[LARTC] Help:how to generate different packets?souce code explanation?
Hi,All I setup traffic control configuration with HTB this way: 1: root HTB qdisc | 1:1 HTB class rate 1024kbit | /-+-+-+--+-\ 1:10 1:20 1:30 1:40 1:501:60 EFAF41 AF31 AF21 AF11 BE and alloct different bandwidth to these PHBs(queues).So which tool would I use to generate these packets at the same to for testing?Thank you! Another question:I am studying sch_htb.c,but it's so tough for to understand,especially htb_dequeue().Would anyone please supply some adivse? Thank you very much! Best regards. swcims [EMAIL PROTECTED] 2004-06-18
Re: [LARTC] How to limit per tcp session ?
On Fri, 18 Jun 2004, Andy Furniss wrote: > How many concurrent tcp connections per page depends on the browser and > server settings - both tweakable, so you would get different speeds > depending on site/browser combination. > > Why do you need to do per tcp? There may be a better way to solve your > problem. > > Andy. My reason is not web traffic; it's citrix. I know that each user will have one port open between their computer and the server. I want what he's wanting (rate limiting per session) for that. I think that he wants something similar (since he mentioned interest as an ASP), but he was just using an easier to visualize example. Bill -- "The tax which will be paid for the purpose of education is not more than the thousandth part of what will be paid to kings, priests and nobles who will rise up among us if we leave the people in ignorance." -- Thomas Jefferson ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Linux vs. Windows XP routing latency
[EMAIL PROTECTED] wrote: Hello, I have a problem with the latency of the packets passing a Linux router, and I thought perhaps you could put some light on it. It's quite simple. I have one ADSL connection, and a LAN. The gateway is the Linux machine or a Windows XP machine. When the wXP is routing, for a host inside the LAN, the latency of, for example, the Counter Strike game to a given server is around 20 to 30 ms. When the Linux box is routing, the latency of the same game to same server increases to 60 to 80 ms. Even pinging that server's IP you can see the same difference. This is a hard blow for me, I'm a Linux fan, and I thought Linux was going to perform better than Windows. For testing I have disabled firewall, bandwidth limiting, everything except NAT, which is done by masquerading. Also tried SNAT, same result. I'm using the 2.4.22 kernel. Is the dsl modem ethernet - if it is I would consider asking the maintainer of the driver for your card. Details in the kernel docs/source. I get 20 - 30 ms in Half Life OK using a P200 linux gateway doing NAT etc. You could also try a newer Kernel. Andy. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] How to limit per tcp session ?
Ed Wildgoose wrote: Okay, then let me describe whats on my mind to help develope this project (if someone dare to start make a project) The idea perhaps like this: Let say i'm goin to download some graphics from www.lartc.org. The first session i opened my browser, created connection localhost:3101 --> www.lartc.org:80, the 2nd, localhost:3102 --> www.lartc.org:80, and so on. So as you could see, this is the key. Source port, not Destination port. Every time you open new window of your browser and connect to some host, they create other originating port which is completely different from the 1st. Hmm, I think the ESFQ module *might* be able to do a little of what you ask if you hash on port? Worth a look anyway. In fact you might even be able to tweak the code to hash on something different? You could probably do the hash bit, but (e)sfq doesn't rate limit, so rate per tcp would vary with the number of connections. Andy. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] How to limit per tcp session ?
Rio Martin wrote: I'm so surprised with all reply from the list. I thought someone has figured it out how :)) Okay, then let me describe whats on my mind to help develope this project (if someone dare to start make a project) The idea perhaps like this: Let say i'm goin to download some graphics from www.lartc.org. The first session i opened my browser, created connection localhost:3101 --> www.lartc.org:80, the 2nd, localhost:3102 --> www.lartc.org:80, and so on. So as you could see, this is the key. Source port, not Destination port. Every time you open new window of your browser and connect to some host, they create other originating port which is completely different from the 1st. How many concurrent tcp connections per page depends on the browser and server settings - both tweakable, so you would get different speeds depending on site/browser combination. Why do you need to do per tcp? There may be a better way to solve your problem. Andy. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] [RFT] netif_queue_stopped in TBF scheduler
There is a race between the device and scheduler if the scheduler looks
at netif_queue_stopped. What can happen is that the device decides it is ready,
just after the stopped check, and the scheduler decides it is throttled.
The simple way is to just have the scheduler always dequeue and leave the flow
control up to the driver and the core scheduling loop.
Here is an untested fix for TBF scheduler based on the tested changes to the
delay scheduler.
diff -Nru a/net/sched/sch_tbf.c b/net/sched/sch_tbf.c
--- a/net/sched/sch_tbf.c 2004-06-17 15:56:47 -07:00
+++ b/net/sched/sch_tbf.c 2004-06-17 15:56:47 -07:00
@@ -201,7 +201,7 @@
if (skb) {
psched_time_t now;
- long toks;
+ long toks, delay;
long ptoks = 0;
unsigned int len = skb->len;
@@ -229,14 +229,11 @@
return skb;
}
- if (!netif_queue_stopped(sch->dev)) {
- long delay = PSCHED_US2JIFFIE(max_t(long, -toks, -ptoks));
+ delay = PSCHED_US2JIFFIE(max_t(long, -toks, -ptoks));
+ if (delay == 0)
+ delay = 1;
- if (delay == 0)
- delay = 1;
-
- mod_timer(&q->wd_timer, jiffies+delay);
- }
+ mod_timer(&q->wd_timer, jiffies+delay);
/* Maybe we have a shorter packet in the queue,
which can be sent now. It sounds cool,
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] [PATCH] (2/4) delay scheduler - retry if requeue fails
If delay scheduler decides not to send the packet right away, it requeues
it. If the requeue fails, it should go and look again rather than waking
up prematurely.
Same patch should apply to both 2.6 and 2.4
Signed-off-by: Stephen Hemminger <[EMAIL PROTECTED]>
diff -Nru a/net/sched/sch_delay.c b/net/sched/sch_delay.c
--- a/net/sched/sch_delay.c 2004-06-17 15:19:07 -07:00
+++ b/net/sched/sch_delay.c 2004-06-17 15:19:07 -07:00
@@ -104,8 +104,10 @@
static struct sk_buff *dly_dequeue(struct Qdisc *sch)
{
struct dly_sched_data *q = (struct dly_sched_data *)sch->data;
- struct sk_buff *skb = q->qdisc->dequeue(q->qdisc);
+ struct sk_buff *skb;
+ retry:
+ skb = q->qdisc->dequeue(q->qdisc);
if (skb) {
struct dly_skb_cb *cb = (struct dly_skb_cb *)skb->cb;
psched_time_t now;
@@ -120,6 +122,12 @@
return skb;
}
+ if (q->qdisc->ops->requeue(skb, q->qdisc) != NET_XMIT_SUCCESS) {
+ sch->q.qlen--;
+ sch->stats.drops++;
+ goto retry;
+ }
+
if (!netif_queue_stopped(sch->dev)) {
long delay = PSCHED_US2JIFFIE(diff);
if (delay <= 0)
@@ -127,10 +135,6 @@
mod_timer(&q->timer, jiffies+delay);
}
- if (q->qdisc->ops->requeue(skb, q->qdisc) != NET_XMIT_SUCCESS) {
- sch->q.qlen--;
- sch->stats.drops++;
- }
sch->flags |= TCQ_F_THROTTLED;
}
return NULL;
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] [PATCH] (1/4) delay scheduler enqueue always succeeds.
If underlying fifo enqueue fails, return the status not 0. Same patch should apply to both 2.6 and 2.4 Signed-off-by: Stephen Hemminger <[EMAIL PROTECTED]> diff -Nru a/net/sched/sch_delay.c b/net/sched/sch_delay.c --- a/net/sched/sch_delay.c 2004-06-17 15:13:15 -07:00 +++ b/net/sched/sch_delay.c 2004-06-17 15:13:15 -07:00 @@ -69,7 +69,7 @@ sch->stats.bytes += skb->len; sch->stats.packets++; } - return 0; + return ret; } /* Requeue packets but don't change time stamp */ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] [PATCH] (3/4) delay scheduler race with device stopped
The delay scheduler dequeue routine has some code cut&pasted from the TBF scheduler
that caused a race with E1000 when ring got full.
It looks like net schedulers should never be calling netif_queue_stopped because
the queue may get unstopped by interrrupt or receive soft irq (NAPI) which races
with the dequeue in the transmit scheduler.
Also, if requeuing the packet fails, it is probably because the queue became full
by a racing enqueue. So the right thing to do is to go back and try again.
Same patch should apply to both 2.6 and 2.4
Signed-off-by: Stephen Hemminger <[EMAIL PROTECTED]>
diff -Nru a/net/sched/sch_delay.c b/net/sched/sch_delay.c
--- a/net/sched/sch_delay.c 2004-06-17 15:21:49 -07:00
+++ b/net/sched/sch_delay.c 2004-06-17 15:21:49 -07:00
@@ -111,7 +111,7 @@
if (skb) {
struct dly_skb_cb *cb = (struct dly_skb_cb *)skb->cb;
psched_time_t now;
- long diff;
+ long diff, delay;
PSCHED_GET_TIME(now);
diff = q->latency - PSCHED_TDIFF(now, cb->queuetime);
@@ -128,13 +128,10 @@
goto retry;
}
- if (!netif_queue_stopped(sch->dev)) {
- long delay = PSCHED_US2JIFFIE(diff);
- if (delay <= 0)
- delay = 1;
- mod_timer(&q->timer, jiffies+delay);
- }
-
+ delay = PSCHED_US2JIFFIE(diff);
+ if (delay <= 0)
+ delay = 1;
+ mod_timer(&q->timer, jiffies+delay);
sch->flags |= TCQ_F_THROTTLED;
}
return NULL;
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] [PATCH] (4/4) add loss option to network delay scheduler
This enhances the network simulation scheduler to do simple random loss.
The loss parameter is a simple 32 bit value such that 0 means no loss, and
0x is always drop. I have a new version of the tc command which takes
care of conversion from percent to this value.
Same patch for 2.4 and 2.6
Signed-off-by: Stephen Hemminger <[EMAIL PROTECTED]>
diff -Nru a/include/linux/pkt_sched.h b/include/linux/pkt_sched.h
--- a/include/linux/pkt_sched.h 2004-06-17 15:26:51 -07:00
+++ b/include/linux/pkt_sched.h 2004-06-17 15:26:51 -07:00
@@ -437,5 +437,6 @@
{
__u32 latency;
__u32 limit;
-};
+ __u32 loss;
+};
#endif
diff -Nru a/net/sched/sch_delay.c b/net/sched/sch_delay.c
--- a/net/sched/sch_delay.c 2004-06-17 15:26:51 -07:00
+++ b/net/sched/sch_delay.c 2004-06-17 15:26:51 -07:00
@@ -40,6 +40,7 @@
struct dly_sched_data {
u32 latency;
u32 limit;
+ u32 loss;
struct timer_list timer;
struct Qdisc *qdisc;
};
@@ -58,6 +59,12 @@
struct dly_skb_cb *cb = (struct dly_skb_cb *)skb->cb;
int ret;
+ /* Random packet drop 0 => none, ~0 => all */
+ if (q->loss >= net_random()) {
+ sch->stats.drops++;
+ return 0; /* lie about loss so TCP doesn't know */
+ }
+
PSCHED_GET_TIME(cb->queuetime);
/* Queue to underlying scheduler */
@@ -196,6 +203,7 @@
} else {
q->latency = qopt->latency;
q->limit = qopt->limit;
+ q->loss = qopt->loss;
}
return err;
}
@@ -232,6 +240,7 @@
qopt.latency = q->latency;
qopt.limit = q->limit;
+ qopt.loss = q->loss;
RTA_PUT(skb, TCA_OPTIONS, sizeof(qopt), &qopt);
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] [PATCH] (1/4) delay scheduler enqueue always succeeds.
If underlying fifo enqueue fails, return the status not 0. Same patch should apply to both 2.6 and 2.4 Signed-off-by: Stephen Hemminger <[EMAIL PROTECTED]> diff -Nru a/net/sched/sch_delay.c b/net/sched/sch_delay.c --- a/net/sched/sch_delay.c 2004-06-17 15:13:15 -07:00 +++ b/net/sched/sch_delay.c 2004-06-17 15:13:15 -07:00 @@ -69,7 +69,7 @@ sch->stats.bytes += skb->len; sch->stats.packets++; } - return 0; + return ret; } /* Requeue packets but don't change time stamp */ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] HTB is nor fair when 'borrowing? Can someone correct me or maybe Devik's HTB has a bug?
Hello there! Yesterday I started my experiments with HTB. I configured it this way: 1: root HTB qdisc | 1:1 HTB class rate 1000kbit | /---+--\ 1:40 1:50 1:60 user1 user2 user3 rate 333 & ceil 1000 for everyone. User2 is disconnected and user1 and user3 are downloading. For all the time (t1-t5) there are ONLY these two users downloading! HTB should give fifty-fifty to U1 and U3... but it is not... What is happening is that HTB gives about 350-380kbit for user3 and everything else(more than 600kbit) for user1... this period is marked as "t1" on my graph... Tahe a look at this: http://www.icpnet.pl/~eniu/mgr/10170_600.png (Y-axis shows bytes/s) During my research I found that the more classes i create (each with rate=1000/no_of_users and ceil=1000) the more precise HTB is... When you look at my graph - in "t1" there were 3 classes (1:40, 1:50, 1:60). Then I was relaunching my script with higher amount of classes - in "t2" there were 4 classes:rate=250/ceil=1000 in "t3" I prepared 5 classes and finally in "t4" there were 6 or 7 classes. But even in "t4" htb is not 100% fair (but it is acceptable). In "t5" i created only two classes 1:40 and 1:60 - and then HTB is perfect! It is so precise you can see only one line - blue as the red one is behind it... For me it looks like HTB is very good when it doesnt have to borrow from other classes for more than one class. When two classes are fighting for BW abowe "rate" then HTB is not fair... BUT MAYBE I configured something not the way it should be and this is why I have what you can see...?? -josh p.s. I've uploaded the contents of my script's output for each of the periods so you can see how it was configured at each time. The script itself is also available. I am running debian sarge with 2.4.26. User1 has 192.168.3.4 User2 has 192.168.3.6 http://www.icpnet.pl/~eniu/mgr/t1 http://www.icpnet.pl/~eniu/mgr/t2 http://www.icpnet.pl/~eniu/mgr/t3 http://www.icpnet.pl/~eniu/mgr/t4 http://www.icpnet.pl/~eniu/mgr/t5 http://www.icpnet.pl/~eniu/mgr/rc.shape ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] QOS Script difficulty on bridge
Jason Boxman wrote: On Thursday 17 June 2004 03:29, Ed Wildgoose wrote: Consider: Internet -> Router -> Eth1 -> br0 -> Eth0 -> local net Now by applying QOS to eth1 I control outgoing traffic from everywhere. By applying QOS to eth0 I control incoming to the localnet (great), but NOT to the local bridge machine Now I could fix this by using the IMQ device on eth1 and grabbing incoming traffic, but the top of the file at http://digriz.org.uk/jdg-qos-script/ implies that it is possible to do this without IMQ... The question is how? I don't see how to do it What am I missing? It's my understanding that you cannot attach much of anything except the police filter on the ingress hook. As such, you need IMQ to attach egress qdiscs to for application to incoming traffic, as you would to the root hook for egress traffic. http://www.docum.org/docum.org/kptd/ Sure, that's my understanding as well, but see the comments at the top of the script, and also the way the script carefully checks for a bridge connection and avoids using the IMQ device... Perhaps it's just a mistaken comment, but it implies that he thinks it's possible to avoid using the IMQ device... I can't see how though (I did drop him an email, but no answer so far) THanks for any ideas on this conundrum Ed W ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
RE: [LARTC] ntop performance
*smacks forehead* RTFM I found a few things that might improve performance but the problem is I lose a lot of logging options. I guess I'm open to suggestions for what you all think is a good program to use for such tasks. Thanks! Adam Towarnyckyj ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] ntop performance
Hey all, I wanted to let you all know the hex thing worked out for me. Thanks again. I had another question though that was sparked by Ionut Gogu's question on monitoring. I setup and installed ntop for this purpose and noticed that we have so much traffic it is killing the machine. We have 1 GB of ram in there and it is not enough. It still overflows to the swap file and eats about half that as well. There are approximately 5000 connections setup over a bridge being controlled by tc. Is there a way to get ntop to run cleaner or is there a better alternative out there that someone knows about? Any suggestions would be greatly appreciated. Thanks! Adam ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] QOS Script difficulty on bridge
On Thursday 17 June 2004 03:29, Ed Wildgoose wrote: > Consider: > > Internet -> Router -> Eth1 -> br0 -> Eth0 -> local net > > Now by applying QOS to eth1 I control outgoing traffic from everywhere. > By applying QOS to eth0 I control incoming to the localnet (great), but > NOT to the local bridge machine > > Now I could fix this by using the IMQ device on eth1 and grabbing > incoming traffic, but the top of the file at > http://digriz.org.uk/jdg-qos-script/ implies that it is possible to do > this without IMQ... > > The question is how? I don't see how to do it What am I missing? It's my understanding that you cannot attach much of anything except the police filter on the ingress hook. As such, you need IMQ to attach egress qdiscs to for application to incoming traffic, as you would to the root hook for egress traffic. http://www.docum.org/docum.org/kptd/ > Thanks > > Ed W ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Bypassing Loopback
Is it possible to setup a route that will place the packet 'on the wire' even if the destination is a local IP? I have been through the iproute2 docs and nothing jumps out at me. I am working on a project measuring network latency/jitter/etc and am currently using a GRE tunnel as the test path for measuring the first leg. The router at the other end of the tunnel faithfully routes the packet back. The problem stems from the fact that the implementation is Java and 'raw socket' support is not available. Larry Stilwell ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
RE: [LARTC] Class ID limits
Thank you very much for your help. I couldn't seem to find that anywhere in the documentation. Maybe I wasn't looking in the right place. Anyways, thanks again. Adam -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nikolay Datchev Sent: Thursday, June 17, 2004 12:54 AM To: Catalin BOIE Cc: Adam Towarnyckyj; [EMAIL PROTECTED] Subject: Re: [LARTC] Class ID limits > > I actually have a few questions. First, am I right in assuming this or > > is the reason something totally different? And, if I'm right, is there > > any way around the limit other than creating a new qdisc? I'm trying to > > use a number we have set up in our database and sometimes it goes into > > the 5 digit range. Any help would be greatly appreciated. Thanks! > > Class parameters to tc are hexa numbers so you can use from x:1 to x:, > meaning 65535 classes. > And note that you must supply the classid in hex. Try searching google for a small tool like dec2hex, which converts decimal numbers to hex. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Trafic monitor
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thursday 17 June 2004 13:51, Thilo Schulz wrote: > At the moment, I have my traffic accounter daemon, say: the one logging the > traffic, linked against electricfence, which should have very negative > effects on performance. I will run a transfer from my server that has a > 100Mbit connection later today, and monitor CPU usage. If the > electricfence-version does well, you can be sure the productive version > will do definitely. Okay, This seems to work really well. 226 33.268 seconds (measured here), 5.03 Mbytes per second 175560916 bytes received in 33.27 secs (5153.0 kB/s) The daemon used for logging never came above a top CPU usage of 1.8% at this throughput, and this value only got that high when my program was updating the mysql databases. Really the thing eating most of the CPU was the reading from disk and the ftp program. Here is the CPU in use for this little experiment: model name : Intel(R) Pentium(R) 4 CPU 2.66GHz Anyways, I'll be working on doing a small release package, for those who are interested in this thing. Don't expect too much from it, I hardly sat a week at this system. It was my goal to just have a convenient way of getting traffic statistics for my root server and be warned if I go over the traffic limit I have, not add as many nifty features as possible. You can do that yourself if you find my package worth of your precious attention and really want to ;) - -- Thilo Schulz My public PGP key is available at http://home.bawue.de/~arny/public_key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFA0aZFZx4hBtWQhl4RAkLVAJ4upDEUOpj267v0kLnTkg+nZpmEeACgnHkb 3LESGamMy4jjogJOIrbkBOw= =6PCt -END PGP SIGNATURE- ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Trafic monitor
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thursday 17 June 2004 09:59, Morten Nilsen wrote: > > - How will your solution scale? can it handle 200Mb traffic full duplex > on a Xeon 2.8GHz without choking? what about 100Mb on an AMD 800MHz? This is a very good question. I think, the kernel should do guiding the traffic through iptables pretty efficiently and fast. I rather suspect the accounting daemon to be the bottleneck. At the moment, I have my traffic accounter daemon, say: the one logging the traffic, linked against electricfence, which should have very negative effects on performance. I will run a transfer from my server that has a 100Mbit connection later today, and monitor CPU usage. If the electricfence-version does well, you can be sure the productive version will do definitely. My C program is actually written in a way to store produced traffic at first internally, and not use the database functions every time a packet comes in. It should be clear, that the more traffic categories you have though, the more CPU usage is going to be required. I'll keep you updated on my findings :) > - Could it affect latency? I doubt it would have much of an impact on latency, as the accounting is being done in userspace, not on kernel level. > - why not use sudo instead of setuid root? Because I must say to my own embarassement, I haven't used sudo yet. But: you should only have to modify a line in the php script, I think, to make this work using sudo. - -- Thilo Schulz My public PGP key is available at http://home.bawue.de/~arny/public_key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFA0YXEZx4hBtWQhl4RAnGJAJ4v+lc2XxZTwRDbAynGHXSzqYKTLQCgjiKM 34ytH/wFsTRQUXz5nGf4Qdg= =1ldg -END PGP SIGNATURE- ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Trafic monitor
On Thu, 2004-06-17 at 12:18, Ed Wildgoose wrote: > > I search for a tool show-me on real time the trafic made by all/one > > IPon the interface eth1, somethings simple ; EX: > > 192.168.1.10 ... x kbit/s > > 192.168.1.11 ... y kbit/s > > 192.168.1.12 ... z kbit/s > > 192.168.1.13 ... x kbit/s > > 192.168.1.14 ... x kbit/s > > 192.168.1.15 ... x kbit/s > > 192.168.1.16 ... x kbit/s > > 192.168.1.17 ... x kbit/s > > 192.168.1.18 ... x kbit/s > > 192.168.1.19 ... x kbit/s > > > > ...any ideea ..Thanks!! > > > Perhaps something like iptraf, ntop, nettop, iftop would be sufficient? > > I think ntop looks the most full featured, but perhaps the others will > do enough for you? (eg iptraf without port numbers should work?) ipfm do exactly this. 1 interface that see all trafic makes logs of what it can see i have put it on a monitor port on the switch or you can use a hardware ethernet tap -- Ronny Aasen <[EMAIL PROTECTED]> ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Trafic monitor
I search for a tool show-me on real time the trafic made by all/one IPon the interface eth1, somethings simple ; EX: 192.168.1.10 ... x kbit/s 192.168.1.11 ... y kbit/s 192.168.1.12 ... z kbit/s 192.168.1.13 ... x kbit/s 192.168.1.14 ... x kbit/s 192.168.1.15 ... x kbit/s 192.168.1.16 ... x kbit/s 192.168.1.17 ... x kbit/s 192.168.1.18 ... x kbit/s 192.168.1.19 ... x kbit/s ...any ideea ..Thanks!! Perhaps something like iptraf, ntop, nettop, iftop would be sufficient? I think ntop looks the most full featured, but perhaps the others will do enough for you? (eg iptraf without port numbers should work?) Ed W ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Trafic monitor
Thilo Schulz wrote: > On Wednesday 16 June 2004 09:51, Ionut Gogu wrote: >> I search for a tool show-me on real time the trafic made by all/one IPon >> the interface eth1 > > I'm working on one _RIGHT_NOW_ and expect it to be usable today. > It will be configurable over a webinterface, and will manipulate the iptables > using a small setuid C-Program I wrote. (I know, setuid root sucks, but > you'll have to make sure noone else on this server can access or run the > executable file using the webserver .. that's your job.) > It uses ulogd and stores the traffic in a webinterface, it also does update > the statistics database once a given limit of traffic has been reached, or a > certain timeout has been hit. I might give out a usable version tomorrow, but > I cannot guarantee for its bugfreeness. Though, most of the parts are done > and they also seem to work the way I want them to. > Plus, it won't destroy any already-present firewall setups. I find that thing intriguing, but I have a couple questions; - How will your solution scale? can it handle 200Mb traffic full duplex on a Xeon 2.8GHz without choking? what about 100Mb on an AMD 800MHz? - Could it affect latency? - why not use sudo instead of setuid root? Cheers, -- Morten smime.p7s Description: S/MIME Cryptographic Signature
Re: [LARTC] Class ID limits
> > I actually have a few questions. First, am I right in assuming this or > > is the reason something totally different? And, if I'm right, is there > > any way around the limit other than creating a new qdisc? I'm trying to > > use a number we have set up in our database and sometimes it goes into > > the 5 digit range. Any help would be greatly appreciated. Thanks! > > Class parameters to tc are hexa numbers so you can use from x:1 to x:, > meaning 65535 classes. > And note that you must supply the classid in hex. Try searching google for a small tool like dec2hex, which converts decimal numbers to hex. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Class ID limits
> And note that you must supply the classid in hex. Try searching google for > a small tool like dec2hex, which converts decimal numbers to hex. > http://improv.sapp.org/doc/examples/improv/tohex/tohex.html This works perfect for me. > > ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Class ID limits
tc class add dev eth1 parent 10: classid 10:$variable cbq bandwidth 200Mbit rate 512Kbit allot 1514 prio 5 maxburst 20 avpkt 1000 bounded That's just an example. My problem is I'm guessing the $variable is not allowed to be anything over . I'm getting an error when I run that command with anything over 4 digits as a $variable. The error is: RTNETLINK answers: Invalid argument I've also tried just entering that in at the command prompt and using 1 as the variable and that error shows up. I actually have a few questions. First, am I right in assuming this or is the reason something totally different? And, if I'm right, is there any way around the limit other than creating a new qdisc? I'm trying to use a number we have set up in our database and sometimes it goes into the 5 digit range. Any help would be greatly appreciated. Thanks! Class parameters to tc are hexa numbers so you can use from x:1 to x:, meaning 65535 classes. Adam Towarnyckyj Network Operations CommSpeed AZ, LLC http://www.commspeed.net/ Phone: 928-772- x131 ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ --- Catalin(ux aka Dino) BOIE catab at deuroconsult.ro http://kernel.umbrella.ro/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] QOS Script difficulty on bridge
S Mohan wrote: If eth0 is your interface connected to the Internet, shape outgoing traffic on eth1. This will simulate the effect of limiting download coming thro' eth0 and also shape traffic from the local machine going out to the LAN on eth1. In case you want to limit download from the local machines to nodes on eth0 and eth1, apply QoS on both interfaces. Bridging does not affect or help this in any way. Ethernet interfaces do not need to have IP addresses for QoS to be applied in Linux. I've used htb-init with bridge-nf which has been documented in the LEAF Bering user manual. In case you have any questions, I'll be glad to answer them as the maintainer of that part of the documentation. Hmm, leaf looks like a very interesting project. THanks for the link I think I wasn't clear though: I understand what I need to do to limit traffic into the whole network, it's limiting it to the bridge machine that is causing me problems Consider: Internet -> Router -> Eth1 -> br0 -> Eth0 -> local net Now by applying QOS to eth1 I control outgoing traffic from everywhere. By applying QOS to eth0 I control incoming to the localnet (great), but NOT to the local bridge machine Now I could fix this by using the IMQ device on eth1 and grabbing incoming traffic, but the top of the file at http://digriz.org.uk/jdg-qos-script/ implies that it is possible to do this without IMQ... The question is how? I don't see how to do it What am I missing? Thanks Ed W ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] How to limit per tcp session ?
Okay, then let me describe whats on my mind to help develope this project (if someone dare to start make a project) The idea perhaps like this: Let say i'm goin to download some graphics from www.lartc.org. The first session i opened my browser, created connection localhost:3101 --> www.lartc.org:80, the 2nd, localhost:3102 --> www.lartc.org:80, and so on. So as you could see, this is the key. Source port, not Destination port. Every time you open new window of your browser and connect to some host, they create other originating port which is completely different from the 1st. Hmm, I think the ESFQ module *might* be able to do a little of what you ask if you hash on port? Worth a look anyway. In fact you might even be able to tweak the code to hash on something different? Ed W ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
