[LARTC] ip aliasing and tc ?
How does traffic control behaves with respect of ip aliasing ? I am using IMQ for ingress shapping. How behaves IMQ with an interface eth0:0 ?? (linux ip aliasing, kernel 2.4) iptables -A PREROUTING -t mangel -i eth0:0 -j IMQ doesn't work, so I think it is useless ?? (The queue is before the interface "demultiplexing" ??) On the egress side, idem. -- __o _ \<_ (_)/(_) Saludos de Julián EA4ACL -.- Foro Wireless Madrid http://opennetworks.rg3.net ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Stranger than IPTABLES?
Mldonkey open many connections, so individually they are very slow. Maybe the TCP timeout is at the maximum (2minutes), so it can take several minutes to close a connection (maybe 5minutes). On Fri, 7 Jun 2002, Martin Devera wrote: > Wow. It is very interesting. Did you tried to read counters > in iptables -vL and compare counts ? Like to read value from > /proc/net/dev compare to count of packets at INPUT chain and > then compare with no of packets in DROP chains. > It could give us better picture where are the packets going to. > > But it seems there is problem with too many connections. The dropping > may work but remote sites will still try to resend the packets and > because you have high number of connections there SYNs and duplicates > will go at least several minutes. > > devik > > > > > and same ones for port 4661. > > What is happening? > > It looks like Linux is trying to drop these packets, but they are braking down >VERY slowly. It seems like linux is unable to handle that and there are still many >packets out of iptables control. > > Look at this: > > here you can see 'netstat -n' output written after (about half of minute) >appending iptables DROP rules: > > > > http://josh876.republika.pl/netstat-dropped.txt > > > > modem's LED is blinkink randomly from time to time but and it is slowing. But >MLDonkey is still reporting downloading. > > > > ..and this is after few minutes > > > > http://josh876.republika.pl/netstat-dropped-few-minutes.txt > > > > MLDonkey is generally not reporting downloading, but it is still happening that it >will show download for a very short while. > > > > ___ > LARTC mailing list / [EMAIL PROTECTED] > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > > -- __o _ \<_ (_)/(_) Saludos de Julián EA4ACL -.- Foro Wireless Madrid http://opennetworks.rg3.net ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] IMQ losing marks ??
Gasp, Comparing my ingress with my egress config, I found I forget this: tc filter add dev imq0 protocol ip parent 1: prio 1 fw In the imq config, that's why it didn't work I suppose :-( On Wed, 29 May 2002, Martin Devera wrote: > > > > > > > >So, the " --set-mark 0x10020" trick is not working in this case ?? > > > > > > > > > > Yes, it is the conclusion. With "tc filter" the packets go to the desired > > queue, Devik's trick doesn't work in this case :-) > > I'm interested here. Do you want why didn't it work ? > > devik > > ___ > LARTC mailing list / [EMAIL PROTECTED] > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > > -- __o _ \<_ (_)/(_) Saludos de Julián EA4ACL -.- Foro Wireless Madrid http://opennetworks.rg3.net ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] IMQ losing marks ??
Yes, but will we understand ?? :-) On Wed, 29 May 2002, Martin Devera wrote: > > > > > > > >So, the " --set-mark 0x10020" trick is not working in this case ?? > > > > > > > > > > Yes, it is the conclusion. With "tc filter" the packets go to the desired > > queue, Devik's trick doesn't work in this case :-) > > I'm interested here. Do you want why didn't it work ? > > devik > > ___ > LARTC mailing list / [EMAIL PROTECTED] > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > > ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] IMQ losing marks ??
> > > >So, the " --set-mark 0x10020" trick is not working in this case ?? > > Yes, it is the conclusion. With "tc filter" the packets go to the desired queue, Devik's trick doesn't work in this case :-) On Wed, 29 May 2002, Patrick McHardy wrote: > Julián Muñoz wrote: > > >I am marking incoming packets this way: > > > >iptables -A PREROUTING -t mangle -i eth0 -j IMQ > >iptables -A PREROUTING -t mangle --protocol tcp --destination 443 \ > > -j MARK --set-mark 0x10020 > > > > > >On the IMQ device I have a htb queue. > > > >But all the traffic is put in the *default* htb queue, and not in the good > >one, it seems like the mark is lost ? > > > marks are definitely not lost, i'm classifying based on netfilter marks > (and fw classifier) and nothing > gets lost there ... > > > > > > >I am using a pretty similar configuration on transmite the output queue of > >eth0, and it is working perfectly. > > > >I have try : > > - change the marks, in order to not have interferences of the ones done > >by iptables in the transmit queue. > > > hmm there shouldn't be any interferences, marks for imq usually done in > PREROUTING, marks for egress in > OUTPUT or POSTROUTING .. > > > > > - put -i eth0, or -i imq0 in the iptable who marks the packet. > > > -i imq0 will never match. packets never come in through the imq device, > they only pass the attached qdisc. > > > > >So, the " --set-mark 0x10020" trick is not working in this case ?? > > > i have not tried it myself this way, but imq is doing nothing that would > prevent it. > maybe devik has an answer for us (i never tried nf_mark for > classification, is it supposed to work this way ?) > > bye > patrick > > -- __o _ \<_ (_)/(_) Saludos de Julián EA4ACL -.- Foro Wireless Madrid http://opennetworks.rg3.net ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] tc man page
And a good manual for "tc filter" ?? On Wed, 29 May 2002, Alexey Talikov wrote: > http://lartc.org/manpages/ > 29.05.2002 13:52:46, Andreani Luca <[EMAIL PROTECTED]> wrote: > > >Hi, > > > >Does a tc man page exist? > >Where can I find it? > > > >Thanks > > > >Luca Andreani > >___ > >LARTC mailing list / [EMAIL PROTECTED] > >http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > > > > --- > mailto:[EMAIL PROTECTED] > BR > Alexey Talikov > FORTEK > --- > > > ___ > LARTC mailing list / [EMAIL PROTECTED] > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > > -- __o _ \<_ (_)/(_) Saludos de Julián EA4ACL -.- Foro Wireless Madrid http://opennetworks.rg3.net ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] IMQ losing marks ??
I am marking incoming packets this way: iptables -A PREROUTING -t mangle -i eth0 -j IMQ iptables -A PREROUTING -t mangle --protocol tcp --destination 443 \ -j MARK --set-mark 0x10020 On the IMQ device I have a htb queue. But all the traffic is put in the *default* htb queue, and not in the good one, it seems like the mark is lost ? I am using a pretty similar configuration on transmite the output queue of eth0, and it is working perfectly. I have try : - change the marks, in order to not have interferences of the ones done by iptables in the transmit queue. - put -i eth0, or -i imq0 in the iptable who marks the packet. So, the " --set-mark 0x10020" trick is not working in this case ?? -- __o _ \<_ (_)/(_) Saludos de Julián EA4ACL -.- Foro Wireless Madrid http://opennetworks.rg3.net ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] IMQ not working :-(
Solved, I had to install a more modern iptable :-) Now ingress traffic shapping seem to work, just testing it with ksnuffle (in order to see the graph of the traffic) :-) On Wed, 29 May 2002, Julián Muñoz wrote: > On Tue, 28 May 2002, Patrick McHardy wrote: > > > make sure imq0 is up and you have a rule like "iptables -t mangle -A > > PREROUTING -i eth0 -j IMQ". > > If you do "iptables -L PREROUTING -t mangle" just after this, I don't see > the IMQ rule in the list. > > I am using the precompiled iptables library (iptables 1.2.5), so > maybe they don't match well with my iptable (1.2.2) ? > > -- __o _ \<_ (_)/(_) Saludos de Julián EA4ACL -.- Foro Wireless Madrid http://opennetworks.rg3.net ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] IMQ not working :-(
On Tue, 28 May 2002, Patrick McHardy wrote: > make sure imq0 is up and you have a rule like "iptables -t mangle -A > PREROUTING -i eth0 -j IMQ". If you do "iptables -L PREROUTING -t mangle" just after this, I don't see the IMQ rule in the list. I am using the precompiled iptables library (iptables 1.2.5), so maybe they don't match well with my iptable (1.2.2) ? -- __o _ \<_ (_)/(_) Saludos de Julián EA4ACL -.- Foro Wireless Madrid http://opennetworks.rg3.net ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] can not locate module imq0
This is because you haven't activated the IMQ network device. This options is added to the kernel by the combo patch, or when you do make patch-o-matic (but this last option doesn't work for me, maybe my iptable is too old) [see the new FAQ] On Wed, 29 May 2002, [gb2312] hanhbnetfilter wrote: > 'imq-2.4.18.diff-9' patched to kernel18 and > 'iptables-1.2.6a-imq.diff-3' patched to > iptables-1.2.6a > the following options are choosed: > Networking options ---> IP: Netfilter Configuration > --->IMQ target support (as a module) > Networking options ---> IPv6: Netfilter Configuration > --->IMQ target support > Network device support --->IMQ (intermediate queueing > device) support > > there is a file > '/lib/modules/2.4.18/kernel/net/ipv4/netfilter/ipt_IMQ.o' > but not 'imq.o' > > modprobe imq numdevs=1 > Can't locate module imq > please tell me how can i do > > -- __o _ \<_ (_)/(_) Saludos de Julián EA4ACL -.- Foro Wireless Madrid http://opennetworks.rg3.net ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] IMQ not working :-(
I think I am doing all well, but IMQ is not capturing my incoming packets (tc statics show 0 packets on imq0) How could I have a log to find where is the problem ? -- __o _ \<_ (_)/(_) Saludos de Julián EA4ACL -.- Foro Wireless Madrid http://opennetworks.rg3.net ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: About burst and cburst in htb (Re: [LARTC] htb faq)
On Mon, 27 May 2002, Martin Devera wrote: > I don't think so. The burst values are used by htb to answer > question "is the class over rate" and "is the class over ceil". > The rate and ceil estimator is coupled by pairs rate/burst and > ceil/cburst. It is by definition of leaky bucket. So is it the leak size ? > > So that by raising burst you higher probability that next question > whether the class is under its rate will be answered "yes". Ok. Well, in fact I asked this because I want to understand a bit better why use bursts: Do really bursts decrement the medium time of response of the affected class ? (I suppose that yes, as say Devik in the manual "Well it is cheap and simple way how to improve response times on congested link."). If I have 2 classes in paralell, exactly with the same parameters, except one with a little (default) burst, another with a big burst (say burst= X ), receiving the same N bits a the same time ( N < X ). Will the second class empty before the first one ? Now suppose that this classes during this experiment use more bandwidth than their "rate" parameter. Is both have the same "cburst" parameter (little cburst (default)), are they identical during this time ? Should I always set burst AND cburst in order to have the expected result ? What I want to do is prioritize some interactive traffic (and understant why it works :-) Thanks :-) -- Saludos de Julián EA4ACL -.- ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
About burst and cburst in htb (Re: [LARTC] htb faq)
On Mon, 27 May 2002, Martin Devera wrote:
> > > rate has burst
> > > ceil has cburst
> > So it means that when traffic is borrowed cburst is used, else burst ?
>
> Hmm .. do you understand the difference between ceil & rate ?
Yes, rate is the guaranteed bandwitdh, ceil is the maximum bandwidth.
> Everytime when ceil is computed then cburst is used and vice versa ..
I will try to answer to myself:
-
| |
| |
-
Say you have a burst like this. When transmiting all the available
bandwitdh is used by the burst.
At the next oportunity, htb will ask himself:
its my turn, how long must be this burst ?
If the computed bandwidth used by this class is over "rate" (but less than
"ceil", the length will be "cburst". Else it will be "burst").
Is it this ??
--
__o
_ \<_
(_)/(_)
Saludos de Julián
EA4ACL
-.-
Foro Wireless Madrid
http://opennetworks.rg3.net
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
About burst and cburst in htb (Re: [LARTC] htb faq)
On Mon, 27 May 2002, Martin Devera wrote:
> > > rate has burst
> > > ceil has cburst
> > So it means that when traffic is borrowed cburst is used, else burst ?
>
> Hmm .. do you understand the difference between ceil & rate ?
Yes, rate is the guaranteed bandwitdh, ceil is the maximum bandwidth.
> Everytime when ceil is computed then cburst is used and vice versa ..
I will try to answer to myself:
-
| |
| |
-
Say you have a burst like this. When transmiting all the available
bandwitdh is used by the burst.
At the next oportunity, htb will ask himself:
its my turn, how long must be this burst ?
If the computed bandwidth used by this class is over "rate" (but less than
"ceil", the length will be "cburst". Else it will be "burst").
Is it this ??
--
__o
_ \<_
(_)/(_)
Saludos de Julián
EA4ACL
-.-
Foro Wireless Madrid
http://opennetworks.rg3.net
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] htb faq
On Sun, 26 May 2002, Martin Devera wrote: > cburst is for ceil rate and burst is for normal rate. > or > rate has burst > ceil has cburst > > probably it is not clear from the manual ? No :-) So it means that when traffic is borrowed cburst is used, else burst ? -- Saludos de Julián EA4ACL -.- ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] htb faq
What is the difference between burst and cburst parameter ? -- ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Last imq bug fix ?
Patrick, the last bug fix is only for imq running as non-module ? (is it what means "static"?): """ 23.05.2002 removed two unnecesary __exit declarations which prevented static compilation. """ tnx, -- __o _ \<_ (_)/(_) Saludos de Julián EA4ACL -.- ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] OT: Looking for IPTABLE for potato
The site has gone on-line again, problem solved. On Fri, 24 May 2002, Julián Muñoz wrote: > > Hello, Adrian Bunk site (2.4 kernel packages for Debian potato) seem > of-line from 3 days ago I am trying to connect at. > > I am looking for the iptables source package (in order to patch them and > use imq). > > Does someone have it ? > Google reports me that the last Adrian's version was iptables 1.2.2-2 > ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] OT: Looking for IPTABLE for potato
Hello, Adrian Bunk site (2.4 kernel packages for Debian potato) seem of-line from 3 days ago I am trying to connect at. I am looking for the iptables source package (in order to patch them and use imq). Does someone have it ? Google reports me that the last Adrian's version was iptables 1.2.2-2 Thank you ! -- ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] In & out traffic
Hello, yes this is possible, this is called "ingress policy". Take a look at the lartc doc, at the end there is somo cookbook examples. I had it working. You can limit the incoming traffic "killing" some packets. Very recently on the list was also published the new IMQ device, which can do advanced traffic shapping over incoming traffic. On the other hand, I don't know if in case of semi-duplex mediums, where the real bandwidth is shared between reception and transmition, it is possible to limit this real bandwidth (transmit bandwidth dependent of receive bandwidth). Maybe IMQ is also the solution, I don't know. On Mon, 8 Apr 2002, Ali badilli wrote: > > Hi all, > > I have the following test-bed. > > A-B-C > > Router A,B, and C. Router A has eth0, B has eth0 and > eth1, and C has eth0. > > I can apply TC functions in B (eth0) for traffic > coming from A, for example limit the link BW to 5Mb > and divide among multiple clasess. Now, I want to the > same thing for traffic coming from C and going to A. I > can have similar action for traffic coming from C in > eth1. However, it seems the link capacity allocated in > eth0 is only for incoming traffic (from A), how can I > specify link capacity for incoming and outgoing > traffic separately. > > In Howto document it seems, all the examples for the > traffic for outgoing from one interface, Is tehre any > way to divide the link for incoming and outgoing > traffic, and apply tc function separately. > > Thanks in advance > Haci > > > > > > > > > __ > Do You Yahoo!? > Yahoo! Tax Center - online filing with TurboTax > http://taxes.yahoo.com/ > ___ > LARTC mailing list / [EMAIL PROTECTED] > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > -- __o _ \<_ (_)/(_) Saludos de Julián EA4ACL -.- Foro Wireless Madrid http://opennetworks.rg3.net ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] New IMQ device available
> - Ingress support (egress qdiscs can be used for ingress traffic control!) Ehh, I can't believe it !! Yahgo ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] bandwidth allocation
On Thu, 4 Apr 2002, Vincent AE Scott wrote: > i have no experience with the products you mention, but there was a > comparsion made recently on this list between PIX and linux advanaced > routing features. The archives are located here: > > http://mailman.ds9a.nl/pipermail/lartc/ I doesn't find nothing about this on the archive (searching "cisco", "pix", or "comparison"). I what month could it be ? ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] few doubts about the working of tc
tc doesn't limit the traffic, it is the kernel who does it. The limitation of the traffic is based on some queue theories. Packets are enqueued in a way, and then dequeued and sent to the netwok interface. The fact that the throughput is sometime very high can be explained how the queues manage the bursts of datas. We could say it is a feature, not a bug. But if you don't want it, it is a parameter of the queue, that you can change with tc (hehehe, here is the question!) with a parameter like "burst" (it depends of the type of queue). On Mon, 25 Mar 2002, Akarapu Mahesh wrote: > > HI, > I am new to tc. I have a few basic doubts about the working of tc.I am > trying to limit the bandwidth between two linux machines to 12Mbps. I am > using the route filter to achieve this. I tested with ttcp traffic between > these machines. I used tcpdump cature the data during this transfer and > observed this using tcptrace. I find that the throuhgput was much higher > than 12Mbp sometimes during the transfer. But the avg throughput for the > whole transfer was 12Mbps. NOw my doubt is how tc is going to limit the > bandwidth?? Please let me know how exactly tc limits the bandwidth. > > thanks > mahesh > > > _ > Join the worlds largest e-mail service with MSN Hotmail. > http://www.hotmail.com > > ___ > LARTC mailing list / [EMAIL PROTECTED] > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > -- __o _ \<_ (_)/(_) Saludos de Julián EA4ACL -.- Foro Wireless Madrid http://opennetworks.rg3.net ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] htb+tc (protocol priority)
Hi George, I am a newbie, but not an inexpert :-) The fact is that reading your message, I don't understand anything, you put technical datas, while I think you ask for some help a the concept level. :-) On Tue, 26 Mar 2002, George Tsuladze wrote: > It is my tc script. I want to priorize some protocols. > I want to do the following: in 1:1classid udp must be first then icmp > then any other > Also in 1:2 first udp second icmp third tcp then any other. > How can i do it? Can u give me some examples. > > tc qdisc del dev eth0 root > #eht0 rules > tc qdisc add dev eth0 root handle 1: htb default 11 > #shape interface eth0 > tc class add dev eth0 parent 1: classid 1:1 htb rate 500kbit ceil > 512kbit burst 2k > tc class add dev eth0 parent 1:1 classid 1:2 htb rate 12kbit ceil > 512kbit burst 2k > #voip class > tc class add dev eth0 parent 1:1 classid 1:12 htb rate 100kbit ceil > 512kbit burst 2k > tc class add dev eth0 parent 1:1 classid 1:14 htb rate 100kbit ceil > 512kbit burst 2k > tc class add dev eth0 parent 1:1 classid 1:16 htb rate 100kbit ceil > 512kbit burst 2k > tc class add dev eth0 parent 1:1 classid 1:18 htb rate 100kbit ceil > 512kbit burst 2k > tc class add dev eth0 parent 1:1 classid 1:20 htb rate 100kbit ceil > 512kbit burst 2k > #staff class > tc class add dev eth0 parent 1:2 classid 1:11 htb rate 4kbit ceil > 512kbit burst 2k > tc class add dev eth0 parent 1:2 classid 1:13 htb rate 4kbit ceil > 512kbit burst 2k > tc class add dev eth0 parent 1:2 classid 1:15 htb rate 4kbit ceil > 512kbit burst 2k > tc class add dev eth0 parent 1:2 classid 1:17 htb rate 4kbit ceil > 512kbit burst 2k > #mark voip class > tc filter add dev eth0 parent 1: protocol ip prio 1 handle 2 fw classid 1:12 > tc filter add dev eth0 parent 1: protocol ip prio 1 handle 4 fw classid 1:14 > tc filter add dev eth0 parent 1: protocol ip prio 1 handle 6 fw classid 1:16 > tc filter add dev eth0 parent 1: protocol ip prio 1 handle 8 fw classid 1:18 > tc filter add dev eth0 parent 1: protocol ip prio 1 handle 10 fw classid > 1:20 > #mark staff class > tc filter add dev eth0 parent 1: protocol ip prio 1 handle 1 fw classid 1:11 > tc filter add dev eth0 parent 1: protocol ip prio 1 handle 3 fw classid 1:13 > tc filter add dev eth0 parent 1: protocol ip prio 1 handle 5 fw classid 1:15 > tc filter add dev eth0 parent 1: protocol ip prio 1 handle 7 fw classid 1:17 > #add qdisc discipline voip > tc qdisc add dev eth0 parent 1:12 handle 32: sfq perturb 10 > tc qdisc add dev eth0 parent 1:14 handle 34: sfq perturb 10 > tc qdisc add dev eth0 parent 1:16 handle 36: sfq perturb 10 > tc qdisc add dev eth0 parent 1:18 handle 38: sfq perturb 10 > tc qdisc add dev eth0 parent 1:20 handle 40: sfq perturb 10 > #add qdisc discipline staff > tc qdisc add dev eth0 parent 1:11 handle 41: sfq perturb 10 > tc qdisc add dev eth0 parent 1:13 handle 43: sfq perturb 10 > tc qdisc add dev eth0 parent 1:15 handle 45: sfq perturb 10 > tc qdisc add dev eth0 parent 1:17 handle 47: sfq perturb 10 > > > ___ > LARTC mailing list / [EMAIL PROTECTED] > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > -- __o _ \<_ (_)/(_) Saludos de Julián EA4ACL -.- Foro Wireless Madrid http://opennetworks.rg3.net ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] imq+htb does no traffic controll
> > > PS: is it possible, that the hole QoS-Part of my 2.2.17 Kernel is > > > bugy? On an other kernel-tree i applyed the ds-patch to get ingress > > > qdisc support. It commpiles fine and the module loads with no errors, > > > but a "tc qdisc add dev ppp0 ingress ..." gives no such device error! > > > > This is also left unanswerd. Is anybody succesfully using thes kernel? I'm not following the thread, with 2.2.19 I have HTB which seems to work, but ingress doesn't (with ds-patch applied). Ingress only works for me in 2.4 kernel. -- __o _ \<_ (_)/(_) Saludos de Julián EA4ACL -.- Foro Wireless Madrid http://opennetworks.rg3.net ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Capturing incoming packets
Well, I didn't want to capture packets for analyse, but for enqueuing them in another device, but thanks, I also searched something better that tcpdump ! :-) :-)) On Fri, 22 Mar 2002, Riaz Mahmood wrote: > > if you r trying to capture packets and want some analysis, do use KDE based > tool KSnuffle. it is downloadable from > > www.quaking.demon.co.uk/ksnuffle.html > > hope u will find it intersting > > Riaz Mahmood > > > >From: Julián Muñoz <[EMAIL PROTECTED]> > >To: <[EMAIL PROTECTED]> > >Subject: [LARTC] Capturing incoming packets > >Date: Fri, 22 Mar 2002 12:39:56 + (GMT) > > > > > >I am investigating how to capture some packets from a network device (In > >order to send them to IMQ). > > > >Looking at the kernel compilation options, I see it would be possible to > >pick some packets and send them to a "netlink device". > > > >What I don't know is how to use this netlink device, and what is it > >exactly, because the doc say it is going to disappear, and that we must > >use "netlink sockets" > > > >Help? > > > > > >Here some interesting info: > > > > > >using CONFIG_IP_NF_QUEUE in the 2.4 Kernel: > > > >CONFIG_IP_NF_QUEUE: > > > >Netfilter has the ability to queue packets to user space: the > >netlink device can be used to access them using this driver. > > > >If you want to compile it as a module, say M here and read > >Documentation/modules.txt. If unsure, say `N'. > > > > > > > >net/ipv4/netfilter/ip_queue.c : > > > >/* > > * This is a module which is used for queueing IPv4 packets and > > * communicating with userspace via netlink. > > * > > * (C) 2000 James Morris, this code is GPL. > > * > > * 2000-03-27: Simplified code (thanks to Andi Kleen for clues). > > * 2000-05-20: Fixed notifier problems (following Miguel Freitas' report). > > * 2000-06-19: Fixed so nfmark is copied to metadata (reported by > >Sebastian > > * Zander). > > * 2000-08-01: Added Nick Williams' MAC support. > > * > > > > > >man iptables: > > > >TARGETS > >A firewall rule specifies criteria for a packet, and a > >target. If the packet does not match, the next rule in > >the chain is the examined; if it does match, then the next > >rule is specified by the value of the target, which can be > >the name of a user-defined chain or one of the special > >values ACCEPT, DROP, QUEUE, or RETURN. > > > >ACCEPT means to let the packet through. DROP means to > >drop the packet on the floor. QUEUE means to pass the > >packet to userspace (if supported by the kernel). > > > > > > > > > > > >-- > > > > __o > > _ \<_ > >(_)/(_) > > > >Saludos de Julián > >EA4ACL > >-.- > > > >Foro Wireless Madrid > >http://opennetworks.rg3.net > > > > > > > >___ > >LARTC mailing list / [EMAIL PROTECTED] > >http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > > > > > _ > Send and receive Hotmail on your mobile device: http://mobile.msn.com > > ___ > LARTC mailing list / [EMAIL PROTECTED] > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > -- __o _ \<_ (_)/(_) Saludos de Julián EA4ACL -.- Foro Wireless Madrid http://opennetworks.rg3.net ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Capturing incoming packets
I am investigating how to capture some packets from a network device (In order to send them to IMQ). Looking at the kernel compilation options, I see it would be possible to pick some packets and send them to a "netlink device". What I don't know is how to use this netlink device, and what is it exactly, because the doc say it is going to disappear, and that we must use "netlink sockets" Help? Here some interesting info: using CONFIG_IP_NF_QUEUE in the 2.4 Kernel: CONFIG_IP_NF_QUEUE: Netfilter has the ability to queue packets to user space: the netlink device can be used to access them using this driver. If you want to compile it as a module, say M here and read Documentation/modules.txt. If unsure, say `N'. net/ipv4/netfilter/ip_queue.c : /* * This is a module which is used for queueing IPv4 packets and * communicating with userspace via netlink. * * (C) 2000 James Morris, this code is GPL. * * 2000-03-27: Simplified code (thanks to Andi Kleen for clues). * 2000-05-20: Fixed notifier problems (following Miguel Freitas' report). * 2000-06-19: Fixed so nfmark is copied to metadata (reported by Sebastian * Zander). * 2000-08-01: Added Nick Williams' MAC support. * man iptables: TARGETS A firewall rule specifies criteria for a packet, and a target. If the packet does not match, the next rule in the chain is the examined; if it does match, then the next rule is specified by the value of the target, which can be the name of a user-defined chain or one of the special values ACCEPT, DROP, QUEUE, or RETURN. ACCEPT means to let the packet through. DROP means to drop the packet on the floor. QUEUE means to pass the packet to userspace (if supported by the kernel). -- __o _ \<_ (_)/(_) Saludos de Julián EA4ACL -.- Foro Wireless Madrid http://opennetworks.rg3.net ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] ingress police, dns, fairness
I have done the "definitive test" in my adsl line, using a real computer: * Without incoming traffic management, my dns can take about 30s or more to resolve a domain (when it resolve, sometimes it doesn't) when my adsl line is saturated. So the queue of my ISP doesn't give preference to the dns (at the reverse, is it seems penalyzed), But doing 3 paralell ftps (and some other p2p massive loadings at the same time), with my line saturated, I see that the traffic of the 3 ftps is well distributed, the hash indicator are moving, its rare to have a connection with the hash stopped more than 5s. * With ingress police for everything except for the dns packets, I have the following: The resolving is faster, about 5s to 10s. But the ftps are not sharing the bandwidth very well. A ftp session can be waiting 30s to move the hash indicator. The "turns" are much longer than in the precedent case, I suppose this is a related with dropping packets. I suppose also that the more are the tcp sessions, the more are the delay between the turns. -- __o _ \<_ (_)/(_) Saludos de Julián EA4ACL -.- Foro Wireless Madrid http://opennetworks.rg3.net ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Sharing incoming traffic
You say that IMQ could be attached to a device to the incoming side ?? On Thu, 21 Mar 2002, Martin Devera wrote: > With IMQ you can ;) > > > Make sure u can't actually SHARE your incoming bandwith. you can just > > throttle it down (to gain more interactivity on a heavy loaded link) > > ___ > LARTC mailing list / [EMAIL PROTECTED] > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > -- __o _ \<_ (_)/(_) Saludos de Julián EA4ACL -.- Foro Wireless Madrid http://opennetworks.rg3.net ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Re: How does ingres work ?
Doing some tests, it seems that yes. If I do an ACCEPT in iptable of some kind of packets, before marking the rest, it works :-) and this traffic goes much faster. On Thu, 21 Mar 2002, Julián Muñoz wrote: > > What happens if I mark only some type of traffic for beeing shaped ? > > Is it put on a separate queue, so the traffinc not marked has some > priority ?? > > > -- __o _ \<_ (_)/(_) Saludos de Julián EA4ACL -.- Foro Wireless Madrid http://opennetworks.rg3.net ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] How does ingres work ?
What happens if I mark only some type of traffic for beeing shaped ? Is it put on a separate queue, so the traffinc not marked has some priority ?? -- __o _ \<_ (_)/(_) Saludos de Julián EA4ACL -.- Foro Wireless Madrid http://opennetworks.rg3.net ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Sharing incoming traffic
Ok, what I really wanted was to prioritize some kinds of incoming traffic (DNS or HTTP) (or penalyze some other, which is same), exactly for what you say, "gain interactivity on a heavy loaded link" but doing test, I saw this strange "non fairness sensation", which is maybe problematic ?? That's why I ask if someone has already seen this behaviour, or it is specific of my system ? The test is very easy, do 2 ftp in parallel. I am going to recompile 2.4 on my main computer, hopping this is a caused by vmware :-) On Thu, 21 Mar 2002, Tobias Geiger wrote: > > I reread your Subject line and noticed you meant SHARING. i always read > SHAPING. > Make sure u can't actually SHARE your incoming bandwith. you can just > throttle it down (to gain more interactivity on a heavy loaded link) > > I hope we didn't missunderstand each other > > Tobias > > ___ > LARTC mailing list / [EMAIL PROTECTED] > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > -- __o _ \<_ (_)/(_) Saludos de Julián EA4ACL -.- Foro Wireless Madrid http://opennetworks.rg3.net ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Sharing incoming traffic
I've done my first test with ingress, 2 ftps, and I've seen that the bandwidth is not shared "very well". From the point of view of a user, his transfer stops suddenly, and restarts 20 seconds (or more!) later. Then the other has to wait !! I observ a kind of feedback process, beeing the interval of stopped traffic bigger each time, during the transference. The bandwidth is limited to 64.000 bit per second, killing packets. In fact it is not a real ethernet link, and the filter is on a vmware machine computer, so maybe this test is not valid. Anyone knows more about this behaviour ?? Could I optimize it playing with burst and mpu ? Or am I doing something really bad ? Thank you, Here's my filter: iptables -A PREROUTING -i eth0 -t mangle --protocol all -j MARK --set-mark 1 tc qdisc add dev eth0 handle : ingress tc filter add dev eth0 parent : protocol ip prio 5 handle 1 fw \ police rate 8000bps burst 10k mpu 64b drop flowid :1 -- __o _ \<_ (_)/(_) Saludos de Julián EA4ACL -.- Foro Wireless Madrid http://opennetworks.rg3.net ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Can't start ingress
Thank you again Steff, > > > You have to switch over to a 2.4.x kernel and enable INGRESS. > > > I think there is a patch for the 2.2.X kernel, but the network part of > > > the kernel had a major cleanup in the 2.4.x, so I recommend a 2.4.x > > > kernel. Is my life in real danger with this patch ? Is someone using it ? -- __o _ \<_ (_)/(_) Saludos de Julián EA4ACL -.- Foro Wireless Madrid http://opennetworks.rg3.net ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Can't start ingress
Is it related with "Differentiated Services" ? http://diffserv.sourceforge.net/ (link in your web) On Wed, 20 Mar 2002, Stef Coene wrote: > On Wednesday 20 March 2002 03:25, Julián Muñoz wrote: > > #tc qdisc add dev eth0 handle : ingress > > RTNETLINK answers: No such file or directory > > > > > > Need I something more from my kernel (debian, 2.2.19+HTB patch). ? > You have to switch over to a 2.4.x kernel and enable INGRESS. > I think there is a patch for the 2.2.X kernel, but the network part of the > kernel had a major cleanup in the 2.4.x, so I recommend a 2.4.x kernel. > > Stef > > -- __o _ \<_ (_)/(_) Saludos de Julián EA4ACL -.- Foro Wireless Madrid http://opennetworks.rg3.net ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Can't start ingress
On Wed, 20 Mar 2002, Stef Coene wrote: > On Wednesday 20 March 2002 03:25, Julián Muñoz wrote: > > #tc qdisc add dev eth0 handle : ingress > > RTNETLINK answers: No such file or directory > > > > > > Need I something more from my kernel (debian, 2.2.19+HTB patch). ? > You have to switch over to a 2.4.x kernel and enable INGRESS. > I think there is a patch for the 2.2.X kernel, but the network part of the > kernel had a major cleanup in the 2.4.x, so I recommend a 2.4.x kernel. :-( Thank you very much Steff Could someone tell me where is this patch ? Upgrading the kernel, it is very serious. How stable is 2.4.x ? I've never compiled nor used it ... -- __o _ \<_ (_)/(_) Saludos de Julián EA4ACL -.- Foro Wireless Madrid http://opennetworks.rg3.net ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Can't start ingress
#tc qdisc add dev eth0 handle : ingress RTNETLINK answers: No such file or directory Need I something more from my kernel (debian, 2.2.19+HTB patch). ? My kernel .config is at: http://www.etsit.upm.es/~rclub/socios/julian/CONFIG Thank you, -- __o _ \<_ (_)/(_) Saludos de Julián EA4ACL -.- ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
