* [LARTC] Luser seeks tc syntax clue @ 2003-08-05 19:05 Richard Lamont 2003-08-05 22:09 ` Steffen Moser 2003-08-05 22:54 ` Richard Lamont 0 siblings, 2 replies; 3+ messages in thread From: Richard Lamont @ 2003-08-05 19:05 UTC (permalink / raw) To: lartc I'm trying to set a box up that rate limits everything sent to the outside world, but not limit stuff to my own LAN, using tbf. I don't really understand what I'm doing, and I could do with some help to make this script work. (Please don't bother referring me to the usual documentation. I've read it. And please don't tell me that I want to do something completely different. I don't!) -----------------------------------8<---------------------------------- #!/bin/bash DEV=eth0 LAN\x192.168.1.0/24 RATE 0kbit LIMIT\x10000 BURST"000 # Clear out old settings tc qdisc del dev $DEV root tc qdisc del dev $DEV ingress # Start loading new stuff tc qdisc add dev $DEV root handle 1: prio # Stuff addressed to LAN goes straight through tc qdisc add dev $DEV parent 1:1 handle 10: prio # Stuff addressed to big wide world gets shaped tc qdisc add dev $DEV parent 1:2 handle 20: tbf limit $LIMIT burst $BURST rate $RATE # Filter on LAN destination address tc filter add dev $DEV parent 10: protocol ip u32 match ip src $LAN flowid 1:1 # Default filter for everything else tc filter add dev $DEV parent 20: protocol ip flowid 1:2 -----------------------------------8<---------------------------------- When I run this script, it says: RTNETLINK answers: No such file or directory Unknown filter "flowid", hence option "1:2" is unparsable Any help gratefully received. TIA. -- Richard Lamont _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [LARTC] Luser seeks tc syntax clue 2003-08-05 19:05 [LARTC] Luser seeks tc syntax clue Richard Lamont @ 2003-08-05 22:09 ` Steffen Moser 2003-08-05 22:54 ` Richard Lamont 1 sibling, 0 replies; 3+ messages in thread From: Steffen Moser @ 2003-08-05 22:09 UTC (permalink / raw) To: lartc Hi! * On Tue, Aug 05, 2003 at 08:05 PM (+0100), Richard Lamont wrote: > I'm trying to set a box up that rate limits everything sent to the > outside world, but not limit stuff to my own LAN, using tbf. > I don't really understand what I'm doing, and I could do with some > help to make this script work. I am not an expert within "tc", so some other user most probably will correct me... > -----------------------------------8<---------------------------------- > #!/bin/bash > > DEV=eth0 > LAN\x192.168.1.0/24 > RATE 0kbit > LIMIT\x10000 > BURST"000 > > # Clear out old settings > tc qdisc del dev $DEV root > tc qdisc del dev $DEV ingress > > # Start loading new stuff > tc qdisc add dev $DEV root handle 1: prio This creates the root qdisc (prio). It also creates implicitly three classes (1:1, 1:2 and 1:3) within this qdisc. > # Stuff addressed to LAN goes straight through > tc qdisc add dev $DEV parent 1:1 handle 10: prio I think a simple classless qdisc would be enough here (e.g. "pfifo" or "sfq"), I don't know why you need another classful qdisc. > # Stuff addressed to big wide world gets shaped > tc qdisc add dev $DEV parent 1:2 handle 20: tbf limit $LIMIT burst $BURST rate $RATE Now, two (1:1 and 1:2) of the three implicitly created classes are filled with classless qdiscs. > # Filter on LAN destination address > tc filter add dev $DEV parent 10: protocol ip u32 match ip src $LAN flowid 1:1 The filter rule must be assigned as a child of the outer qdisc (1:). Further, you should use "dst" instead of "src" as you want to filter using the destination address given within the IP header. I think, something like: tc filter add dev $DEV parent 1: protocol ip prio 10 u32 match ip dst $LAN flowid 1:1 should do it. > # Default filter for everything else > tc filter add dev $DEV parent 20: protocol ip flowid 1:2 Here, the same thing: the filter should be a child of "1:" and the classifier (e.g. "u32") is not specified. To match all kind of traffic I would suggest to set up something like this: tc filter add dev $DEV parent 1: protocol ip prio 15 u32 match ip dst 0.0.0.0/0 flowid 1:2 Using the priorities, the first filter rule (prio 10) is used at first, so traffic which is going to $LAN will be put into class 1:1. If the traffic was not put into class 1:1 (because it is not going to $LAN), the second filter rule (prio 15) will be applied, and the traffic will be put into class 1:2, which contains the classless TBF (which uses the bandwidth limits). > When I run this script, it says: > > RTNETLINK answers: No such file or directory > Unknown filter "flowid", hence option "1:2" is unparsable The error message is probably produced because you didn't give a known filter, like "u32", "fw", "tcindex", and so on. > Any help gratefully received. TIA. I hope that I could help you a little bit. As I stated above, I am quite new to the traffic control matter. Best Regards, Steffen _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [LARTC] Luser seeks tc syntax clue 2003-08-05 19:05 [LARTC] Luser seeks tc syntax clue Richard Lamont 2003-08-05 22:09 ` Steffen Moser @ 2003-08-05 22:54 ` Richard Lamont 1 sibling, 0 replies; 3+ messages in thread From: Richard Lamont @ 2003-08-05 22:54 UTC (permalink / raw) To: lartc On Tuesday 05 August 2003 23:09, Steffen Moser wrote: > I am not an expert within "tc", so some other user most probably will > correct me... Well, it works! That's expert enough for me. Many, many thanks. In case anyone else wants the corrected script, or wants to suggest improvements, here it is: -------------------------------8<------------------------------ #!/bin/bash # # Traffic shaping script DEV=eth0 LAN\x192.168.1.0/24 RATE"0kbit LIMIT\x10000 BURST"000 # Clear out old settings tc qdisc del dev $DEV root tc qdisc del dev $DEV ingress # Create root qdisc tc qdisc add dev $DEV root handle 1: prio # Stuff addressed to LAN goes straight through tc qdisc add dev $DEV parent 1:1 handle 10: pfifo # Stuff addressed to big wide world gets shaped tc qdisc add dev $DEV parent 1:2 handle 20: tbf limit $LIMIT burst $BURST rate $RATE # Filter on LAN destination address tc filter add dev $DEV parent 1: protocol ip prio 10 u32 match ip dst $LAN flowid 1:1 # Default filter for everything else tc filter add dev $DEV parent 1: protocol ip prio 15 u32 match ip dst 0.0.0.0/0 flowid 1:2 -------------------------------8<------------------------------ -- Richard Lamont _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2003-08-05 22:54 UTC | newest] Thread overview: 3+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2003-08-05 19:05 [LARTC] Luser seeks tc syntax clue Richard Lamont 2003-08-05 22:09 ` Steffen Moser 2003-08-05 22:54 ` Richard Lamont
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox