[LARTC] iproute-save ?
Anyone to know iproute-save, iproute-restore like script similar iptables-save/restore ? that stores everytihng routes,rules,tables everything ... then init.d-script that among other things stores the state on shutdown :") (thats easy then) - http://linuxtoday.com/news_story.php3?ltsn=2004-12-08-004-32-OS-BZ-DT-0005 snip> MS Office is popular in the same way as heart disease is the most popular way to die. ___ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Re: Confuse, putting packets in wrong mangle table.
On Thursday 27 January 2005 12:37, Andy Furniss wrote: > > I'll make it simple for you as possible. > > i have linux box which have eth0 220.1.1.1 as primary ip and aliasses: > > eth0:1 192.168.1.1 , eth0:1 192.168.1.2 > > Both 192.168.1.1 & 192.168.1.2 NATed to 220.1.1.1 > > OKay, now my question is: > > How do i manage and limit traffic generated from those ips (192.168.1.1 & > > 192.168.1.2) ? Not just traffic outside, but traffic coming to those ips > > from Internet. > > I found it so difficult because traffic coming from internet to eth0 will > > be using 220.1.1.1 not 192.168.x.x > > If you use IMQ and get it to hook after NAT in PREROUTING then forwarded > traffic should have been denatted and have local addresses. You can use > TC filters to classify for htb etc. > Traffic from internet to squid will probably have 220. IP address. Thats what i'm worrying of, the ip address from internet would be 220.1.1.1, not 192.168.x.x IMQ with iptables marking unable to mark the packets to 192.168.x.x > If you want to try a way without IMQ then AIUI you can patch squid so > you can classify hit/miss traffic and then you could shape traffic as > egress on eth0. I don't use squid - but I assume here it limits the rate > it pulls miss pages to the rate that client requests. > http://www.docum.org/docum.org/faq/cache/65.html I ve tried this before, but never succeed. I didnt know where should i attach the 10:100 class. In the document, just told to add this class in tc, without giving some information which interface should i attach this class. Regards, Rio Martin. ___ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Ssh flow does not go into correct class. Help!
Look at this case, it even does no work! (following command run on ssh server.) tc qdisc add dev eth0 root handle 1: htb default 13tc class add dev eth0 parent 1: classid 1:1 htb rate 500kbit ceil 500kbittc class add dev eth0 parent 1:1 classid 1:11 htb rate 100kbit ceil 500kbit prio 1tc class add dev eth0 parent 1:1 classid 1:12 htb rate 100kbit ceil 500kbit prio 1tc class add dev eth0 parent 1:1 classid 1:13 htb rate 100kbit ceil 500kbit prio 1tc qdisc add dev eth0 parent 1:11 handle 111: sfq perturb 5tc qdisc add dev eth0 parent 1:12 handle 112: sfq perturb 5tc qdisc add dev eth0 parent 1:13 handle 113: sfq perturb 5 iptables -t mangle -A OUTPUT -d 10.190.6.16 -j MARK --set-mark 20iptables -t mangle -A OUTPUT -d 10.190.6.16 -j RETURN tc filter add dev eth0 parent 1:0 prio 1 protocol ip handle 20 fw flowid 1:11I expect data from ssh server to my client 10.190.6.16 should goes into 1:11, and other data goes into default 1:13. But when I use ssh client on other machine(not 10.190.6.16), the data seems also goes into 1:11(I got this from tc -s -d class show dev eth0). Why? "Catalin(ux aka Dino) BOIE" <[EMAIL PROTECTED]> wrote: On Thu, 27 Jan 2005, CcM wrote:> Now I want to control ports with ips specified, like following, it seems not work, only --sport effect. Ftp-data goes to ips beside 10.190.6.16 also goes into 1:12 while default is 1:13. Why?>> tc qdisc add dev eth0 root handle 1: htb default 13> tc class add dev eth0 parent 1: classid 1:1 htb rate 8kbit ceil 8kbit prio 1> tc class add dev eth0 parent 1:1 classid 1:11 htb rate 40kbit ceil 40kbit prio 1> tc class add dev eth0 parent 1:1 classid 1:12 htb rate 800kbit ceil 1600kbit prio 1> tc class add dev eth0 parent 1:1 classid 1:13 htb rate 7kbit ceil 8kbit prio 1> tc qdisc add dev eth0 parent 1:11 handle 111: sfq perturb 5> tc qdisc add dev eth0 parent 1:12 handle 112: sfq perturb 5> tc qdisc add dev eth0 parent 1:13 handle 113: sfq perturb 5>& gt; iptables -t mangle -A OUTPUT -p tcp -m tcp --sport 22 -j MARK --set-mark 20> iptables -t mangle -A OUTPUT -p tcp -m tcp --sport 22 -j RETURN>> iptables -t mangle -A POSTROUTING -d 10.190.6.16 -p tcp --sport ftp-data -j MARK --set-mark 21> iptables -t mangle -A POSTROUTING -d 10.190.6.16 -p tcp --sport ftp-data -j RETURNI bet you use passive mode in ftp so you get a weird port, not ftp-data (20). ftp is tricky to match. You can use this:iptables -t mangle -A POSTROUTING -d x.x.x.x -m helper --helper ftp \-j MARK --set-mark 21This will mark with 21 all ftp control+data connections.>> tc filter add dev eth0 parent 1:0 prio 1 protocol ip handle 20 fw flowid 1:11> tc filter add dev eth0 parent 1:0 prio 1 protocol ip handle 21 fw flowid 1:12>>> "Catalin(ux aka Dino) BOIE" <[EMAIL PROTECTED]>wrote:> On Wed, 26 Jan 2005, CcM wrote:>>> It does work! Thanks! >> But many articles write like what I did, what's the difference between POSTROUTING and PREROUTING. I mean I know these are two hook point in ip stack, but why should be POSTROUTING here when do mangle? "Catalin(ux aka Dino) BOIE" wrote:>> Use:>> iptables -t mangle -A POSTROUTING -p tcp -m tcp --sport 22 -j MARK \>> --set-mark 20>> Because local generated packets doesn't go through PREROUTING.> But, best is to use OUTPUT.> --->> Catalin(ux aka Dino) BOIE>> catab at deuroconsult.ro>> http://kernel.umbrella.ro/>> ___>> LARTC mailing list / LARTC@mailman.ds9a.nl>> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ->> Do You Yahoo!?>> 注册世界一流品质的雅虎免费电邮>> ---> Catalin(ux aka Dino) BOIE> catab at deuroconsult.ro> http://kernel.umbrella.ro/>>> -> Do You Yahoo!?> 注册世界一流品质的雅虎免费电邮---Catalin(ux aka Dino) BOIEcatab at deuroconsult.rohttp://kernel.umbrella.ro/ Do You Yahoo!? 注册世界一流品质的雅虎免费电邮
Re: [LARTC] negative tokens
What does tokens and ctokens mean ?? thanks.Denis Kot <[EMAIL PROTECTED]> wrote: ##DEV0=imq0RATEUP=100VPNS=30/sbin/ip link set imq0 uptc qdisc add dev $DEV0 root handle 1: htb default 30tc class add dev $DEV0 parent 1: classid 1:1 htb rate ${RATEUP}kbitceil ${RATEUP}kbittc class add dev $DEV0 parent 1:1 classid 1:30 htb rate$[$RATEUP/$VPNS]kbit ceil ${RATEUP}kbit###this is from /etc/ppp/ip-up.local: the followings parameters are available:# $1 = interface-name# $2 = tty-device# $3 = speed# $4 = local-IP-address# $5 = remote-IP-address# $6 = ipparam/sbin/iptables -t mangle -A PREROUTING -i $1 -d ! 192.168.0.0/16 -jIMQ --todev 0/sbin/tc class add dev $DEV0 parent 1:1 classid 1:2${1/ppp/} htb rate$[$RATEUP/$VPNS]kbit ceil ${RATEUP}kbit/sbin/tc filter add dev $DEV0 protocol ip parent 1:0 prio 1 u32 matchip src $5 flowid 1:2${1/ppp/}###On Thu, 27 Jan 2005 19:03:47 +0100, Sujith Chennupati<[EMAIL PROTECTED]>wrote:> it would be clear if you attach the code you are using with> may be some packets are not matched with the filter you specified and> going by deafult queue> > > On Thu, 27 Jan 2005 09:42:29 +0200, Denis Kot <[EMAIL PROTECTED]>wrote:> > I have this:> > class htb 1:29 parent 1:1 prio 0 rate 3000bit ceil 10bit burst> > 1599b cburst 1611b> > Sent 33233 bytes 772 pkts (dropped 0, overlimits 0)> > lended: 415 borrowed: 357 giants: 0> > tokens: -3756376 ctokens: 128779> >> > or this:> > class htb 1:21 parent 1:1 prio 0 rate 3000bit ceil 10bit burst> > 1599b cburst 1611b> > Sent 57554 bytes 618 pkts (dropped 0, overlimits 0)> > lended: 193 borrowed: 425 giants: 0> > to kens: -484950 ctokens: 128779> >> > and there is more like this> > what? wrong?> >> > this is class for imq0 device (for me this is ingres device) and I have this:> > imq0 Link encap:UNSPEC HWaddr> > 00-00-00-FF-FF-00-00-00-00-00-00-00-00-00-00-00> > UP RUNNING NOARP MTU:1500 Metric:1> > RX packets:13 errors:0 dropped:0 overruns:0 frame:0> > TX packets:123371 errors:0 dropped:0 overruns:0 carrier:0> > collisions:0 txqueuelen:30> > RX bytes:17694200 (16.8 Mb) TX bytes:15230834 (14.5 Mb)> >> > as you can see RX bytes doesn? equal to TX bytes. what? wrong?> >> > --> > Denis Kot> > denis?jabber.org.by> > ICQ: 13680126> > Mobil: +375 29 6-1234-78> > ___> > LARTC mailing list / LARTC@mailman.ds9a.nl> > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/> >> > --> sujith chandra chowdhary CHENNUPATI> -- Denis Kotdenis?jabber.org.byICQ: 13680126Mobil: +375 29 6-1234-78___LARTC mailing list / LARTC@mailman.ds9a.nlhttp://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ Do You Yahoo!? 注册世界一流品质的雅虎免费电邮
[LARTC] question about filter priorities and "tc -d filter show" output
forgot the [LARTC] prefix in the subject... On Thu, 27 Jan 2005 12:00:14 -0600, jacob martinson <[EMAIL PROTECTED]> wrote: > The interface is setup like this: > # tc qdisc del dev eth0 root > # tc qdisc add dev eth0 root handle 1: htb default 2 > # tc class add dev eth0 parent 1: classid 1:2 htb rate 20mbit ceil 20mbit > > If I add a second class and a filter to send traffic to it like this: > # tc class add dev eth0 parent 1: classid 1:130 htb rate 1Mbit ceil 1Mbit > # tc filter add dev eth0 protocol ip parent 1:0 prio 130 u32 match ip dst \ > > 1.1.1.10 flowid 1:130 > > The output of "tc -d filter show dev eth0" makes sense to me and looks > like this: > filter parent 1: protocol ip pref 130 u32 > filter parent 1: protocol ip pref 130 u32 fh 800: ht divisor 1 > filter parent 1: protocol ip pref 130 u32 fh 800::800 order 2048 key > ht 800 bkt 0 flowid 1:130 > match 0101010a/ at 16 > > If I add a third class and a filter for it, things start looking weird to me: > > # tc filter add dev eth0 protocol ip parent 1:0 prio 131 u32 match ip > dst 1.1.1.11 \ > > flowid 1:131 > # tc class add dev eth0 parent 1: classid 1:132 htb rate 1Mbit ceil 1Mbit > # tc -d filter show dev eth0 > filter parent 1: protocol ip pref 130 u32 > filter parent 1: protocol ip pref 130 u32 fh 801: ht divisor 1 > filter parent 1: protocol ip pref 130 u32 fh 801::800 order 2048 key > ht 801 bkt 0 flowid 1:131 > match 0101010b/ at 16 > filter parent 1: protocol ip pref 130 u32 fh 800: ht divisor 1 > filter parent 1: protocol ip pref 130 u32 fh 800::800 order 2048 key > ht 800 bkt 0 flowid 1:130 > match 0101010a/ at 16 > filter parent 1: protocol ip pref 131 u32 > filter parent 1: protocol ip pref 131 u32 fh 801: ht divisor 1 > filter parent 1: protocol ip pref 131 u32 fh 801::800 order 2048 key > ht 801 bkt 0 flowid 1:131 > match 0101010b/ at 16 > filter parent 1: protocol ip pref 131 u32 fh 800: ht divisor 1 > filter parent 1: protocol ip pref 131 u32 fh 800::800 order 2048 key > ht 800 bkt 0 flowid 1:130 > match 0101010a/ at 16 > > If N is the number of filters I have on the root qdisc, I get > N-squared entries from the "show filter" command. > > Can someone explain how this works or point me to documentation that > explains it? My system doesn't have a "tc-filters" manpage. > > Thanks! > > -Jacob > ___ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] negative tokens
## DEV0=imq0 RATEUP=100 VPNS=30 /sbin/ip link set imq0 up tc qdisc add dev $DEV0 root handle 1: htb default 30 tc class add dev $DEV0 parent 1: classid 1:1 htb rate ${RATEUP}kbit ceil ${RATEUP}kbit tc class add dev $DEV0 parent 1:1 classid 1:30 htb rate $[$RATEUP/$VPNS]kbit ceil ${RATEUP}kbit ### this is from /etc/ppp/ip-up.local: ### # the followings parameters are available: # $1 = interface-name # $2 = tty-device # $3 = speed # $4 = local-IP-address # $5 = remote-IP-address # $6 = ipparam /sbin/iptables -t mangle -A PREROUTING -i $1 -d ! 192.168.0.0/16 -j IMQ --todev 0 /sbin/tc class add dev $DEV0 parent 1:1 classid 1:2${1/ppp/} htb rate $[$RATEUP/$VPNS]kbit ceil ${RATEUP}kbit /sbin/tc filter add dev $DEV0 protocol ip parent 1:0 prio 1 u32 match ip src $5 flowid 1:2${1/ppp/} ### On Thu, 27 Jan 2005 19:03:47 +0100, Sujith Chennupati <[EMAIL PROTECTED]> wrote: > it would be clear if you attach the code you are using with > may be some packets are not matched with the filter you specified and > going by deafult queue > > > On Thu, 27 Jan 2005 09:42:29 +0200, Denis Kot <[EMAIL PROTECTED]> wrote: > > I have this: > > class htb 1:29 parent 1:1 prio 0 rate 3000bit ceil 10bit burst > > 1599b cburst 1611b > > Sent 33233 bytes 772 pkts (dropped 0, overlimits 0) > > lended: 415 borrowed: 357 giants: 0 > > tokens: -3756376 ctokens: 128779 > > > > or this: > > class htb 1:21 parent 1:1 prio 0 rate 3000bit ceil 10bit burst > > 1599b cburst 1611b > > Sent 57554 bytes 618 pkts (dropped 0, overlimits 0) > > lended: 193 borrowed: 425 giants: 0 > > tokens: -484950 ctokens: 128779 > > > > and there is more like this > > what´s wrong? > > > > this is class for imq0 device (for me this is ingres device) and I have > > this: > > imq0 Link encap:UNSPEC HWaddr > > 00-00-00-FF-FF-00-00-00-00-00-00-00-00-00-00-00 > > UP RUNNING NOARP MTU:1500 Metric:1 > > RX packets:13 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:123371 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:30 > > RX bytes:17694200 (16.8 Mb) TX bytes:15230834 (14.5 Mb) > > > > as you can see RX bytes doesn´t equal to TX bytes. what´s wrong? > > > > -- > > Denis Kot > > denis?jabber.org.by > > ICQ: 13680126 > > Mobil: +375 29 6-1234-78 > > ___ > > LARTC mailing list / LARTC@mailman.ds9a.nl > > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > > > > -- > sujith chandra chowdhary CHENNUPATI > -- Denis Kot denis?jabber.org.by ICQ: 13680126 Mobil: +375 29 6-1234-78 ___ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] How do I make the MARK target terminate in Iptables?
Hi, I would like setting the mark to be a terminating rule in Iptables. Is there a patch or an argument/parameter that enables this behavior? Or exactly which line do I need to modify in the source code? I would massively prefer not to follow each mark rule with a second rule with the same matching criterion that simply terminates - that's too untidy for what I'm trying to do. Apologies, I'm in a big hurry so need a quick but robust fix. Many, many thanks, -Paul ___ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Linux Bridge + QoS Shaper HOWTO available
I've created a pretty complete HOWTO on creating a Linux Bridge (using Fedora) to shape LAN <--> WAN traffic. It includes installation instructions, a script to configure the bridge (which you install as a service), and 2 scripts to configure the network interfaces using traffic control. http://www.burnpc.com/website.nsf/all/3a64a6369757819686256f960068ad75!OpenDocument If anyone has any questions or feedback I'm very interested. This configuration has evolved over the past 6 months and is somewhat tweaked. The highest priority traffic in my config, is of course, IAX2 (Asterisk VoIP protocol). Regards, Ron
[LARTC] question about filter priorities and "tc -d filter show" output
The interface is setup like this: # tc qdisc del dev eth0 root # tc qdisc add dev eth0 root handle 1: htb default 2 # tc class add dev eth0 parent 1: classid 1:2 htb rate 20mbit ceil 20mbit If I add a second class and a filter to send traffic to it like this: # tc class add dev eth0 parent 1: classid 1:130 htb rate 1Mbit ceil 1Mbit # tc filter add dev eth0 protocol ip parent 1:0 prio 130 u32 match ip dst \ > 1.1.1.10 flowid 1:130 The output of "tc -d filter show dev eth0" makes sense to me and looks like this: filter parent 1: protocol ip pref 130 u32 filter parent 1: protocol ip pref 130 u32 fh 800: ht divisor 1 filter parent 1: protocol ip pref 130 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:130 match 0101010a/ at 16 If I add a third class and a filter for it, things start looking weird to me: # tc filter add dev eth0 protocol ip parent 1:0 prio 131 u32 match ip dst 1.1.1.11 \ > flowid 1:131 # tc class add dev eth0 parent 1: classid 1:132 htb rate 1Mbit ceil 1Mbit # tc -d filter show dev eth0 filter parent 1: protocol ip pref 130 u32 filter parent 1: protocol ip pref 130 u32 fh 801: ht divisor 1 filter parent 1: protocol ip pref 130 u32 fh 801::800 order 2048 key ht 801 bkt 0 flowid 1:131 match 0101010b/ at 16 filter parent 1: protocol ip pref 130 u32 fh 800: ht divisor 1 filter parent 1: protocol ip pref 130 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:130 match 0101010a/ at 16 filter parent 1: protocol ip pref 131 u32 filter parent 1: protocol ip pref 131 u32 fh 801: ht divisor 1 filter parent 1: protocol ip pref 131 u32 fh 801::800 order 2048 key ht 801 bkt 0 flowid 1:131 match 0101010b/ at 16 filter parent 1: protocol ip pref 131 u32 fh 800: ht divisor 1 filter parent 1: protocol ip pref 131 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:130 match 0101010a/ at 16 If N is the number of filters I have on the root qdisc, I get N-squared entries from the "show filter" command. Can someone explain how this works or point me to documentation that explains it? My system doesn't have a "tc-filters" manpage. Thanks! -Jacob ___ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] negative tokens
On Thursday 27 January 2005 08:42, Denis Kot wrote: > I have this: > class htb 1:29 parent 1:1 prio 0 rate 3000bit ceil 10bit burst > 1599b cburst 1611b > Sent 33233 bytes 772 pkts (dropped 0, overlimits 0) > lended: 415 borrowed: 357 giants: 0 > tokens: -3756376 ctokens: 128779 > > or this: > class htb 1:21 parent 1:1 prio 0 rate 3000bit ceil 10bit burst > 1599b cburst 1611b > Sent 57554 bytes 618 pkts (dropped 0, overlimits 0) > lended: 193 borrowed: 425 giants: 0 > tokens: -484950 ctokens: 128779 > > and there is more like this > what´s wrong? Nothing. To understand what's going on, I need the tc commands you use to create the htb classes. > this is class for imq0 device (for me this is ingres device) and I have > this: imq0 Link encap:UNSPEC HWaddr > 00-00-00-FF-FF-00-00-00-00-00-00-00-00-00-00-00 > UP RUNNING NOARP MTU:1500 Metric:1 > RX packets:13 errors:0 dropped:0 overruns:0 frame:0 > TX packets:123371 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:30 > RX bytes:17694200 (16.8 Mb) TX bytes:15230834 (14.5 Mb) > > as you can see RX bytes doesn´t equal to TX bytes. what´s wrong? That means that some packets are dropped because you shape on that interface. Stef ___ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] netem bug?
Hi. Catalin(ux aka Dino) BOIE wrote: The "problem" is the 2.4 kernel because HZ is 100. That was my idea, too. On my 2.6 kernel (HZ=1000) it work almost perfect. If the OP thinks of changing HZ, the following links might be a good help: http://www.plumlocosoft.com/kernel/ (especially 013-j64.diff.bz2 and 014-vhz.diff.bz2) http://kerneltrap.org/node/464/1528 The mentioned patches allow to change HZ to something else than 100 while retaining compatibility to userspace and other stuff that might rely on HZ being 100. Note that kernel image as well as (most probably all) modules have to be recompiled and replaced for the patch to take effect. Bye, Mike ___ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] netem bug?
Hi all, I'm running some tests with netem and I noticed some strange behaviour that looks like a bug: I'm pinging another machine and adding delay with netem. When I tell netem to give me a 10ms delay, it works fine. The problem is that when I ask for a 11ms delay, it gives me 20ms! It happens for any value between 11ms an 20ms, and it repeats for values over 20ms, now rounding up to 30ms. Here is an example: # ping x.x.x.x PING x.x.x.x (x.x.x.x) 56(84) bytes of data. 64 bytes from x.x.x.x: icmp_seq=1 ttl=64 time=0.197 ms 64 bytes from x.x.x.x: icmp_seq=2 ttl=64 time=0.100 ms 64 bytes from x.x.x.x: icmp_seq=3 ttl=64 time=0.081 ms 64 bytes from x.x.x.x: icmp_seq=4 ttl=64 time=0.099 ms # tc qdisc add dev eth0 root netem delay 10ms # ping x.x.x.x PING x.x.x.x (x.x.x.x) 56(84) bytes of data. 64 bytes from x.x.x.x: icmp_seq=1 ttl=64 time=1.11 ms 64 bytes from x.x.x.x: icmp_seq=2 ttl=64 time=9.04 ms 64 bytes from x.x.x.x: icmp_seq=3 ttl=64 time=9.24 ms 64 bytes from x.x.x.x: icmp_seq=4 ttl=64 time=10.0 ms # tc qdisc change dev eth0 root netem delay 11ms # ping x.x.x.x PING x.x.x.x (x.x.x.x) 56(84) bytes of data. 64 bytes from x.x.x.x: icmp_seq=1 ttl=64 time=13.1 ms 64 bytes from x.x.x.x: icmp_seq=2 ttl=64 time=20.0 ms 64 bytes from x.x.x.x: icmp_seq=3 ttl=64 time=20.0 ms 64 bytes from x.x.x.x: icmp_seq=4 ttl=64 time=20.0 ms # tc qdisc change dev eth0 root netem delay 23ms # ping x.x.x.x PING x.x.x.x (x.x.x.x) 56(84) bytes of data. 64 bytes from x.x.x.x: icmp_seq=1 ttl=64 time=22.2 ms 64 bytes from x.x.x.x: icmp_seq=2 ttl=64 time=29.8 ms 64 bytes from x.x.x.x: icmp_seq=3 ttl=64 time=29.1 ms 64 bytes from x.x.x.x: icmp_seq=4 ttl=64 time=30.0 ms # uname -a Linux yyy 2.4.27-1-386 #1 Fri Sep 3 06:24:46 UTC 2004 i686 GNU/Linux Is this a known bug? Is there any fix? I also noticed that the first ping has always a smaller value. Can someone explain that? The "problem" is the 2.4 kernel because HZ is 100. Ping is not rescheduled quickly enough to measure correctly the rtt. On my 2.6 kernel (HZ=1000) it work almost perfect. Hope it helps. Thanks, Pedro. ___ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ --- Catalin(ux aka Dino) BOIE catab at deuroconsult.ro http://kernel.umbrella.ro/ ___ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] netem bug?
Hi all, I'm running some tests with netem and I noticed some strange behaviour that looks like a bug: I'm pinging another machine and adding delay with netem. When I tell netem to give me a 10ms delay, it works fine. The problem is that when I ask for a 11ms delay, it gives me 20ms! It happens for any value between 11ms an 20ms, and it repeats for values over 20ms, now rounding up to 30ms. Here is an example: # ping x.x.x.x PING x.x.x.x (x.x.x.x) 56(84) bytes of data. 64 bytes from x.x.x.x: icmp_seq=1 ttl=64 time=0.197 ms 64 bytes from x.x.x.x: icmp_seq=2 ttl=64 time=0.100 ms 64 bytes from x.x.x.x: icmp_seq=3 ttl=64 time=0.081 ms 64 bytes from x.x.x.x: icmp_seq=4 ttl=64 time=0.099 ms # tc qdisc add dev eth0 root netem delay 10ms # ping x.x.x.x PING x.x.x.x (x.x.x.x) 56(84) bytes of data. 64 bytes from x.x.x.x: icmp_seq=1 ttl=64 time=1.11 ms 64 bytes from x.x.x.x: icmp_seq=2 ttl=64 time=9.04 ms 64 bytes from x.x.x.x: icmp_seq=3 ttl=64 time=9.24 ms 64 bytes from x.x.x.x: icmp_seq=4 ttl=64 time=10.0 ms # tc qdisc change dev eth0 root netem delay 11ms # ping x.x.x.x PING x.x.x.x (x.x.x.x) 56(84) bytes of data. 64 bytes from x.x.x.x: icmp_seq=1 ttl=64 time=13.1 ms 64 bytes from x.x.x.x: icmp_seq=2 ttl=64 time=20.0 ms 64 bytes from x.x.x.x: icmp_seq=3 ttl=64 time=20.0 ms 64 bytes from x.x.x.x: icmp_seq=4 ttl=64 time=20.0 ms # tc qdisc change dev eth0 root netem delay 23ms # ping x.x.x.x PING x.x.x.x (x.x.x.x) 56(84) bytes of data. 64 bytes from x.x.x.x: icmp_seq=1 ttl=64 time=22.2 ms 64 bytes from x.x.x.x: icmp_seq=2 ttl=64 time=29.8 ms 64 bytes from x.x.x.x: icmp_seq=3 ttl=64 time=29.1 ms 64 bytes from x.x.x.x: icmp_seq=4 ttl=64 time=30.0 ms # uname -a Linux yyy 2.4.27-1-386 #1 Fri Sep 3 06:24:46 UTC 2004 i686 GNU/Linux Is this a known bug? Is there any fix? I also noticed that the first ping has always a smaller value. Can someone explain that? Thanks, Pedro. ___ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Another year starts...
Hi list, today it turns 1 year since we started LinuxIMQ's mailling list and brought IMQ "back to life". Since then we've being trying to keep IMQ patches updated with new kernel/iptables versions and to help users the best we could. I would really like to thank all of those good mates who helped, one way or another, including people from this list and from LARTC. It was an interesting year for me, meeting some cool people and learning a lot. I'm glad we were able to get things up-to-date and made some advancements. I have to say I'm sorry I couldn't find more time for IMQ/documentation/iproute2/kernel stuff/user problem solving. We are aware that many issues were not addressed yet, I plan to release a wish list soon, and documentation is still pending review and clarification. Let's try to find more time next year to make things better and keep learning. As usual any help is appreciated and wanted. Thank you all. Sincerily. Andre Correa --- Confidentiality Notice: This e-mail communication and any attachments may contain confidential and privileged information for the use of the designated recipients named above. If you are not the intended recipient, you are hereby notified that you have received this communication in error and that any review, disclosure, dissemination, distribution or copying of it or its contents is prohibited. If you have received this communication in error, please notify me immediately by replying to this message and deleting it from your computer. Thank you. ___ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] tail and head drop qdiscs
vincent perrier wrote: vincent perrier wrote: I think that there are no qdiscs that permit to drop the oldest frame of a queue when this queue is full ... What sort of thing do you want this for? ... Andy. Very low rate (satellite links for example) and strict priority can lead to messages waiting for a chance to be transmitted and getting old in low prio queues as higher priority messages take all the bandwidth. Vincent. Ahh - if the messages established tcp then I don't think it will make any difference. If the messages are udp then I suppose it could help a bit - depends what you mean by messages. Andy. ___ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Re: Confuse, putting packets in wrong mangle table.
Rio Martin. wrote: On Tuesday 25 January 2005 12:41, Andy Furniss wrote: Is there only one proxy running? I need to shape incoming traffic to both of these ips but i am affraid i have to face that i am not able to shape traffic which is generate from this box unless those two IPs were outside the box. Maybe true - maybe not you would need to test with imq. There is also a kernel option to do with nat of local connections. If i have one more public IP than i should not so much worry about, cause i can shape it using IMQ. I'll make it simple for you as possible. i have linux box which have eth0 220.1.1.1 as primary ip and aliasses: eth0:1 192.168.1.1 , eth0:1 192.168.1.2 Both 192.168.1.1 & 192.168.1.2 NATed to 220.1.1.1 OKay, now my question is: How do i manage and limit traffic generated from those ips (192.168.1.1 & 192.168.1.2) ? Not just traffic outside, but traffic coming to those ips from Internet. I found it so difficult because traffic coming from internet to eth0 will be using 220.1.1.1 not 192.168.x.x If you use IMQ and get it to hook after NAT in PREROUTING then forwarded traffic should have been denatted and have local addresses. You can use TC filters to classify for htb etc. Traffic from internet to squid will probably have 220. IP address. If you want to try a way without IMQ then AIUI you can patch squid so you can classify hit/miss traffic and then you could shape traffic as egress on eth0. I don't use squid - but I assume here it limits the rate it pulls miss pages to the rate that client requests. http://www.docum.org/docum.org/faq/cache/65.html Andy. ___ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] tc.phps
hello found this script in maillist archive how can I use this to create all class on one graph? not like for now it is one graph for each class. -- Denis Kot denis?jabber.org.by ICQ: 13680126 Mobil: +375 29 6-1234-78 ___ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Newbie question - limit bandwidth of a link.
Hi, You can use tc tool to create a classful queue like HTB.. Then add a filter for your traffic... Refer Linux Qos How to ?.. Rgds, Sanjeev - Original Message - From: "Saumya Chandra" <[EMAIL PROTECTED]> To: lartc@mailman.ds9a.nl Subject: [LARTC] Newbie question - limit bandwidth of a link. Date: Wed, 26 Jan 2005 18:29:54 -0800 (PST) > > > > I just want to limit bandwidth on a particular link. Specifically, one > machine (PC1) is on wired LAN and other (PC1) on a WLAN, acess point for > which is on the same LAN. Both machines have static ip addresses (AD1 and > AD2) and I want to limit the bandwidth utilization of certain udp traffic > from PC2 to PC1. Is is possible to do this using iptables and tc > (controlling from PC1 as that has both these softwares installed)? I am > using iperf to monitor the bandwidth of the link. > > Thanks, > ___ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ -- __ Check out the latest SMS services @ http://www.linuxmail.org This allows you to send and receive SMS through your mailbox. Powered by Outblaze ___ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/