Diffserv-general@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/diffserv-general
>
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
prev parent reply other threads:[~2003-01-04 22:17 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-01-04 18:37 [LARTC] Re: [Linux Diffserv] ANNOUNCE: tc filter extensions jamal
2003-01-04 22:17 ` jamal [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-104177897501287@msgid-missing \
--to=hadi@cyberus.ca \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox