* Outbound IPIP Tunnel Packets not shaped/policed
@ 2004-10-25 12:24 Javier Szyszlican
0 siblings, 0 replies; 5+ messages in thread
From: Javier Szyszlican @ 2004-10-25 12:24 UTC (permalink / raw)
To: netdev
Hi,
I've a gateway host (cali), connected to the Internet via ADSL and a PPTP tunnel
(ppp0). I also have a IPIP tunnel to another host over the Internet (mytun),
nothing fancy.
This is working perfectly.
But I want to give more priority to the IPIP packets coming OUT of the PPP (PPTP
connection) interface. And I can't get this to work.
Class 2:21 is the one with high priority.
FILTERS:
filter parent 2: protocol ip pref 1 fw
filter parent 2: protocol ip pref 1 fw handle 0x1 classid 2:21
CLASS Stats:
class htb 2:21 parent 2:1 prio 1 rate 96Kbit ceil 128Kbit burst 1721b cburst 1762b
Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
lended: 0 borrowed: 0 giants: 0
tokens: 218962 ctokens: 168131
As you can see no packets have gone out of this class.
IPTABLES RULES (mangle table):
Chain OUTPUT (policy ACCEPT 794K packets, 111M bytes)
pkts bytes target prot opt in out source destination
4984 377K mark.4 4 -- * * 0.0.0.0/0 0.0.0.0/0
Chain mark.4 (1 references)
pkts bytes target prot opt in out source destination
4984 377K MARK all -- * * 0.0.0.0/0 0.0.0.0/0
MARK set 0x1
But you can see that iptables is marking the packets correctly (the counters
were reset at the same time).
So, I'm guessing that the IPIP packets generated by the kernel, are not going
into the packet scheduling routines/functions.
If someone can point me to the place where this should be occurring, it will be
great.
I'm using Kernel 2.6.9 (2.6.8 did the same thing).
Thanks.
Javier
--
-=-=-=-=-=-=-=-=-
Javier Szyszlican
javier@^^^^^.com
^ permalink raw reply [flat|nested] 5+ messages in thread
* Outbound IPIP Tunnel Packets not shaped/policed
@ 2004-11-03 23:36 Javier Szyszlican
2004-11-04 0:40 ` Thomas Graf
0 siblings, 1 reply; 5+ messages in thread
From: Javier Szyszlican @ 2004-11-03 23:36 UTC (permalink / raw)
To: netdev
Hi,
I've a gateway host (cali), connected to the Internet via ADSL and a PPTP tunnel
(ppp0). I also have a IPIP tunnel to another host over the Internet (mytun).
I want to give more priority to the IPIP packets coming OUT of the PPP (PPTP
connection) interface. And I can't get this to work.
Class 2:21 is the one with high priority.
FILTERS:
filter parent 2: protocol ip pref 1 fw
filter parent 2: protocol ip pref 1 fw handle 0x1 classid 2:21
CLASS Stats:
class htb 2:21 parent 2:1 prio 1 rate 96Kbit ceil 128Kbit burst 1721b cburst 1762b
Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
lended: 0 borrowed: 0 giants: 0
tokens: 218962 ctokens: 168131
As you can see no packets have gone out of this class.
IPTABLES RULES (mangle table):
Chain OUTPUT (policy ACCEPT 794K packets, 111M bytes)
pkts bytes target prot opt in out source destination
4984 377K mark.4 4 -- * * 0.0.0.0/0 0.0.0.0/0
Chain mark.4 (1 references)
pkts bytes target prot opt in out source destination
4984 377K MARK all -- * * 0.0.0.0/0 0.0.0.0/0
MARK set 0x1
But you can see that iptables is marking the packets correctly (the counters
were reset at the same time).
So, I'm guessing that the IPIP packets generated by the kernel, are not going
into the packet scheduling routines/functions.
If someone can point me to the place where this should be occurring, it will be
great.
I'm using Kernel 2.6.9 (2.6.8 did the same thing).
Thanks.
Javier
--
-=-=-=-=-=-=-=-=-
Javier Szyszlican
javier@^^^^^.com
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Outbound IPIP Tunnel Packets not shaped/policed
2004-11-03 23:36 Outbound IPIP Tunnel Packets not shaped/policed Javier Szyszlican
@ 2004-11-04 0:40 ` Thomas Graf
2004-11-04 0:55 ` Javier Szyszlican
2004-11-08 12:48 ` Javier Szyszlican
0 siblings, 2 replies; 5+ messages in thread
From: Thomas Graf @ 2004-11-04 0:40 UTC (permalink / raw)
To: Javier Szyszlican; +Cc: netdev
* Javier Szyszlican <cmbpre$7qr$1@sea.gmane.org> 2004-11-03 20:36
> filter parent 2: protocol ip pref 1 fw
> filter parent 2: protocol ip pref 1 fw handle 0x1 classid 2:21
>
> Chain OUTPUT (policy ACCEPT 794K packets, 111M bytes)
> pkts bytes target prot opt in out source
> destination
> 4984 377K mark.4 4 -- * * 0.0.0.0/0
> 0.0.0.0/0
>
> Chain mark.4 (1 references)
> pkts bytes target prot opt in out source
> destination
> 4984 377K MARK all -- * * 0.0.0.0/0
> 0.0.0.0/0 MARK set 0x1
Is this on the same device? I have such a setup in my test suite
and it works fine with the latest bk snapshot. Can you show me
the actual commands you execute?
> So, I'm guessing that the IPIP packets generated by the kernel, are not
> going into the packet scheduling routines/functions.
They surely are.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Outbound IPIP Tunnel Packets not shaped/policed
2004-11-04 0:40 ` Thomas Graf
@ 2004-11-04 0:55 ` Javier Szyszlican
2004-11-08 12:48 ` Javier Szyszlican
1 sibling, 0 replies; 5+ messages in thread
From: Javier Szyszlican @ 2004-11-04 0:55 UTC (permalink / raw)
To: netdev; +Cc: netdev
Thomas,
The commands are (Generated via firehol)
Iptables:
-A FORWARD -p 4 -j mark.4
-A OUTPUT -p ipencap -j mark.5
-A mark.4 -j MARK --set-mark 0x1
-A mark.5 -j MARK --set-mark 0x1
And in TC:
tc qdisc add dev ppp0 root handle 2:0 htb default 22
tc class add dev ppp0 parent 2:0 classid 2:1 htb rate 128kbit ceil 128kbit
tc class add dev ppp0 parent 2:1 classid 2:22 htb rate 32kbit ceil 128kbit prio 10
tc class add dev ppp0 parent 2:1 classid 2:21 htb rate 96kbit ceil 128kbit prio 1
tc filter add dev ppp0 protocol ip parent 2:0 prio 1 handle 1 fw flowid 2:21
What do you mean by "same device", all this is on my gateway host, that has the
pptp connection (ppp0) and over that the IPIP tunnel.
If the IPIP packets geneated by kernel are going to the shaping functions, how
is that I don't see them in my tc -s ?
Thanks you very much for helping me.
Javier
Thomas Graf wrote:
> * Javier Szyszlican <cmbpre$7qr$1@sea.gmane.org> 2004-11-03 20:36
>
>>filter parent 2: protocol ip pref 1 fw
>>filter parent 2: protocol ip pref 1 fw handle 0x1 classid 2:21
>>
>>Chain OUTPUT (policy ACCEPT 794K packets, 111M bytes)
>> pkts bytes target prot opt in out source
>> destination
>> 4984 377K mark.4 4 -- * * 0.0.0.0/0
>> 0.0.0.0/0
>>
>>Chain mark.4 (1 references)
>> pkts bytes target prot opt in out source
>> destination
>> 4984 377K MARK all -- * * 0.0.0.0/0
>> 0.0.0.0/0 MARK set 0x1
>
>
> Is this on the same device? I have such a setup in my test suite
> and it works fine with the latest bk snapshot. Can you show me
> the actual commands you execute?
>
>
>>So, I'm guessing that the IPIP packets generated by the kernel, are not
>>going into the packet scheduling routines/functions.
>
>
> They surely are.
>
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Outbound IPIP Tunnel Packets not shaped/policed
2004-11-04 0:40 ` Thomas Graf
2004-11-04 0:55 ` Javier Szyszlican
@ 2004-11-08 12:48 ` Javier Szyszlican
1 sibling, 0 replies; 5+ messages in thread
From: Javier Szyszlican @ 2004-11-08 12:48 UTC (permalink / raw)
To: netdev; +Cc: netdev
Thomas,
Thanks for helping me. I can't seem to figure this out.
The commands are (Generated via firehol)
Iptables:
-A FORWARD -p 4 -j mark.4
-A OUTPUT -p 4 -j mark.5
-A mark.4 -j MARK --set-mark 0x1
-A mark.5 -j MARK --set-mark 0x1
And in TC:
tc qdisc add dev ppp0 root handle 2:0 htb default 22
tc class add dev ppp0 parent 2:0 classid 2:1 htb rate 128kbit ceil 128kbit
tc class add dev ppp0 parent 2:1 classid 2:22 htb rate 32kbit ceil 128kbit prio 10
tc class add dev ppp0 parent 2:1 classid 2:21 htb rate 96kbit ceil 128kbit prio 1
tc filter add dev ppp0 protocol ip parent 2:0 prio 1 handle 1 fw flowid 2:21
What do you mean by "same device", all this is on my gateway host, that has the
pptp connection (ppp0) and over that the IPIP tunnel.
If the IPIP packets geneated by kernel are going to the shaping functions, how
is that I don't see them in my tc -s ?
Thanks you very much for helping me.
Javier
Thomas Graf wrote:
> * Javier Szyszlican <cmbpre$7qr$1@sea.gmane.org> 2004-11-03 20:36
>
>>filter parent 2: protocol ip pref 1 fw
>>filter parent 2: protocol ip pref 1 fw handle 0x1 classid 2:21
>>
>>Chain OUTPUT (policy ACCEPT 794K packets, 111M bytes)
>> pkts bytes target prot opt in out source
>> destination
>> 4984 377K mark.4 4 -- * * 0.0.0.0/0
>> 0.0.0.0/0
>>
>>Chain mark.4 (1 references)
>> pkts bytes target prot opt in out source
>> destination
>> 4984 377K MARK all -- * * 0.0.0.0/0
>> 0.0.0.0/0 MARK set 0x1
>
>
> Is this on the same device? I have such a setup in my test suite
> and it works fine with the latest bk snapshot. Can you show me
> the actual commands you execute?
>
>
>>So, I'm guessing that the IPIP packets generated by the kernel, are not
>>going into the packet scheduling routines/functions.
>
>
> They surely are.
>
>
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2004-11-08 12:48 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-11-03 23:36 Outbound IPIP Tunnel Packets not shaped/policed Javier Szyszlican
2004-11-04 0:40 ` Thomas Graf
2004-11-04 0:55 ` Javier Szyszlican
2004-11-08 12:48 ` Javier Szyszlican
-- strict thread matches above, loose matches on Subject: below --
2004-10-25 12:24 Javier Szyszlican
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).