Bandwidth Management - By MAC Address

Bandwidth Management - By MAC Address

[Eric Estes]

I'm hoping someone could shed some light on this.

I'm trying to throttle a specific MAC Address to 200Kbits but it only
seems to work for outgoing traffic. Can anyone see anything wrong with
the code below?

/sbin/tc qdisc add dev eth1 handle 1: root htb default 1
/sbin/iptables -t mangle -N ms-all
/sbin/iptables -t mangle -N ms-all-chains
/sbin/iptables -t mangle -N ms-prerouting
/sbin/iptables -t mangle -A PREROUTING -j ms-prerouting
/sbin/iptables -t mangle -A ms-prerouting -j CONNMARK --restore-mark
/sbin/iptables -t mangle -A ms-prerouting -m physdev --physdev-in eth0
-j ms-all
/sbin/iptables -t mangle -A POSTROUTING -m physdev --physdev-out eth1 -j
ms-all-chains
/sbin/tc class add dev eth1 parent 1: classid 1:1 htb rate 15888Kbit
/sbin/tc filter add dev eth1 parent 1:0 protocol all u32 match u32 0 0
classid 1:1
######### Incoming Rules
######### chain 0019.b96c.57e1
/sbin/tc class add dev eth1 parent 1:1 classid 1:11 htb rate 200Kbit
prio 5 quantum 1532
/sbin/iptables -t mangle -N ms-chain-eth1-1:11
/sbin/iptables -t mangle -A ms-all-chains -m connmark --mark 0x78512774
-j ms-chain-eth1-1:11
/sbin/iptables -t mangle -A ms-all -m physdev --physdev-in eth0 -m mac
--mac-source 00:19:b9:6c:57:e1 -j MARK --set-mark 0x78512774
/sbin/iptables -t mangle -A ms-all -m physdev --physdev-in eth0 -m mac
--mac-source 00:19:b9:6c:57:e1 -j RETURN
######### generating pipes for 0019.b96c.57e1
/sbin/tc class add dev eth1 parent 1:11 classid 1:199 htb rate 200Kbit
prio 5 quantum 1532
/sbin/tc qdisc add dev eth1 handle 199: parent 1:199 sfq
/sbin/iptables -t mangle -A ms-chain-eth1-1:11 -j CLASSIFY --set-class
1:199
/sbin/iptables -t mangle -A ms-chain-eth1-1:11 -j RETURN
######### chain 10.3.162.0/24
/sbin/tc class add dev eth1 parent 1:1 classid 1:21 htb rate 1000Kbit
prio 2 quantum 1532
/sbin/iptables -t mangle -N ms-chain-eth1-1:21
/sbin/iptables -t mangle -A ms-all-chains -m connmark --mark 0x537c74b1
-j ms-chain-eth1-1:21
/sbin/iptables -t mangle -A ms-all -m physdev --physdev-in eth0 -d
10.3.162.0/24 -j MARK --set-mark 0x537c74b1
/sbin/iptables -t mangle -A ms-all -m physdev --physdev-in eth0 -d
10.3.162.0/24 -j RETURN
######### generating pipes for 10.3.162.0/24
/sbin/tc class add dev eth1 parent 1:21 classid 1:299 htb rate 1000Kbit
prio 2 quantum 1532
/sbin/tc qdisc add dev eth1 handle 299: parent 1:299 sfq
/sbin/iptables -t mangle -A ms-chain-eth1-1:21 -j CLASSIFY --set-class
1:299
/sbin/iptables -t mangle -A ms-chain-eth1-1:21 -j RETURN



/sbin/tc qdisc add dev eth0 handle 1: root htb default 1
/sbin/iptables -t mangle -A ms-prerouting -m physdev --physdev-in eth1
-j ms-all
/sbin/iptables -t mangle -A POSTROUTING -m physdev --physdev-out eth0 -j
ms-all-chains
/sbin/tc class add dev eth0 parent 1: classid 1:1 htb rate 5320Kbit
/sbin/tc filter add dev eth0 parent 1:0 protocol all u32 match u32 0 0
classid 1:1
######### Outgoing Rules
######### chain 0019.b96c.57e1
/sbin/tc class add dev eth0 parent 1:1 classid 1:11 htb rate 200Kbit
prio 5 quantum 1532
/sbin/iptables -t mangle -N ms-chain-eth0-1:11
/sbin/iptables -t mangle -A ms-all-chains -m connmark --mark 0xc0ed4017
-j ms-chain-eth0-1:11
/sbin/iptables -t mangle -A ms-all -m physdev --physdev-in eth1 -m mac
--mac-source 00:19:b9:6c:57:e1 -j MARK --set-mark 0xc0ed4017
/sbin/iptables -t mangle -A ms-all -m physdev --physdev-in eth1 -m mac
--mac-source 00:19:b9:6c:57:e1 -j RETURN
######### generating pipes for 0019.b96c.57e1
/sbin/tc class add dev eth0 parent 1:11 classid 1:199 htb rate 200Kbit
prio 5 quantum 1532
/sbin/tc qdisc add dev eth0 handle 199: parent 1:199 sfq
/sbin/iptables -t mangle -A ms-chain-eth0-1:11 -j CLASSIFY --set-class
1:199
/sbin/iptables -t mangle -A ms-chain-eth0-1:11 -j RETURN
######### chain 10.3.162.0/24
/sbin/tc class add dev eth0 parent 1:1 classid 1:21 htb rate 1000Kbit
prio 2 quantum 1532
/sbin/iptables -t mangle -N ms-chain-eth0-1:21
/sbin/iptables -t mangle -A ms-all-chains -m connmark --mark 0xebc013d6
-j ms-chain-eth0-1:21
/sbin/iptables -t mangle -A ms-all -m physdev --physdev-in eth1 -s
10.3.162.0/24 -j MARK --set-mark 0xebc013d6
/sbin/iptables -t mangle -A ms-all -m physdev --physdev-in eth1 -s
10.3.162.0/24 -j RETURN
######### generating pipes for 10.3.162.0/24
/sbin/tc class add dev eth0 parent 1:21 classid 1:299 htb rate 1000Kbit
prio 2 quantum 1532
/sbin/tc qdisc add dev eth0 handle 299: parent 1:299 sfq
/sbin/iptables -t mangle -A ms-chain-eth0-1:21 -j CLASSIFY --set-class
1:299
/sbin/iptables -t mangle -A ms-chain-eth0-1:21 -j RETURN
/sbin/iptables -t mangle -A ms-prerouting -j CONNMARK --save-mark



Thank You,
Eric

Re: Bandwidth Management - By MAC Address

[Michele Petrazzo - Unipex srl]

Eric Estes wrote:
> I'm hoping someone could shed some light on this.
> 
> I'm trying to throttle a specific MAC Address to 200Kbits but it only
> seems to work for outgoing traffic. Can anyone see anything wrong with
> the code below?
> 

At first sight, you make a mistake here:

> /sbin/tc qdisc add dev eth1 handle 1: root htb default 1
> /sbin/tc qdisc add dev eth0 handle 1: root htb default 1

You have to add two differents handle for the incoming and outgoing data.

/sbin/tc qdisc add dev $OUT_IF handle 5: root htb default 5
/sbin/tc qdisc add dev $IN_IF handle 1: root htb default 5

/sbin/tc class add dev $OUT_IF parent 5: classid 5:1 htb rate 5320Kbit
/sbin/tc class add dev $OUT_IF parent 5: classid 5:5 htb rate 100Kbit
/sbin/tc class add dev $OUT_IF parent 5:1 classid 5:11 htb rate 200Kbit

/sbin/tc class add dev $IN_IF parent 1: classid 1:1 htb rate 5320Kbit
/sbin/tc class add dev $IN_IF parent 1: classid 1:5 htb rate 100Kbit
/sbin/tc class add dev $IN_IF parent 1:1 classid 1:11 htb rate 200Kbit

iptables -t mangle -F FORWARD -m mac --mac-source -o $OUT_IF -j CLASSIFY 
--set-class 5:11
iptables -t mangle -F FORWARD -d $PC_IP -i $IN_IF -j CLASSIFY 
--set-class 1:11

P.s. For incoming traffic you can't base your rules on the mac. See 
iptables(8)

Hope this help,
Michele