In article <001c01bf8c6a$cd16aaa0$0c03a8c0@sulem> you wrote:
> I have just started playing around with QoS and am especially interested in u32.
>Please could someone suggest where I can find documenation on u32, or, explain how
>hashtables work and why they are used.
AFAIK there's no documentation in English for U32, which is sad because
it's really a great filter when you become familiar with it. Actually
it would be great to see U32 in firewalling code, where it would beat
ipchains and netfilter with no doubt ;) You can take a look at my
article [1] in Polish about QoS in Linux, which contains a quite complete
section on U32. There are some examples and table of parameters, that
I've digged out from the source code - at least these two can be useful
for you until I write new, English version of the article (which I've
been planning for some time). Of course, if you can't read Polish :)
Generally speaking, in simplest form U32 consists of rules, which in
turn consist of a pattern selector and an action. The selector specifies
IP packet properties to match and it can be used in two ways: as
a general selector and a specific one.
The latter can be e.g. 'match ip tos 0x10 0xff', so that you specify a
named part of IP header (TOS in this case), the pattern to match (0x1)
and match length (0xff, 8 bits which is exactly the length of TOS field).
The general selectors are even cooler but more difficult to set up
since you have to sit with a drawing of IP/TCP/UDP header and compute
offsets (unless of course you have them all in memory ;) The general
selector simply says what bytes to match at which offset of a header.
The above example with TOS can be written using a general selector and
it will be 'match u8 0x10 0xff at 1', which means 'match if the 8-bit
word at offset 1 bytes is 0x10).
All specific selectors are really translated to general ones, which
are internal format and which are displayed when you call 'tc show'.
There are also many more features in U32, like 'nexthdr' keyword
which makes U32 match specific values in upper-level protocol headers,
or building rule hash tables indexed by a value in IP packet (e.g.
protocol number). Action also can be simple marking the packet
for a specific class (flowid X:Y) or policing, which is a bit more
complex.
I don't understand all of U32 features yet, so if anyone would like to add
something, it would be very valuable. Hope the above helps a bit those
wanting to use U32, which is really a good idea, especially when you
have big rulesets.
[1] http://ceti.pl/~kravietz/cbq/
--
Pawel Krawczyk, CETI internet, Krakow. http://ceti.pl/~kravietz/
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
