Re: [LARTC] Luser seeks tc syntax clue

From: Steffen Moser <lists@steffen-moser.de>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Luser seeks tc syntax clue
Date: Tue, 05 Aug 2003 22:09:17 +0000	[thread overview]
Message-ID: <marc-lartc-106012132911489@msgid-missing> (raw)
In-Reply-To: <marc-lartc-106011060731604@msgid-missing>

Hi!

* On Tue, Aug 05, 2003 at 08:05 PM (+0100), Richard Lamont wrote:

> I'm trying to set a box up that rate limits everything sent to the
> outside world, but not limit stuff to my own LAN, using tbf.

> I don't really understand what I'm doing, and I could do with some
> help to make this script work.

I am not an expert within "tc", so some other user most probably will
correct me...

> -----------------------------------8<----------------------------------
> #!/bin/bash
> 
> DEV=eth0
> LAN\x192.168.1.0/24
> RATE 0kbit
> LIMIT\x10000
> BURST"000
> 
> # Clear out old settings
> tc qdisc del dev $DEV root
> tc qdisc del dev $DEV ingress
> 
> # Start loading new stuff
> tc qdisc add dev $DEV root handle 1: prio

This creates the root qdisc (prio). It also creates implicitly three 
classes (1:1, 1:2 and 1:3) within this qdisc.

> # Stuff addressed to LAN goes straight through
> tc qdisc add dev $DEV parent 1:1 handle 10: prio

I think a simple classless qdisc would be enough here (e.g. "pfifo" or
"sfq"), I don't know why you need another classful qdisc.

> # Stuff addressed to big wide world gets shaped
> tc qdisc add dev $DEV parent 1:2 handle 20: tbf limit $LIMIT burst $BURST rate $RATE

Now, two (1:1 and 1:2) of the three implicitly created classes are filled 
with classless qdiscs.

> # Filter on LAN destination address
> tc filter add dev $DEV parent 10: protocol ip u32 match ip src $LAN flowid 1:1

The filter rule must be assigned as a child of the outer qdisc (1:).

Further, you should use "dst" instead of "src" as you want to filter
using the destination address given within the IP header.

I think, something like:

  tc filter add dev $DEV parent 1: protocol ip prio 10 u32 match ip dst $LAN flowid 1:1

should do it.

> # Default filter for everything else
> tc filter add dev $DEV parent 20: protocol ip flowid 1:2

Here, the same thing: the filter should be a child of "1:" and the
classifier (e.g. "u32") is not specified.

To match all kind of traffic I would suggest to set up something like 
this:

  tc filter add dev $DEV parent 1: protocol ip prio 15 u32 match ip dst 0.0.0.0/0 flowid 1:2

Using the priorities, the first filter rule (prio 10) is used at first,
so traffic which is going to $LAN will be put into class 1:1. If the
traffic was not put into class 1:1 (because it is not going to $LAN),
the second filter rule (prio 15) will be applied, and the traffic will 
be put into class 1:2, which contains the classless TBF (which uses 
the bandwidth limits).

> When I run this script, it says:
> 
> RTNETLINK answers: No such file or directory
> Unknown filter "flowid", hence option "1:2" is unparsable

The error message is probably produced because you didn't give a known
filter, like "u32", "fw", "tcindex", and so on.

> Any help gratefully received. TIA.

I hope that I could help you a little bit. As I stated above, I am quite
new to the traffic control matter.

Best Regards,
Steffen
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/