Re: TC Protocols was RE: [LARTC] RE: IFB setup was no subject

[Andy Furniss]

Leigh Sharpe wrote:
 
Try protocol 8021q or whatever its number is - 


Thanks Andy, this did the trick. And now for the next question.

802.1q is protocol number 0x8100. Therefore my filter lines look like this:

Tc filter add dev eth3 parent : protocol 0x8100 prio 10 u32 match u32 0 0 
flowid 1:1 action mirred egress redirect dev ifb0

What is the u32 matching on? Is it matching on IP headers, or is it matching on 
the protocol specified, ie the VLAN header?



It's the ethertype protocol number in ethernet frames - you can also 
match it with a u32 offset of -2.



For my particular application, I need to decide which IFB to redirect to based 
on combinations of both VLAN ID and IP src/dst addresses. Can I specify matches 
for the VLAN ID here? If so, I would presume that I can then use an Iptables 
mark to filter on, with that mark based on IP address? (ebtables can't match 
the IP address of a tagged packet, unfortunately.) Otherwise, I'm going to have 
to mark the packets with a VLAN ID using ebtables and then another mark from 
Iptables based on src/dst IP address. What a sodding nightmare.


I've never used ebtables - I also haven't played with xtables yet - 
infact I've barely touched my PC since xmas and am not up on what's 
changed yet.


If you plan on marking with tc actions you'll need to be lucky with 
kernel versions - maybe it's OK now, I need to get upto date.


I think to match vlan tags/ips you will have workout u32 
offsets/masks/hex matches etc tcpdump -e and test alot - Ouch.


Looks like Patrick McHardy is in the process of changing all the qdiscs 
to use hi res timers - cool I'll have to try that aswell.


Andy.

___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

TC Protocols was RE: [LARTC] RE: IFB setup was no subject

[Leigh Sharpe]

 
>Try protocol 8021q or whatever its number is - 

Thanks Andy, this did the trick. And now for the next question.

802.1q is protocol number 0x8100. Therefore my filter lines look like this:

Tc filter add dev eth3 parent : protocol 0x8100 prio 10 u32 match u32 0 0 
flowid 1:1 action mirred egress redirect dev ifb0

What is the u32 matching on? Is it matching on IP headers, or is it matching on 
the protocol specified, ie the VLAN header?

For my particular application, I need to decide which IFB to redirect to based 
on combinations of both VLAN ID and IP src/dst addresses. Can I specify matches 
for the VLAN ID here? If so, I would presume that I can then use an Iptables 
mark to filter on, with that mark based on IP address? (ebtables can't match 
the IP address of a tagged packet, unfortunately.) Otherwise, I'm going to have 
to mark the packets with a VLAN ID using ebtables and then another mark from 
Iptables based on src/dst IP address. What a sodding nightmare.

Regards,
 Leigh
 
Leigh Sharpe
Network Systems Engineer
Pacific Wireless
Ph +61 3 9584 8966
Mob 0408 009 502
Helpdesk 1300 300 616
email [EMAIL PROTECTED]
web www.pacificwireless.com.au

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
Sent: Thursday, March 29, 2007 12:33 PM
To: Leigh Sharpe
Cc: lartc
Subject: Re: [LARTC] RE: IFB setup was no subject

Leigh Sharpe wrote:

> Seems that the example I gave actually works, but not the way I'm using it.
> I am bridging VLAN tagged packets,

Try protocol 8021q or whatever its number is - if there are other 
protocol filters you will need a different prio or you will get an error.




but for some reason they are not being subjected to the rate limit. If I 
pass normal, untagged packets through this setup, it behaves as 
expected. However, once I put tagged packets through the bridge, it 
fails to shape traffic.
>  I don't want to have to use VLAN sub-interfaces, because the VLAN code 
> strips the 802.1q tag from packets before they can be examined, which causes 
> me problems in other areas.

Are these wireless customers?

I've never shaped wireless - do you get alot of extra loss from link 
layer, what's the bandwidth, single duplex or is it round robin type?

I wonder if htb tweaked/untweaked/hfsc/policers could be better than cbq 
- you may be able to get things better for link latyer, tcpdumps will 
show you how bursty things are for users.

Andy.

___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc