From: jamal <hadi@cyberus.ca>
To: Egor Duda <deo@corpit.ru>
Cc: netdev@vger.kernel.org
Subject: Re: Problem with redirecting traffic via ifb device
Date: Tue, 27 Jun 2006 09:21:25 -0400 [thread overview]
Message-ID: <1151414485.6516.70.camel@jzny2> (raw)
In-Reply-To: <449FBB60.2000600@corpit.ru>
On Mon, 2006-26-06 at 14:48 +0400, Egor Duda wrote:
> I have a linux router which is connected via pppoe to my ISP. My
> provider limits aggregate upload+download rate to some fixed amount of
> kbps, so to perform shaping on my router i'm trying to do the same on my
> router (to "own the queue", so to say). Since standard tbf accounts to
> the packets going only one way, i wanted to create virtual ifb
> interface, which will gather all incoming and outgoing packets, and then
> perform appropriate shaping on it.
>
> I'm doing it roughly in the following way:
>
> -------------------------------------------------------------------------
> tc qdisc add dev $iface ingress
> tc qdisc add dev $iface parent ffff: handle 1: prio
>
The above line doesnt seem to make a lot of sense and maybe the cause of
your problems. You cant have queues on ingress.
You probably want:
tc qdisc add dev $iface root handle 1: prio
?
> tc filter add dev $iface parent 1: protocol ip prio 10 \
> u32 match u32 0 0 flowid 1:1 \
> action ipt -j MARK --set-mark 1 \
> action mirred egress redirect dev ifb0
>
Above will mark all packets arriving on 1:0 (egress??) and mark them
with fwmark 1 and then redirect to ifb0.
If you are trying to do ingress do "parent ffff:"
> tc qdisc add dev $iface root handle 2: prio
>
wtf? is this the egress?
> tc filter add dev $iface parent 2: protocol ip prio 10 \
> u32 match u32 0 0 flowid 2:1 \
> action ipt -j MARK --set-mark 1 \
> action mirred egress redirect dev ifb0
> -------------------------------------------------------------------------
>
I think you need to get you scripts intent correct first. I am sorry, my
limited time would be more valuable if you narrow things down a little.
Ask questions in the user list and then come back if you have found a
bug. You definitely have bugs in the script and if you can help reducing
the variables i can help.
Some other ideas to try in narrowing down the issue:
--> Just do ingress alone first and see if that works
--> Just do egress alone and see if that works
---> do both.
--> dont use ipt - i dont trust it; the netfilter folks changed things
on me again. Pablo is helping me out resolving things.
cheers,
jamal
prev parent reply other threads:[~2006-06-27 13:21 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-06-26 10:48 Problem with redirecting traffic via ifb device Egor Duda
2006-06-27 13:21 ` jamal [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1151414485.6516.70.camel@jzny2 \
--to=hadi@cyberus.ca \
--cc=deo@corpit.ru \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).