tc filter show not displaying anything

public inbox for netdev@vger.kernel.org
 help / color / mirror / Atom feed

* tc filter show not displaying anything
@ 2011-12-16  4:48 John A. Sullivan III
  2011-12-16  5:00 ` John Fastabend
  2011-12-16  5:17 ` Eric Dumazet
  0 siblings, 2 replies; 7+ messages in thread
From: John A. Sullivan III @ 2011-12-16  4:48 UTC (permalink / raw)
  To: netdev

Hello, all.  I'm starting to feel really stupid and showing my newbidity
to tc.  I do a:
tc filter show dev eth1
and nothing is displayed but I suspect the filter is there because if I
try to add it again, the kernel complains with:
RTNETLINK answers: File exists
We have an error talking to the kernel

Here is what I have put together so far (disregard the silly ports - it
is just for netcat testing):

tc qdisc add dev eth1 root handle 1: hfsc default 20
tc class add dev eth1 parent 1: classid 1:1 hfsc sc rate 1490kbit ul rate 1490kbit
tc class add dev eth1 parent 1:1 classid 1:20 hfsc rt rate 800kbit ls rate 200kbit
tc qdisc add dev eth1 parent 1:20 handle 1201 sfq perturb 10
tc class add dev eth1 parent 1:1 classid 1:10 hfsc rt umax 16000kbit dmax 13ms rate 400kbit ls rate 1000kbit
tc qdisc add dev eth1 parent 1:10 handle 1101 sfq perturb 10
iptables -t mangle -A POSTROUTING  -p 6 --syn --dport 443 -j CONNMARK --set-mark 0x10
iptables -t mangle -A POSTROUTING  -p 6 -j CONNMARK --restore-mark

I then did:

root@testswitch01:~# tc filter add dev eth1 parent 1:1 protocol ip prio 1 handle 0x10 fw flowid 1:10
root@testswitch01:~# tc filter show dev eth1
root@testswitch01:~# tc filter show parent 1:1

What simple, practical thing did I mangle? Thanks - John

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: tc filter show not displaying anything
  2011-12-16  4:48 tc filter show not displaying anything John A. Sullivan III
@ 2011-12-16  5:00 ` John Fastabend
  2011-12-16  5:33   ` John A. Sullivan III
  2011-12-16  5:17 ` Eric Dumazet
  1 sibling, 1 reply; 7+ messages in thread
From: John Fastabend @ 2011-12-16  5:00 UTC (permalink / raw)
  To: John A. Sullivan III; +Cc: netdev@vger.kernel.org

On 12/15/2011 8:48 PM, John A. Sullivan III wrote:
> Hello, all.  I'm starting to feel really stupid and showing my newbidity
> to tc.  I do a:
> tc filter show dev eth1
> and nothing is displayed but I suspect the filter is there because if I
> try to add it again, the kernel complains with:
> RTNETLINK answers: File exists
> We have an error talking to the kernel
> 
> Here is what I have put together so far (disregard the silly ports - it
> is just for netcat testing):
> 
> tc qdisc add dev eth1 root handle 1: hfsc default 20
> tc class add dev eth1 parent 1: classid 1:1 hfsc sc rate 1490kbit ul rate 1490kbit
> tc class add dev eth1 parent 1:1 classid 1:20 hfsc rt rate 800kbit ls rate 200kbit
> tc qdisc add dev eth1 parent 1:20 handle 1201 sfq perturb 10
> tc class add dev eth1 parent 1:1 classid 1:10 hfsc rt umax 16000kbit dmax 13ms rate 400kbit ls rate 1000kbit
> tc qdisc add dev eth1 parent 1:10 handle 1101 sfq perturb 10
> iptables -t mangle -A POSTROUTING  -p 6 --syn --dport 443 -j CONNMARK --set-mark 0x10
> iptables -t mangle -A POSTROUTING  -p 6 -j CONNMARK --restore-mark
> 
> I then did:
> 
> root@testswitch01:~# tc filter add dev eth1 parent 1:1 protocol ip prio 1 handle 0x10 fw flowid 1:10
> root@testswitch01:~# tc filter show dev eth1
> root@testswitch01:~# tc filter show parent 1:1
> 
> What simple, practical thing did I mangle? Thanks - John
> 

#tc filter show dev eth1 parent 1:1

works here.

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: tc filter show not displaying anything
  2011-12-16  4:48 tc filter show not displaying anything John A. Sullivan III
  2011-12-16  5:00 ` John Fastabend
@ 2011-12-16  5:17 ` Eric Dumazet
  2011-12-16  5:39   ` John A. Sullivan III
  1 sibling, 1 reply; 7+ messages in thread
From: Eric Dumazet @ 2011-12-16  5:17 UTC (permalink / raw)
  To: John A. Sullivan III; +Cc: netdev

Le jeudi 15 décembre 2011 à 23:48 -0500, John A. Sullivan III a écrit :
> Hello, all.  I'm starting to feel really stupid and showing my newbidity
> to tc.  I do a:
> tc filter show dev eth1
> and nothing is displayed but I suspect the filter is there because if I
> try to add it again, the kernel complains with:
> RTNETLINK answers: File exists
> We have an error talking to the kernel
> 
> Here is what I have put together so far (disregard the silly ports - it
> is just for netcat testing):
> 
> tc qdisc add dev eth1 root handle 1: hfsc default 20
> tc class add dev eth1 parent 1: classid 1:1 hfsc sc rate 1490kbit ul rate 1490kbit
> tc class add dev eth1 parent 1:1 classid 1:20 hfsc rt rate 800kbit ls rate 200kbit
> tc qdisc add dev eth1 parent 1:20 handle 1201 sfq perturb 10
> tc class add dev eth1 parent 1:1 classid 1:10 hfsc rt umax 16000kbit dmax 13ms rate 400kbit ls rate 1000kbit
> tc qdisc add dev eth1 parent 1:10 handle 1101 sfq perturb 10
> iptables -t mangle -A POSTROUTING  -p 6 --syn --dport 443 -j CONNMARK --set-mark 0x10
> iptables -t mangle -A POSTROUTING  -p 6 -j CONNMARK --restore-mark
> 
> I then did:
> 
> root@testswitch01:~# tc filter add dev eth1 parent 1:1 protocol ip prio 1 handle 0x10 fw flowid 1:10
> root@testswitch01:~# tc filter show dev eth1
> root@testswitch01:~# tc filter show parent 1:1
> 
> What simple, practical thing did I mangle? Thanks - John

Minor point (since John already replied) :  "sfq perturb 10" means you
risk out or order packets perturbation every 10 seconds. This can really
hurt TCP sessions.

Maybe we should "fix" this problem for good in SFQ.

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: tc filter show not displaying anything
  2011-12-16  5:00 ` John Fastabend
@ 2011-12-16  5:33   ` John A. Sullivan III
  0 siblings, 0 replies; 7+ messages in thread
From: John A. Sullivan III @ 2011-12-16  5:33 UTC (permalink / raw)
  To: John Fastabend; +Cc: netdev@vger.kernel.org

On Thu, 2011-12-15 at 21:00 -0800, John Fastabend wrote:
> On 12/15/2011 8:48 PM, John A. Sullivan III wrote:
> > Hello, all.  I'm starting to feel really stupid and showing my newbidity
> > to tc.  I do a:
> > tc filter show dev eth1
> > and nothing is displayed but I suspect the filter is there because if I
> > try to add it again, the kernel complains with:
> > RTNETLINK answers: File exists
> > We have an error talking to the kernel
> > 
> > Here is what I have put together so far (disregard the silly ports - it
> > is just for netcat testing):
> > 
> > tc qdisc add dev eth1 root handle 1: hfsc default 20
> > tc class add dev eth1 parent 1: classid 1:1 hfsc sc rate 1490kbit ul rate 1490kbit
> > tc class add dev eth1 parent 1:1 classid 1:20 hfsc rt rate 800kbit ls rate 200kbit
> > tc qdisc add dev eth1 parent 1:20 handle 1201 sfq perturb 10
> > tc class add dev eth1 parent 1:1 classid 1:10 hfsc rt umax 16000kbit dmax 13ms rate 400kbit ls rate 1000kbit
> > tc qdisc add dev eth1 parent 1:10 handle 1101 sfq perturb 10
> > iptables -t mangle -A POSTROUTING  -p 6 --syn --dport 443 -j CONNMARK --set-mark 0x10
> > iptables -t mangle -A POSTROUTING  -p 6 -j CONNMARK --restore-mark
> > 
> > I then did:
> > 
> > root@testswitch01:~# tc filter add dev eth1 parent 1:1 protocol ip prio 1 handle 0x10 fw flowid 1:10
> > root@testswitch01:~# tc filter show dev eth1
> > root@testswitch01:~# tc filter show parent 1:1
> > 
> > What simple, practical thing did I mangle? Thanks - John
> > 
> 
> #tc filter show dev eth1 parent 1:1
> 
> works here.
Argh!! Thanks - worked just fine - John

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: tc filter show not displaying anything
  2011-12-16  5:17 ` Eric Dumazet
@ 2011-12-16  5:39   ` John A. Sullivan III
  2011-12-16  5:42     ` Eric Dumazet
  0 siblings, 1 reply; 7+ messages in thread
From: John A. Sullivan III @ 2011-12-16  5:39 UTC (permalink / raw)
  To: Eric Dumazet; +Cc: netdev

On Fri, 2011-12-16 at 06:17 +0100, Eric Dumazet wrote:
> Le jeudi 15 décembre 2011 à 23:48 -0500, John A. Sullivan III a écrit :
> > Hello, all.  I'm starting to feel really stupid and showing my newbidity
> > to tc.  I do a:
> > tc filter show dev eth1
> > and nothing is displayed but I suspect the filter is there because if I
> > try to add it again, the kernel complains with:
> > RTNETLINK answers: File exists
> > We have an error talking to the kernel
> > 
> > Here is what I have put together so far (disregard the silly ports - it
> > is just for netcat testing):
> > 
> > tc qdisc add dev eth1 root handle 1: hfsc default 20
> > tc class add dev eth1 parent 1: classid 1:1 hfsc sc rate 1490kbit ul rate 1490kbit
> > tc class add dev eth1 parent 1:1 classid 1:20 hfsc rt rate 800kbit ls rate 200kbit
> > tc qdisc add dev eth1 parent 1:20 handle 1201 sfq perturb 10
> > tc class add dev eth1 parent 1:1 classid 1:10 hfsc rt umax 16000kbit dmax 13ms rate 400kbit ls rate 1000kbit
> > tc qdisc add dev eth1 parent 1:10 handle 1101 sfq perturb 10
> > iptables -t mangle -A POSTROUTING  -p 6 --syn --dport 443 -j CONNMARK --set-mark 0x10
> > iptables -t mangle -A POSTROUTING  -p 6 -j CONNMARK --restore-mark
> > 
> > I then did:
> > 
> > root@testswitch01:~# tc filter add dev eth1 parent 1:1 protocol ip prio 1 handle 0x10 fw flowid 1:10
> > root@testswitch01:~# tc filter show dev eth1
> > root@testswitch01:~# tc filter show parent 1:1
> > 
> > What simple, practical thing did I mangle? Thanks - John
> 
> Minor point (since John already replied) :  "sfq perturb 10" means you
> risk out or order packets perturbation every 10 seconds. This can really
> hurt TCP sessions.
> 
> Maybe we should "fix" this problem for good in SFQ.
> 
> 
> 
Ouch! That was right out of the book so to speak.  Thanks for pointing
it out - now I see it is right in the man page.  Is best practice to not
perturb and live with the potentially unbalanced queues or just to set
it even higher? Thanks - John

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: tc filter show not displaying anything
  2011-12-16  5:39   ` John A. Sullivan III
@ 2011-12-16  5:42     ` Eric Dumazet
  2011-12-16 19:06       ` John A. Sullivan III
  0 siblings, 1 reply; 7+ messages in thread
From: Eric Dumazet @ 2011-12-16  5:42 UTC (permalink / raw)
  To: John A. Sullivan III; +Cc: netdev

Le vendredi 16 décembre 2011 à 00:39 -0500, John A. Sullivan III a
écrit :

> Ouch! That was right out of the book so to speak.  Thanks for pointing
> it out - now I see it is right in the man page.  Is best practice to not
> perturb and live with the potentially unbalanced queues or just to set
> it even higher? Thanks - John
> 

I'll fix this today, because rehashing up to 128 packets is not that
expensive.

In the meantime, just use a higher timer (say 60 seconds), and if your
kernel is recent enough, use a higher 'divisor' value (default 1024, can
be up to 65536) to lower risk of hash collisions.

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: tc filter show not displaying anything
  2011-12-16  5:42     ` Eric Dumazet
@ 2011-12-16 19:06       ` John A. Sullivan III
  0 siblings, 0 replies; 7+ messages in thread
From: John A. Sullivan III @ 2011-12-16 19:06 UTC (permalink / raw)
  To: Eric Dumazet; +Cc: netdev

On Fri, 2011-12-16 at 06:42 +0100, Eric Dumazet wrote:
> Le vendredi 16 décembre 2011 à 00:39 -0500, John A. Sullivan III a
> écrit :
> 
> > Ouch! That was right out of the book so to speak.  Thanks for pointing
> > it out - now I see it is right in the man page.  Is best practice to not
> > perturb and live with the potentially unbalanced queues or just to set
> > it even higher? Thanks - John
> > 
> 
> I'll fix this today, because rehashing up to 128 packets is not that
> expensive.
> 
> In the meantime, just use a higher timer (say 60 seconds), and if your
> kernel is recent enough, use a higher 'divisor' value (default 1024, can
> be up to 65536) to lower risk of hash collisions.
<snip>
Thanks.  Alas, no divisor parameter in Debian Squeeze:
sfq [ limit NUMBER ] [ perturb SECS ] [ quantum BYTES ]

^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2011-12-16 19:06 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-12-16  4:48 tc filter show not displaying anything John A. Sullivan III
2011-12-16  5:00 ` John Fastabend
2011-12-16  5:33   ` John A. Sullivan III
2011-12-16  5:17 ` Eric Dumazet
2011-12-16  5:39   ` John A. Sullivan III
2011-12-16  5:42     ` Eric Dumazet
2011-12-16 19:06       ` John A. Sullivan III

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox