Re: [LARTC] IMQ & iptables 1.2.9

[Andy Furniss]

Andy Furniss wrote:
Joan Fuster Monzó wrote:

Hi all, I found in http://trash.net/~kaber/imq/index.html#sources the
precompiled iptables shared libs for 1.2.6 & 1.2.5, but my version is
1.2.9 (in Debian Sid) and I don't know how to patch the .deb file. I
need the -j IMQ target... ¿What can I do?
Thanks!


There are some other patches and binaries here -

http://www.digriz.org.uk/jdg-qos-script/releases/binaries-031207.tar.bz2

This is a better link

http://www.digriz.org.uk/jdg-qos-script/releases/binaries-latest.tar.bz2

Andy.





___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] [ANNOUNCE] sch_dup - duplicate packet queue discipline [2.6]

[Catalin BOIE]

Hi!

> Where such thing can be used?
Mostly for testing applications and other stuff.
It's a little bit hard to wait to appear a duplicate so you can test that
your application works ok.

> and why you implemented such thing as sheduler, not iptables module?
Why iptables module?
Why do you think is better?

>
>
>
> > This is my first work for kernel, so please have mercy. :)
> >
> > OK, I like to announce sch_dup, a new queue discipline that, attached to a
> > class (or a device, as root) duplicate packets that pass. Yes, you can
> > control the frequency of duplicates.
> >
> > Example:
> > tc qdisc add dev eth0 root dup limit 100 gap 1
> > This means: create a pfifo queue and send packets with
> > a gap of 1 (0 = no dups) between duplicates:
> > gap=0: no duplication
> > gap=1: NDNDNDNDND
> > gap=2: NNDNNDNNDNNDNND
> > (N=not duplicated, D duplicated)
> >
> > Attached are 3 patches: 1 patch for net/sched dir, other
> > for include/linux/pkg_sched.h, and the last for iproute2.
> >
> > Any comments are appreciated.
> >
> > David, please include it in 2.6.
> > Alexey, please include the third patch in iproute2.
> >
> > Thank you!
> > ---
> > Catalin(ux aka Dino) BOIE
> > catab at deuroconsult.ro
> >
> >
>
> ___
> LARTC mailing list / [EMAIL PROTECTED]
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>

---
Catalin(ux aka Dino) BOIE
catab at deuroconsult.ro
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] noprioportsrc

[Richard]

On Monday 29 March 2004 11:15 pm, Damion de Soto wrote:

>I've fonud trying to make
> bittorrent behave itself is quite difficult.
> The 3 classes have rates specified as UPLINK, 9*$UPLINK/10 and 8*$UPLINK/10
> This means the sum of the 3 classes is greater than the parent.
> You may want to specify the rates as something lower that add up to UPLINK,
> and then specify the ceil value for each class.

I tried what you had suggested and I was able to get great pings while 
uploading using the script!

Now this is the really things get strange.  Without doing anything to my 
connection or with wondershaper, about after 1 hour of running the script 
(and having my bandwith limited to 50kb/s) something changes and I start 
uploading at my max again.

Why is this happening?
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] HTB and message 'RTNETLINK answers: Invalid argument'

[Patrick Spousta]

Andy Furniss wrote:

Sources for ESFQ patching I take from Debian sources 
(iproute_20010824.orig.tar.gz, iproute_20010824-8.diff.gz and 
iproute_20010824-8.dsc). I hope it sources are the same version as 
original (Debian binary) iproute package.

When I tried apply HTB3.6 patch to iproute sources I got message, that 
the patch is already used.

Do anybody know where is problem?


I don't know what the problem is but there is a binary tc with esqf 
patch on Alexander Clouters site

http://www.digriz.org.uk/jdg-qos-script/

http://www.digriz.org.uk/jdg-qos-script/releases/binaries-031207.tar.bz2
It helps me. Correct link is
http://www.digriz.org.uk/jdg-qos-script/releases/binaries-latest.tar.bz2
Thanks
Patrick
Andy.




___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] bridging shaper

[Jon Anderson]

Bart De Schuymer wrote:

There are no real differences, except that arptables doesn't see bridged

traffic, between the 2.4 bridge-nf/ebtables patch and the code in 2.6. So my 
guess is the problem isn't the bridge filtering code.
 

I don't doubt that the bridging code, and iptables/ebtables is nearly 
the same, but _something_ is different. (Kernel .config options, QoS 
code, 2.4/2.6 interface, aliens abducting sk_buff->nfmark, I dunno...) 
The same system booted with a 2.4 kernel and a 2.6 kernel behave 
differently. 2.6 was configured with similar options to 2.4. (make 
oldconfig -> Maybe there's a new option somewhere that I'm missing?)

As far as I can see, bridged traffic control on 2.4 works, 2.6 doesn't:

"tc -s class show dev eth0" on a 2.4 kernel shows packets being 
classified properly, whereas on 2.6, they are not classified properly.

I actually think iptables/ebtables is working properly; In 2.6, ebtables 
does indeed count the correct number of packets passing through each 
rule, and assuming that "-j mark" actually marks them, the only possibly 
answer would be that the tc stuff isn't catching those marks.

I'd be really happy to hear any suggestions or ideas, 'cause I'd really 
love to get 2.6 working! If there's _anything_ I can do that might help 
debug this stuff, I'd be glad to try.

Cheers,

jon
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] HTB and message 'RTNETLINK answers: Invalid argument'

[Andy Furniss]

Patrick Spousta wrote:
I wish to use HTB shapper with ESFQ scheduler per class. Kernel patched, 
compiled and reinstaled with all needed modules. Package iproute is also 
patched, compiled and this 'new' version is installed.

When I tried assign HTB as root qdisc with the 'new' tc I got message

[EMAIL PROTECTED]:/etc/init.d# tc qdisc add dev eth2 root handle 1: htb 
default 12
RTNETLINK answers: Invalid argument
[EMAIL PROTECTED]:/etc/init.d#

BUT when I do the same with original tc (I doesn't support ESFQ), 
everything is ok

[EMAIL PROTECTED]:/etc/init.d# /usr/local/sbin/tc qdisc add dev eth2 root 
handle 1: htb default 12
[EMAIL PROTECTED]:/etc/init.d#

Sources for ESFQ patching I take from Debian sources 
(iproute_20010824.orig.tar.gz, iproute_20010824-8.diff.gz and 
iproute_20010824-8.dsc). I hope it sources are the same version as 
original (Debian binary) iproute package.

When I tried apply HTB3.6 patch to iproute sources I got message, that 
the patch is already used.

Do anybody know where is problem?
I don't know what the problem is but there is a binary tc with esqf 
patch on Alexander Clouters site

http://www.digriz.org.uk/jdg-qos-script/

http://www.digriz.org.uk/jdg-qos-script/releases/binaries-031207.tar.bz2

Andy.

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] IMQ & iptables 1.2.9

[Andy Furniss]

Joan Fuster Monzó wrote:
Hi all, I found in http://trash.net/~kaber/imq/index.html#sources the
precompiled iptables shared libs for 1.2.6 & 1.2.5, but my version is
1.2.9 (in Debian Sid) and I don't know how to patch the .deb file. I
need the -j IMQ target... ¿What can I do?
Thanks!
There are some other patches and binaries here -

http://www.digriz.org.uk/jdg-qos-script/releases/binaries-031207.tar.bz2

Andy.

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] noprioportsrc

[Damion de Soto]

Hi Richard,
I've been trying to get wondershaper 1.1a to let me set NOPRIOPORTSRC, but I 
cannot get it to work properly.
This may be the same problem i discovered a while ago when I used the wondershaper as 
a base for my own rules.  I've fonud trying to make bittorrent behave itself is quite 
difficult.
The 3 classes have rates specified as UPLINK, 9*$UPLINK/10 and 8*$UPLINK/10
This means the sum of the 3 classes is greater than the parent.
You may want to specify the rates as something lower that add up to UPLINK, and then 
specify the ceil value for each class.

Am I doing something wrong?  On a side note, Is there an easy way to span 
ports instead of manually typing them all out (like 6881-6900)?
I use iptables to change the TOS bit of any packets in that range, then make a u32 
filter for those TOS bits.

regards,

--
~~~
Damion de Soto - Software Engineer  email: [EMAIL PROTECTED]
SnapGear - A CyberGuard Company ---ph: +61 7 3435 2809
 | Custom Embedded Solutions  fax: +61 7 3891 3630
 | and Security Appliancesweb: http://www.snapgear.com
~~~
 ---  Free Embedded Linux Distro at   http://www.snapgear.org  ---
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] RE: Re: IP Masquerade Issues

[RonSenykoff]

>teql can only be used if you control
both sides of the link.  There is a=20
>chapter in the lartc howto on load balancing that can help you.

I think you are referring to 4.2.2 where they refer to load balancing -
however that seems to be route based.  The setup I have - all three
machines
actually use the same gateway,  but the gateway will only allow a
certain
amount of traffic over any given interface, so several interfaces are used.

Thus every interface will give the same route - so won't I run into issues
by doing it this way?


My understading of this (I'm load balancing
across DSL and cable) is that what distinguishes a route is the interface
on the linux box that is chosen. The route (via what interface) is cached
based on destination ip. For each interface you can define the gateway
that it uses. I don't see this causing any problems for you at all. In
fact, in the load balancing configuration, when you create a weight of
2 for a given interface, it actually creates 2 routes out that interface
to include in the mix to choose from, so having multiple routes with similar
information should not cause any confusion.

HTH
-Ron

Re: [LARTC] New IMQ device implementation supporting device EOS

[Jiri Fojtasek]

Roy wrote:

>> >seems you  may be unable shape ingress then. what basicaly voids 
all imq
>> >purpose.
>> >
>>Iam not sure. Every packet comin in in to router must come out !!! So we
>>need only shape out trafics. Incoming trafics we cannot shape, only
>>police. We cannot change speed and rate of incoming packets !!! have
>>look at example includet in my IMQ. There i use the corret way to shape
>>incoming and outgoung traffic. BTW: I have writen a TODO 
>
>
>Here you are completely wrong what makes you think that you cant control
>incoming trafic?
>some wrong publication on internet?
>Almost everybody is doing this and you say not possible, doesnt your isp
>control how many packets you receive?

About what is trafics control ? And how can i control how much packet 
someone send for me ???  I can control how much can i send. Anything 
else is waste of time. EXCLUDE of application server where i want 
control traffic coming in to a specified port, eg sendmail etc. But 
combining router+traffic controler+application server in to one box is 
good idea ? No. Because of this its lower priority task for me. A quote 
from TODO:
* support for ingress queue ;)

>as I know main imq purpose was to control ingress.
Really ? Iam not sure. Have look in to first original IMQ device driver 
writen by Martin Devera:
http://luxik.cdi.cz/~devik/qos/imq.htm

>Ok, enough about this,
>I would like to know how stable is your driver, if it shapes localy
>generated trafic,
>since it was the main problem for imq all time.
>if it became stable I will implement your idea in my imq version too.
Its quite stable. I using it now on two busy routers in my production 
enviroment (avreage 20 NICs per router, average 70 users, 280 htb 
classes). Uptime is until kernel upgrade restart (week  ago). localy 
generated trafic is only DNS and ssh for managment and statistics 
collection (rrd graphs from Stef Coene, www.docum.org, but the data 
collections is done by ssh)  Setup scripts i usink like my example but 
with clasification of the intranet trafics (for this that much htb classes).

Thanks for the fedback.

Jiri

Zkontrolovane antivirusom ClamAv
Scanned by ClamAv - http://www.clamav.net
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] where is current home of iproute utils source?

[Stephen Hemminger]

Since Alexey's site:
ftp://ftp.inr.ac.ru/ip-routing/
doesn't have the source anymore, I picked it up from one of the mirrors
to start work.  But where is the current home?
If necessary, I could get OSDL to host it.


-- 
Stephen Hemminger   mailto:[EMAIL PROTECTED]
Open Source Development Lab http://developer.osdl.org/shemminger
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] bridging shaper

[Bart De Schuymer]

On Monday 29 March 2004 20:13, Jon Anderson wrote:
> With 2.4, it works without problems. I have a few machines running
> bridging firewalls with traffic control using 2.4. Works without issues.
>
> Any developers want to shed some light on why 2.6 doesn't seem to go?
> (Config options?)

There are no real differences, except that arptables doesn't see bridged 
traffic, between the 2.4 bridge-nf/ebtables patch and the code in 2.6. So my 
guess is the problem isn't the bridge filtering code.

cheers,
Bart

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] noprioportsrc

[Richard]

I've been trying to get wondershaper 1.1a to let me set NOPRIOPORTSRC, but I 
cannot get it to work properly.

If I leave NOPRIOPORTSRC blank, the uplink is limited to what I set it to.  
But if I put 

NOPRIOPORTSRC="80 6881 6882 6883 6884 6885 6886 6887 6888 6889 6890 6891 6892 
6893 6894 6895 6896 6897 6898 6899 6900"

to make my bitorrents and my http server not effect my traffic for gaming and 
other stuff, the traffic is no longer limited!  I have it set at 400uplink 
(on a 600kbps upload) and instead of it locking at ~400kbps upload like it 
does when I leave NOPRIOPORTSRC blank, it acts as if there is no traffic 
shaping on the line.

To make things more interesting, after running the wondershaper script 
(without anything in NOPRIOPORTSRC) I manually tried to issue the command:
tc filter add dev eth0 parent 1: protocol ip prio 15 u32 match ip sport 6881 
0x flowid 1:30
to try and make port 6881 have lower priority.  Before issuing this command, 
my upload remains a constant 50kb/s up, and once I hit enter, my upload jumps 
up as if the wondershaper is not even there.

Am I doing something wrong?  On a side note, Is there an easy way to span 
ports instead of manually typing them all out (like 6881-6900)?

Thanks for your time.
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] bridging shaper

[Jon Anderson]

Ryan Rothert wrote:

I dont really need to run 2.6, 2.4 would be fine, what version are you 
using? Did you compile it yourself? Did you have to apply any extra 
patches if you compiled it yourself?  
 

2.4.25+brnf-5 (Patch here: 
http://sourceforge.net/project/showfiles.php?group_id=39571 ) Yes, 
compiled myself - almost has to be.

If you look through the archive for earlier this month, possibly last 
(look for "bridge") there's a little more detail about it.

If you have any specific questions, I'd be glad to try and help if I can.

jon
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] New IMQ device implementation supporting device EOS

[Jiri Fojtasek]

Roy wrote:

>this is qute intersting, and it happens on every computer not only on 
bussy
>ones
>but in reality I dont see any need for that, because tcp itself should 
take
>care of this issue.
>
Right but you lost TCP interactivity and overloaded WiFi interface is 
painfull itself  !!!

>anyway this may solve some problems with crashes, because I suspect imq is
>unstable because of this problem.
>
Stability if any current implementations is issue by design. Simply 
something betwen netfilter and TCP/IP stack. I tried found it but my 
suceess was only more crashes.

>I looked at yor code and do not understand what it does, do you 
implemented
>that EOS for imq interface ifself?
>this is not logical, since imq is not interface, it is placeholder to 
attach
>shapers.
>Or you made that your imq takes packets from kernel ant transmits them by
>itself without returning to netfilter
>with  dev_queue_xmit(skb)
>this way you are very limited in what you are able to do because you can
>hook only on the last hook.
>
There is skb->imq_flags whis getting marked by netfilter to 
IMQ_F_ENQUEUE (part of flag is target IMQ network interface)
At "end of life in kernel" every packet coming into dev_queue_xmit. 
There also come our marked skb. When you have look at begin of the 
modified dev_queue_xmit
there is imq_flags decoder. When decoder hit our marked SKB its enqueued 
in to IMQ queue. Then we run qdisc dequeue (qdisc_run).
qdisc_run  function is a loop tat run qdisc restart until is queue 
empty, need to be schedulet (netif_schedule) or until is not set 
netif_queue_stopped atomic bit (bingo the trick is here). After dequeue 
in qdisc restart our skb passing hard_start_xmit function in IMQ driver. 
After some checkings is there stopped queue of the imq device 
(netif_queue_stopped), changet skb->imq_flags to IMQ_F_ENQUEUED and 
passed back to dev_queue_xmit. Now it will hit our real device, and at 
end of the qdisc_restart (after hard_start_xmit) is function that decode 
the skb->imq_flags and if is necesary wake_up the queue of our IMQ 
device (so we have perfect synchronization of the EOS). There is some 
protection to lock up the queue in imq_dev_xmit (imq.c). Also there are 
counted throtled skb by collision counter. I also use device watchdog to 
solve problem if skb stuck somewhere in  physical device queue and 
netif_wake_queue is not called in right time( its only protection "for 
sure" because this should happen and if this happen without protection 
behind this, whole imq should lockup and kill the trafics forewer)

>seems you  may be unable shape ingress then. what basicaly voids all imq
>purpose.
>
Iam not sure. Every packet comin in in to router must come out !!! So we 
need only shape out trafics. Incoming trafics we cannot shape, only 
police. We cannot change speed and rate of incoming packets !!! have 
look at example includet in my IMQ. There i use the corret way to shape 
incoming and outgoung traffic. BTW: I have writen a TODO 

>unfortunately you made your driver even more invasive than old one,
>it need to patch almost all kernel network system.
>
Yes its also angle of view :)  I was need to solve problem and i solve 
it. Everithing there is clear. IMHO Cannot be solved by more clear 
solution. ;)

Zkontrolovane antivirusom ClamAv
Scanned by ClamAv - http://www.clamav.net
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] bridging shaper

[Ryan Rothert]

On Mon, 29 Mar 2004, Jon Anderson wrote:

> Ryan Rothert wrote:
> 
> >Any thoughts as to why this doesnt seem to work on a bridge?  It does work 
> >if the box is setup to be a router. 
> >  
> >
> I have tried to do bridged traffic control with 2.6. It just doesn't 
> seem to work. u32 matches won't work, marking packets with 
> iptables/ebtables then trying to catch them with tc's fw match doesn't 
> work. Filters just won't catch anything in 2.6, and all traffic just 
> leaves through the default class. There are reports of people getting 
> this working, but no real details have emerged.
> 
> With 2.4, it works without problems. I have a few machines running 
> bridging firewalls with traffic control using 2.4. Works without issues.
> 
> Any developers want to shed some light on why 2.6 doesn't seem to go? 
> (Config options?)
> 
> jon
> 

Jon,

I dont really need to run 2.6, 2.4 would be fine, what version are you 
using? Did you compile it yourself? Did you have to apply any extra 
patches if you compiled it yourself?  

Thanks,
Ryan

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] [ANNOUNCE] sch_dup - duplicate packet queue discipline [2.6]

[Roy]

Where such thing can be used?
and why you implemented such thing as sheduler, not iptables module?



> This is my first work for kernel, so please have mercy. :)
>
> OK, I like to announce sch_dup, a new queue discipline that, attached to a
> class (or a device, as root) duplicate packets that pass. Yes, you can
> control the frequency of duplicates.
>
> Example:
> tc qdisc add dev eth0 root dup limit 100 gap 1
> This means: create a pfifo queue and send packets with
> a gap of 1 (0 = no dups) between duplicates:
> gap=0: no duplication
> gap=1: NDNDNDNDND
> gap=2: NNDNNDNNDNNDNND
> (N=not duplicated, D duplicated)
>
> Attached are 3 patches: 1 patch for net/sched dir, other
> for include/linux/pkg_sched.h, and the last for iproute2.
>
> Any comments are appreciated.
>
> David, please include it in 2.6.
> Alexey, please include the third patch in iproute2.
>
> Thank you!
> ---
> Catalin(ux aka Dino) BOIE
> catab at deuroconsult.ro
>
>

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] bridging shaper

[Jon Anderson]

Ryan Rothert wrote:

Any thoughts as to why this doesnt seem to work on a bridge?  It does work 
if the box is setup to be a router. 
 

I have tried to do bridged traffic control with 2.6. It just doesn't 
seem to work. u32 matches won't work, marking packets with 
iptables/ebtables then trying to catch them with tc's fw match doesn't 
work. Filters just won't catch anything in 2.6, and all traffic just 
leaves through the default class. There are reports of people getting 
this working, but no real details have emerged.

With 2.4, it works without problems. I have a few machines running 
bridging firewalls with traffic control using 2.4. Works without issues.

Any developers want to shed some light on why 2.6 doesn't seem to go? 
(Config options?)

jon
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] New IMQ device implementation supporting device EOS

[Jiri Fojtasek]

Hello Roy

Roy wrote:

>Hello,
>imq became realy popular now ;)
> 
>
Sure, same as whole GNU/Linux  :)

>It would be good ir you wrote what is that EOS to save time for some 
people
>on searches.
>
> 
>
EOS - End of Send. Its time betwen two dequeues and packet transmits
used by qdisc for calculation. Any of current IMQ implementations do not
use it, so the calculation by qdisc may not be correct, whish causing
filling physical device fifos without control. In devices with variable
speed (WiFi, Modems) it causes overload because the physisal trafics is
out of control. It happen only on busy boxes, like my routers where is
about 70 ppl at once. In a simply test enviroment this issue will never
happen.

>and it would be good if you posted source code directly (not inside of 
diff
>file)
>for review purposes
>
> 
>
The whole patch contain only few new files, all other are patches of the
original kernel files. BTW Midnight Comander 4.6.0 contain very nice
diff virtual filesystem, so you can browse .diff files like a tar archive.

>also you can look at my imq version, because it is much easer to develop
>since is independent from kernel.
>and does not need to patch it.
>http://pupa.da.ru/imq/
>
> 
>
I have play with with your version :) Having independet implementation
is nice idea. I play with that idea too but it was more dificult to have
stable solution in short time i need and with EOS support its quite
imposible ...

Jiri

Zkontrolovane antivirusom ClamAv
Scanned by ClamAv - http://www.clamav.net
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] bridging shaper

[Ryan Rothert]

Hello,

I have a transparent bridge/firewall setup using linux-2.6.3.  My iptables 
commands for the firewall seem to work fine, but my tc traffic shaper 
rules dont.   The tc rules seem to apply ok, but have no effect.

Here are my tc rules.  Basically im just trying to limit each IP in my 
internal /24 to 512k of bandwidth in and out.


DEV=eth0
tc qdisc del dev $DEV root
tc qdisc add dev $DEV root handle 1: cbq avpkt 1000 bandwidth 100mbit
tc class add dev $DEV parent 1: classid 1:1 cbq rate 512kbit allot 1500 prio 5 bounded 
isolated
tc filter add dev $DEV parent 1: protocol ip prio 16 u32 match ip dst 192.168.19.184 
flowid 1:1
tc filter add dev $DEV parent 1: protocol ip prio 16 u32 match ip src 192.168.19.184 
flowid 1:1
 

Any thoughts as to why this doesnt seem to work on a bridge?  It does work 
if the box is setup to be a router. 

Thanks,
Ryan 


___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] R2Q and more

[Roy]

- Original Message - 
From: "Mihai Vlad" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, March 29, 2004 9:55 AM
Subject: RE: [LARTC] R2Q and more


Thanks for your answers!

I played with some values and I might add something. Please tell me if I am
wrong.

Overruling the QUANTUM parameter in a LEAF class makes the RATE parameter
useless. From my opinion QUANTUM is the parameter that is the most relevant.


e.g. CLASS A - RATE 64kbit - QUANTUM 1500
CLASS B - RATE  8kbit - QUANTUM 3000

Class B gets twice the bandwidth that CLASS A receives. RATE is useless in
this case.

So you might establish some sort of a rule that the ratio of QUANTUMS equals
the ratio of the (real) RATEs of 2 LEAF CLASSES. BUT that is also wrong if
the ratio is bigger that 2-3.

e.g. CLASS A QUANTUM 1500
CLASS B QUANTUM 6000

You would expect CLASS B to get 4 times the bandwidth that CLASS A gets. But
in fact ... the Ratio is somewhere around 2.8-3.0. (These tests were made on
a 256 kilobit bandwidth).


I did not tested  this so precisely, but sounds strange that ratio is
limited to 3.





I agree that it is very important to set the RATE of the parent CLASS below
the value of the bandwidth. In my case - for a 256kbit bandwidth from my
ISP, 240kbit RATE works excellent

Mostly you must set ceil, to 240 , of course for root, rate=ceil anyway.



There is still a problem remained unsolved for me.
(My connection works excellent after 6.00 PM until 10.00 AM. During the day
my ISP establishes some '"'rules'"' in which the connection is shared among
some
clients.) You cannot tell the exact value of the bandwidth during the day.
It is very bursty. You might download with 240kbit for 1 minute and after
that the bandwidth might get to 64kbit, etc...

So I do not have a '"'standard'"' connection. Is it possible to split that
'"'bursty'"' bandwidth (as unpredictable as it is) among my friends in my
LAN?
I use esfq. Is there a way that HTB can auto-sense the parameters of the
bandwidth and reconfigure itself? I know that sounds real funny, but for me
it would be a dream to have such a traffic shaper. I do not have enough
money to buy a straight 256kbit connection :(
>>>
htb cant sense anything, I made some atempts to do something about that, but
results are not very good.
without limiting trafic to 90% of your maximum it is not possible to do
anything.
because of the way how all network works.
so you need to measure your link capacity somehow.
also it would ne nice to know the rules that your isp use to divide trafic

I am working on such software which will mesure trafic and queue length at
your isp according to ping times.
( I recently bought 2 times more trafic, and now do not need it so much as
before
Now I mostly care about latency, I need to make ping lower that 200ms at all
times even under full load)
I did not made it available for public right now, because it is only start
of developnemt

Unfortunately this consumes some trafic and responds slowly, but looks
better that nothing.

If you have very low speed, the you will need to do very carefull traffic
prioritization.
As I noticed it is realy hard to control speed of about 1kbyte/s  which is
nearly equal to quantum per sek


also I wrote alternative tc tutorial, which you can find on my page
http://pupa.da.ru/imq/


___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] New IMQ device implementation supporting device EOS

[Jiri Fojtasek]

Hello All

Its first time i posting to this mail list :). I have done something 
(maybe) important. I write new IMQ device driver based from Martin 
Devera and Patrick McHardy implementation with device EOS support. My 
current implementation supporting only egress trafic shaping and kernel 
2.4.25. For more details, source and examples have look at my page 
http://hyperfighter.jinak.cz/qos

Ill apreticate your feedback :)

Jiri

Zkontrolovane antivirusom ClamAv
Scanned by ClamAv - http://www.clamav.net
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] [ANNOUNCE] sch_dup - duplicate packet queue discipline [2.6]

[Catalin BOIE]

Hello!

This is my first work for kernel, so please have mercy. :)

OK, I like to announce sch_dup, a new queue discipline that, attached to a
class (or a device, as root) duplicate packets that pass. Yes, you can
control the frequency of duplicates.

Example:
tc qdisc add dev eth0 root dup limit 100 gap 1
This means: create a pfifo queue and send packets with
a gap of 1 (0 = no dups) between duplicates:
gap=0: no duplication
gap=1: NDNDNDNDND
gap=2: NNDNNDNNDNNDNND
(N=not duplicated, D duplicated)

Attached are 3 patches: 1 patch for net/sched dir, other
for include/linux/pkg_sched.h, and the last for iproute2.

Any comments are appreciated.

David, please include it in 2.6.
Alexey, please include the third patch in iproute2.

Thank you!
---
Catalin(ux aka Dino) BOIE
catab at deuroconsult.rodiff -x '*.mod.c' -x '*.cmd' -x '*.o' -x '*.ko' --new-file -upr 
linux-2.6.5-rc2-orig/net/sched/Kconfig linux-2.6.5-rc2/net/sched/Kconfig
--- linux-2.6.5-rc2-orig/net/sched/Kconfig  2004-03-22 10:16:28.0 +0200
+++ linux-2.6.5-rc2/net/sched/Kconfig   2004-03-29 12:08:28.0 +0300
@@ -175,6 +175,16 @@ config NET_SCH_DELAY
  To compile this driver as a module, choose M here: the module
  will be called sch_delay.
 
+config NET_SCH_DUP
+   tristate "Duplicate simulator"
+   depends on NET_SCHED
+   help
+ Say Y if you want to simulate duplicate packets.
+ This is intended mainly for testing.
+
+ To compile this driver as a module, choose M here: the module
+ will be called sch_dup.
+
 config NET_SCH_INGRESS
tristate "Ingress Qdisc"
depends on NET_SCHED && NETFILTER
diff -x '*.mod.c' -x '*.cmd' -x '*.o' -x '*.ko' --new-file -upr 
linux-2.6.5-rc2-orig/net/sched/Makefile linux-2.6.5-rc2/net/sched/Makefile
--- linux-2.6.5-rc2-orig/net/sched/Makefile 2004-03-22 10:16:28.0 +0200
+++ linux-2.6.5-rc2/net/sched/Makefile  2004-03-29 12:08:40.0 +0300
@@ -23,6 +23,7 @@ obj-$(CONFIG_NET_SCH_TEQL)+= sch_teql.o
 obj-$(CONFIG_NET_SCH_PRIO) += sch_prio.o
 obj-$(CONFIG_NET_SCH_ATM)  += sch_atm.o
 obj-$(CONFIG_NET_SCH_DELAY)+= sch_delay.o
+obj-$(CONFIG_NET_SCH_DELAY)+= sch_dup.o
 obj-$(CONFIG_NET_CLS_U32)  += cls_u32.o
 obj-$(CONFIG_NET_CLS_ROUTE4)   += cls_route.o
 obj-$(CONFIG_NET_CLS_FW)   += cls_fw.o
diff -x '*.mod.c' -x '*.cmd' -x '*.o' -x '*.ko' --new-file -upr 
linux-2.6.5-rc2-orig/net/sched/sch_dup.c linux-2.6.5-rc2/net/sched/sch_dup.c
--- linux-2.6.5-rc2-orig/net/sched/sch_dup.c1970-01-01 02:00:00.0 +0200
+++ linux-2.6.5-rc2/net/sched/sch_dup.c 2004-03-29 12:59:42.0 +0300
@@ -0,0 +1,228 @@
+/*
+ * net/sched/sch_dup.c Duplicate packet scheduler routines.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ *
+ * Authors:Catalin(ux aka Dino) BOIE, 
+ */
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#include 
+#include 
+
+#include 
+#include 
+#include 
+
+#define MODULE_NAME "dup v0.1"
+#if 0
+#define DPRINTK(format,args...)printk(KERN_DEBUG MODULE_NAME ": " format, 
##args)
+#else
+#define DPRINTK(format,args...)
+#endif
+
+/* global variables */
+
+/* qdisc internal data */
+struct dup_sched_data {
+   __u32 limit;/* in packets */
+   __u32 gap;  /* gap + 1 between duplicate packets */
+   /* 0 = disable */
+   /* 1 = dup every packet */
+   /* 2 = 1 normal, one duplicated */
+   __u32 counter;
+};
+
+static int dup_init(struct Qdisc *sch, struct rtattr *opt)
+{
+   struct dup_sched_data *q = (struct dup_sched_data *)sch->data;
+
+   q->counter = 0;
+
+   if (!opt) {
+   q->limit = sch->dev->tx_queue_len;
+   q->gap = 0;
+   } else {
+   struct tc_dup_qopt *ctl = RTA_DATA(opt);
+
+   if (opt->rta_len < RTA_LENGTH(sizeof(*ctl)))
+   return -EINVAL;
+
+   q->limit = ctl->limit > 0 ? ctl->limit : 100;
+   q->gap = ctl->gap;
+   }
+
+   return 0;
+}
+
+static int dup_enqueue(struct sk_buff *skb, struct Qdisc *sch)
+{
+   struct dup_sched_data *q = (struct dup_sched_data *)sch->data;
+
+   /* increment counter */
+   q->counter++;
+
+   DPRINTK("enqueue: len=%d Q%X:%X gap=%d counter=%d\n",
+   skb->len, sch->handle >> 16, sch->handle & 0x,
+   q->gap, q->counter);
+
+   /* normal send */
+   if (sch->q.qlen < q->limit) {
+   struct sk_buff *clone;
+
+   __skb_queue_tail(&sch->q, skb);
+   sch->stats.bytes +

Re: [LARTC] IMQ & iptables 1.2.9

[Roy]

go to www.linuximq.net at first,
this is newer than that forgoten page

or you can use my imq version from http://pupa.da.ru/imq
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] Suggestion required on CBQ !!!!!!

[Sandeep Agarwal]

Dear Sir,

I have downloaded & configured the CBQ as per the doc available on the net.
Please suggest after reading following, whether I have done it in correct way or
still more class to be required to restrict on the given speed?

Thanking you,
Sandeep Agarwal
-
-
Scenario: Restrict Server, Comp1 & Comp2 on given speed.
--256kbps---|eth0(203.145.134.112/255.255.255.252)
 |eth1(Server room) 56kbps (203.145.134.120/255.255.255.248)
 |eth2(Company1) 80kbps (203.145.134.116/255.255.255.252)
   &
(192.168.100.0/255.255.255.0)
 |eth3(Company2) 120kbps(192.168.200.0/255.255.255.0)

Procedure Follow: On RHL 9.0 with Kernel 2.4.20-8 on i686

I have download the CBQ from net, rename & copy it into /etc/rc.d/init.d.
Also make the symlink in rc*.d as per the instruction.
Also make the directory in etc/sysconfig/cbq

Now in this directory, I have put following files.

1. cbq-1280.All-Speed
   DEVICE=eth0,100Mbit,10Mbit
   RATE=128Kbit
  WEIGHT=10Kbit
  PRIO=2
  RULE=203.145.134.121/29
  RULE=192.168.100.0/24
  RULE=192.168.200.0/24

2. cbq-0560.Backbone-Server
 DEVICE=eth1,100Mbit,10Mbit
 RATE=25Kbit
 WEIGHT=3Kbit
 PRIO=5
 PARENT=1280
 RULE=203.145.134.121/29

3. cbq-0800.Backbone-Comp1
DEVICE=eth2,100Mbit,10Mbit
RATE=39Kbit
WEIGHT=4Kbit
PRIO=5
PARENT=1280
RULE=192.168.100.0/24

4. cbq-1200.Backbone-Comp2
 DEVICE=eth3,100Mbit,10Mbit
 RATE=64Kbit
 WEIGHT=7Kbit
 PRIO=2
 PARENT=1280
 RULE=192.168.200.0/24

Than
# service cbq.init start
-
--

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] R2Q and more

[Stef Coene]

On Monday 29 March 2004 01:44, Roy wrote:
> > > Q2. What happens if the SUM of all the clients' class RATE
> (+
> > the
> >
> > > default class RATE) is bigger than 256kbit? Will HTB
>
> work
>
> > correctly?
> > Yes.
> > 
> > This is incorrect:
> > of course it will work more or less, but nearly same as without
>
> any shaping
> It will work more then you think.  On the short term, traffic can be bursty
> for the different classes, but each one will belimited to 8kbit.  But on
> the long term, each class will get the same share of bandwidth.
> --
> basicaly this may work if difference is not big,
There is one thing I learned: each setup and problem requires a different 
aproaches.  Sometimes, you can shape without being the bottlenek, sometimes 
you can"t.

> but it was not working for me, I was trying to set rate 8kbit for everyone,
> since the sum of rates was 3 times biger than parent ceil, trafic was
> divided in unpredictable way.
> then  I set rate to 1 kbit and everything worked well filling syslog by
> warnings that quantum is too small.
>
> logicaly this should not work because htb guarantee the rate amount trafic,
> so what if there is not so much available?
I 'm afraid the answer depends also on the client.  The client that pushes the 
most, will get the most.

> I'm not sure but, isn't quanum only used for leaf classes?  So the quantum
> of
> parent classes doesn't mather ?
> -
> You may be right, since I did not checked source code for this, but
> logicaly quantum is very significant part
> and shoud work everywhere, I suppose quantum is about same as cburst, but
> even more significant,
> sems  it is only way to divide bandwitch between classes with some
> proportion.
Quantum is only used if each child class is sending the configured rate and 
the parent class has some bandwidth left.  So if sum (rate of child classes) 
= parent rate, quantum is never used.  The class with the lowest prio will 
get the remaining bandwidth, so the configured rate is the minimum rate of a 
class.

> -
> I found strange limitation, if class have leafs, then I cant attach sfq to
> it.
You can, but it will never be used.

> where will go unclasified packets from that class? Into root's default?
In previous versions, it hangs your system.  I think the packets are send in 
the :0 class, this is a passthru class.

Stef

-- 
[EMAIL PROTECTED]
 "Using Linux as bandwidth manager"
     http://www.docum.org/
     #lartc @ irc.openprojects.net
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/