Re: [LARTC] HTB stalling
Hi Hi! Couple months ago I started to have a strange problem with HTB. My setup is Fedora Core 2 + Pentium 2 233 + 128 MB of ram and its serving as a router. For some time since going to kernel 2.6 my HTB QoS Stalls for couple seconds, every couple minutes. If the connection load is bigger the stalling is more frequent and takes longer. I experienced this too. I use 2.6.11 with qnet patch. I've a bigger machine with lots of users. I isolated the problem to be with HTB (CBQ works fine). I use HTB too. I can't use CBQ with some reasons so I cant test it. My HTB setup stands about 2500 classes and a total of approx 15000 tc objects. The script I use now worked for a year without any problems, but since fedora changed to 2.6 the problems started. Me too. I've think the problem started after I use kernel 2.6.8.1. If I good remember I doesn't have this problem with 2.6.7. The new thing in 2.6.8.1 was the QoS clock source (or similar). I use here CPU cycle counter because I have a fast uplink (1 Gbps). I think maybe this can be the source of the problem. Or the HTB has a bug from 2.6.8.1. If anybody has idea please write to here. Arpad Kunszt PS: Sorry for my terribly bad english :-( ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Activate ingress policies on suse enterprise server 9
Grames Gernot wrote: Hi, what is needed to activate ingress policies for enterprise server 9! tc qdisc add dev eth0 ingress tc filter add dev eth0 parent : protocol ip u32 match ip dport 8099 0x police rate 1kbit burst 1kbit mtu 1 drop flowid :1 I get a memory allocation error if I try to add that. Playing around it seems policer doesn't like small burst and mtu together. Burst is a value and will act like MTU so the rule below should work and do what you want - drop everything with dport 8099. tc filter add dev eth0 parent : protocol ip u32 match ip dport 8099 0x police rate 1kbit burst 1 drop flowid :1 Andy. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] QoS for lan users ...
Marcin Sura wrote: Hi I have Linux box (Debian) that acting as a bridge. Eth0 and Eth1 are bridged (br0). Br0 have public IP. Eth0 connects to the internet. Eth1 connect to servers in DMZ (with public IPs). Eth2 connects my Lan (192.168.1.0/24). My connections is 2Mbit/2Mbit. I'm doing SNAT for my Lan. QoS on eth0 works fine for DMZ, but is there a possibility to doing QoS on eth0 based on private IPs ( 192.168.1.0/24 ) ? I've not played with bridging, but think you should be able to do it with netfilter marks. iptables or ebtables depending on your setup, or even tc filter on ingress of eth2. Andy. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] tbf latency problems!
Alaios wrote: thx for your answer... i use the 2.6.10 vanilla kernel.. i have downloaded two weeks ago the latest iproute2. I have installed tbf with the following command $tc qdisc add dev $DEV parent 2:1 tbf rate $EF_RATE burst $EF_BURST mtu $EF_MTU limit $EF_LIMIT and i have got the results using tc -s qdisc ls dev eth1 I will try if you give me all the numbers you used. Andy. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Suspicious Attachment
-- Warning: Message delivery wasn't performed. Reason: Our virus scanner detected very suspicious code in the attachment of a mail addressed to a user of our system. The following message will not be delivered: From: [EMAIL PROTECTED] To: LARTC@mailman.ds9a.nl Subj: [LARTC] Re: Date: Mon, 18 Apr 2005 21:45:46 +0530 Virus: Worm.Bagle.AG.2 Feel free to contact no_one if you can't cope with it. -- This mail was automatically generated by TrashScan v0.12 ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] SQLiaison E-Mail Virus Alert
SQLiaison Mail Server: GroupShield Alert The email server has discovered a problem with the following email. Please note that the sender of the email will not be notified with this message. More information : Date/Time sent: 18 Apr 2005 16:38:49 Subject line: [LARTC] Re: From: [EMAIL PROTECTED] To: LARTC Action taken: Deleted Virus Found: W32/[EMAIL PROTECTED] Reason: Anti-Virus Rule Group: For additional information, please contact SQLiaison Support Team [EMAIL PROTECTED] ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Suspicious Attachment
-- Warning: Message delivery wasn't performed. Reason: Our virus scanner detected very suspicious code in the attachment of a mail addressed to a user of our system. The following message will not be delivered: From: [EMAIL PROTECTED] To: LARTC@mailman.ds9a.nl Subj: [LARTC] Re: Date: Tue, 19 Apr 2005 02:04:03 +0530 Virus: Worm.Bagle.Gen-zippwd Feel free to contact no_one if you can't cope with it. -- This mail was automatically generated by TrashScan v0.12 ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Suspicious Attachment
-- Warning: Message delivery wasn't performed. Reason: Our virus scanner detected very suspicious code in the attachment of a mail addressed to a user of our system. The following message will not be delivered: From: [EMAIL PROTECTED] To: LARTC@mailman.ds9a.nl Subj: [LARTC] Re: Date: Tue, 19 Apr 2005 04:25:35 +0530 Virus: Worm.Bagle.AG.2 Feel free to contact no_one if you can't cope with it. -- This mail was automatically generated by TrashScan v0.12 ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Suspicious Attachment
removing this person could be a great idea! Erwan Le Doeuff Project Manager of rcc project QoS HTB Power tool http://www.rcc-project.net On 4/18/05, wrote: -- Warning: Message delivery wasn't performed. Reason: Our virus scanner detected very suspicious code in the attachment of a mail addressed to a user of our system. The following message will not be delivered: From: [EMAIL PROTECTED] To: LARTC@mailman.ds9a.nl Subj: [LARTC] Re: Date: Tue, 19 Apr 2005 04:25:35 +0530 Virus: Worm.Bagle.AG.2 Feel free to contact no_one if you can't cope with it. -- This mail was automatically generated by TrashScan v0.12 ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Suspicious Attachment
Even if we keep this email in the mailing list i don't see any interest to forward Suspicious attachment notifications to everyone. Erwan Le Doeuff Project Manager of rcc project QoS HTB Power tool http://www.rcc-project.net On 4/18/05, erwan le doeuff [EMAIL PROTECTED] wrote: removing this person could be a great idea! Erwan Le Doeuff Project Manager of rcc project QoS HTB Power tool http://www.rcc-project.net On 4/18/05, wrote: -- Warning: Message delivery wasn't performed. Reason: Our virus scanner detected very suspicious code in the attachment of a mail addressed to a user of our system. The following message will not be delivered: From: [EMAIL PROTECTED] To: LARTC@mailman.ds9a.nl Subj: [LARTC] Re: Date: Tue, 19 Apr 2005 04:25:35 +0530 Virus: Worm.Bagle.AG.2 Feel free to contact no_one if you can't cope with it. -- This mail was automatically generated by TrashScan v0.12 ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] tc filter - based on iptables - MAC - MARK not working - altough marking on ip src, dst address works
=== tc filter - based on iptables - MAC fw marking not working == DEV=eth1 tc qdisc add dev $DEV root handle 1: htb default 20 tc class add dev $DEV parent 1: classid 1:1 htb rate 600kbps ceil 3276800kbit tc class add dev $DEV parent 1:1 classid 1:15 htb rate 3kbps prio 4 tc class add dev $DEV parent 1:1 classid 1:20 htb rate 500kbps prio 3 tc qdisc add dev $DEV parent 1:15 handle 150: sfq perturb 10 tc qdisc add dev $DEV parent 1:20 handle 200: sfq perturb 10 tc filter add dev $DEV parent 1:0 protocol ip prio 3 handle 2 fw classid 1:15 tc filter add dev $DEV parent 1:0 protocol ip prio 2 handle 3 fw classid 1:20 iptables -t mangle -A FORWARD -m mac --mac-source 00:0D:87:60:61:37 -j MARK --set-mark 2 iptables -t mangle -A INPUT -m mac --mac-source 00:0D:87:60:61:37 -j MARK --set-mark 2 iptables -t mangle -A PREROUTING -m mac --mac-source 00:0D:87:60:61:37 -j MARK --set-mark 2 #iptables -t mangle -A FORWARD -s 192.168.0.33 -j MARK --set-mark 0x2 #iptables -t mangle -A FORWARD -d 192.168.0.33 -j MARK --set-mark 0x2 Tried several times: tc qdisc del dev eth0 root iptables -F -t mangle and run the above script in every possible way but the damn thing does not take into account my MAC = I tried to mark on INPUT, FORWARD AND PREROUTING -- none of them seems to work If i uncomment and try on -s, -d ip works great but I really need to match MAC addresses I looked at my kernel MAC -- related config: I have kernel 2.6.10 with: CONFIG_IP_NF_MATCH_MAC=y CONFIG_IP_NF_MATCH_MARK=y and other settings ( I took almost all options related) . CONFIG_IP_NF_ARPTABLES=y CONFIG_IP_NF_ARPFILTER=y CONFIG_IP_NF_ARP_MANGLE=y CONFIG_IP_ROUTE_FWMARK=y etc.. What I'm missing here ? Best regards __ Do you Yahoo!? Read only the mail you want - Yahoo! Mail SpamGuard. http://promotions.yahoo.com/new_mail ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc