Re: [LARTC] Syntax for u32 match of src mac at offset -8
Hello, On Wed, 14 Jul 2004, Gerry Weaver wrote: > I've been trying to figure out how to do bandwidth limiting by mac > address. There are several posts on this subject, but nothing concrete. > My question concerns the proper tc filter syntax to do a u32 match at a > negative offset of -8 that should based on what I've read be the source > mac address. I've been plating around with it, but no success yet. > > Any help would be much appreciated. http://mailman.ds9a.nl/pipermail/lartc/2003q1/006663.html > Thanks, > Gerry Regards -- Julian Anastasov <[EMAIL PROTECTED]> ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] problem tc htb with bridge machine
hello all, i have problem with my tc htb at bridge machine (tsl 2.1), in fact bw limitter it's ok, but if i down the bw limitter and then up the bw limitter, my machine shape bw verry long i want to make this more quickly can anyone in here help me how the rule it's it nikei Do you Yahoo!? New and Improved Yahoo! Mail - Send 10MB messages!
[LARTC] (no subject)
Do you Yahoo!? Yahoo! Mail is new and improved - Check it out!
Re: [LARTC] TC Hashing Filters
Adam Towarnyckyj wrote: > > gypsy wrote: > >Try setting classid to 0x and decrement rather than increment it. > > > >Pepper the script with > >debug (print or echo) lines > >error traps that exit the script on error. > > The error appears at step 6. For each modem in our database, it > checks the IPs assigned to it. For each of those, it runs: tc filter add > dev $dev protocol ip parent 1: u32 ht 2:$table: match ip dst $ip flowid > 1:$classid I think that "$classid" is outside its allowable range when that line executes, although it is also possible that the RTNETLINK message is due to an erroneous value in "$dev", "$ip" or "$table". Your script can be modified to display the line with the substitutions and to exit when executing causes an error. What I envision is that you'll watch 2000+ lines of good stuff scroll by and that the final line will be your Bad Boy. And the last few lines are what we all are holding our breath to see . > I added a counter in there and an exit command in the "Action" > subroutine so that when the script errors, it exits and shows me how > many IPs tc has added before it produced an error. The number was 2045 > and the error was RTNETLINK answers: File exists. I still don't think it is how many. I am certain that some value is just not in the expected range. > As for your suggestion about the classid, I'm a bit confused as > to what you mean about decrementing it. Could you be a little more > specific on where this is in the script? > Action("$tc class add dev eth1 parent 1: classid 1:$classid cbq > bandwidth 200Mbit rate $$dsrate{dsrate}Kbit allot 1514 prio 5 maxburst > 20 avpkt 1000 bounded"); > $rates{$ds} = $classid; > $classid++; I think the line above should count down from 65535, not up. > ipid='$$computer{ipid}'"); > @octets = split(/\./,$ip); > $table = $octets[3]; > $table = sprintf("%X", $table); > $classid = $rates{$$modem{dsrate}}; > Action("$tc filter add dev $dev protocol ip parent 1: > u32 ht 2:$table: match ip dst $ip flowid 1:$classid"); ### Here is > where it errors after 2045 entries ### And here is where you need to display the Action line. Plus add an error trap to exit when it fails. Sorry, that's all I have time for now. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Syntax for u32 match of src mac at offset -8
Hello All, I've been trying to figure out how to do bandwidth limiting by mac address. There are several posts on this subject, but nothing concrete. My question concerns the proper tc filter syntax to do a u32 match at a negative offset of -8 that should based on what I've read be the source mac address. I've been plating around with it, but no success yet. Any help would be much appreciated. Thanks, Gerry ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] TC Hashing Filters
On Wednesday 14 July 2004 14:06, Adam Towarnyckyj wrote: > As for your suggestion about the classid, I'm a bit confused as > to what you mean about decrementing it. Could you be a little more > specific on where this is in the script? > I think he means start with classid 0x and then substract one as you iterate through each row in the table. So next you'd use 0xfffe and so on. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
RE: [LARTC] TC Hashing Filters
gypsy wrote: >Try setting classid to 0x and decrement rather than increment it. > >Pepper the script with >debug (print or echo) lines >error traps that exit the script on error. > >Is what you posted entire so that if I extract it from the message then >it should run? It's really tough for me to convey what I've done so far mainly because when I get in "Troubleshoot Mode" I really tend to forget what I've tried and the results of those efforts after I've done them. This is because if it doesn't work, I rule it out and go on to the next thing until I find out what the problem is. The reason I say this is because I didn't really tell you specifically what I've done to troubleshoot. Only that I found out where the problem was. For this, I apologize. So let me try to be as specific as possible. This is what the script does step by step: 1. Connect to the provisioning database (MySQL) 2. Define subroutines a. SelectSQL - Subroutine for placing all information from a sql query into a variable. b. SelectSingleSQL - Subroutine for placing one piece of information from a sql query into a variable. c. SimpleSQL - Subroutine for making a sql query d. Action - Subroutine for performing a system action and outputting any errors to an array for later use. 3. Remove existing root qdisc and add a new one (clears all information currently stored). 4. Create transit class and hash table/filter. 5. For creating the individual classes for each rate, we have it connect to our database and add a class for each rate located in that database. This is so it can be dynamic in case we need to add new classes down the road. 6. This is where the script grabs all the accounts from our database by modem. The modem table holds the rate for each customer. Then the script compares those modems to the public IPs assigned to that customer and adds the tc command to limit that IP based on the modem rate. 7. Take all the errors from any "Action" and output them. (This emails to me directly when there's a problem). 8. There's a bunch of stuff here for promotional rates we're running that is unimportant to the current problem I'm having. The error appears at step 6. For each modem in our database, it checks the IPs assigned to it. For each of those, it runs: tc filter add dev $dev protocol ip parent 1: u32 ht 2:$table: match ip dst $ip flowid 1:$classid I added a counter in there and an exit command in the "Action" subroutine so that when the script errors, it exits and shows me how many IPs tc has added before it produced an error. The number was 2045 and the error was RTNETLINK answers: File exists. As for your suggestion about the classid, I'm a bit confused as to what you mean about decrementing it. Could you be a little more specific on where this is in the script? I have attached the script in its entirety so you can see it and maybe figure out what is wrong. The only problem with running it would be connecting to the database. If you want, I can put up a mock database and you can connect to that for testing purposes. The problem with this is that I'd have to populate it with about 3000 entries for you to see the error I'm seeing. I have removed my traps and counters so you can see what the script was originally. I'll comment where the error occurs. Thank you all once again for your help and time. It is very much appreciated. #!/usr/bin/perl # # TC Helper Script: Written by Mike Davis & Adam Towarnyckyj # # Synchronizes data rates with MySQL server and applies hourly. # ### Configuration Section ### $dev = "eth1"; $tc = "/sbin/tc"; $mysql_host = "sql database"; $mysql_db = "databse"; $mysql_user = "user"; $mysql_pass = "password"; ### END Configuration Section ### use POSIX qw(strftime); # Database connect and define subroutines use DBI; $dsn = "DBI:mysql:database=$mysql_db;hostname=$mysql_host"; $dbh = DBI->connect($dsn, $mysql_user, $mysql_pass) || die "Can't connect to database: " . DBI->errstr; # Subroutine for placing all information from a sql query into a variable. sub SelectSQL { my($sql) = @_; my @MATCHES, $hash; $sth = $dbh->prepare("$sql"); $sth->execute(); while ($hash = $sth->fetchrow_hashref) { push @MATCHES, $hash; } return @MATCHES; } sub SelectSingleSQL { my($sql) = @_; my($gotit, $return, $hash); $sth = $dbh->prepare("$sql"); $sth->execute(); while ($hash = $sth->fetchrow_array) { unless ($gotit) { $return = $hash; $gotit++; } else { warn "got multiple SQL returns when exepecting only one"; } } return $return; } sub SimpleSQL { my($sql) = $_[0]; my $rows_affected; $rows_affected = $dbh->do($sql); return $rows_affected; } sub Action { my($action) = @_; # print"Performing: $action\n"; $warn=`$action 2>&1`; if ($warn) { chomp($warn); $prepare = "ERROR: $warn. Command was: $action"; #print"WHOOPS: $warn\n"; push @WARNING, $prepare; }
Re: [LARTC] tcng/tc setup
On Wednesday 14 July 2004 05:54, Gareth Glaccum wrote: > Hi all, > Can someone please help with a tcng setup? I have played with tc and tcng > in the past, and now would like to get some serious rules in place. > However, I have a difficulty in setting them up. I'd suggest using `tc` and using Netfilter to classify traffic. There are quite a few matches you just can't do with tcng. > And I wrote out some rules. These rules seem to be correct, as far as I can > tell, but I stupidly forgot that this is all egress, and it cannot be done > as easily with ingress. Can someone please help by showing me how I can > modify these to give me control over the bandwidth in (albeit limited) as > well as out? Also could someone explain how I can easily write flows to > test all of the possible traffic I might be experiencing? tcng is supposed to let you perform all kinds of simulations on your traffic, but I have never gotten it to work. If someone has produced useful information, I'd love to know how. > My aim is, that any normal ssh to any machine, whether comming from the DMZ > to the internet, or from the LAN to the internet, should get at least 2KB/s > low-latency traffic each, even if other machines or other connections are > being made in the background. > I am wondering whether my first qdisc should infact be an SFQ and then HTBs > below it? That is not possible. sfq is a classless qdisc. It cannot contain anything. You would need to attach sfq to htb classes, instead, for instance. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] TC Hashing Filters
Adam Towarnyckyj wrote: > > First off, no need to be rude. I read the documentation; I just missed > the number limit. I apolgize. I regretted hitting SEND as soon as I came to my senses and I'm ashamed of how long it took me to do that. I had a (what turned out to be minor) emergency last night, I overslept this morning and I have a prior committment tonight so I can't get to this until at least tomorrow night. But I do have a couple of general suggestions now: > Second, I know it's in hex and that's what I'm using. Try setting classid to 0x and decrement rather than increment it. Pepper the script with debug (print or echo) lines error traps that exit the script on error. Is what you posted entire so that if I extract it from the message then it should run? > Action("$tc qdisc del dev $dev root"); > Action("$tc qdisc add dev $dev root handle 1:0 cbq bandwidth 200mbit > avpkt 1000"); gypsy ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] tcng/tc setup
Hi all, Can someone please help with a tcng setup? I have played with tc and tcng in the past, and now would like to get some serious rules in place. However, I have a difficulty in setting them up. My setup is as follows: One machine working as a firewall: eth0 is the interface connected to a 512K DSL line eth1 is connected to a LAN eth2 is connected to another LAN, a bit like a DMZ eth1 and 2 are totaly different subnets, 10.1.1.x and 10.2.1.x both class B, (sorry, this is a system I inherited, I am slowly getting ready to collapse it all to class C). I wanted to set the following rules: High priority data needs to be some ssh from 10.1.1.x/16 (all) to external IPs. Priority is to be given to data going to 10.1.1.x/16 over the DMZ data. Input is 55KB/s, output is 25KB/s To the DMZ from the LAN, there should be no throttling. To the LAN from the DMZ, there should be no throttling. (100Mbs/s) SSH data should be given priority over HTTP SMTP should be given priority over HTTP HTTP is given priority over anything else Interfaces, eth0, 512Kb/s input, 256 Kb/s output eth1, 100Mb/s each way eth2, 100Mb/s each way And I wrote out some rules. These rules seem to be correct, as far as I can tell, but I stupidly forgot that this is all egress, and it cannot be done as easily with ingress. Can someone please help by showing me how I can modify these to give me control over the bandwidth in (albeit limited) as well as out? Also could someone explain how I can easily write flows to test all of the possible traffic I might be experiencing? My aim is, that any normal ssh to any machine, whether comming from the DMZ to the internet, or from the LAN to the internet, should get at least 2KB/s low-latency traffic each, even if other machines or other connections are being made in the background. I am wondering whether my first qdisc should infact be an SFQ and then HTBs below it? All help will be gratefully received. Thank you, Gareth - Start long probably incorrect tcng code (I have left out the ingress code I had, because it didn't work at all, and I didn't understand any of it) #define INTERNET eth0 #define LAN eth1 #define DMZ eth2 #define INTERNET_IP 0.0.0.0/0 #define DMZ_IP 10.2.1.0/16 #define LAN_IP 10.1.1.0/16 #define maxadsl 600kbps/2 #define highadsl 500kbps/2 #define medadsl 400kbps/2 #define midadsl 300kbps/2 #define lowadsl 200kbps/2 #define intadsl 150kbps/2 #define vloadsl 100kbps/2 #define noadsl 50kbps/2 dev INTERNET { $meter = trTCM( cir 128kbps, cbs 10kB, pir 200kbps, pbs 10 kB ); egress { class(<$lanssh>) if tcp_sport == 22 || tcp_dport == 22 if ip_src == LAN_IP || ip_dst == LAN_IP; class(<$dmzssh>) if tcp_sport == 22 || tcp_dport == 22 if ip_src == DMZ_IP || ip_dst == DMZ_IP; class(<$ssh>) if tcp_sport == 22 || tcp_dport == 22 if ip_tos_delay==1 ; class(<$smtp>) if tcp_sport == 25 || tcp_dport == 25; class(<$lanhttp>) if tcp_sport == 80 || tcp_dport == 80 if ip_src == LAN_IP || ip_dst == LAN_IP; class(<$dmzhttp>) if tcp_sport == 80 || tcp_dport == 80 if ip_src == DMZ_IP || ip_dst == DMZ_IP; class(<$http>) if tcp_sport == 80 || tcp_dport == 80; class(<$othermed>) if trTCM_green( $meter); class(<$otherslow>) if trTCM_yellow( $meter); drop if trTCM_red ( $meter); class(<$otherslow>) if 1; drop if 1; htb(){ class ( rate maxadsl, ceil maxadsl){ $ssh = class ( rate medadsl, ceil highadsl) { $lanssh = class ( rate midadsl , ceil medadsl){ sfq ( perturb 10 sec );}; $dmzssh = class (rate vloadsl, ceil lowadsl){ sfq ( perturb 10 sec );}; }; $smtp = class ( rate midadsl, ceil highadsl) {sfq ( perturb 10 sec );}; $http = class ( rate lowadsl, ceil highadsl) { $lanhttp = class (rate lowadsl , ceil highadsl) {sfq ( perturb 10 sec );}; $dmzhttp = class (rate lowadsl, ceil highadsl) {sfq ( perturb 10 sec );}; }; $othermed = class ( rate lowadsl, ceil medadsl) {sfq ( perturb 10 sec );}; $otherslow = class ( rate noadsl, ceil intadsl) {sfq ( perturb 10 sec );}; } } } } _ Express yourself with cool new emoticons http://www.msn.co.uk/specials/myemo ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/