Re: [LARTC] List fault?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Let's go for it then, count me in! On 05/05/2011 05:10 AM, Russell Stuart wrote: > On Wed, 2011-05-04 at 13:06 -0500, Grant Taylor wrote: >> Seeing that now messages seem to be flowing in a timely manner, I'd >> suggest that we give this list a week to a month probation to see if >> it has straightened up it's act.I'd also like a comment from the list >> maintainer or a moderator in his / her stead. > > The argument against that it is well neigh impossible to move the list > if the lists dies again, and we all loose contact with each other. We > can only move the list while we are a coordinated group, and the only > means we have of coordinating is this list. Dying again soon seems > likely. I don't know why the list burst into life this time around, but > it has happened several times before only to die again a short while > later. > > I like others think the list and its associated HOWTO is a pretty > important resource. It would be nice to rescue it while we have the > chance. > >> I'd also like a comment from the list maintainer or a moderator in >> his / her stead. > > This person would be very handy if they pop up, but I would not be > waiting around for them. > > The current problem we have is a social one. We are a highly technical > group. Just about of any of us could run a list server. I imagine most > of us have the resources to do so. So the problem isn't running the > server. It is organising ourselves so the list is can be maintained > over decades as participants come and go. Having one person in charge, > running a domain name owned by them or on hardware owned by them is not > a good way to go. > > So Radu your offer to set up the list is great - but since it just > replicates the situation we are in now I don't think it or similar > offers are such a good idea. > > A list on vger.kernel.org does seem like a workable solution. Large a > third party provider such as google groups, yahoo groups, github, > sourceforge or savanaha may be an even better solution as they would be > just a reliable, and they provide a web page were we could collaborate > on for things like HOWTO's. We would just have to organise among > ourselves governance of the list properly. > > Normally I'd suggest we explore these other alternatives. But we don't > know when the axe will fall again. The chief attraction of > vger.kernel.org seems to be we don't have to organise governance - we > just hand it over to davem and matti (vger's admins). So there is no > mucking around with internal politics - one or more of us just ask them > to set set up the list. > > So who is in favour of doing this ASAP - like within the next few week > or so? If you respond to this email, we can use the archived responses > as proof to vger.kernel.org's admins there is sufficient interest to > make it there worth their while. > >> However I think that this list (LARTC) is well known and documented all >> over the place. So even if we migrate elsewhere, there will still be >> people that stumble on to this list. > > Yes, but there is nothing we can do about that. Stumbling over a dead > list is not useful, regardless of how easy it is to find. A working > list what we need, and that should be our first priority. > > If the person who owns lartc@mailman.ds9a.nl pops up then we can do > other things that ameliorate "stumble over this list" problem - things > like putting in email redirects, put notices on web pages and so on. > But such things are just icing on the cake. We should not wait to see > whether we can do it. Just move the list, and organise the icing later > if we can. > > ___ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJNwkJMAAoJEDFLYVOGGjgXhCQH/R0SgutHC9Y7L0pUYeJizf9J HDafjXWgDsmpstRWR8eZgBQU4K0RqXl7D88QA7yeHLm3tBWc2zZ3lQcYNNJzex82 6D5umoFRSH+ukDV2o5VQm9SMQmgXs9BenmCFPD73Vq5pN6I7OrsZ0AP0MkYYZ8oE U5SXngkVIRLZzArnE7OBH7PDtXMeHSW+GQhZyACM134ZXtle+XmpOqdnkf5Bf3L7 +KoBnG8TuE6w7ruyY6Mfa3cjMdlx+b0lQnlFSGZrF7EMtZchzwLTJ1yWVt+/zdsd Yxnd4S80LWz7/GccmSyfzjdoe2MOtdznLJTuBe4Ciyes7Yh/K4xyXJO+tX1OZnw= =sLHO -END PGP SIGNATURE- ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] List fault?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Same here... On 05/04/2011 09:04 AM, Andrew Beverley wrote: > On Wed, 2011-05-04 at 09:52 +1200, Don Gould wrote: >> I'm getting a small stream of old posts and spam off this list. >> >> Are others seeing same? >> > > I've just had a load. Maybe they were a pile of messages that were held > for moderation and have just all been approved? > > Would be nice to see some discussions on the list again! > > Andy > > > > ___ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJNwO8fAAoJEDFLYVOGGjgXDccH/Rk9/WscT5nU1OpY2SFA4/b+ pxpSX7bKtBslvTtathOwytOG1CSxZvNNTWHe1tHqITsQKdNvmY0we8j2IkOTOIEi ZPLYBVg1h+kcRZN0dApNgaVCsgu2n+ELG07tGUMZ49D0eN1K8idURv0b0++dMSzJ njRPNZnKMcVtpx/MQusD8b+bsO3lCqtNoXop/XAZZ7muZP9a/DdHuK72Y+N6YSkP 3KBFa8z2rVocllludIShTCjMUH+Tbh27XGrSe8mAToNUEhRcW2US9Zc+qiw/iFmd B85Wf/9D2XEkIllgivLKRPBigA9lwkWptiFNDAeLmhlrFMymxupwpDDw6IqHQ3k= =ENKJ -END PGP SIGNATURE- ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Tc Filter - Port Ranges Calculate Mask Value
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello Anshul and list, That is really interesting matter. I am also awaiting someone who knows how the hex mask is calculated and applied to reply to this post. I am sure it was discussed on the list before, but anyways I might have missed that part. Cheers, - -Nikolay anshul makkar wrote: > Hi, > > I need to support port ranges in tc filter rules. > > I know how to formulate the rule but , I am not able to understand how > to calculate the mask value for a perticular range so as to segregate > the port values that lie within this range . > > I got the following sample > > "tc filter add dev eth1 parent 1:1 protocol ip prio 10 u32 match ip > sport 0x1ae0 0x1ff0 flowid 1:10 This rule will match all ports from > 6880 to 6895. " > > This rule correctly matches port range from 6880 to 6895. But I am > unable to figure out , how the mask value has been calculated. > > I am picking up port ranges from GUI. So the range can be any and I > need to calculte mask value so as to find out which ports lie within > the entered range. > > Please if you have any link, clue or reference material , do share it. > > Thanking You > Anshul Makkar > ___ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEUAwUBRx3ouTFLYVOGGjgXAQK6EAf4sTwWDdKvvzvNbee8PGKEeKcpt+n0sc0M Nn1PvOKEbT8qBiUXozHVz9pQ51qXpiggjOXv78OzRJRu+q8fyq9ZlA3XS+1CiRAR KMjoUy4Rlfm0lQVqrPmQrBVX07md/OWmLGBDy4hZUrNPi82G3w7gtm39N7fSqbaE O38uaX3nFF76tu+gb6XRb9vnJVuDWi0w5Tyd4L7dp1qZIot9Vi6QpEJa02r/osvs yuP8odoxY2N4BSdcJftlU8nyD5DKuzFd6VB9yZk1EC7gNNsv7GUT/jyABFRbOuJK E5d3wugPfoeREEJ8+gzztRwoedfOkMMcJfaxRb8AcSCHFHAsOenh =7RGv -END PGP SIGNATURE- ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] how to make setting using tc command as permanent.
Hello, You need to call your script on startup. However there are different methods of doing this. On a slackware linux you can user /etc/init.d/rc.local On a debian linux that script also exists so you can use it as well. Just make sure it is sym-linked to /etc/rc2.d/ HTH, -Nikolay Raghuvendra Kumar wrote: > Hi, > > I am facing a problem.Suppose i made some QOS configuration using tc. > But if system reboots, it disappears. > > How to make tc setting permanent. > > Regards, > > Raghuvendra Kumar | BTSL > 414 | Ext > 011-41619770 | Desk > +91-9818143739 | Mobile > [EMAIL PROTECTED] | EMail > ___ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] How to delete DSCP setting using iptable command.
Hello, You can just add --line-numbers at the end of the command you use to see the results you posted and then use iptables -D tableName ruleNumber, i.e. iptables -D OUTPUT 5 HTH, -Nikolay Raghuvendra Kumar wrote: > > Hi, > > Can anybody tell me how to delete DSCP or TOS setting using iptable command. > > iptables --list OUTPUT --table mangle > Chain OUTPUT (policy ACCEPT) > target prot opt source destination > DSCP tcp -- anywhere anywheretcp spt:http > DSCP s et 0x08 > DSCP udp -- anywhere anywhereDSCP set 0x08 > DSCP udp -- anywhere anywhereDSCP set 0x18 > DSCP all -- anywhere anywhereDSCP set 0x08 > DSCP all -- anywhere anywhereDSCP set 0x08 > DSCP all -- anywhere anywhereDSCP set 0x06 > DSCP all -- anywhere anywhereDSCP set 0x01 > DSCP all -- anywhere anywhereDSCP set 0x02 > DSCP udp -- anywhere anywhereDSCP set 0x08 > TOSudp -- anywhere anywhereTOS set > Maximize-Th roughput > TOSall -- anywhere anywhereTOS set > Maximize-Th roughput > > Regards, > > Raghuvendra Kumar | BTSL > 414 | Ext > 011-41619770 | Desk > +91-9818143739 | Mobile > [EMAIL PROTECTED] | EMail > ___ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] HTB does not respect the prio parameter
Hello Martin, I used to have this kind of problem before. Not sure if I resolved it with the help of folks on this mailing list, but I never tested. What you can try is to remove the prio parameter from the classes and leave the prio only for the filters. Let us know if that helps. Cheers, -Nikolay Martin Björnsson wrote: > Yes, exactly. So my 1:20 class (prio 1) should get to send more than the 1:30 > class. But > it doesn't, they both get about the same throughput. > > Nobody else having problems with the prio parameter? > > Martin > > bartekR wrote: >> Martin Björnsson pisze: >>> Hi all, >>> >>> I'm experimenting with HTB and the prio parameter and it does not give >>> me results I >>> expect. I've created 4 HTB classes: >>> >>> 1:10 TCP ACKs (prio 0) >>> 1:20 TCP traffic on dst port 10001 (prio 1) >>> 1:30 TCP traffic on dst port 1 (prio 2) >>> 1:40 Default(prio 3) >>> >>> ceil and rate parameters are the same for all 4 classes (rate is >>> 1000kbit and ceil is >>> 55000kbit). >>> >>> Then I start 2 TCP flows on src/dst ports 1 and 10001. The packets >>> seem to be >>> correctly classified by the filter (I get hits on classes 10, 20 and 30). >>> >>> The problem is that I get the same throughput on both TCP flows. >>> Shouldn't I get about >>> 1000kbit through class 30 and much more through class 20 since it has >>> higher priority? >>> >>> >>> Here's my setup script: >>> >>> #!/bin/sh >>> /bin/tc qdisc add dev eth0 root handle 1: htb default 40 && \ >>> /bin/tc class add dev eth0 parent 1:0 classid 1:1 htb rate 55000kbit >>> ceil 55000kbit >>> quantum 6 && \ >>> /bin/tc class add dev eth0 parent 1:1 classid 1:10 htb rate 1000kbit >>> ceil 55000kbit prio 0 >>> quantum 6 && \ >>> /bin/tc class add dev eth0 parent 1:1 classid 1:20 htb rate 1000kbit >>> ceil 55000kbit prio 1 >>> quantum 6 && \ >>> /bin/tc class add dev eth0 parent 1:1 classid 1:30 htb rate 1000kbit >>> ceil 55000kbit prio 2 >>> quantum 6 && \ >>> /bin/tc class add dev eth0 parent 1:1 classid 1:40 htb rate 1000kbit >>> ceil 55000kbit prio 3 >>> quantum 6 && \ >>> /bin/tc filter add dev eth0 parent 1:0 prio 99 handle 2: protocol ip >>> u32 divisor 256 && \ >>> /bin/tc filter add dev eth0 parent 1:0 protocol ip prio 10 u32 \ >>> ht 2:0: \ >>> match u8 0x06 0xff at 9 \ >>> match u8 0x10 0xff at nexthdr+13 \ >>> flowid 1:10 && \ >>> /bin/tc filter add dev eth0 parent 1:0 protocol ip prio 10 u32 \ >>> ht 2:0: \ >>> match u8 0x06 0xff at 9 \ >>> match u16 0x2711 0x at nexthdr+2 \ >>> flowid 1:20 && \ >>> /bin/tc filter add dev eth0 parent 1:0 protocol ip prio 10 u32 \ >>> ht 2:0: \ >>> match u8 0x06 0xff at 9 \ >>> match u16 0x2710 0x at nexthdr+2 \ >>> flowid 1:30 && \ >>> /bin/tc filter add dev eth0 parent 1:0 protocol ip prio 99 u32 ht >>> 800:: offset at 0 mask >>> 0x0f00 shift 6 plus 0 match u8 0x40 0xf0 at 0 link 2: && \ >>> /bin/tc qdisc add dev eth0 parent 1:10 handle 20: red limit 1000KB min >>> 10KB max 300KB >>> avpkt 1000 burst 100 probability 0.02 && \ >>> /bin/tc qdisc add dev eth0 parent 1:20 handle 30: red limit 1000KB min >>> 10KB max 300KB >>> avpkt 1000 burst 100 probability 0.02 && \ >>> /bin/tc qdisc add dev eth0 parent 1:30 handle 40: red limit 1000KB min >>> 10KB max 300KB >>> avpkt 1000 burst 100 probability 0.02 && \ >>> /bin/tc qdisc add dev eth0 parent 1:40 handle 50: red limit 1000KB min >>> 10KB max 300KB >>> avpkt 1000 burst 100 probability 0.02 && \ >>> >>> Regards, >>> Martin >>> ___ >>> LARTC mailing list >>> LARTC@mailman.ds9a.nl >>> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc >>> >>> >> As far as I know lower prio numbers (as 0) means higher priority and >> higher prio numbers (as 7) means lower priority. >> >> http://luxik.cdi.cz/~devik/qos/htb/manual/userg.htm >> >> >> >> Bartek >> >> >> -- >> Mobilne wiadomo¶ci w Twojej komórce >> >>>>> http://link.interia.pl/f1b71 > ___ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Re: tc n00b
Hello Jonathan,
The scenario works perfectly well on a NAT router. See, you drop excess
of bits on the interface where the packets arrive. Which is before
nating. Maybe we speak about different scenarios here?
What I describe limits the maximum upload speed for ip in the LAN.
Let me know the packet flow with the interfaces and IP addresses.
Cheers,
-Nikolay
p.s. I am also CCing the lartc mailing list in case someone else can help.
Jonathan Gazeley wrote:
> Hi Nikolay,
>
> Thanks for this. I tried using the code below, but it did not work for
> me. Is your server running tc also a NAT box? The reason I think my code
> isn't working is because NAT and tc are on the same server, meaning that
> the source IP of an outgoing packet is rewritten _before_ it gets to tc
> -- meaning that it is not possible to match packets by source IP.
>
> Cheers,
> Jonathan
>
> Nikolay Kichukov wrote:
>> Hello,
>> The policer is not 1: but :, not engress(root) but ingress.
>>
>> Let me give you an example:
>>
>> tc qdisc add dev eth0 ingress handle :
>> TC_FILTER="tc filter add dev eth0 parent : protocol ip"
>> $TC_FILTER prio 2 u32 match ip src 192.168.0.6/32 police rate 32kbit
>> burst 16kb drop flowid :
>> $TC_FILTER prio 2 u32 match ip src 192.168.0.4/32 police rate 128kbit
>> burst 32kb drop flowid :
>> $TC_FILTER prio 2 u32 match ip src 192.168.0.2/32 police rate 128kbit
>> burst 32kb drop flowid :
>> $TC_FILTER prio 2 u32 match ip src 192.168.0.5/32 police rate 128kbit
>> burst 32kb drop flowid :
>>
>>
>> eth0 is the LAN interface which the 192.168.0.0/24 IPs are connected to.
>>
>> The rest is self explanatory.
>>
>> Let me know if I can help you with anything else.
>>
>> Cheers,
>> -Nik
>>
>>
>>
>> Jonathan Gazeley wrote:
>>
>>> Hi Nikolay,
>>>
>>> How might this be implemented? I have used a shell script that loops
>>> around with a new IP address each time, and then my police line looks
>>> like this:
>>>
>>> tc filter add dev $LAN parent 1: protocol ip prio 50 u32 match ip src
>>> 137.222.$j.$i police rate ${UPLINK}kbit burst 10k drop flowid :1
>>>
>>> However my clients still have unlimited uplink. The other day, someone
>>> told me that then the tc box is also NATing, the source IP is rewritten
>>> before the police filter is applied - meaning that you cannot match on
>>> source IP. How did you overcome this problem?
>>>
>>> Thanks for your help,
>>> Jonathan
>>>
>>>
>>> Nikolay Kichukov wrote:
>>>
>>>> Hello Jonathan,
>>>> Indeed. I have tested with limited number of IPs though. Not sure how
>>>> that scheme will behave if you apply it to a huge network.
>>>>
>>>> Cheers,
>>>> -Nikolay
>>>>
>>>> Jonathan Gazeley wrote:
>>>>
>>>>
>>>>> Hi Nikolay,
>>>>>
>>>>> Thanks for your help - this looks useful. Is it possible to apply a
>>>>> police filter invidiually to each IP behind the NAT?
>>>>>
>>>>> Thanks,
>>>>> Jonathan
>>>>>
>>>>> Nikolay Kichukov wrote:
>>>>>
>>>>>> Hello,
>>>>>> You need to recompile your kernel and include the appropriate modules
>>>>>> for htb to work.
>>>>>>
>>>>>> The other idea I have is to use policer to filter how much traffic
>>>>>> PCs
>>>>>> in the LAN upload. This is done on the LAN interface. Eliminates the
>>>>>> need to mark packets, etc.
>>>>>>
>>>>>> You just drop all the packets that are coming in too fast. And
>>>>>> presumably your LAN can do at least 100mbps, so the delay of packet
>>>>>> retransmission can be neglected.
>>>>>>
>>>>>> HTH,
>>>>>> -Nikolay
>>>>>>
>>>>>> Martin Milata wrote:
>>>>>>
>>>>>>
>>>>>>> On Mon, Jul 30, 2007 at 02:58:00PM +0100, Jonathan Gazeley wrote:
>>>>>>> [...]
>>>>>>>
>>>>>>>> 137.222.235.125
>>>>>>>> RTNETLINK answers: No such file or directory
>>>>>>>> RTNETLINK answers: Invalid argument
>>>>>>>> We have an error talking to the kernel
>>>>>>>> RTNETLINK answers: No such file or directory
>>>>>>>> RTNETLINK answers: Invalid argument
>>>>>>>> We have an error talking to the kernel
>>>>>>>>
>>>>>>> [...]
>>>>>>>
>>>>>>> Hint: If you run your script as "bash -x script_name" (or use
>>>>>>> #!/bin/sh -x
>>>>>>> as shabang), you will be able to see which exact command caused the
>>>>>>> error
>>>>>>> message.
>>>>>>>
>>>>>>> Regards,
>>>>>>> -MM
>>>>>>> ___
>>>>>>> LARTC mailing list
>>>>>>> LARTC@mailman.ds9a.nl
>>>>>>> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
>>>>>>>
>>>>>> ___
>>>>>> LARTC mailing list
>>>>>> LARTC@mailman.ds9a.nl
>>>>>> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
>>>>>>
>
___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Re: tc n00b
Hello,
The policer is not 1: but :, not engress(root) but ingress.
Let me give you an example:
tc qdisc add dev eth0 ingress handle :
TC_FILTER="tc filter add dev eth0 parent : protocol ip"
$TC_FILTER prio 2 u32 match ip src 192.168.0.6/32 police rate 32kbit
burst 16kb drop flowid :
$TC_FILTER prio 2 u32 match ip src 192.168.0.4/32 police rate 128kbit
burst 32kb drop flowid :
$TC_FILTER prio 2 u32 match ip src 192.168.0.2/32 police rate 128kbit
burst 32kb drop flowid :
$TC_FILTER prio 2 u32 match ip src 192.168.0.5/32 police rate 128kbit
burst 32kb drop flowid :
eth0 is the LAN interface which the 192.168.0.0/24 IPs are connected to.
The rest is self explanatory.
Let me know if I can help you with anything else.
Cheers,
-Nik
Jonathan Gazeley wrote:
> Hi Nikolay,
>
> How might this be implemented? I have used a shell script that loops
> around with a new IP address each time, and then my police line looks
> like this:
>
> tc filter add dev $LAN parent 1: protocol ip prio 50 u32 match ip src
> 137.222.$j.$i police rate ${UPLINK}kbit burst 10k drop flowid :1
>
> However my clients still have unlimited uplink. The other day, someone
> told me that then the tc box is also NATing, the source IP is rewritten
> before the police filter is applied - meaning that you cannot match on
> source IP. How did you overcome this problem?
>
> Thanks for your help,
> Jonathan
>
>
> Nikolay Kichukov wrote:
>> Hello Jonathan,
>> Indeed. I have tested with limited number of IPs though. Not sure how
>> that scheme will behave if you apply it to a huge network.
>>
>> Cheers,
>> -Nikolay
>>
>> Jonathan Gazeley wrote:
>>
>>> Hi Nikolay,
>>>
>>> Thanks for your help - this looks useful. Is it possible to apply a
>>> police filter invidiually to each IP behind the NAT?
>>>
>>> Thanks,
>>> Jonathan
>>>
>>> Nikolay Kichukov wrote:
>>>
>>>> Hello,
>>>> You need to recompile your kernel and include the appropriate modules
>>>> for htb to work.
>>>>
>>>> The other idea I have is to use policer to filter how much traffic PCs
>>>> in the LAN upload. This is done on the LAN interface. Eliminates the
>>>> need to mark packets, etc.
>>>>
>>>> You just drop all the packets that are coming in too fast. And
>>>> presumably your LAN can do at least 100mbps, so the delay of packet
>>>> retransmission can be neglected.
>>>>
>>>> HTH,
>>>> -Nikolay
>>>>
>>>> Martin Milata wrote:
>>>>
>>>>
>>>>> On Mon, Jul 30, 2007 at 02:58:00PM +0100, Jonathan Gazeley wrote:
>>>>> [...]
>>>>>
>>>>>> 137.222.235.125
>>>>>> RTNETLINK answers: No such file or directory
>>>>>> RTNETLINK answers: Invalid argument
>>>>>> We have an error talking to the kernel
>>>>>> RTNETLINK answers: No such file or directory
>>>>>> RTNETLINK answers: Invalid argument
>>>>>> We have an error talking to the kernel
>>>>>>
>>>>> [...]
>>>>>
>>>>> Hint: If you run your script as "bash -x script_name" (or use
>>>>> #!/bin/sh -x
>>>>> as shabang), you will be able to see which exact command caused the
>>>>> error
>>>>> message.
>>>>>
>>>>> Regards,
>>>>> -MM
>>>>> ___
>>>>> LARTC mailing list
>>>>> LARTC@mailman.ds9a.nl
>>>>> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
>>>>>
>>>> ___
>>>> LARTC mailing list
>>>> LARTC@mailman.ds9a.nl
>>>> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
>>>>
>
___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Re: tc n00b
Hello Jonathan, Indeed. I have tested with limited number of IPs though. Not sure how that scheme will behave if you apply it to a huge network. Cheers, -Nikolay Jonathan Gazeley wrote: > Hi Nikolay, > > Thanks for your help - this looks useful. Is it possible to apply a > police filter invidiually to each IP behind the NAT? > > Thanks, > Jonathan > > Nikolay Kichukov wrote: >> Hello, >> You need to recompile your kernel and include the appropriate modules >> for htb to work. >> >> The other idea I have is to use policer to filter how much traffic PCs >> in the LAN upload. This is done on the LAN interface. Eliminates the >> need to mark packets, etc. >> >> You just drop all the packets that are coming in too fast. And >> presumably your LAN can do at least 100mbps, so the delay of packet >> retransmission can be neglected. >> >> HTH, >> -Nikolay >> >> Martin Milata wrote: >> >>> On Mon, Jul 30, 2007 at 02:58:00PM +0100, Jonathan Gazeley wrote: >>> [...] >>> >>>> 137.222.235.125 >>>> RTNETLINK answers: No such file or directory >>>> RTNETLINK answers: Invalid argument >>>> We have an error talking to the kernel >>>> RTNETLINK answers: No such file or directory >>>> RTNETLINK answers: Invalid argument >>>> We have an error talking to the kernel >>>> >>> [...] >>> >>> Hint: If you run your script as "bash -x script_name" (or use >>> #!/bin/sh -x >>> as shabang), you will be able to see which exact command caused the >>> error >>> message. >>> >>> Regards, >>> -MM >>> ___ >>> LARTC mailing list >>> LARTC@mailman.ds9a.nl >>> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc >>> >> ___ >> LARTC mailing list >> LARTC@mailman.ds9a.nl >> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc >> > ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Re: tc n00b
Hello, You need to recompile your kernel and include the appropriate modules for htb to work. The other idea I have is to use policer to filter how much traffic PCs in the LAN upload. This is done on the LAN interface. Eliminates the need to mark packets, etc. You just drop all the packets that are coming in too fast. And presumably your LAN can do at least 100mbps, so the delay of packet retransmission can be neglected. HTH, -Nikolay Martin Milata wrote: > On Mon, Jul 30, 2007 at 02:58:00PM +0100, Jonathan Gazeley wrote: > [...] >> 137.222.235.125 >> RTNETLINK answers: No such file or directory >> RTNETLINK answers: Invalid argument >> We have an error talking to the kernel >> RTNETLINK answers: No such file or directory >> RTNETLINK answers: Invalid argument >> We have an error talking to the kernel > [...] > > Hint: If you run your script as "bash -x script_name" (or use #!/bin/sh -x > as shabang), you will be able to see which exact command caused the error > message. > > Regards, > -MM > ___ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] tc filter not work, why?
Hello 吴明津, Maybe in your filter statement you should use src rather than dst? It is not clear what interface is connected to what hosts. HTH, -Nik 吴明津 wrote: > I try to use tc on mips with linux-2.4.18 but the u32 filter dosn't work > > I added htb qdisc to linux-2.4.18 and use it to limit the speed in > LAN, it only work well on the default class, for example > > tc qdisc add dev eth0 root handle 1: htb default 10 > tc class add dev eth0 parent 1:0 classid 1:1 htb rate 2000kbit > tc class add dev eth0 parent 1:1 classid 1:10 htb rate 500kbit ceil 500kbit > tc calss add dev eth0 parent 1:1 classid 1:11 htb rate 300kbit ceil 300kbit > tc filter add dev eth0 protocol ip u32 match ip dst 192.168.18.100 > flowid 1:11 > > the host 192.168.18.100 have a speed of 500kbit rather than 300kbit. > > if I don't set the default 10 class, all this dosn't have any effect. > > why? > > thank you. > ___ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Why does scp stall on low bandwidth connections?
Hello Andy, Thanks for the explanation one more time;-) Cheers, -Nikolay Andy Furniss wrote: > Nikolay Kichukov wrote: >> Hello Andy, >> unshaped here means with higher priority than the rest of the classes >> that have filters attached to them? > > Yes it will just be passed and not be accounted for by htb (well apart > from the counter) > >> >> So if an arp packet is sent at the same time an ip packet is sent, the >> arp packet will go first? And only then the ip packet will be matched by >> the filters? > > I don't know if two packets can arrive at the same time. The arp will > still pass through the filters and fail to match any then just pass > through. The ip packet may or may not pass straight through depending on > the state of the class it gets filtered into. > > Andy. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Why does scp stall on low bandwidth connections?
Hello Andy, unshaped here means with higher priority than the rest of the classes that have filters attached to them? So if an arp packet is sent at the same time an ip packet is sent, the arp packet will go first? And only then the ip packet will be matched by the filters? Regards, -Nikolay Andy Furniss wrote: > Nikolay Kichukov wrote: >> Hello Andreas, >> and arp is not ip ... thanks for clarification. >> >> Where(in which class) would all non-ip traffic go in the filter scenario? > > In the case of htb unclassified go unshaped without a default class set > (=default 0) you do get a counter - > > [EMAIL PROTECTED]:~$ /sbin/tc -s qdisc ls dev eth3 > qdisc htb 1: r2q 10 default 0 direct_packets_stat 3223 > > In the case of HFSC unclassified get dropped - so you really need a > default class, but not one that gets low prio IP sent to it :-) > > Andy. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Why does scp stall on low bandwidth connections?
Hello Andreas, and arp is not ip ... thanks for clarification. Where(in which class) would all non-ip traffic go in the filter scenario? Thanks, -Nikolay Andreas Unterkircher wrote: > The first one only recognize IP traffic, the line with default will > match any kind of traffic. > > Regards, > Andreas > > Quoting Nikolay Kichukov <[EMAIL PROTECTED]>: > >> Hello Andy, >> Is that line: >> tc filter add dev eth0 parent 1:0 protocol ip prio 2 u32 match u32 0 0 >> flowid 1:2 >> >> not equal to: >> tc qdisc add dev eth0 root handle 1:0 htb default 2 >> >> in terms of achieved results? If not, what is the difference? >> >> Thanks, >> -Nikolay > > > ___ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Why does scp stall on low bandwidth connections?
Hello Andy, Is that line: tc filter add dev eth0 parent 1:0 protocol ip prio 2 u32 match u32 0 0 flowid 1:2 not equal to: tc qdisc add dev eth0 root handle 1:0 htb default 2 in terms of achieved results? If not, what is the difference? Thanks, -Nikolay Andy Furniss wrote: > Marc wrote: >> Hi, >> >> I am new to tc and have been reading quite a bit on how to set it up etc. >> Everything seems to be working fine, until I started scp-ing a large file >> over a low bandwidth connection as part of my testing process. >> >> Here is the setup: >> my pc --- bridge running tc/htb --- rest of network >> >> TC is filtering traffic from "my pc" and classifies it as 120kbit (see my >> script below). I then scp a 5MB file from a server in "rest of >> network" to >> "my pc". Everything seems to work fine and copies at a speed of around >> 12KB/s, which is what I would expect from a 120kbit connection. At some >> stage scp stalls and eventually disconnects or I get bored and press >> +C. The stage at which it stalls is different every time. First >> it was >> at 76% of the copy progress, then at 32% of the copy progress. >> >> For my testing purposes, there is no other traffic flowing through either >> this class or any other class. My expectation was that it would copy the >> entire file, just at a low speed. I expected to be able to copy a >> 600MB file >> at 12KB/s, which would of course be very slow, but eventually arrive. >> >> Here are the rules I specified, note that "my pc" does *not* have the ip >> address 10.0.2.42 in the test desribed above: >> >> #eth0 qdisc >> tc qdisc add dev eth0 root handle 1:0 htb default 2 >> tc class add dev eth0 parent 1:0 classid 1:1 htb rate 10mbit ceil 10mbit >> tc class add dev eth0 parent 1:1 classid 1:2 htb rate 120kbit ceil >> 120kbit >> tc class add dev eth0 parent 1:1 classid 1:3 htb rate 200kbit ceil 1mbit >> >> #eth1 qdisc >> tc qdisc add dev eth1 root handle 2:0 htb default 2 >> tc class add dev eth1 parent 2:1 classid 2:2 htb rate 120kbit ceil >> 120kbit >> tc class add dev eth1 parent 2:1 classid 2:3 htb rate 200kbit ceil 1mbit >> >> #eth0 filter >> tc filter add dev eth0 parent 1:0 protocol ip prio 1 u32 match ip src >> 10.0.2.42 flowid 1:3 >> >> #eth1 filter >> tc filter add dev eth1 parent 2:0 protocol ip prio 1 u32 match ip dst >> 10.0.2.42 flowid 2:3 >> >> Thank you for your comments on this situation. > > It's probably because arp is being sent to 1:2 which is backlogged. Try > not using the default parameter and instead use a catch all ip tc filter > like - > > tc filter add dev eth0 parent 1:0 protocol ip prio 2 u32 match u32 0 0 > flowid 1:2 > > You could also consider adding p/bfifos to the classes and use the limit > parameter to make the queues shorter. At low bitrates the default > 1000pkts (picked up from the queuelen on eth) is too long. > > Andy. > ___ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] statistics and calc bandwidth traffic using tc -s qdisc show
seems so cool ... nice find ;-) thanks for sharing ;-) -nik On Thu, 2007-05-17 at 09:39 -0300, Salatiel Filho wrote: > I use tc-viewer . It does a great job. > http://snaj.ath.cx/tc-viewer/tc-viewer.html > > > On 5/16/07, Pablo Fernandes Yahoo <[EMAIL PROTECTED]> > wrote: > Hello, > > > > Is there someone here who knows what does it means? > > > > The Sent part. > > > > [EMAIL PROTECTED] ~]# tc -s qdisc show |grep -A 2 "qdisc sfq 140: dev > eth0" > > qdisc sfq 140: dev eth0 parent 1:140 limit 128p quantum 1514b > perturb 10sec > > Sent 3155024 bytes 23249 pkt (dropped 0, overlimits 0 > requeues 0) > > rate 0bit 0pps backlog 0b 0p requeues 0 > > > > [EMAIL PROTECTED] ~]# tc -s qdisc show |grep -A 2 "qdisc sfq 140: dev > eth1" > > qdisc sfq 140: dev eth1 parent 1:140 limit 128p quantum 1514b > perturb 10sec > > Sent 41141183 bytes 32560 pkt (dropped 0, overlimits 0 > requeues 0) > > rate 0bit 0pps backlog 0b 0p requeues 0 > > > > > > I also would like to know if there is a way to calc the > bandwidth traffic (in kbit for example)of this > customer using this informations. > > > > Thank you for any help in advance. > > > > Pablo Fernandes > > > > > > > ___ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > > > > > -- > []'s > Salatiel > > "O maior prazer do inteligente é bancar o idiota >diante de um idiota que banca o inteligente". > ___ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] incoming traffic + iptable
Glad that helped. You may want to share the knowledge with the others so I am CCing the list. Just in case someone else is or will be having the same questions. -nik - Original Message - From: mohican 542003 To: Nikolay Kichukov Sent: Friday, March 02, 2007 4:47 PM Subject: Re: [LARTC] incoming traffic + iptable Hello, Thank you very much. I tried it and it works very well. my script is: tc qdisc del dev eth0 ingress tc qdisc add dev eth0 handle : ingress tc filter add dev eth0 parent : protocol ip prio 1 u32 match ip src 172.24.11.14 police index 1 rate 15000kbit burst 15000kbit drop flowid :5002 tc filter add dev eth0 parent : protocol ip prio 1 u32 match ip src 172.24.16.11 police index 1 rate 15000kbit burst 15000kbit drop flowid :5002 tc filter add dev eth0 parent : protocol ip prio 1 u32 match ip src 172.24.100.2 police index 2 rate 15000kbit burst 15000kbit drop flowid :5002 172.24.11.14 and 172.24.16.11 shared 15000kbit for incoming traffic and 172.24.100.2 can receive at 15000kbit. Regards. Olivier. 2007/3/2, Nikolay Kichukov <[EMAIL PROTECTED]>: hello, I used to be wondering the same thing some time ago and also asked the list for help, the answer was that I could use the index option to achieve that. tc filter add ... police index 1 ... tc filter add ... police index 1 ... tc filter add ... police index 1 ... tc filter add ... police index 1 ... So all your rules should have the index parameter and thus the consumed bandwidth will be calculated for all the IPs. However I could not verify that this is actually working. Currently I am not using it, I just tried it once, but did not have time to do measures and calculations. So I cannot confirm if that actualy solves the problem you have. Maybe you can give it a try and let me and the list know if that works as expected? -nik - Original Message - From: mohican 542003 To: Nikolay Kichukov Sent: Thursday, March 01, 2007 9:45 AM Subject: Re: [LARTC] incoming traffic + iptable Hello, I would like something like: tc filter add dev eth0 parent : protocol ip prio 1 u32 match ip src 172.28.54.41/32 match ip src 172.28.54.45/32match ip src 172.28.54.54/32match ip src 172.28.54.80/32 police rate 1kbit burst 1kbit mtu 1500k drop flowid : with several IP address (not consecutive). The only way to do this seems to be with iptables to mark packets ? Thanks, Olivier. 2007/3/1, Nikolay Kichukov <[EMAIL PROTECTED]>: Hello there, Why would you want to mark the packets with iptables in the first place for ingress shaping? Why don't use the tc functionality to specify source and destination addresses and protocol types? I would suggest to leave iptables alone and get your hand on TC for doing traffic control ;-) So in your example: tc qdisc add dev eth0 handle : ingress tc filter add dev eth0 parent : protocol ip prio 1 u32 match ip src 172.28.54.41/32 police rate 1kbit burst 1kbit mtu 1500k drop flowid : Thats an elegant way to achieve what you want. HTH, -nik p.s. Mind the burst parameter, seems huge value to me. - Original Message - From: mohican 542003 To: lartc@mailman.ds9a.nl Sent: Wednesday, February 28, 2007 4:39 PM Subject: [LARTC] incoming traffic + iptable Hello, i try to use iptables to mark packet and then to filter them with tc. Here is my script: iptables -t mangle -A PREROUTING -s 172.28.54.41/32 -p tcp -j MARK --set-mark 1 tc qdisc add dev eth0 handle : ingress tc filter add dev eth0 parent : protocol ip prio 1 handle 1 fw police rate 1kbit burst 1kbit mtu 1500k drop flowid :1 I can not use u32 because i have several filter with more than one IP address in each. Packets seem to be well marked (command: iptables -t mangle -L -vnx) but packets are not filtered with tc. Can someone help me ? Thanks, Olivier. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] incoming traffic + iptable
Hello there, Sure tc can do those, I am not sure about layer 7 protocols. I am no tc expert myself ;-( -nik - Original Message - From: "François Delawarde" <[EMAIL PROTECTED]> To: Cc: "Nikolay Kichukov" <[EMAIL PROTECTED]> Sent: Thursday, March 01, 2007 5:03 PM Subject: Re: [LARTC] incoming traffic + iptable > Hello, > I would need to be able to do that, as I think that iptables is more > powerful for classifying traffic you want to police/shape. I don't > really know tc yet, so could you tell if it has the possibility of > detecting: > > - mac addresses > - ip tos/ttl values > - icmp types > - tcp/udp flags/ports or port ranges > - layer 7 protocols > > Thanks for help, > François. > > > Nikolay Kichukov wrote: > > Hello there, > > Why would you want to mark the packets with iptables in the first place for > > ingress shaping? > > Why don't use the tc functionality to specify source and destination > > addresses and protocol types? > > > > I would suggest to leave iptables alone and get your hand on TC for doing > > traffic control ;-) > > > > So in your example: > > > > tc qdisc add dev eth0 handle : ingress > > tc filter add dev eth0 parent : protocol ip prio 1 u32 match ip src > > 172.28.54.41/32 police rate 1kbit burst 1kbit mtu 1500k drop flowid > > : > > > > Thats an elegant way to achieve what you want. > > > > HTH, > > -nik > > > > p.s. Mind the burst parameter, seems huge value to me. > > > > > > - Original Message - > > From: mohican 542003 > > To: lartc@mailman.ds9a.nl > > Sent: Wednesday, February 28, 2007 4:39 PM > > Subject: [LARTC] incoming traffic + iptable > > > > > > Hello, > > > > i try to use iptables to mark packet and then to filter them with tc. Here > > is my script: > > iptables -t mangle -A PREROUTING -s 172.28.54.41/32 -p tcp -j > > MARK --set-mark 1 > > tc qdisc add dev eth0 handle : ingress > > tc filter add dev eth0 parent : protocol ip prio 1 handle 1 fw police > > rate 1kbit burst 1kbit mtu 1500k drop flowid :1 > > > > I can not use u32 because i have several filter with more than one IP > > address in each. > > > > Packets seem to be well marked (command: iptables -t mangle -L -vnx) > > but packets are not filtered with tc. > > > > Can someone help me ? > > > > Thanks, > > > > Olivier. > > > > > > > > > > ___ > > LARTC mailing list > > LARTC@mailman.ds9a.nl > > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > > > > ___ > > LARTC mailing list > > LARTC@mailman.ds9a.nl > > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > > > > > ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] incoming traffic + iptable
Hello there, Why would you want to mark the packets with iptables in the first place for ingress shaping? Why don't use the tc functionality to specify source and destination addresses and protocol types? I would suggest to leave iptables alone and get your hand on TC for doing traffic control ;-) So in your example: tc qdisc add dev eth0 handle : ingress tc filter add dev eth0 parent : protocol ip prio 1 u32 match ip src 172.28.54.41/32 police rate 1kbit burst 1kbit mtu 1500k drop flowid : Thats an elegant way to achieve what you want. HTH, -nik p.s. Mind the burst parameter, seems huge value to me. - Original Message - From: mohican 542003 To: lartc@mailman.ds9a.nl Sent: Wednesday, February 28, 2007 4:39 PM Subject: [LARTC] incoming traffic + iptable Hello, i try to use iptables to mark packet and then to filter them with tc. Here is my script: iptables -t mangle -A PREROUTING -s 172.28.54.41/32 -p tcp -j MARK --set-mark 1 tc qdisc add dev eth0 handle : ingress tc filter add dev eth0 parent : protocol ip prio 1 handle 1 fw police rate 1kbit burst 1kbit mtu 1500k drop flowid :1 I can not use u32 because i have several filter with more than one IP address in each. Packets seem to be well marked (command: iptables -t mangle -L -vnx) but packets are not filtered with tc. Can someone help me ? Thanks, Olivier. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] routing in tunnel mode
Hello there, it does not matter what type of network you are trying to reach, the Network unreachable error message suggests, that the router does not know on which interface(physical) to forward the packets with destination -net ! Before the lane you wrote, try this: route add -net xx.xx.xxx.xxx dev YOURDEVICE YOURDEVICE will be the device that the network is connected to the router via. If it is a sit tunnel, then YOURDEVICE = sit0. HTH, -Nikolay Kichukov Michael P. Soulier wrote: Hello, Looking here http://www.ipsec-howto.org/x299.html I've set up a vpn in transport mode with two linux boxes. I'm now trying to set it up in tunnel mode. After using the example keys, trying to ping, it doesn't work because the route network isn't routable. This mention is in the howto "If you tunnel is not working, please check your routing. Your hosts need to know that they should send the packets for the opposite network to you vpn gateway. The easiest setup would be using your vpn gateway as default gateway." But how does one set up a route like that, since the network is multiple hops away, the route command isn't going to accept it? [EMAIL PROTECTED] ~]# route add -net 172.16.113.0 netmask 255.255.255.0 gw 10.33.15.145 SIOCADDRT: Network is unreachable Some help please. Mike ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] egress bandwidth not limited / limitedextremely inaccurately
Cheers Andy, That clarifies;-) Regards, -nik Andy Furniss wrote: Nikolay Kichukov wrote: Hello Andy, How do one create such a filter to catch arp/other link layer traffic? Can you give us one such example? A quick test on ingress #tc qdisc add dev eth0 ingress Classify all ip traffic #tc filter add dev eth0 parent : prio 1 protocol ip u32 match u32 0 0 flowid :1 All arp #tc filter add dev eth0 parent : prio 2 protocol arp u32 match u32 0 0 flowid :2 Anything else #tc filter add dev eth0 parent : prio 3 protocol all u32 match u32 0 0 flowid :3 Look at the counters #tc -s filter ls dev eth0 parent : Delete everything ingress on eth0 #tc qdisc del dev eth0 ingress You can use ethertype protocol numbers in place of arp/ip. Use the prio to make sure the catch alls are last in the filters you use - prio 1 is the highest for filters. Andy. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] egress bandwidth not limited / limitedextremely inaccurately
Hello Andy, How do one create such a filter to catch arp/other link layer traffic? Can you give us one such example? Thanks, -nik - Original Message - From: "Andy Furniss" <[EMAIL PROTECTED]> To: "Roman Skula" <[EMAIL PROTECTED]> Cc: Sent: Wednesday, January 17, 2007 10:18 PM Subject: Re: [LARTC] egress bandwidth not limited / limitedextremely inaccurately > Roman Skula wrote: > > Andy Furniss napisał(a): > > > >>Roman Skula wrote: > >> > >>>05:04.1 Ethernet controller: Broadcom Corporation NetXtreme BCM5714 > >>>Gigabit Ethernet (rev a3) > >> > >>You may need to turn off segmentation offload with ethtool -k > > > > A huge, wet kiss for you, this turned my sky blue again. :) > > Lol - I forgot to mention: be carefull about using htb default, your > arp/other link layer end up there. If you don't specify a default htb > will let them through unshaped, you can make a filter to catch the > unclassified IP traffic and send it to the class you want. > > Andy. > > ___ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] How can I do traffic shapping for passive ftp ?
Hello Sebastien, If you are configuring the server side(where the ftpd is running) then you can tell the ftpd which ports to use for those passive connections in its configuration file. Then you can apply your rules on those ports ;-) HTH, -nik Sébastien CRAMATTE wrote: Hello I've setuped a bridge with iptables + layer + ipp2p + tc I don't know how to shape passive ftp ? If I put rules on port 20, 21 or using layer 7 iptables accounting still empty ... When I done a tcpdump I can see that othe port than 20 or 21 are used ... Any Ideas of how I can achieve this ? Regards ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] traffic shaping vpn (GRE) traffic
Hello Craig, Is it linux flavour specific kernel you are using? I guess there might be no tc support for the kind of match you are tring to do, but iptables support included. Those I presume might be different kernel options. In the first place, if anyone can say if the syntax of the following command is okay would be best choice: tc filter add dev eth2 parent 1:0 protocol ip u32 \ match ip protocol 47 0xff \ match ip u16 0x10 00ff at 24 \ classid 1:10 I am also CCing the LARTC list hoping anyone with more experience will know the answer. -Nik syncmaster4 wrote: Hi Nikolay, I am using the standard kernel but we are able to successully allow GRE traffic through IPTABLES running on this same computer. So I am assuming we do have support for GRE since we are able to successfully NAT it. I am far from a kernel/iptables/tc expert so maybe my assumption is completely wrong... Thanks! Craig On 12/11/06, Nikolay Kichukov <[EMAIL PROTECTED]> wrote: Hello syncmaster4, I am not much of an routing expert myself, but if you are getting the Illegal match error message, try looking in the command syntax or the kernel config to check if you compiled all the necessary modules for the command you are using. Have you got support for protocol 47? Just guessing here. -Nik syncmaster4 wrote: > Looking for some advise from the experts out there. > > We do simple traffice shaping and I'm having trouble figuring out how to > shape vpn traffic using a tc filter. > > The following filter works fine for SSH > tc filter add dev eth2 parent 1:0 protocol ip u32 match ip sport 22 > 0x classid 1:10 > > The following throws and "Illegal match" error when trying to filter GRE > traffic. > tc filter add dev eth2 parent 1:0 protocol ip u32 \ > match ip protocol 47 0xff \ > match ip u16 0x10 00ff at 24 \ > classid 1:10 > > Any pointers are greatly appreciated! > > CentOS 4.4 - 2.6.9-42.0.3.ELsmp > > Thanks! > Craig > > > > > ___ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] traffic shaping vpn (GRE) traffic
Hello syncmaster4, I am not much of an routing expert myself, but if you are getting the Illegal match error message, try looking in the command syntax or the kernel config to check if you compiled all the necessary modules for the command you are using. Have you got support for protocol 47? Just guessing here. -Nik syncmaster4 wrote: Looking for some advise from the experts out there. We do simple traffice shaping and I'm having trouble figuring out how to shape vpn traffic using a tc filter. The following filter works fine for SSH tc filter add dev eth2 parent 1:0 protocol ip u32 match ip sport 22 0x classid 1:10 The following throws and "Illegal match" error when trying to filter GRE traffic. tc filter add dev eth2 parent 1:0 protocol ip u32 \ match ip protocol 47 0xff \ match ip u16 0x10 00ff at 24 \ classid 1:10 Any pointers are greatly appreciated! CentOS 4.4 - 2.6.9-42.0.3.ELsmp Thanks! Craig ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Policy routing in linux
Hello Umesh, Try reading on the manuals on the web and then ask specific questions if you do not understand a given part. Maybe someone here will be able to provide more details on the subject then. Thanks, -Nik Umesh Upreti wrote: Hello everybody, I am very much eager to know policy routing in linux . Can anyone help me. Regards, umesh ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Linux DHPC
Hello, You will also need to install the dhcp server to be able to assign IP addresses to other. -nik - Original Message - From: "Seye Omotoso" <[EMAIL PROTECTED]> To: Sent: Thursday, November 23, 2006 7:50 PM Subject: [LARTC] Linux DHPC Dear sir, I am trying to install Linux server using DHCP, I have downloaded the DHCP file and installed. etho is the LAN point giving the Linux server connection to Internet and I want to configure eth1 to give DHCP to the clients. With the instruction I got from the Internet, I have to copy conf file to /etc which I have done,I want to add codes to conf file to make it DHCP but the code is not saving into conf file in /etc. Meanwhile when I finished installation I couldn't find conf file but 'configure' file so I rename the 'configure' to be 'conf' .What do you think I can do? Thank you. Sincerely, Seye - Everyone is raving about the all-new Yahoo! Mail beta. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] broadcast forwarding
Hi All. How can I do the subj, from one subnet to another subnet? I think ip route maybe must help me bu I not understand how? thx. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] interactive traffic
Hi all. I configure my shaper with tc help, for it I use HTB, ESFQ and IMQ for ingress traffic. all users work through NAT, all traffic separate honestly between users, but I have one problem - interactive traffic (i.e. view HTML pages), when somebody download anything HTML pages opening very slowly... What can do I, to correct this problem??? P.S. all users (their http traffic) I mark with iptables, and put it all in one class with ESFQ qdisc with hash type fwmark (for egress) and dst (for ingress) Thank you all. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] IMQ action
Hi. -j IMQ is equal -j ACCEPT...? i mean it after -j IMQ packet don't return in parent chain??? cause -j ACCEPT action accept the packet in the child chain and don't return it to parent... example: ipt="iptables -t mangle" $ipt -N HTTP $ipt -A HTTP -j IMQ // after this packet packets go to -t nat tables? or // it return to parent chain (PREROUTING) in mangle? $ipt -N OTHER $ipt -A OTHER -j IMQ $ipt -A PREROUTING [expression] -j HTTP $ipt -A PREROUTING -j OTHER all this I do for ingress traffic. thx. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Help On Upload Limiting Using CBQ.init
Ali Jawad пишет: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Guys Ive got an internet cafe on which I have a debian sarge box running. The Debian box acts as a gateway and it has masquerading on. I have 40 client PC and i do not want to assign more than 64k per pc for upload and the same is true for download too. Ive done alot of research and Ive read tutorials about CBQ and HTB. I found that CBQ.init is the best script to serve my needs. I was successfully able to limit download per client using the script. However I was not able to limit upload per client whatever method I used. Please HELP ME LIMIT THE UPLOADS ON A PER CLIENT BASIS. I think you must use ESFQ qdisc for^^ ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Layer-7 don't work
Szymon Mroofka пишет: Hi, I have simple question about Skype. What are the methods of selecting packets which belongs to Skype?? I know about 7layer but I don't belive that is only way. Is 7layer realy good and stable solution for routers which must handle more than 1000 users ? Hi everybody! I use Layer-7 filter for hook packets like this : $ipt -t mangle -N SKYPE $ipt -t mangle -A SKYPE -j MARK --set-mark 41 $ipt -t mangle -A SKYPE -j LOG --log-prefix "IPT. SKYPE: " --log-ip-options $ipt -t mangle -A SKYPE -j IMQ $ipt -t mangle -A PREROUTING -m layer7 --l7dir /etc/l7-protocols --l7proto dns -j DNS ... $ipt -t mangle -A PREROUTING -m layer7 --l7dir /etc/l7-protocols --l7proto skypetoskype -j SKYPE ... $ipt -t mangle -A PREROUTING -j OTHER the iptables -t mangle -L PREROUTING -n -v show it's correct, but I see in LOG and see this: Aug 23 10:57:16 gate kernel: IPT. SKYPE: IN=eth0 OUT= MAC=xx:xx:...xx SRC=10.10.0.114 DST=10.10.0.1 LEN=140 TOS=0x04 PREC=0x00 TTL=64 ID=0 PROTO=UDP SPT=162 DPT=162 LEN=120 etc... grep 162 /etc/services snmp-trap 162/tcp snmptrap# Traps for SNMP snmp-trap 162/udp snmptrap# Traps for SNMP it's not SKYPE, i think it is normal? my kernel 2.6.15, iptables v 1.3.5 all pathced, all modules is load. thx. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] How to bypass traffic control for one IP
and you do not read my example at all. tc qdisc add dev eth1 root handle 1: htb default 1 tc class add dev eth1 parent 1: classid 1:1 htb rate 4080kb ceil 4080kb tc class add dev eth1 parent 1:1 classid 1:10 htb rate 4000kb ceil 4000kb prio 1 tc class add dev eth1 parent 1:1 classid 1:11 htb rate 80kb ceil 80kb prio 2 and match the packets(with filters) with destination to the adsl to class 1:10 and all the rest to class 1:11. I do not know if that will work, butat least you can give it a try and then confirm if it is actually working or not working so someone else on the list can give you another hint... -nik On Mon, 2006-08-21 at 09:47 +0200, Yves BLUSSEAU wrote: > Thanks nik > > BUT, i know how the class and filter work and in your example you don't take > my problem in account because i need an unlimited class rate (or at least > 4Mbits) and a limited classe rate for internet (80kb for example). > Can you rewrite your example with this parameter ? > > Thanks in advance ! > > Yves > - Original Message - > From: "nikolay hijacker-at-oldum.net |Linux Advanced Routing & Traffic > Control project/1.0-Allow|" <...> > To: <..> > Cc: > Sent: Saturday, August 19, 2006 4:21 PM > Subject: Re: [LARTC] How to bypass traffic control for one IP > > > sure i write an example. > it is all dependent on the ceil parameter on the class. > so if the class for the internet is 80kbps, than you will have rate 80kb > ceil 80kb thus this class will not be able to borrow bandwith from the class > above it. > > example: > > tc qdisc add dev eth1 root handle 1: htb default 11 > tc class add dev eth1 parent 1: classid 1:1 htb rate 48kb ceil 48kb > tc class add dev eth1 parent 1:1 classid 1:10 htb rate 40kb ceil 40kb prio 1 > tc class add dev eth1 parent 1:1 classid 1:11 htb rate 8kb ceil 8kb prio 2 > > What's next is to match the right packets into the right classes using > filters. > > Let me know if that helps. > > btw eth1 will be the interface that is connected to the adsl router. > > and 48kbps is just an example, feel free to adjust those values. > > -nik > - Original Message - > From: "Yves " <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Friday, August 18, 2006 5:05 PM > Subject: Re: [LARTC] How to bypass traffic control for one IP > > > > Thx nik, > > > > but what i don't understand is if that there no traffic to the first class > > (4Mbit traffic) other class can borrow capacity from the first one. So the > > traffic to internet is not limited to 80ko/s ? > > If i'm wrong, can you write an example ? > > > > Thanks in advance, > > Yves > > > > - Original Message - > > From: "Nikolay Kichukov hijacker-at-oldum.net |Linux Advanced Routing & > > Traffic Control project/1.0-Allow|" <...> > > To: <..> > > Cc: > > Sent: Friday, August 18, 2006 3:52 PM > > Subject: Re: [LARTC] How to bypass traffic control for one IP > > > > > > Okay, > > the following may or may not work: > > > > on the interface of the router that is connected to the adsl add an > > engress HTB qdisc. > > > > Then add classes accordingly. The first one with highest priority will > > be for the 4Mbit traffic. > > The classes after this one will be dependent on your likely. > > > > Add some tc filters. The first one will match if dst ip is $IP_OF_ADSL > > or dst port is $THE_BROADCAST_PORT_OF_THE_ADSL and it will use htb class > > with highest priority. > > > > Packets not having destination the adsl will be matched in the filters > > afterwords, thus shaped and so. > > > > However, I am not sure, if all of the packets will not go under that htb > > class, because in their destination header they all have the adsl IP(the > > default gateway). > > > > Maybe someone on the list will englight me on that topic. > > > > -nik > > > > > > On Fri, 2006-08-18 at 12:47 +0200, Yves wrote: > >> The adsl modem has two functions: it give me access to internet (max > >> 80ko/s > >> upload) et it is use to broadcast video stream at more than 4Mo/s. > >> I can't manage the modem. > >> My PC, the firewall and the modem are locally connected at 100Mbits Full > >> Duplex. > >> Like I said i want to shape the upload to internet and only to internet. > >> So do you know a good configuration to shape all but not the traffic > >> directly send to the modem (to it's IP) ? > &
Re: [LARTC] How to bypass traffic control for one IP
sure i write an example. it is all dependent on the ceil parameter on the class. so if the class for the internet is 80kbps, than you will have rate 80kb ceil 80kb thus this class will not be able to borrow bandwith from the class above it. example: tc qdisc add dev eth1 root handle 1: htb default 11 tc class add dev eth1 parent 1: classid 1:1 htb rate 48kb ceil 48kb tc class add dev eth1 parent 1:1 classid 1:10 htb rate 40kb ceil 40kb prio 1 tc class add dev eth1 parent 1:1 classid 1:11 htb rate 8kb ceil 8kb prio 2 What's next is to match the right packets into the right classes using filters. Let me know if that helps. btw eth1 will be the interface that is connected to the adsl router. and 48kbps is just an example, feel free to adjust those values. -nik - Original Message - From: "Yves BLUSSEAU" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, August 18, 2006 5:05 PM Subject: Re: [LARTC] How to bypass traffic control for one IP Thx nik, but what i don't understand is if that there no traffic to the first class (4Mbit traffic) other class can borrow capacity from the first one. So the traffic to internet is not limited to 80ko/s ? If i'm wrong, can you write an example ? Thanks in advance, Yves - Original Message - From: "Nikolay Kichukov hijacker-at-oldum.net |Linux Advanced Routing & Traffic Control project/1.0-Allow|" <...> To: <..> Cc: Sent: Friday, August 18, 2006 3:52 PM Subject: Re: [LARTC] How to bypass traffic control for one IP Okay, the following may or may not work: on the interface of the router that is connected to the adsl add an engress HTB qdisc. Then add classes accordingly. The first one with highest priority will be for the 4Mbit traffic. The classes after this one will be dependent on your likely. Add some tc filters. The first one will match if dst ip is $IP_OF_ADSL or dst port is $THE_BROADCAST_PORT_OF_THE_ADSL and it will use htb class with highest priority. Packets not having destination the adsl will be matched in the filters afterwords, thus shaped and so. However, I am not sure, if all of the packets will not go under that htb class, because in their destination header they all have the adsl IP(the default gateway). Maybe someone on the list will englight me on that topic. -nik On Fri, 2006-08-18 at 12:47 +0200, Yves wrote: The adsl modem has two functions: it give me access to internet (max 80ko/s upload) et it is use to broadcast video stream at more than 4Mo/s. I can't manage the modem. My PC, the firewall and the modem are locally connected at 100Mbits Full Duplex. Like I said i want to shape the upload to internet and only to internet. So do you know a good configuration to shape all but not the traffic directly send to the modem (to it's IP) ? Yves - Original Message - From: "Nikolay Kichukov hijacker-at-oldum.net |Linux Advanced Routing & Traffic Control project/1.0-Allow|" <...> To: <..> Sent: Friday, August 18, 2006 12:22 PM Subject: Re: [LARTC] How to bypass traffic control for one IP You surely do need to send the video stream at full speed, but what is the point of doing so if the adsl modem(router) will still shape the upload at the speed that your ISP gives to you? That will only saturate the link. -nik On Thu, 2006-08-17 at 21:05 +0200, Yves wrote: > Because my asl modem is also a router and it is used to send broadcast > video > to another network and so i need to send video stream at full speed to > the > modem. > - Original Message - > From: "nikolay hijacker-at-oldum.net |Linux Advanced Routing & Traffic > Control project/1.0-Allow|" <...> > To: <..> > Sent: Thursday, August 17, 2006 12:32 PM > Subject: Re: [LARTC] How to bypass traffic control for one IP > > > > why would you want to "access" the adsl modem at 100Mbps? > > > > What is the speed your ISP provides to the adsl modem? > > > > -nik > > - Original Message - > > From: "Yves " <[EMAIL PROTECTED]> > > To: > > Sent: Wednesday, August 16, 2006 6:16 PM > > Subject: [LARTC] How to bypass traffic control for one IP > > > > > > Hi all, > > > > i have a problem: i have an adsl modem that is connected to internet. > > I > > can't manage this modem. > > Between my PC and the modem i have a linux firewall that make the NAT > > and > > the traffic shapping. > > I have create a script that limit the bandwidth of the "external" > > interface of the firewall so i can manage my bandwidth for my > > internet > > application. > > The problem is that i need to access
Re: [LARTC] How to bypass traffic control for one IP
Okay, the following may or may not work: on the interface of the router that is connected to the adsl add an engress HTB qdisc. Then add classes accordingly. The first one with highest priority will be for the 4Mbit traffic. The classes after this one will be dependent on your likely. Add some tc filters. The first one will match if dst ip is $IP_OF_ADSL or dst port is $THE_BROADCAST_PORT_OF_THE_ADSL and it will use htb class with highest priority. Packets not having destination the adsl will be matched in the filters afterwords, thus shaped and so. However, I am not sure, if all of the packets will not go under that htb class, because in their destination header they all have the adsl IP(the default gateway). Maybe someone on the list will englight me on that topic. -nik On Fri, 2006-08-18 at 12:47 +0200, Yves BLUSSEAU wrote: > The adsl modem has two functions: it give me access to internet (max 80ko/s > upload) et it is use to broadcast video stream at more than 4Mo/s. > I can't manage the modem. > My PC, the firewall and the modem are locally connected at 100Mbits Full > Duplex. > Like I said i want to shape the upload to internet and only to internet. > So do you know a good configuration to shape all but not the traffic > directly send to the modem (to it's IP) ? > > Yves > > - Original Message - > From: "Nikolay Kichukov hijacker-at-oldum.net |Linux Advanced Routing & > Traffic Control project/1.0-Allow|" <...> > To: <..> > Sent: Friday, August 18, 2006 12:22 PM > Subject: Re: [LARTC] How to bypass traffic control for one IP > > > You surely do need to send the video stream at full speed, but what is > the point of doing so if the adsl modem(router) will still shape the > upload at the speed that your ISP gives to you? > > That will only saturate the link. > > -nik > > On Thu, 2006-08-17 at 21:05 +0200, Yves wrote: > > Because my asl modem is also a router and it is used to send broadcast > > video > > to another network and so i need to send video stream at full speed to the > > modem. > > - Original Message - > > From: "nikolay hijacker-at-oldum.net |Linux Advanced Routing & Traffic > > Control project/1.0-Allow|" <...> > > To: <..> > > Sent: Thursday, August 17, 2006 12:32 PM > > Subject: Re: [LARTC] How to bypass traffic control for one IP > > > > > > > why would you want to "access" the adsl modem at 100Mbps? > > > > > > What is the speed your ISP provides to the adsl modem? > > > > > > -nik > > > - Original Message - > > > From: "Yves " <[EMAIL PROTECTED]> > > > To: > > > Sent: Wednesday, August 16, 2006 6:16 PM > > > Subject: [LARTC] How to bypass traffic control for one IP > > > > > > > > > Hi all, > > > > > > i have a problem: i have an adsl modem that is connected to internet. I > > > can't manage this modem. > > > Between my PC and the modem i have a linux firewall that make the NAT > > > and > > > the traffic shapping. > > > I have create a script that limit the bandwidth of the "external" > > > interface of the firewall so i can manage my bandwidth for my internet > > > application. > > > The problem is that i need to access the adsl modem at full bandwith > > > (100mbits) from my PC (through the linux firewall). > > > So i need a configuration where all the internet IP are limited by the > > > traffic control and where the IP of the modem is not slowdown by traffic > > > shapping. > > > > > > Who have an idea for such configuration ? > > > > > > Thanks in advance. > > > > > > Yves > > > > > > > > > > > > > > > > > >> ___ > > >> LARTC mailing list > > >> LARTC@mailman.ds9a.nl > > >> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > > >> > > > > > > > > -- Когато сме щастливи, сме добри. Но когато сме добри, не винаги сме щастливи... -Оскар Уайлд ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] How to bypass traffic control for one IP
why would you want to "access" the adsl modem at 100Mbps? What is the speed your ISP provides to the adsl modem? -nik - Original Message - From: "Yves BLUSSEAU" <[EMAIL PROTECTED]> To: Sent: Wednesday, August 16, 2006 6:16 PM Subject: [LARTC] How to bypass traffic control for one IP Hi all, i have a problem: i have an adsl modem that is connected to internet. I can't manage this modem. Between my PC and the modem i have a linux firewall that make the NAT and the traffic shapping. I have create a script that limit the bandwidth of the "external" interface of the firewall so i can manage my bandwidth for my internet application. The problem is that i need to access the adsl modem at full bandwith (100mbits) from my PC (through the linux firewall). So i need a configuration where all the internet IP are limited by the traffic control and where the IP of the modem is not slowdown by traffic shapping. Who have an idea for such configuration ? Thanks in advance. Yves ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Simple Rule to Cap P2P Uploads
Hello Mathew, Yes, it is all clear and your setup should work provided you changed the few tiny bits I suggested. Best, -Nik В вт, 2006-07-04 в 06:30 -0700, Mathew Brown написа: > Thanks for your reply Nikolay. I feel my first post was somewhat > unclear. I hope the following information clears things up a little > more: > > 1) The machine that I am trying to run do tc on has a single interface > that connects it to the the rest of the network. > > 2) I sometimes have to ssh and scp files from that machine. > > 3) The machine runs various P2P applications. I don't want the sum of > their uploads to exceed 3 KB/s. > > 4) As you mentioned, my ADSL uplink is 64000 bps > > 5) The machine that I have tc running on and the machine with the P2P > uploads are the same machine. > > Thanks for your comments. I'll try to check out the kbps vs. kbits. > But is the idea of what I'm trying to do now more clear? > > Nikolay Kichukov <[EMAIL PROTECTED]> wrote: > Hi Mathew, > your adsl uplink is 64000 bps, correct? > > 102400kbps > 64kbps > 3kbps != 3KB/sec > > Another point, tc syntax is 102400kbit, not 102400kbps(as far > as I > tested that). > > 3KB = 3*8 kbit > > Test that and let us know if this helps. > > -Nik > > On Wed, 2006-06-28 at 09:50 -0700, Mathew Brown wrote: > > Hi, > > I'm new at traffic control and was reading up on HTB and > using it to > > put an upper limit on traffic. I have a 256k DSL with 64k > upload > > (which translates to about 5/6KB uploads). The machine > running the > > P2P applications keeps filling up the 64K so my browsing > from other > > machines in the network ends up being very slow. Since there > are > > several P2P applications, I wanted to set the entire upload > cap to > > something like 3KB/s so it doesn't disrupt browsing. > However, I would > > also like to ssh and scp from this machine without having an > upload > > cap. The machine has a single interface to the network: > eth0. I > > tried the following tc lines but it appears to affect both > the P2P > > traffic and my ssh traffic, resulting in a very slow ssh > sessions: > > > > tc qdisc add dev eth0 root handle 1: htb default 3 > > tc class add dev eth0 parent 1: classid 1:1 htb rate > 102400kbps ceil > > 102400kbps > > tc class add dev eth0 parent 1:1 classid 1:2 htb rate > 102400kbps ceil > > 102400kbps > > tc class add dev eth0 parent 1:1 classid 1:3 htb rate 3kbps > ceil 3kbps > > tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 > match ip > > dport 22 0x flowid 1:2 > > > > Any ideas? Thanks for your time. > > > > > > > __ > > Do you Yahoo!? > > Next-gen email? Have it all with the all-new Yahoo! Mail > Beta. > > ___ > > LARTC mailing list > > LARTC@mailman.ds9a.nl > > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > -- > ������ ��� ��������, > ��� �����. > �� ������ ��� �����, �� > ������ ��� ��������... > -����� ����� > > > > > > __ > Yahoo! Music Unlimited - Access over 1 million songs. Try it free. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] tc ingress policing with multiple subnets
Hi Andy, please, have a look at my answers in the text below. On Mon, 2006-06-26 at 13:33 +0100, Andy Furniss wrote: > Nikolay Kichukov wrote: > > Hello everybody on the list, > > > > I have the following situation where I want to police the speed of > > incoming > > packets from specific subnets to 1024kbps and then police all the rest to > > 256kbps, which is the speed my ISP grants for the rest of the internet. > > If you are shaping ingress you will need to set a rate below the link > speed, or you won't do anything. > How about a rate that matches the link speed? Will 95% of the link be alright for ingress? > > > > So, eth1 is the one connected to the cable modem and then to the internet. > > > > I do: > > > > tc qdisc add dev eth1 ingress handle : > > > > > > then: > > > > tc filter add dev eth1 parent : protocol ip prio 1 u32 match ip src > > xx.yy.zz.0/24 police rate 1024kbit burst 10kb drop flowid : > > tc filter add dev eth1 parent : protocol ip prio 1 u32 match ip src > > pp.dd.df.0/23 police rate 1024kbit burst 10kb drop flowid : > > ... > > ... > > and finally: > > > > tc filter add dev eth1 parent : protocol ip prio 2 u32 match ip src > > 0.0.0.0/0 police rate 256kbit burst 10kb drop flowid : > > > > > > My question is, is there a way I can limit the overall speed of incoming > > packets from all of those defined subnets to 1024kbps, as it seems in the > > above scenario that if packets from xx.yy.zz.0/24 subnet arrive at the > > speed > > of 1024kbps, and at the same time packets are arriving from > > pp.dd.df.0/23 at > > 1024kbps the overall would be 2048kbps, which I do not want. > > You can use a shared meter. > > ... police index 1 rate .. > > I will read on about the index shared meter. Hope that will do what I need to achieve. > > > > Any comments or suggestions on this topic are welcomed. > > > > Another question I have is, what is the difference of the burst/buffer > > being 10kb or 90kb for example? What difference would that make? > > The detailed behaviour probably depends on rate estimators in kernel config. > > Roughly the burst/buffer is a virtual buffer that when full will cause > further packets to be dropped until it has drained enough over time to > pass them again. > So a buffer of 10kbytes will allow first 10kbytes to flow at the rate of the line and the next packets be shaped at the filter rate? example: tc filter add dev eth1 parent : protocol ip prio 2 u32 match ip src 0.0.0.0/0 police rate 256kbit burst 10kb drop flowid : if line speed is 512 kbit, the first downloaded 10kbytes will travel at 512kbit, and the packets afterwards will flow at the speed of 256kbit. Is that kind of correct? > If you are shaping ingress at near link speed I think smaller is better > - if you are shaping well below link speed like 1meg/100 then you can > use a bigger buffer. > > Andy. > I think I got that. Regards, -nik -- Когато сме щастливи, сме добри. Но когато сме добри, не винаги сме щастливи... -Оскар Уайлд ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Simple Rule to Cap P2P Uploads
Hi Mathew, your adsl uplink is 64000 bps, correct? 102400kbps > 64kbps 3kbps != 3KB/sec Another point, tc syntax is 102400kbit, not 102400kbps(as far as I tested that). 3KB = 3*8 kbit Test that and let us know if this helps. -Nik On Wed, 2006-06-28 at 09:50 -0700, Mathew Brown wrote: > Hi, > I'm new at traffic control and was reading up on HTB and using it to > put an upper limit on traffic. I have a 256k DSL with 64k upload > (which translates to about 5/6KB uploads). The machine running the > P2P applications keeps filling up the 64K so my browsing from other > machines in the network ends up being very slow. Since there are > several P2P applications, I wanted to set the entire upload cap to > something like 3KB/s so it doesn't disrupt browsing. However, I would > also like to ssh and scp from this machine without having an upload > cap. The machine has a single interface to the network: eth0. I > tried the following tc lines but it appears to affect both the P2P > traffic and my ssh traffic, resulting in a very slow ssh sessions: > > tc qdisc add dev eth0 root handle 1: htb default 3 > tc class add dev eth0 parent 1: classid 1:1 htb rate 102400kbps ceil > 102400kbps > tc class add dev eth0 parent 1:1 classid 1:2 htb rate 102400kbps ceil > 102400kbps > tc class add dev eth0 parent 1:1 classid 1:3 htb rate 3kbps ceil 3kbps > tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip > dport 22 0x flowid 1:2 > > Any ideas? Thanks for your time. > > > __ > Do you Yahoo!? > Next-gen email? Have it all with the all-new Yahoo! Mail Beta. > ___ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc -- Когато сме щастливи, сме добри. Но когато сме добри, не винаги сме щастливи... -Оскар Уайлд ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] slackware 10.2 compilation
Hello, I am not an expert myself, but I can suggest that you use 3 lines to limit the overall upload limit for your adsl ;-) MAXOUT=9 tc qdisc add dev eth1 root handle 1: htb default 13 tc class add dev eth1 parent 1: classid 1:1 htb rate $MAXOUT ceil $MAXOUT where eth1 will be the interface that is connected to the ADSL ;-) Hope that helps. Regards, -Nikolay Kichukov - Original Message - From: "tasos" <[EMAIL PROTECTED]> To: Sent: Friday, June 16, 2006 1:41 PM Subject: [LARTC] slackware 10.2 compilation hello people and nice to meet you. [EMAIL PROTECTED]:~/tcng$ ./configure Reading configuration defaults from ./config building tcsim: yes Kernel source:/home/tasoss/linux-2.6.16.20 Kernel version: 2.6.16 iproute2 source: /home/tasoss/iproute2-2.6.16-060323 iproute2 version: 060323 Host byte order: little endian tcng command: /home/tasoss/tcng/bin/tcng YACC is: yacc $ is not identifier: -$ tc supports "action": yes building the manual: NO install directory:/usr/local [EMAIL PROTECTED]:~/tcng$ - make[2]: Entering directory `/home/tasoss/tcng/tcsim' ./setup.klib ./setup.klib: line 119: /home/tasoss/linux-2.6.16.20/net/sched/police.c: No such file or directory make[2]: *** [klib/.ready] Error 1 make[2]: Leaving directory `/home/tasoss/tcng/tcsim' make[1]: *** [tcsim] Error 2 make[1]: Leaving directory `/home/tasoss/tcng/tcsim' make: *** [all] Error 1 -- tcng is compiled fine,but what can i do with tcsim? Moreover i would like to suggest me some good documentation about tc/tcng(traffic control generally?) except for what tldp has already. And finally,my first step it to limit my adsl upload bandwidth from 128Kbps to 90kbps for example.Is it a one-line command? Thank you in advance :-) ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] tc ingress policing with multiple subnets
Hello everybody on the list, I have the following situation where I want to police the speed of incoming packets from specific subnets to 1024kbps and then police all the rest to 256kbps, which is the speed my ISP grants for the rest of the internet. So, eth1 is the one connected to the cable modem and then to the internet. I do: tc qdisc add dev eth1 ingress handle : then: tc filter add dev eth1 parent : protocol ip prio 1 u32 match ip src xx.yy.zz.0/24 police rate 1024kbit burst 10kb drop flowid : tc filter add dev eth1 parent : protocol ip prio 1 u32 match ip src pp.dd.df.0/23 police rate 1024kbit burst 10kb drop flowid : ... ... and finally: tc filter add dev eth1 parent : protocol ip prio 2 u32 match ip src 0.0.0.0/0 police rate 256kbit burst 10kb drop flowid : My question is, is there a way I can limit the overall speed of incoming packets from all of those defined subnets to 1024kbps, as it seems in the above scenario that if packets from xx.yy.zz.0/24 subnet arrive at the speed of 1024kbps, and at the same time packets are arriving from pp.dd.df.0/23 at 1024kbps the overall would be 2048kbps, which I do not want. Any comments or suggestions on this topic are welcomed. Another question I have is, what is the difference of the burst/buffer being 10kb or 90kb for example? What difference would that make? Regards, -Nikolay Kichukov ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] bandwidth for each individual IP
http://www.ex-parrot.com/~pdw/iftop/ -- Nikolay Datchev On Thu, 3 Feb 2005, Ionut Gogu wrote: Hello! I'm using a Slackware Linux as a router and 50 IP addresses for my LAN Clients. Is there any program i can install that will be able to tell me: how much (ie. kbps) each individual IP is using at moment t? ___ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Inverting filters
How to invert match parameter? Like this: tc filter add dev eth0 protocol ip parent 1: prio 1 u32 \ match ip src 10.20.30.40 \ match ip dst !10.30.0/24 \ match ip dst !10.40.0/24 \ flowid 1:20 ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Shaper & prio qdisc
Hello. Sorry for my poor english =) I have following config for traffic prioritization: tc qdisc add dev eth0 root handle 1: prio tc qdisc add dev eth0 parent 1:1 handle 10: tbf rate 7000kbit buffer 1600 latency 2msec tc qdisc add dev eth0 parent 1:2 handle 20: sfq tc qdisc add dev eth0 parent 1:3 handle 30: tbf rate 3000kbit buffer 1600 latency 50msec tc qdisc add dev eth1 root handle 1: prio tc qdisc add dev eth1 parent 1:1 handle 10: tbf rate 7000kbit buffer 1600 latency 2msec tc qdisc add dev eth1 parent 1:2 handle 20: sfq tc qdisc add dev eth1 parent 1:3 handle 30: tbf rate 3000kbit buffer 1600 latency 50msec Where is 'eth0' is interface connected to backbone network 192.168.0.x/24, and 'eth1' is interface to hub, with network 172.18.x.y/24 I have some filters: tc filter add dev eth0 protocol ip parent 1: prio 1 u32 match ip dport 22 0x flowid 1:1 tc filter add dev eth0 protocol ip parent 1: prio 1 u32 match ip sport 22 0x flowid 1:1 tc filter add dev eth0 protocol ip parent 1: prio 1 u32 match ip sport 80 0x flowid 1:1 tc filter add dev eth0 protocol ip parent 1: prio 1 u32 match ip dport 80 0x flowid 1:1 tc filter add dev eth0 protocol ip parent 1: prio 5 u32 match ip sport 20 0x flowid 1:3 tc filter add dev eth0 protocol ip parent 1: prio 5 u32 match ip dport 20 0x flowid 1:3 and same for eth1. Now i need to add shapers for some client connecting from eth1 via vpn and gain real ip addresses (like 218.33.x.x) I think, it must looks like this: tc qdisc add dev ppp7 root tbf rate 150kbit buffer 1600 latency 10msec it's shape outgoing traffic from client, right? But how to shape incoming traffic? I think, it must be class on eth0 with parent 1:1(tbf qdisc), but tbf is classless, so i need to replace it? For example, with htb. I have 2 questions: a) Which qdisc i should use to replace tbf and save traffic prioritization works? b) Which class i should use for shaping incoming traffic to client? ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Class ID limits
> > I actually have a few questions. First, am I right in assuming this or > > is the reason something totally different? And, if I'm right, is there > > any way around the limit other than creating a new qdisc? I'm trying to > > use a number we have set up in our database and sometimes it goes into > > the 5 digit range. Any help would be greatly appreciated. Thanks! > > Class parameters to tc are hexa numbers so you can use from x:1 to x:, > meaning 65535 classes. > And note that you must supply the classid in hex. Try searching google for a small tool like dec2hex, which converts decimal numbers to hex. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Class ID limits
> And note that you must supply the classid in hex. Try searching google for > a small tool like dec2hex, which converts decimal numbers to hex. > http://improv.sapp.org/doc/examples/improv/tohex/tohex.html This works perfect for me. > > ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Forcing a pppX name
In such cases, when i must set qdiscs on dynamic ppp or tun itnerfaces, i use the ip-up script - since this script receives the remote ip address and the name of device used for the link (and more parameters of course - read man pppd), you can use it to set qdiscs (or do some other cool stuff) on specific connection even if the device number is dynamic. On Mon, 29 Dec 2003 11:36:22 +0100, jurrie.overgoor wrote > Hello everyone, > > Is it possible to 'force a name to' a ppp connection? I have a VPN > server, wich creates ppp connections, and two ADSL ppp connections. > I'd like to have the ADSL connections be called ppp0 and ppp1, and > the VPN connections ppp2 and higher. > > At the moment, I can only achieve this if I connect to the ADSL > lines before starting the VPN server. However, it will screw up if > the second ADSL connection drops, and after that a new VPN > connection is made. The new VPN connection will be called ppp1... > > Jurrie Overgoor > > -- > _ > Snel en voordelig ADSL nu voor iedereen bereikbaar. > Zon Breedband Budget voor EUR 14,95 per maand. > Nu tijdelijk geen aansluitkosten en gratis modem. > Bestel snel op zonnet.nl/breedband > > ___ > LARTC mailing list / [EMAIL PROTECTED] > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ -- Varna.net ISP (http://www.varna.net) ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] trafic shaping with aliases
Think about the four networks like networks, all the four are at the same physical interface - eth1, and aliases doesn't matter. So, you put the root class and qdisc at eth1, create four subclasses for each network, attach qdiscs and create four filters, each filter for one network. -- Nikolay Datchev On Fri, 10 Oct 2003, Aleksandar Simonovski wrote: > Hi, > This is my scenario > >1.- > | >2.- > | <---> HUB <-> ETH1 <--- SHAPER ---> ETH0 <-> INTERNET >3.- > | >4.- > > 1,2,3 and 4 are all different networks > ETH1 has four aliases whic are gateways for 1,2,3 and 4 > can some help me with using HTB or CBQ for limiting the four diferent networks > > 1. 128KBit > 2. 64KBit > 3. 512Kbit > 4. 192KBit > > thaks, > Aleksandar > > ___ > LARTC mailing list / [EMAIL PROTECTED] > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] does tc support mpls ?
I assume that your current ethernet card speed is 100 Mbit/s Just do mii-tool eth0 -A 10BaseT and this will set your card to 10BaseT-only speeds. If you get an error, your card does not support MII. And, at last, this is not the right maillist for this question. -- Nikolay Datchev On Fri, 27 Jun 2003, olagoke Metibemu wrote: > HELLO ALL, > I WILL BE VERY HAPPY IS ANY BODY ON THISLIST CAN TELL ME HOW TO SET MY ETHERNET LAN > SPEED TO 10MBPS ON A REDHAT BOX. > > > THANKS > > > > GOKE > NEWBIE > > Ashutosh Pattanaik <[EMAIL PROTECTED]> wrote: > hi everybody, > i just want to know if tc provides any bandwidth management through the > tc_index field of the sk_buff or the exp bits of the shim header in an mpls > cloud ? if so ,how it is done? > ashutosh. > > ___ > LARTC mailing list / [EMAIL PROTECTED] > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > > > - > Do you Yahoo!? > SBC Yahoo! DSL - Now only $29.95 per month! ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] pfifo scheduler
I'm using successfully all kinds of qdiscs, but i cannot find a solution to limit number of packets in one flow. Is there a way to do this with cbq, htb or tbf ? Not bandwidth in bits per second, but packets per second. Thanks, -- Nikolay Datchev On Sat, 21 Jun 2003, Stef Coene wrote: > On Saturday 21 June 2003 14:56, Nikolay Datchev wrote: > > Hello ppl, > > > > I'm playing with the pfifo scheduler, its simple, and i cannot understand > > what's wrong. So, i have test machine, with one interface eth0, and i want > > to send no more than 3 packets/sec out of that interface, so i do: > > > > tc qdisc add dev eth0 root pfifo limit 3 > > > > And i get pfifo scheduler on eth0 with limit of 3, but it sends as many > > packets per second as it wants, without delay or drop. How can i get it > > throttle if sended more than N packets/sec ? > You can't do this with the pfifo qdisc. You only create a pfifo qdisc that > can hold 3 packets. But that does not mean that it will send 3 packets / > seconds. > Take a look at the htb, cbq or tbf qdisc for limiting bandwidth. > > Stef > > -- > > [EMAIL PROTECTED] > "Using Linux as bandwidth manager" > http://www.docum.org/ > #lartc @ irc.oftc.net > > ___ > LARTC mailing list / [EMAIL PROTECTED] > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] pfifo scheduler
Hello ppl, I'm playing with the pfifo scheduler, its simple, and i cannot understand what's wrong. So, i have test machine, with one interface eth0, and i want to send no more than 3 packets/sec out of that interface, so i do: tc qdisc add dev eth0 root pfifo limit 3 And i get pfifo scheduler on eth0 with limit of 3, but it sends as many packets per second as it wants, without delay or drop. How can i get it throttle if sended more than N packets/sec ? Thanks in advance -- Nikolay Datchev ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Limiting packets/sec
found it, the old good pfifo ;-) (10x alex) -- Nikolay Datchev On Thu, 23 Jan 2003, Nikolay Datchev wrote: > Hello all, > > Anybody knows how to limit not kbits per second but packets per second ? > > Thanks in advance > > -- Nikolay Datchev > > ___ > LARTC mailing list / [EMAIL PROTECTED] > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Limiting packets/sec
Hello all, Anybody knows how to limit not kbits per second but packets per second ? Thanks in advance -- Nikolay Datchev ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Depth-argument for sfq?
http://www.ssi.bg/~alex/esfq/index.html -- Nikolay Datchev On Mon, 6 Jan 2003, Stef Coene wrote: > On Monday 06 January 2003 17:52, Tobias Geiger wrote: > > Steen Suder, privat wrote: > > > I'm not a programmer per se (including C), but... > > > > > > I'd like to be able to give the define in sch_sfq.c (of, say, 2.4.20), > > > SFS_DEPTH other values than 128 as an argument on the tc commandline. It > > > could be powers of two up to 2^7 (128) as it seems that 128 is the > > > current maximum. > > > > > > I'm a little anxious to ask the question "How do I do that?" ;-) > > > Instead I'd like to hear if anyone has done something similar? > > > > AFAIK a qdisc named "esfq" allready exists where you can setup things > > like Depth and other parameter. > > search the mailling-list archive on lartc.org for the URL (last time i > > compilied it was for 2.4.18; i hope they made the code 2.4.20 ready ?) > I have it on the faq page on www.docum.org. > > Stef > > -- > > [EMAIL PROTECTED] > "Using Linux as bandwidth manager" > http://www.docum.org/ > #lartc @ irc.oftc.net > > ___ > LARTC mailing list / [EMAIL PROTECTED] > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] nano.txt
This site is redirected to some other site in ssi.bg domain. Alas, ssi.bg domain is down, changing nameservers' addresses... I'll send you a note when it is up again. -- Nikolay Datchev On Wed, 18 Dec 2002, hare ram wrote: > Hi > > > does any one have this File > seems to be this site is down > http://www.linuxvirtualserver.org/~julian/#routes-2.4 > > thanks > hare > ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
