[LARTC] Need help regarding TBF Token rate setting
Hi, I would like to know how to specify the token rate when a tbf qdic is created using tc tool.. Will it be a default value when tbf qdisc is created? This could be a silly question im quite new to all these stuff.. but im really interested.. any help will be most appreciated... thanks in advance, sanjeev -- __ Check out the latest SMS services @ http://www.linuxmail.org This allows you to send and receive SMS through your mailbox. Powered by Outblaze ___ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] script
please could any one help me with a sample script to limit the uplink iam using eth1 to conect the internet 256 kbps and eth0 64 kbps for down load i would like to limit bandwidth for kaaza etc regards sunil Dealing in Computers, Software and Peripherals Jayesh Chandran Compucat Technologies(An associate of Milan Cable Television)1.Goliondoi Road, Arusha.2.Ground Floor, Serengeti Wing,PB No. 10367, AICC, Arusha, Tanzania [EMAIL PROTECTED] tel: fax: mobile: +255 27 2502660+255 27 2504527+255 748 586169 Add me to your address book... Want a signature like this?
Re: [LARTC] script
Hello, Could you give me some more information about your network setup? which is your LAN interface? Which is your WAN interface? Deepak Seshadri - Original Message - From: jayesh [EMAIL PROTECTED] To: lartc@mailman.ds9a.nl Sent: Tuesday, January 11, 2005 7:21 AM Subject: [LARTC] script please could any one help me with a sample script to limit the uplink iam using eth1 to conect the internet 256 kbps and eth0 64 kbps for down load i would like to limit bandwidth for kaaza etc regards sunil ___ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Personal Firewalls
We don't use a DHCP server but maybe it's an option that needs to be looked into. Alfred, Alfred, David Hough wrote: On Mon, 2005-01-10 at 18:33, Alfred Vahau wrote: Thanks for the reply. This is the practice at present. We block off one IP and another pops up. At times, quite a few of them appear. We suspect that some of these guys are disgruntled ex-employees who have unauthorized access or are accessing the network with the help of other staff. It sounds as though you need a script tied in with your DHCP server so that only recognised MAC addresses get given IP addresses and only those addresses currently allocated get access via the firewall. -- ___ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Personal Firewalls
Peter Surda wrote: Alfred Vahau wrote: Thanks for the reply. This is the practice at present. We block off one IP and another pops up. At times, quite a few of them appear. We suspect that some of these guys are disgruntled ex-employees who have unauthorized access or are accessing the network with the help of other staff. Aha, so you suspect malicious intent and not only accidental behaviour. In that case you shouldn't expect that some other internal information found on the problematic computers is valid either. We have not dismissed malicious intent. However, the chances of it happening is quite remote. Rather the fight is against network abuse. In line with the core objectives of our institution, there are sites which are defined as unproductive. It is the access to these sites for which strange ip addresses spring up, some of which are within our IP range, for which the logs do not provide very much information on the identify of the user. However, there is a possibility if you want to find the computer by IP, if you use manageable switches. As you know which IPs are improper, you can also find the corresponding MAC address passively from the router's ARP table (or actively by arping), and the switches will be able to tell you on which port this MAC is plugged. Then you can e.g. shutdown the port or follow the cable to the physical computer location. Thanks for this pointer. This option looks viable and will pursue this. alfred, Yours sincerely Peter Surda alfred, ___ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ -- Perl is my reason for following the Sun; ___ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Personal Firewalls
Thank you for these pointers. These options will be explored. alfred, khurram sohaib wrote: You can use Iptraf to monitor traffic, for further restrictions you can use dhcp with mac address and add those address in your forward, filter options in Iptables. this will solve your problem. if you need the further help for this, please let me know. khurram Message FROM KHURRAM SOHAIB. From: Alfred Vahau [EMAIL PROTECTED] To: lartc@mailman.ds9a.nl Subject: [LARTC] Personal Firewalls Date: Mon, 10 Jan 2005 13:22:44 +1000 Hello, Our ISP provides a firewall and NAT services for our Intranet. However, within the Intranet, there appear to be personal firewalls around some anonymous PCs. The IP addresses of these PCs can be detected by our network monitoring tool. The identity of the user however remains anonymous. Are there any tools that can be used to penetrate the personal firewall and reveal the identity of the users? All our IP addresses fall within specific ranges and the existence of these addresses are against the policies on computer usage. Thanks for any pointers, Alfred Vahau IT Services Uni. PNG -- ___ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ -- Perl is my reason for following the Sun; ___ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] wondershaper with ssh on a non-standard port
mornin' all, i still haven't found the right solution for my situation, but after some digging, i realized that the free PuTTY SSH client (commonly used to access remote systems from under Windows) does NOT set the TOS bit in a way that would let the default wondershaper script identify its packets as high-priority. this means that -- as suggested by Ed -- prioritizing SSH packets in the uplink stream would have to be done on the basis of the port number used by these packets. also, because PuTTY does not set the TOS bit as wondershaper expects, PuTTY users will have to use *port-based* prioritization in wondershaper EVEN IF THEIR SSH SERVER RUNS ON THE DEFAULT PORT (22). i will post up my solution as soon as i get it working. in the meantime, please feel free to correct me if i'm wrong / suggest other solutions. peace -p -- Until lions have their historians, tales of the hunt shall always glorify the hunters. - African Proverb On Mon, 10-Jan-2005 at 22:16:02 +, Ed Wildgoose wrote: Hi, having read the docs and the wondershaper script itself, it occurred to me that the documentation promises an immediate drop in interactive app latency, specifically mentioning SSH as a big winner. however, looking through the script i can't really tell just *how* wondershaper figures out which port my SSH daemon is running on. so what i'd like to know is, if i'm running my sshd on, say, port 222, do i need to make any changes to the wondershaper script, or will it figure out the right number automagically (e.g. from /etc/services, where SSH is already correctly assigned to port 222) ? (conversely, does it 'need' to figure out this port number at all?) It's been a while since I looked through wondershaper, but the relevant lines are apparently these: # TOS Minimum Delay (ssh, NOT scp) in 1:10: tc filter add dev $DEV parent 1:0 protocol ip prio 10 u32 \ match ip tos 0x10 0xff flowid 1:10 So it seems to be matching based on the type of service bits in the IP packet. I seem to remember that SSH actually sets the IP tos bits correctly? So it *should* work when ssh is on another port. I guess you need to either tweak the script (if you want a quick fix then just mark anything to/from port 222 as high priority), or else figure out why your packets aren't matching the required rule Good luck Ed W signature.asc Description: Digital signature
Re: [LARTC] ESFQ?
Justin Schoeman wrote: Woohoo - that would be great! -justin Andy Furniss wrote: Justin Schoeman wrote: Ouch... Is there any other way to do host-based fair sharing (well, other than actually classifying each host :-( )? I don't think it will take much to get it to work - though I haven't tried :-) . I'll have a look at doing a 2.6.10 in the next few days. Well I gave it a go (first patches I've made) and they work for me though Thomas or Stephen may notice something :-) . Hopefully they won't be needed in the future if Thomas gets esfq in mainline. They are based on Alexander Clouters patches at www.digriz.org.uk. I only used the first iproute one. I was hampered a bit because kernel.org have turned off the diff viewer. The remove db iproute patch is from LFS, you may not need it if you have Berkley DB installed ( search for db_185.h ). If you don't have it *and* you don't use arpd then use the patch, it just removes arpd from the build. Andy. diff -urN iproute2-2.6.9.orig/include/linux/pkt_sched.h iproute2-2.6.9/include/linux/pkt_sched.h --- iproute2-2.6.9.orig/include/linux/pkt_sched.h 2004-10-19 21:49:02.0 +0100 +++ iproute2-2.6.9/include/linux/pkt_sched.h2005-01-11 11:46:45.395401296 + @@ -126,6 +126,13 @@ /* SFQ section */ +enum +{ + TCA_SFQ_HASH_CLASSIC, + TCA_SFQ_HASH_DST, + TCA_SFQ_HASH_SRC, +}; + struct tc_sfq_qopt { unsignedquantum;/* Bytes per round allocated to flow */ @@ -133,6 +140,7 @@ __u32 limit; /* Maximal packets in queue */ unsigneddivisor;/* Hash divisor */ unsignedflows; /* Maximal number of flows */ + unsignedhash_kind; /* Hash function to use for flow identification */ }; /* @@ -142,6 +150,8 @@ * * The only reason for this is efficiency, it is possible * to change these parameters in compile time. + * + * If you need to play with this values use esfq */ /* RED section */ diff -urN iproute2-2.6.9.orig/tc/Makefile iproute2-2.6.9/tc/Makefile --- iproute2-2.6.9.orig/tc/Makefile 2004-10-19 21:49:02.0 +0100 +++ iproute2-2.6.9/tc/Makefile 2005-01-11 11:46:45.396401144 + @@ -6,6 +6,7 @@ TCMODULES := TCMODULES += q_fifo.o TCMODULES += q_sfq.o +TCMODULES += q_esfq.o TCMODULES += q_red.o TCMODULES += q_prio.o TCMODULES += q_tbf.o diff -urN iproute2-2.6.9.orig/tc/q_esfq.c iproute2-2.6.9/tc/q_esfq.c --- iproute2-2.6.9.orig/tc/q_esfq.c 1970-01-01 01:00:00.0 +0100 +++ iproute2-2.6.9/tc/q_esfq.c 2005-01-11 11:47:29.424707824 + @@ -0,0 +1,168 @@ +/* + * q_esfq.cESFQ. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version + * 2 of the License, or (at your option) any later version. + * + * Authors:Alexey Kuznetsov, [EMAIL PROTECTED] + * + * Changes:Alexander Atanasov, [EMAIL PROTECTED] + * Added depth,limit,divisor,hash_kind options. + */ + +#include stdio.h +#include stdlib.h +#include unistd.h +#include syslog.h +#include fcntl.h +#include math.h +#include sys/socket.h +#include netinet/in.h +#include arpa/inet.h +#include string.h + +#include utils.h +#include tc_util.h + +static void explain(void) +{ + fprintf(stderr, Usage: ... esfq [ perturb SECS ] [ quantum BYTES ] [ depth FLOWS ]\n\t[ divisor HASHBITS ] [ limit PKTS ] [ hash HASHTYPE]\n); + fprintf(stderr,Where: \n); + fprintf(stderr,HASHTYPE := { classic | src | dst }\n); +} + +#define usage() return(-1) + +static int esfq_parse_opt(struct qdisc_util *qu, int argc, char **argv, struct nlmsghdr *n) +{ + int ok=0; + struct tc_sfq_qopt opt; + + memset(opt, 0, sizeof(opt)); + + opt.hash_kind= TCA_SFQ_HASH_CLASSIC; + + while (argc 0) { + if (strcmp(*argv, quantum) == 0) { + NEXT_ARG(); + if (get_size(opt.quantum, *argv)) { + fprintf(stderr, Illegal \quantum\\n); + return -1; + } + ok++; + } else if (strcmp(*argv, perturb) == 0) { + NEXT_ARG(); + if (get_integer(opt.perturb_period, *argv, 0)) { + fprintf(stderr, Illegal \perturb\\n); + return -1; + } + ok++; + } else if (strcmp(*argv, depth) == 0) { + NEXT_ARG(); + if (get_integer(opt.flows, *argv, 0)) { + fprintf(stderr, Illegal \depth\\n); + return -1; + } + ok++; + } else if
Re: [LARTC] ESFQ?
Cheers Andy, great work. Brian On 11 Jan 2005 at 15:28, Andy Furniss wrote: Justin Schoeman wrote: Woohoo - that would be great! -justin Andy Furniss wrote: Justin Schoeman wrote: Ouch... Is there any other way to do host-based fair sharing (well, other than actually classifying each host :-( )? I don't think it will take much to get it to work - though I haven't tried :-) . I'll have a look at doing a 2.6.10 in the next few days. Well I gave it a go (first patches I've made) and they work for me though Thomas or Stephen may notice something :-) . Hopefully they won't be needed in the future if Thomas gets esfq in mainline. They are based on Alexander Clouters patches at www.digriz.org.uk. I only used the first iproute one. I was hampered a bit because kernel.org have turned off the diff viewer. The remove db iproute patch is from LFS, you may not need it if you have Berkley DB installed ( search for db_185.h ). If you don't have it *and* you don't use arpd then use the patch, it just removes arpd from the build. Andy. -- Brian Carrig Research Assistant Department of Computing Networking Institute of Technology, Carlow Tel. No.: +353 59 9176314 ___ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] ESFQ?
Thanks - really appreciate the help! -justin Andy Furniss wrote: Justin Schoeman wrote: Woohoo - that would be great! -justin Andy Furniss wrote: Justin Schoeman wrote: Ouch... Is there any other way to do host-based fair sharing (well, other than actually classifying each host :-( )? I don't think it will take much to get it to work - though I haven't tried :-) . I'll have a look at doing a 2.6.10 in the next few days. Well I gave it a go (first patches I've made) and they work for me though Thomas or Stephen may notice something :-) . Hopefully they won't be needed in the future if Thomas gets esfq in mainline. They are based on Alexander Clouters patches at www.digriz.org.uk. I only used the first iproute one. I was hampered a bit because kernel.org have turned off the diff viewer. The remove db iproute patch is from LFS, you may not need it if you have Berkley DB installed ( search for db_185.h ). If you don't have it *and* you don't use arpd then use the patch, it just removes arpd from the build. Andy. diff -urN iproute2-2.6.9.orig/include/linux/pkt_sched.h iproute2-2.6.9/include/linux/pkt_sched.h --- iproute2-2.6.9.orig/include/linux/pkt_sched.h 2004-10-19 21:49:02.0 +0100 +++ iproute2-2.6.9/include/linux/pkt_sched.h 2005-01-11 11:46:45.395401296 + @@ -126,6 +126,13 @@ /* SFQ section */ +enum +{ + TCA_SFQ_HASH_CLASSIC, + TCA_SFQ_HASH_DST, + TCA_SFQ_HASH_SRC, +}; + struct tc_sfq_qopt { unsigned quantum; /* Bytes per round allocated to flow */ @@ -133,6 +140,7 @@ __u32 limit; /* Maximal packets in queue */ unsigned divisor; /* Hash divisor */ unsigned flows; /* Maximal number of flows */ + unsigned hash_kind; /* Hash function to use for flow identification */ }; /* @@ -142,6 +150,8 @@ * * The only reason for this is efficiency, it is possible * to change these parameters in compile time. + * + * If you need to play with this values use esfq */ /* RED section */ diff -urN iproute2-2.6.9.orig/tc/Makefile iproute2-2.6.9/tc/Makefile --- iproute2-2.6.9.orig/tc/Makefile 2004-10-19 21:49:02.0 +0100 +++ iproute2-2.6.9/tc/Makefile 2005-01-11 11:46:45.396401144 + @@ -6,6 +6,7 @@ TCMODULES := TCMODULES += q_fifo.o TCMODULES += q_sfq.o +TCMODULES += q_esfq.o TCMODULES += q_red.o TCMODULES += q_prio.o TCMODULES += q_tbf.o diff -urN iproute2-2.6.9.orig/tc/q_esfq.c iproute2-2.6.9/tc/q_esfq.c --- iproute2-2.6.9.orig/tc/q_esfq.c 1970-01-01 01:00:00.0 +0100 +++ iproute2-2.6.9/tc/q_esfq.c 2005-01-11 11:47:29.424707824 + @@ -0,0 +1,168 @@ +/* + * q_esfq.c ESFQ. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version + * 2 of the License, or (at your option) any later version. + * + * Authors: Alexey Kuznetsov, [EMAIL PROTECTED] + * + * Changes: Alexander Atanasov, [EMAIL PROTECTED] + * Added depth,limit,divisor,hash_kind options. + */ + +#include stdio.h +#include stdlib.h +#include unistd.h +#include syslog.h +#include fcntl.h +#include math.h +#include sys/socket.h +#include netinet/in.h +#include arpa/inet.h +#include string.h + +#include utils.h +#include tc_util.h + +static void explain(void) +{ + fprintf(stderr, Usage: ... esfq [ perturb SECS ] [ quantum BYTES ] [ depth FLOWS ]\n\t[ divisor HASHBITS ] [ limit PKTS ] [ hash HASHTYPE]\n); + fprintf(stderr,Where: \n); + fprintf(stderr,HASHTYPE := { classic | src | dst }\n); +} + +#define usage() return(-1) + +static int esfq_parse_opt(struct qdisc_util *qu, int argc, char **argv, struct nlmsghdr *n) +{ + int ok=0; + struct tc_sfq_qopt opt; + + memset(opt, 0, sizeof(opt)); + + opt.hash_kind= TCA_SFQ_HASH_CLASSIC; + + while (argc 0) { + if (strcmp(*argv, quantum) == 0) { + NEXT_ARG(); + if (get_size(opt.quantum, *argv)) { +fprintf(stderr, Illegal \quantum\\n); +return -1; + } + ok++; + } else if (strcmp(*argv, perturb) == 0) { + NEXT_ARG(); + if (get_integer(opt.perturb_period, *argv, 0)) { +fprintf(stderr, Illegal \perturb\\n); +return -1; + } + ok++; + } else if (strcmp(*argv, depth) == 0) { + NEXT_ARG(); + if (get_integer(opt.flows, *argv, 0)) { +fprintf(stderr, Illegal \depth\\n); +return -1; + } + ok++; + } else if (strcmp(*argv, divisor) == 0) { + NEXT_ARG(); + if (get_integer(opt.divisor, *argv, 0)) { +fprintf(stderr, Illegal \divisor\\n); +return -1; + } + if(opt.divisor = 15) { +fprintf(stderr, Illegal \divisor\ must be 15\n); +return -1; + } + opt.divisor=pow(2,opt.divisor); + ok++; + } else if (strcmp(*argv, limit) == 0) { + NEXT_ARG(); + if (get_integer(opt.limit, *argv, 0)) { +fprintf(stderr, Illegal \limit\\n); +return -1; + } + ok++; + } else if (strcmp(*argv, hash) == 0) { + NEXT_ARG(); + if(strcmp(*argv,classic) == 0) { +
Re: [LARTC] ESFQ?
* Andy Furniss [EMAIL PROTECTED] 2005-01-11 15:28 diff -urN linux-2.6.10.orig/include/linux/pkt_sched.h linux-2.6.10/include/linux/pkt_sched.h @@ -136,6 +143,7 @@ __u32 limit; /* Maximal packets in queue */ unsigneddivisor;/* Hash divisor */ unsignedflows; /* Maximal number of flows */ + unsignedhash_kind; /* Hash function to use for flow identification */ }; This breaks compatibility to older iproute2 versions compiled with older header versions (not including the additional 4 octets). sch_sfq.c: if (opt-rta_len RTA_LENGTH(sizeof(*ctl))) return -EINVAL; +static int esfq_change(struct Qdisc *sch, struct rtattr *opt) +{ + struct esfq_sched_data *q = qdisc_priv(sch); + struct tc_sfq_qopt *ctl = RTA_DATA(opt); + int old_perturb = q-perturb_period; + + if (opt-rta_len RTA_LENGTH(sizeof(*ctl))) + return -EINVAL; + + sch_tree_lock(sch); + q-quantum = ctl-quantum ? : psched_mtu(sch-dev); + q-perturb_period = ctl-perturb_period*HZ; +// q-hash_divisor = ctl-divisor; +// q-tail = q-limit = q-depth = ctl-flows; + + if (ctl-limit) + q-limit = min_t(u32, ctl-limit, q-depth); + + if (ctl-hash_kind) { + q-hash_kind = ctl-hash_kind; + if (q-hash_kind != TCA_SFQ_HASH_CLASSIC) + q-perturb_period = 0; + } + + // is sch_tree_lock enough to do this ? + while (sch-q.qlen = q-limit-1) + esfq_drop(sch); + + if (old_perturb) + del_timer(q-perturb_timer); + if (q-perturb_period) { + q-perturb_timer.expires = jiffies + q-perturb_period; + add_timer(q-perturb_timer); + } else { + q-perturbation = 0; + } + sch_tree_unlock(sch); + return 0; +} Must be changed to use tcf_exts and ematch api once those patches are merged. I will take care of this. I'll have a closer look later on this week. ___ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] ESFQ?
Thomas Graf wrote: * Andy Furniss [EMAIL PROTECTED] 2005-01-11 15:28 diff -urN linux-2.6.10.orig/include/linux/pkt_sched.h linux-2.6.10/include/linux/pkt_sched.h @@ -136,6 +143,7 @@ __u32 limit; /* Maximal packets in queue */ unsigneddivisor;/* Hash divisor */ unsignedflows; /* Maximal number of flows */ + unsignedhash_kind; /* Hash function to use for flow identification */ }; This breaks compatibility to older iproute2 versions compiled with older header versions (not including the additional 4 octets). sch_sfq.c: if (opt-rta_len RTA_LENGTH(sizeof(*ctl))) return -EINVAL; I did wonder if it could just come out now that iproute2 uses its own pkt_sched.h. Just to be sure I understand - it's a risk that always existed eg. before Stephen maintained iproute2, when it compiled against kernel headers. If I patched kernel and failed to compile new tc/had old tc ahead in path etc. then sfq would be broken. So if you patch make sure you build and use new tc do tc -V / check you don't have an old one in /sbin as iproute2's make install uses /usr/sbin by default. +static int esfq_change(struct Qdisc *sch, struct rtattr *opt) +{ + struct esfq_sched_data *q = qdisc_priv(sch); + struct tc_sfq_qopt *ctl = RTA_DATA(opt); + int old_perturb = q-perturb_period; + + if (opt-rta_len RTA_LENGTH(sizeof(*ctl))) + return -EINVAL; + + sch_tree_lock(sch); + q-quantum = ctl-quantum ? : psched_mtu(sch-dev); + q-perturb_period = ctl-perturb_period*HZ; +// q-hash_divisor = ctl-divisor; +// q-tail = q-limit = q-depth = ctl-flows; + + if (ctl-limit) + q-limit = min_t(u32, ctl-limit, q-depth); + + if (ctl-hash_kind) { + q-hash_kind = ctl-hash_kind; + if (q-hash_kind != TCA_SFQ_HASH_CLASSIC) + q-perturb_period = 0; + } + + // is sch_tree_lock enough to do this ? + while (sch-q.qlen = q-limit-1) + esfq_drop(sch); + + if (old_perturb) + del_timer(q-perturb_timer); + if (q-perturb_period) { + q-perturb_timer.expires = jiffies + q-perturb_period; + add_timer(q-perturb_timer); + } else { + q-perturbation = 0; + } + sch_tree_unlock(sch); + return 0; +} Must be changed to use tcf_exts and ematch api once those patches are merged. I will take care of this. I'll have a closer look later on this week. Thanks. Andy. ___ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] ESFQ?
Stephen Hemminger wrote: On Tue, 11 Jan 2005 23:06:27 + Andy Furniss [EMAIL PROTECTED] wrote: Thomas Graf wrote: * Andy Furniss [EMAIL PROTECTED] 2005-01-11 15:28 diff -urN linux-2.6.10.orig/include/linux/pkt_sched.h linux-2.6.10/include/linux/pkt_sched.h @@ -136,6 +143,7 @@ __u32 limit; /* Maximal packets in queue */ unsigneddivisor;/* Hash divisor */ unsignedflows; /* Maximal number of flows */ + unsignedhash_kind; /* Hash function to use for flow identification */ }; This breaks compatibility to older iproute2 versions compiled with older header versions (not including the additional 4 octets). sch_sfq.c: if (opt-rta_len RTA_LENGTH(sizeof(*ctl))) return -EINVAL; I did wonder if it could just come out now that iproute2 uses its own pkt_sched.h. Just to be sure I understand - it's a risk that always existed eg. before Stephen maintained iproute2, when it compiled against kernel headers. If I patched kernel and failed to compile new tc/had old tc ahead in path etc. then sfq would be broken. So if you patch make sure you build and use new tc do tc -V / check you don't have an old one in /sbin as iproute2's make install uses /usr/sbin by default. We need to maintain binary compatibility so that old command with latest kernel, and new command works with old kernel. That restricts message formats. But not source compatibility for iproute2, the iproute2 package needs to be self-contained and not depend on external (kernel) headers that may or may not be up to date. Also, older version of iproute2 compiled with current kernel headers should be supported. I would rather see all versions of iproute2 tarball's as self contained and not depend on kernel headers. Ahh - I think I see what you mean. If esfq wants to get into kernel then it has to become a completly new queue and not mess with sfq options at all. Andy. ___ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/