Re: [LARTC] Syntax for u32 match of src mac at offset -8
Hello, On Wed, 14 Jul 2004, Gerry Weaver wrote: > I've been trying to figure out how to do bandwidth limiting by mac > address. There are several posts on this subject, but nothing concrete. > My question concerns the proper tc filter syntax to do a u32 match at a > negative offset of -8 that should based on what I've read be the source > mac address. I've been plating around with it, but no success yet. > > Any help would be much appreciated. http://mailman.ds9a.nl/pipermail/lartc/2003q1/006663.html > Thanks, > Gerry Regards -- Julian Anastasov <[EMAIL PROTECTED]> ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] problem tc htb with bridge machine
hello all, i have problem with my tc htb at bridge machine (tsl 2.1), in fact bw limitter it's ok, but if i down the bw limitter and then up the bw limitter, my machine shape bw verry long i want to make this more quickly can anyone in here help me how the rule it's it nikei Do you Yahoo!? New and Improved Yahoo! Mail - Send 10MB messages!
[LARTC] (no subject)
Do you Yahoo!? Yahoo! Mail is new and improved - Check it out!
Re: [LARTC] TC Hashing Filters
Adam Towarnyckyj wrote:
>
> gypsy wrote:
> >Try setting classid to 0x and decrement rather than increment it.
> >
> >Pepper the script with
> >debug (print or echo) lines
> >error traps that exit the script on error.
>
> The error appears at step 6. For each modem in our database, it
> checks the IPs assigned to it. For each of those, it runs: tc filter add
> dev $dev protocol ip parent 1: u32 ht 2:$table: match ip dst $ip flowid
> 1:$classid
I think that "$classid" is outside its allowable range when that line
executes, although it is also possible that the RTNETLINK message is due
to an erroneous value in "$dev", "$ip" or "$table".
Your script can be modified to display the line with the substitutions
and to exit when executing causes an error. What I envision is that
you'll watch 2000+ lines of good stuff scroll by and that the final line
will be your Bad Boy. And the last few lines are what we all are
holding our breath to see .
> I added a counter in there and an exit command in the "Action"
> subroutine so that when the script errors, it exits and shows me how
> many IPs tc has added before it produced an error. The number was 2045
> and the error was RTNETLINK answers: File exists.
I still don't think it is how many. I am certain that some value is
just not in the expected range.
> As for your suggestion about the classid, I'm a bit confused as
> to what you mean about decrementing it. Could you be a little more
> specific on where this is in the script?
> Action("$tc class add dev eth1 parent 1: classid 1:$classid cbq
> bandwidth 200Mbit rate $$dsrate{dsrate}Kbit allot 1514 prio 5 maxburst
> 20 avpkt 1000 bounded");
> $rates{$ds} = $classid;
> $classid++;
I think the line above should count down from 65535, not up.
> ipid='$$computer{ipid}'");
> @octets = split(/\./,$ip);
> $table = $octets[3];
> $table = sprintf("%X", $table);
> $classid = $rates{$$modem{dsrate}};
> Action("$tc filter add dev $dev protocol ip parent 1:
> u32 ht 2:$table: match ip dst $ip flowid 1:$classid"); ### Here is
> where it errors after 2045 entries ###
And here is where you need to display the Action line.
Plus add an error trap to exit when it fails.
Sorry, that's all I have time for now.
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Syntax for u32 match of src mac at offset -8
Hello All, I've been trying to figure out how to do bandwidth limiting by mac address. There are several posts on this subject, but nothing concrete. My question concerns the proper tc filter syntax to do a u32 match at a negative offset of -8 that should based on what I've read be the source mac address. I've been plating around with it, but no success yet. Any help would be much appreciated. Thanks, Gerry ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] TC Hashing Filters
On Wednesday 14 July 2004 14:06, Adam Towarnyckyj wrote: > As for your suggestion about the classid, I'm a bit confused as > to what you mean about decrementing it. Could you be a little more > specific on where this is in the script? > I think he means start with classid 0x and then substract one as you iterate through each row in the table. So next you'd use 0xfffe and so on. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
RE: [LARTC] TC Hashing Filters
gypsy wrote:
>Try setting classid to 0x and decrement rather than increment it.
>
>Pepper the script with
>debug (print or echo) lines
>error traps that exit the script on error.
>
>Is what you posted entire so that if I extract it from the message then
>it should run?
It's really tough for me to convey what I've done so far mainly
because when I get in "Troubleshoot Mode" I really tend to forget what
I've tried and the results of those efforts after I've done them. This
is because if it doesn't work, I rule it out and go on to the next thing
until I find out what the problem is. The reason I say this is because I
didn't really tell you specifically what I've done to troubleshoot. Only
that I found out where the problem was. For this, I apologize. So let me
try to be as specific as possible.
This is what the script does step by step:
1. Connect to the provisioning database (MySQL)
2. Define subroutines
a. SelectSQL - Subroutine for placing all information from a sql
query into a variable.
b. SelectSingleSQL - Subroutine for placing one piece of
information from a sql query into a variable.
c. SimpleSQL - Subroutine for making a sql query
d. Action - Subroutine for performing a system action and
outputting any errors to an array for later use.
3. Remove existing root qdisc and add a new one (clears all information
currently stored).
4. Create transit class and hash table/filter.
5. For creating the individual classes for each rate, we have it connect
to our database and add a class for each rate located in that database.
This is so it can be dynamic in case we need to add new classes down the
road.
6. This is where the script grabs all the accounts from our database by
modem. The modem table holds the rate for each customer. Then the script
compares those modems to the public IPs assigned to that customer and
adds the tc command to limit that IP based on the modem rate.
7. Take all the errors from any "Action" and output them. (This emails
to me directly when there's a problem).
8. There's a bunch of stuff here for promotional rates we're running
that is unimportant to the current problem I'm having.
The error appears at step 6. For each modem in our database, it
checks the IPs assigned to it. For each of those, it runs: tc filter add
dev $dev protocol ip parent 1: u32 ht 2:$table: match ip dst $ip flowid
1:$classid
I added a counter in there and an exit command in the "Action"
subroutine so that when the script errors, it exits and shows me how
many IPs tc has added before it produced an error. The number was 2045
and the error was RTNETLINK answers: File exists.
As for your suggestion about the classid, I'm a bit confused as
to what you mean about decrementing it. Could you be a little more
specific on where this is in the script?
I have attached the script in its entirety so you can see it and
maybe figure out what is wrong. The only problem with running it would
be connecting to the database. If you want, I can put up a mock database
and you can connect to that for testing purposes. The problem with this
is that I'd have to populate it with about 3000 entries for you to see
the error I'm seeing. I have removed my traps and counters so you can
see what the script was originally. I'll comment where the error occurs.
Thank you all once again for your help and time. It is very much
appreciated.
#!/usr/bin/perl
#
# TC Helper Script: Written by Mike Davis & Adam Towarnyckyj
#
# Synchronizes data rates with MySQL server and applies hourly.
#
### Configuration Section ###
$dev = "eth1";
$tc = "/sbin/tc";
$mysql_host = "sql database";
$mysql_db = "databse";
$mysql_user = "user";
$mysql_pass = "password";
### END Configuration Section ###
use POSIX qw(strftime);
# Database connect and define subroutines
use DBI;
$dsn = "DBI:mysql:database=$mysql_db;hostname=$mysql_host";
$dbh = DBI->connect($dsn, $mysql_user, $mysql_pass) || die "Can't
connect to database: " . DBI->errstr;
# Subroutine for placing all information from a sql query into a
variable.
sub SelectSQL {
my($sql) = @_;
my @MATCHES, $hash;
$sth = $dbh->prepare("$sql");
$sth->execute();
while ($hash = $sth->fetchrow_hashref) {
push @MATCHES, $hash;
}
return @MATCHES;
}
sub SelectSingleSQL {
my($sql) = @_;
my($gotit, $return, $hash);
$sth = $dbh->prepare("$sql");
$sth->execute();
while ($hash = $sth->fetchrow_array) {
unless ($gotit) {
$return = $hash;
$gotit++;
} else { warn "got multiple SQL returns when exepecting only
one"; }
}
return $return;
}
sub SimpleSQL {
my($sql) = $_[0];
my $rows_affected;
$rows_affected = $dbh->do($sql);
return $rows_affected;
}
sub Action {
my($action) = @_;
# print"Performing: $action\n";
$warn=`$action 2>&1`;
if ($warn) {
chomp($warn);
$prepare = "ERROR: $warn. Command was: $action";
#print"WHOOPS: $warn\n";
push @WARNING, $prepare;
}
Re: [LARTC] tcng/tc setup
On Wednesday 14 July 2004 05:54, Gareth Glaccum wrote: > Hi all, > Can someone please help with a tcng setup? I have played with tc and tcng > in the past, and now would like to get some serious rules in place. > However, I have a difficulty in setting them up. I'd suggest using `tc` and using Netfilter to classify traffic. There are quite a few matches you just can't do with tcng. > And I wrote out some rules. These rules seem to be correct, as far as I can > tell, but I stupidly forgot that this is all egress, and it cannot be done > as easily with ingress. Can someone please help by showing me how I can > modify these to give me control over the bandwidth in (albeit limited) as > well as out? Also could someone explain how I can easily write flows to > test all of the possible traffic I might be experiencing? tcng is supposed to let you perform all kinds of simulations on your traffic, but I have never gotten it to work. If someone has produced useful information, I'd love to know how. > My aim is, that any normal ssh to any machine, whether comming from the DMZ > to the internet, or from the LAN to the internet, should get at least 2KB/s > low-latency traffic each, even if other machines or other connections are > being made in the background. > I am wondering whether my first qdisc should infact be an SFQ and then HTBs > below it? That is not possible. sfq is a classless qdisc. It cannot contain anything. You would need to attach sfq to htb classes, instead, for instance. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] TC Hashing Filters
Adam Towarnyckyj wrote:
>
> First off, no need to be rude. I read the documentation; I just missed
> the number limit.
I apolgize. I regretted hitting SEND as soon as I came to my senses and
I'm ashamed of how long it took me to do that.
I had a (what turned out to be minor) emergency last night, I overslept
this morning and I have a prior committment tonight so I can't get to
this until at least tomorrow night. But I do have a couple of general
suggestions now:
> Second, I know it's in hex and that's what I'm using.
Try setting classid to 0x and decrement rather than increment it.
Pepper the script with
debug (print or echo) lines
error traps that exit the script on error.
Is what you posted entire so that if I extract it from the message then
it should run?
> Action("$tc qdisc del dev $dev root");
> Action("$tc qdisc add dev $dev root handle 1:0 cbq bandwidth 200mbit
> avpkt 1000");
gypsy
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] tcng/tc setup
Hi all,
Can someone please help with a tcng setup? I have played with tc and tcng in
the past, and now would like to get some serious rules in place. However, I
have a difficulty in setting them up.
My setup is as follows:
One machine working as a firewall:
eth0 is the interface connected to a 512K DSL line
eth1 is connected to a LAN
eth2 is connected to another LAN, a bit like a DMZ
eth1 and 2 are totaly different subnets, 10.1.1.x and 10.2.1.x both class B,
(sorry, this is a system I inherited, I am slowly getting ready to collapse
it all to class C).
I wanted to set the following rules:
High priority data needs to be some ssh from 10.1.1.x/16 (all) to external
IPs.
Priority is to be given to data going to 10.1.1.x/16 over the DMZ data.
Input is 55KB/s, output is 25KB/s
To the DMZ from the LAN, there should be no throttling.
To the LAN from the DMZ, there should be no throttling. (100Mbs/s)
SSH data should be given priority over HTTP
SMTP should be given priority over HTTP
HTTP is given priority over anything else
Interfaces,
eth0,
512Kb/s input, 256 Kb/s output
eth1, 100Mb/s each way
eth2, 100Mb/s each way
And I wrote out some rules. These rules seem to be correct, as far as I can
tell, but I stupidly forgot that this is all egress, and it cannot be done
as easily with ingress. Can someone please help by showing me how I can
modify these to give me control over the bandwidth in (albeit limited) as
well as out? Also could someone explain how I can easily write flows to test
all of the possible traffic I might be experiencing?
My aim is, that any normal ssh to any machine, whether comming from the DMZ
to the internet, or from the LAN to the internet, should get at least 2KB/s
low-latency traffic each, even if other machines or other connections are
being made in the background.
I am wondering whether my first qdisc should infact be an SFQ and then HTBs
below it?
All help will be gratefully received.
Thank you,
Gareth
- Start long probably incorrect tcng code (I have left out the ingress
code I had, because it didn't work at all, and I didn't understand any of
it)
#define INTERNET eth0
#define LAN eth1
#define DMZ eth2
#define INTERNET_IP 0.0.0.0/0
#define DMZ_IP 10.2.1.0/16
#define LAN_IP 10.1.1.0/16
#define maxadsl 600kbps/2
#define highadsl 500kbps/2
#define medadsl 400kbps/2
#define midadsl 300kbps/2
#define lowadsl 200kbps/2
#define intadsl 150kbps/2
#define vloadsl 100kbps/2
#define noadsl 50kbps/2
dev INTERNET {
$meter = trTCM( cir 128kbps, cbs 10kB, pir 200kbps, pbs 10 kB );
egress {
class(<$lanssh>)
if tcp_sport == 22 || tcp_dport == 22
if ip_src == LAN_IP || ip_dst == LAN_IP;
class(<$dmzssh>)
if tcp_sport == 22 || tcp_dport == 22
if ip_src == DMZ_IP || ip_dst == DMZ_IP;
class(<$ssh>)
if tcp_sport == 22 || tcp_dport == 22
if ip_tos_delay==1 ;
class(<$smtp>)
if tcp_sport == 25 || tcp_dport == 25;
class(<$lanhttp>)
if tcp_sport == 80 || tcp_dport == 80
if ip_src == LAN_IP || ip_dst == LAN_IP;
class(<$dmzhttp>)
if tcp_sport == 80 || tcp_dport == 80
if ip_src == DMZ_IP || ip_dst == DMZ_IP;
class(<$http>)
if tcp_sport == 80 || tcp_dport == 80;
class(<$othermed>)
if trTCM_green( $meter);
class(<$otherslow>)
if trTCM_yellow( $meter);
drop if trTCM_red ( $meter);
class(<$otherslow>) if 1;
drop if 1;
htb(){
class ( rate maxadsl, ceil maxadsl){
$ssh = class ( rate medadsl, ceil highadsl) {
$lanssh = class ( rate midadsl , ceil medadsl){ sfq ( perturb 10 sec
);};
$dmzssh = class (rate vloadsl, ceil lowadsl){ sfq ( perturb 10 sec );};
};
$smtp = class ( rate midadsl, ceil highadsl) {sfq ( perturb 10 sec );};
$http = class ( rate lowadsl, ceil highadsl) {
$lanhttp = class (rate lowadsl , ceil highadsl) {sfq ( perturb 10 sec
);};
$dmzhttp = class (rate lowadsl, ceil highadsl) {sfq ( perturb 10 sec
);};
};
$othermed = class ( rate lowadsl, ceil medadsl) {sfq ( perturb 10 sec
);};
$otherslow = class ( rate noadsl, ceil intadsl) {sfq ( perturb 10 sec
);};
}
}
}
}
_
Express yourself with cool new emoticons http://www.msn.co.uk/specials/myemo
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
