[LARTC] couldn't get available bandwith

2003-10-12 Thread Miguel A. Novo 
Hello all.

We have three tunnels over the internet between our central gateway and
some branch office gateway.

Each gateway has eth0 on its LAN an eth1 on the internet. We use DSL lines
and eth1's have the internet IP directly attached on it. Each gateway, also,
acts as iptables NAT gateway.

The outgoing bandwith is 300 kbit, and we tried this (i.e.) on each tunnel:

tc qdisc add dev tun2 handle 1:0 root dsmark indices 4 default_index 0
tc qdisc add dev tun2 handle 2:0 parent 1:0 htb
tc class add dev tun2 parent 2:0 classid 2:1 htb rate 4000bps ceil 4000bps
tc class add dev tun2 parent 2:1 classid 2:2 htb rate 250bps ceil 1000bps
tc qdisc add dev tun2 handle 3:0 parent 2:2 sfq
tc class add dev tun2 parent 2:1 classid 2:3 htb rate 250bps ceil 3500bps
tc qdisc add dev tun2 handle 4:0 parent 2:3 sfq
tc class add dev tun2 parent 2:1 classid 2:4 htb rate 3250bps ceil 4000bps
tc qdisc add dev tun2 handle 5:0 parent 2:4 sfq
tc filter add dev tun2 parent 2:0 protocol all prio 1 tcindex mask 0x3 shift
0
tc filter add dev tun2 parent 2:0 protocol all prio 1 handle 3 tcindex
classid 2:4
tc filter add dev tun2 parent 2:0 protocol all prio 1 handle 2 tcindex
classid 2:3
tc filter add dev tun2 parent 2:0 protocol all prio 1 handle 1 tcindex
classid 2:2
tc filter add dev tun2 parent 1:0 protocol all prio 1 handle 1:0:0 u32
divisor 1
tc filter add dev tun2 parent 1:0 protocol all prio 1 u32 match u8 0x6 0xff
at 9 offset at 0 mask 0f00 shift 6 eat link 1:0:0
tc filter add dev tun2 parent 1:0 protocol all prio 1 handle 1:0:1 u32 ht
1:0:0 match u16 0x16 0x at 0 classid 1:1
tc filter add dev tun2 parent 1:0 protocol all prio 1 handle 2:0:0 u32
divisor 1
tc filter add dev tun2 parent 1:0 protocol all prio 1 u32 match u8 0x6 0xff
at 9 offset at 0 mask 0f00 shift 6 eat link 2:0:0
tc filter add dev tun2 parent 1:0 protocol all prio 1 handle 2:0:1 u32 ht
2:0:0 match u16 0x19 0x at 2 classid 1:2
tc filter add dev tun2 parent 1:0 protocol all prio 1 u32 match u32 0x0 0x0
at 0 classid 1:3


We try classify SSH and SMTP and limit it to 2 kbytes/sec. It could get more
bandwith if available. Other traffics must get more bandwith in all
cirscumstances.


Also, tc -s says:

tc -s -d class show dev tun2
class htb 2:1 root rate 4000bps ceil 4000bps burst 1639b/8 mpu 0b cburst
1639b/8 mpu 0b level 7
 Sent 1671352 bytes 2143 pkts (dropped 0, overlimits 0)
 lended: 937 borrowed: 0 giants: 0
 tokens: 319488 ctokens: 319488

class htb 2:2 parent 2:1 leaf 3: prio 0 quantum 1000 rate 250bps ceil
1000bps burst 1601b/8 mpu 0b cburst 1609b/8 mpu 0b level 0
 Sent 73221 bytes 99 pkts (dropped 0, overlimits 0)
 lended: 52 borrowed: 47 giants: 0
 tokens: -4594059 ctokens: 1132136

class htb 2:3 parent 2:1 leaf 4: prio 0 quantum 1000 rate 250bps ceil
3500bps burst 1601b/8 mpu 0b cburst 1634b/8 mpu 0b level 0
 Sent 1227729 bytes 857 pkts (dropped 0, overlimits 0)
 lended: 70 borrowed: 787 giants: 0
 tokens: -265392 ctokens: 360214

class htb 2:4 parent 2:1 leaf 5: prio 0 quantum 1000 rate 3250bps ceil
4000bps burst 1631b/8 mpu 0b cburst 1639b/8 mpu 0b level 0
 Sent 370402 bytes 1187 pkts (dropped 0, overlimits 0)
 lended: 1084 borrowed: 103 giants: 0
 tokens: 391201 ctokens: 319488

AND

tc -s -d qdisc show dev tun2
qdisc sfq 5: quantum 1450b limit 128p flows 128/1024
 Sent 370402 bytes 1187 pkts (dropped 0, overlimits 0)

qdisc sfq 4: quantum 1450b limit 128p flows 128/1024
 Sent 1227729 bytes 857 pkts (dropped 0, overlimits 0)

qdisc sfq 3: quantum 1450b limit 128p flows 128/1024
 Sent 73221 bytes 99 pkts (dropped 0, overlimits 0)

qdisc htb 2: r2q 10 default 0 direct_packets_stat 0 ver 3.7
 Sent 1671352 bytes 2143 pkts (dropped 0, overlimits 2823)

qdisc dsmark 1: indices 0x0004 default_index 0x
 Sent 1671352 bytes 2143 pkts (dropped 0, overlimits 0)


but if we send big emails, when it passes trough tun2, and in absebce of
other traffic, it only gets about 45 kbit/sec. Apparently, SMTP gets
bandwith limitation, but it doesn't get available bandwith.

Any light on it?

--Miguel

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] Timeout problem !

2003-10-12 Thread Lasse B. Jensen 

Hey all

I have 5 adsl lines and have the following setup

INTERNET

ADSL lines 192.168.1.1-5

| | | | |
-
 switch
-
|
-
  eth1
linux nat box
  eth0
-
|
-
   LAN

Right now i do the following, which are working correctly:

I mark incoming packets via mark in iptables, connection are marked 1-5

Then i via 5 ip route tables adsl1-5 in each of them i specify the gateway 
(one of the adsl lines 192.168.1.1-5)

This all works correctly.

However i would like to have all adsllines i on multipath. i have tried:

Marking all traffic with mark 1

ip route table adsl1

ip route add table adsl1 default equalize proto static nexthop via 
192.168.1.1 dev eth1 nexthop via 192.168.1.2 dev eth1 nexthop via 
192.168.1.3 dev eth1 nexthop via 192.168.1.4 dev eth1 nexthop via 
192.168.1.5 dev eth1

I have applied the patches to the kernel from 
http://www.ssi.bg/~ja/#routes

I have a ping-operation in the background as descripted in the 
dgd-usage.txt

All traffic now is now sent via on of the adsl lines, everything seems to 
work, but  Programs from the lan-computer seems to timeout, i have 
tried quite some thing but nothing seems to work! Please help ;)

LBJ
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] htb v3 not as good as htb v2?

2003-10-12 Thread Wilfried Weissmann 
Anton Yurchenko wrote:
Hello,

I`ve been using htb v2 for more then a year without any major problems. 
Recently I needed to upgrade to newer kernel becouse of non LARTC 
related issues. After installing 2.4.22 when the htb qdisc was attached 
to the interface even without any rules, I was not able to send more 
~1mbit through the interface. After I reversed the htb3 patch and 
rebuild with htb2 everything works as normal. Has anyone experienced the 
same issue? thanks

check your burst and quantum settings. maybe they are too low.

bye,
wilfried
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

PATCH : [Re: [Fwd: [LARTC] broadcast over gre tunnel?]]

2003-10-12 Thread Damion de Soto 
Hi Guys,

Here is our patch to allow broadcast packets over a GRE tunnel.
Hopefully it might be accepted into the source someday.
You need to enabled bridging and GRE tunnels in your kernel.  No other
options are required.  The gre patch determines what type of protocol
type to put in the GRE header based on the whether the packet is
forwarded from a bridge or not.
To use the patch:

# Create your GRE tunnel
ip tunnel add gre1 mode gre remote 10.4.4.1 local 10.4.4.2
ifconfig gre1 up
# Bring the ethernet device up
ifconfig eth1 up
#create the bridge and add the devices:
brctl addbr br0
brctl addif br0 gre1
brctl addif br0 eth1
ifconfig br0 10.4.1.1 netmask 255.255.255.0 broadcast 10.4.1.255

regards

--
~~~
Damion de Soto - Software Engineer  email: [EMAIL PROTECTED]
SnapGear ---   ph: +61 7 3435 2809
 | Custom Embedded Solutions  fax: +61 7 3891 3630
 | and Security Appliancesweb: http://www.snapgear.com
~~~
 ---  Free Embedded Linux Distro at   http://www.snapgear.org  ---
diff -ru linux-2.4.22/include/linux/if_tunnel.h linux-2.4.22.patched/include/linux/if_tunnel.h
--- linux-2.4.22/include/linux/if_tunnel.h	Mon Dec  1 08:00:38 1997
+++ linux-2.4.22.patched/include/linux/if_tunnel.h	Wed Oct  8 15:26:00 2003
@@ -15,6 +15,8 @@
 #define GRE_FLAGS	__constant_htons(0x00F8)
 #define GRE_VERSION	__constant_htons(0x0007)
 
+#define GRE_P_ETH_BR	__constant_htons(0x6558)
+
 struct ip_tunnel_parm
 {
 	char			name[IFNAMSIZ];
diff -ru linux-2.4.22/net/bridge/br_if.c linux-2.4.22.patched/net/bridge/br_if.c
--- linux-2.4.22/net/bridge/br_if.c	Mon Aug 25 21:44:44 2003
+++ linux-2.4.22.patched/net/bridge/br_if.c	Wed Oct  8 14:45:46 2003
@@ -226,8 +226,10 @@
 	if (dev-br_port != NULL)
 		return -EBUSY;
 
+#if 0
 	if (dev-flags  IFF_LOOPBACK || dev-type != ARPHRD_ETHER)
 		return -EINVAL;
+#endif
 
 	if (dev-hard_start_xmit == br_dev_xmit)
 		return -ELOOP;
diff -ru linux-2.4.22/net/ipv4/ip_gre.c linux-2.4.22.patched/net/ipv4/ip_gre.c
--- linux-2.4.22/net/ipv4/ip_gre.c	Mon Aug 25 21:44:44 2003
+++ linux-2.4.22.patched/net/ipv4/ip_gre.c	Wed Oct  8 14:45:46 2003
@@ -18,6 +18,7 @@
 #include asm/uaccess.h
 #include linux/skbuff.h
 #include linux/netdevice.h
+#include linux/etherdevice.h
 #include linux/in.h
 #include linux/tcp.h
 #include linux/udp.h
@@ -119,6 +120,14 @@
 
 static int ipgre_fb_tunnel_init(struct net_device *dev);
 
+
+/*
+ * we need a special function to be able to be able to pull the ethernet
+ * buffer out.  It is nearly the same as the eth_type_trans structure except
+ * the header size is adjusted.
+ */
+unsigned short gre_eth_type_trans(struct sk_buff *skb, struct net_device *dev);
+
 static struct net_device ipgre_fb_tunnel_dev = {
 	gre0, 0x0, 0x0, 0x0, 0x0, 0, 0, 0, 0, 0, NULL, ipgre_fb_tunnel_init,
 };
@@ -566,6 +575,7 @@
 	u32seqno = 0;
 	struct ip_tunnel *tunnel;
 	intoffset = 4;
+	unsigned short 	proto;
 
 	if (!pskb_may_pull(skb, 16))
 		goto drop_nolock;
@@ -573,6 +583,7 @@
 	iph = skb-nh.iph;
 	h = skb-data;
 	flags = *(u16*)h;
+	proto = *(u16*)(h+2);
 
 	if (flags(GRE_CSUM|GRE_KEY|GRE_ROUTING|GRE_SEQ|GRE_VERSION)) {
 		/* - Version must be 0.
@@ -606,23 +617,6 @@
 
 	read_lock(ipgre_lock);
 	if ((tunnel = ipgre_tunnel_lookup(iph-saddr, iph-daddr, key)) != NULL) {
-		skb-mac.raw = skb-nh.raw;
-		skb-nh.raw = __pskb_pull(skb, offset);
-		memset((IPCB(skb)-opt), 0, sizeof(struct ip_options));
-		if (skb-ip_summed == CHECKSUM_HW)
-			skb-csum = csum_sub(skb-csum,
-	 csum_partial(skb-mac.raw, skb-nh.raw-skb-mac.raw, 0));
-		skb-protocol = *(u16*)(h + 2);
-		skb-pkt_type = PACKET_HOST;
-#ifdef CONFIG_NET_IPGRE_BROADCAST
-		if (MULTICAST(iph-daddr)) {
-			/* Looped back packet, drop it! */
-			if (((struct rtable*)skb-dst)-key.iif == 0)
-goto drop;
-			tunnel-stat.multicast++;
-			skb-pkt_type = PACKET_BROADCAST;
-		}
-#endif
 
 		if (((flagsGRE_CSUM)  csum) ||
 		(!(flagsGRE_CSUM)  tunnel-parms.i_flagsGRE_CSUM)) {
@@ -639,6 +633,70 @@
 			}
 			tunnel-i_seqno = seqno + 1;
 		}
+
+		if (proto == GRE_P_ETH_BR) {
+			struct sk_buff *skb2;
+
+			/* Pull off the offset. */
+			skb-mac.raw = __pskb_pull(skb, offset);
+//#define OLD_WAY
+#ifndef OLD_WAY
+			/* ensure it is linear so we can simply copy the data out */
+			skb_linearize(skb, GFP_ATOMIC);
+
+			skb2 = dev_alloc_skb(skb-len+2);
+			if (!skb2) {
+printk(KERN_ERR Memory squeeze.\n);
+goto drop;
+			}
+
+			skb2-dev = tunnel-dev;
+
+			/* Packet allignment apparently.  */
+			skb_reserve(skb2, 2);
+
+			/* copy data and then set length */
+			memcpy(skb2-data, skb-data, skb-len);
+			skb_put(skb2, skb-len);
+
+			/* setup protocol */
+			skb2-protocol = gre_eth_type_trans(skb2, tunnel-dev);
+
+			/* update counters */
+			tunnel-stat.rx_packets++;
+			tunnel-stat.rx_bytes += skb-len;
+
+#ifdef CONFIG_NETFILTER
+

Re: [LARTC] 10Mbit on HTB

2003-10-12 Thread Catalin BOIE 
On Sat, 11 Oct 2003, Kristiadi Himawan wrote:

 I want to try to shape 20-30Mbps traffic using HTB.
 It's possible? Anyone already try this?

Yes. It's working very good.
You may want to use hashes if you have a lot of filters.


 Thanks.


---
Catalin(ux) BOIE
[EMAIL PROTECTED]
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/