[LARTC] IMQ KERNEL PANIC 2.6.17.14 AND 2.6.21.1 No chain/target/match by that name

[Salatiel Filho]

After starting to shape local traffic now i am getting a lot of kernel
panics in tcp_retransmit, so i decided to update my kernel from
2.6.17.14 to 2.6.21.1 , the problem is that after that i get:

# iptables -t mangle -A POSTROUTING -o eth0 -j IMQ --todev 0
iptables: No chain/target/match by that name

so i can not redirect ttraffic to IMQ device.


and modules are loaded.
-
# lsmod
Module  Size  Used by
ipt_ipp2p   6656  2
ipt_MASQUERADE  2688  1
sch_sfq 4864  31
cls_u32 6660  8
sch_htb14208  2
ipt_IMQ 1792  0
imq 3592  0
xt_mac  1792  19
ipt_LOG 5504  2
xt_limit2304  2
xt_multiport3200  4
xt_state2176  3
iptable_mangle  2304  1
iptable_nat 6020  1
nf_nat 13996  2 ipt_MASQUERADE,iptable_nat
nf_conntrack_ipv4  12940  5 iptable_nat
nf_conntrack   46584  5
ipt_MASQUERADE,xt_state,iptable_nat,nf_nat,nf_conntrack_ipv4
nfnetlink   4888  3 nf_nat,nf_conntrack_ipv4,nf_conntrack
iptable_filter  2436  1
ip_tables   9560  3 iptable_mangle,iptable_nat,iptable_filter
usbhid 19424  0
uhci_hcd   18836  0
via_rhine  18456  0
3c59x  35820  0

Any help ??


[]'s
Salatiel

O maior prazer do inteligente é bancar o  idiota
  diante de um  idiota que banca o inteligente.
___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] IMQ action

[Andy Furniss]

Nikolay Nikolaev wrote:

Hi.
-j IMQ is equal -j ACCEPT...? i mean it after -j IMQ packet don't return 
in parent chain??? cause -j ACCEPT action accept the packet in the child 
chain and don't return it to parent...

example:

ipt=iptables -t mangle

$ipt -N HTTP
$ipt -A HTTP -j IMQ // after this packet packets go to -t nat tables? 
or // it return to parent chain (PREROUTING) in mangle?


$ipt -N OTHER
$ipt -A OTHER -j IMQ

$ipt -A PREROUTING [expression] -j HTTP
$ipt -A PREROUTING -j OTHER

all this I do for ingress traffic.
thx.


I don't think -j IMQ is terminating as an iptables rule.

Whether it sees packets before / after (de)nat in prerouting depends on 
the kernel config options and gets logged for 2.6s. For 2.4s there is a 
patch to make it hook after nat.


Andy.
___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

[LARTC] IMQ action

[Nikolay Nikolaev]

Hi.
-j IMQ is equal -j ACCEPT...? i mean it after -j IMQ packet don't return 
in parent chain??? cause -j ACCEPT action accept the packet in the child 
chain and don't return it to parent...

example:

ipt=iptables -t mangle

$ipt -N HTTP
$ipt -A HTTP -j IMQ // after this packet packets go to -t nat 
tables? or 		// it return to parent chain (PREROUTING) in mangle?


$ipt -N OTHER
$ipt -A OTHER -j IMQ

$ipt -A PREROUTING [expression] -j HTTP
$ipt -A PREROUTING -j OTHER

all this I do for ingress traffic.
thx.
___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] IMQ + NAT

[Andy Furniss]

Jonas Jasas wrote:

Hello,

I have
eth0 - internet
eth1..4 - local networks
on eth0 i do $IPTABLES -A POSTROUTING -t nat -o eth0 -j MASQUERADE

I want to balance out/in load for eth1..4 and localhost (mainly
squid). Nat makes impossible to do it on eth0, so I installed IMQ. I
need to get to on imq0 unnnated in/out traffic that I could make
priorities for protocols and networks. Do somthing like this:
prate=1Mbit

localhost: rate=500kbit, ceil=prate
vnc: rate=100kbit, ceil=prate
web: rate=100kbit, ceilp=prate
mail: rate=100kbit, ceil=prate
eth1: rate=400kbit, ceil=prate
ftp: rate=10kbit, ceil=prate

eth2..4: rate=100kbit, ceil=prate   (eth2...eth4 would split the same 
100kbit)

rdp: rate=90kbit, ceil=prate
..

This load balance would be applyed for outgoing and incoming internet
traffic. Where and how in iptables would be correct to -j IMQ ?


Whether IMQ hooks before or after NAT is in the kernel config for 2.6 
and needs patches for 2.4.


You need AB = after prerouting, before postrouting (though you could do 
the latter with marks). IMQ logs where it hooks WRT NAT when loaded.


Ingress traffic will be hooked by -j IMQ --todev 0 in PREROUTING mangle, 
egress by -j IMQ --todev 1 in POSTROUTING mangle.


Andy.



___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

[LARTC] IMQ + NAT

[Jonas Jasas]

Hello,

I have
eth0 - internet
eth1..4 - local networks
on eth0 i do $IPTABLES -A POSTROUTING -t nat -o eth0 -j MASQUERADE

I want to balance out/in load for eth1..4 and localhost (mainly
squid). Nat makes impossible to do it on eth0, so I installed IMQ. I
need to get to on imq0 unnnated in/out traffic that I could make
priorities for protocols and networks. Do somthing like this:
prate=1Mbit

localhost: rate=500kbit, ceil=prate
vnc: rate=100kbit, ceil=prate
web: rate=100kbit, ceilp=prate
mail: rate=100kbit, ceil=prate
eth1: rate=400kbit, ceil=prate
ftp: rate=10kbit, ceil=prate

eth2..4: rate=100kbit, ceil=prate   (eth2...eth4 would split the same 100kbit)
rdp: rate=90kbit, ceil=prate
..

This load balance would be applyed for outgoing and incoming internet
traffic. Where and how in iptables would be correct to -j IMQ ?

Thank you!
___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

[LARTC] IMQ slows computer to a crawl

[gypsy]

I am attempting to implement IMQ on a 2.4.31 version kernel with
iptables 1.3.3.

I am following the example at http://www.linuximq.net/usage.html.  When
I enter the line
iptables -t mangle -A POSTROUTING -o eth1 -j IMQ --todev1

(eth1 is the external interface), the computer slows to a crawl.  OK,
the CPU is only an AMD K6 233 which is not the world's greatest CPU, but
egress shaping is done at acceptable speed.

Neither top nor free is any help.  top says the system is using 35% and
user about 1%, with load averages in the range of 0.2x, 0.2x and 0.1x
and top itself is at the top of the list.  free says 3388 free mem and
780 used swap.

Even attaching to a non connected device (change eth1 to eth2 in the
above iptables line) creates this condition!??

Does anyone have any suggestions as to what might cause this huge
slowdown?  How do I troubleshoot this?  I'll have to reimplement
policing if I can't make IMQ work.

Thanks for any assistance.
--
gypsy
___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

[LARTC] IMQ slows computer to a crawl - SOLVED

[gypsy]

gypsy wrote:
 
 I am attempting to implement IMQ on a 2.4.31 version kernel with
 iptables 1.3.3.
 
 I am following the example at http://www.linuximq.net/usage.html.  When
 I enter the line
 iptables -t mangle -A POSTROUTING -o eth1 -j IMQ --todev1
 
 (eth1 is the external interface), the computer slows to a crawl.  OK,
 the CPU is only an AMD K6 233 which is not the world's greatest CPU, but
 egress shaping is done at acceptable speed.
 
 Neither top nor free is any help.  top says the system is using 35% and
 user about 1%, with load averages in the range of 0.2x, 0.2x and 0.1x
 and top itself is at the top of the list.  free says 3388 free mem and
 780 used swap.
 
 Even attaching to a non connected device (change eth1 to eth2 in the
 above iptables line) creates this condition!??
 
 Does anyone have any suggestions as to what might cause this huge
 slowdown?  How do I troubleshoot this?  I'll have to reimplement
 policing if I can't make IMQ work.
 
 Thanks for any assistance.
 --
 gypsy

The answer is that the wrong IMQ device was specified.

I loaded imq with:
modprobe imq numdevs=1

That makes the --todev 0 not 1.  Moreover, I was in the wrong mangle
chain.
WRONG: iptables -t mangle -A POSTROUTING -o eth1 -j IMQ --todev 1
RIGHT: iptables -t mangle -A PREROUTING -i eth1 -j IMQ --todev 0

So much for the documentation at http://www.linuximq.net/usage.html
shrug.  Thanks to http://wiki.nix.hu/cgi-bin/twiki/view/IMQ/WebHome
--
gypsy
___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

[LARTC] IMQ and nfcache

[Andre D. Correa]

Hi, I'm working on the IMQ patch for 2.6.14-rc* and ran in trouble with 
nfcache. I have to be honest that I'm not following kernel devel as I 
should so I need to ask for a little help here. I know Mr Harald Welte 
removed nfcache but I'm not sure about the way to go. I have this at 
net/ipv4/netfilter/ipt-IMQ.c:


static unsigned int imq_target(struct sk_buff **pskb,
  const struct net_device *in,
  const struct net_device *out,
  unsigned int hooknum,
  const void *targinfo,
  void *userdata)
{
   struct ipt_imq_info *mr = (struct ipt_imq_info*)targinfo;

   (*pskb)-imq_flags = mr-todev | IMQ_F_ENQUEUE;
   (*pskb)-nfcache |= NFC_ALTERED;

   return IPT_CONTINUE;
}

I found that in places like ip_conntrack_core.c and ip_nat_core.c, 
nfcache references have just being removed.


Tk in advance for any help.

Cheers...


Andre D. Correa, CISSP |  Visite meus projetos pessoais:
andre.correa (at) pobox.com|  Visit my personal projects:
http://andre.hiperlinks.com.br |  - http://www.malware.com.br/
Sao Paulo / SP / Brazil|  - http://www.linuximq.net/


___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] imq + htb

[Andy Furniss]

choros wrote:

tc filter add dev imq0 parent 10:2 protocol ip prio 1 handle 3 fw 
classid 10:23


The filters need to be on the root - 10: or  you need another filter on 
10: to filter the packets to 10:2.


Andy.
___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] imq + htb

[choros]

Andy Furniss wrote:


choros wrote:

tc filter add dev imq0 parent 10:2 protocol ip prio 1 handle 3 fw 
classid 10:23



The filters need to be on the root - 10: or  you need another filter 
on 10: to filter the packets to 10:2.


Andy.


thanks for your help .  I did what you say and everything seems to be ok..
Jorge
___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

[LARTC] imq + htb

[choros]

Hi, i am running imq + htb on my router , the situation is like this

eth0 = uplink to my provider
eth1 = 1st customer
eth2 = 2nd customer
eth3 = 3th customer

eth0 has limit 512 and i want to share this between eth1 eth2 and eth3 , 
but not working , this is the script i used,

\\\
#!/bin/sh
PATH=/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/sbin:/usr/local/bin

iptables -t mangle -F  2/dev/null
iptables -t mangle -X  2/dev/null
iptables -t mangle -N markov
iptables -t mangle -I PREROUTING -j markov
iptables -t mangle -N markov2
iptables -t mangle -I POSTROUTING -j markov2

tc qdisc del dev imq0 root /dev/null 21
tc qdisc del dev imq1 root /dev/null 21

#bring up the imq0
ip link set dev imq0 up

#marking of  incoming from eth1,eth2,eth3
iptables -t mangle -A markov -i eth1 -j MARK --set-mark 1
iptables -t mangle -A markov -i eth2 -j MARK --set-mark 2
iptables -t mangle -A markov -i eth3 -j MARK --set-mark 3

#forward it to imq0
iptables -t mangle -A PREROUTING -i eth1 -j IMQ --todev 0
iptables -t mangle -A PREROUTING -i eth2 -j IMQ --todev 0
iptables -t mangle -A PREROUTING -i eth3 -j IMQ --todev 0

tc qdisc add dev imq0 root handle 10: htb default 20
tc class add dev imq0 parent 10: classid 10:2 \
htb rate 512Kbit ceil 512Kbit
#
#class for eth1
tc class add dev imq0 parent 10:2 classid 10:21 htb rate 128Kbit ceil 
512Kbit

# mark
tc filter add dev imq0 parent 10:2 protocol ip prio 1 handle 1 fw 
classid 10:21

tc qdisc add dev imq0 parent 10:21 sfq perturb 15
###
# class for eth2
tc class add dev imq0 parent 10:2 classid 10:22 htb rate 128Kbit ceil 
512Kbit

#mark
tc filter add dev imq0 parent 10:2 protocol ip prio 1 handle 2 fw 
classid 10:22

tc qdisc add dev imq0 parent 10:22 sfq perturb 15
#
# class for eth3
tc class add dev imq0 parent 10:2 classid 10:23 htb rate 128Kbit ceil 
512Kbit

#mark
tc filter add dev imq0 parent 10:2 protocol ip prio 1 handle 3 fw 
classid 10:23

tc qdisc add dev imq0 parent 10:23 sfq perturb 15
##
##
# outgoing traffic to eth1,eth2,eth3
#bring up  imq1
ip link set dev imq1 up
#make marks
iptables -t mangle -A markov2 -o eth1 -j MARK --set-mark 21
iptables -t mangle -A markov2 -o eth2 -j MARK --set-mark 22
iptables -t mangle -A markov2 -o eth3 -j MARK --set-mark 23
#forward it to imq1
iptables -t mangle -A POSTROUTING -o eth1 -j IMQ --todev 1
iptables -t mangle -A POSTROUTING -o eth2 -j IMQ --todev 1
iptables -t mangle -A POSTROUTING -o eth3 -j IMQ --todev 1

tc qdisc add dev imq1 root handle 10: htb default 20
tc class add dev imq1 parent 10: classid 10:2  htb rate 512Kbit ceil 512Kbit
##
# class for eth1
tc class add dev imq1 parent 10:2 classid 10:21 htb rate 128Kbit ceil 
512Kbit

# mark
tc filter add dev imq1 parent 10:2 protocol ip prio 1 handle 21 fw 
classid 10:21

tc qdisc add dev imq1 parent 10:21 sfq perturb 15

# class for eth2
tc class add dev imq1 parent 10:2 classid 10:22 htb rate 128Kbit ceil 
512Kbit

#mark
tc filter add dev imq1 parent 10:2 protocol ip prio 1 handle 22 fw 
classid 10:22

tc qdisc add dev imq1 parent 10:22 sfq perturb 15
#
#class for eth3
tc class add dev imq1 parent 10:2 classid 10:23 htb rate 128Kbit ceil 
512Kbit

#mark
tc filter add dev imq1 parent 10:2 protocol ip prio 1 handle 23 fw 
classid 10:23

tc qdisc add dev imq1 parent 10:23 sfq perturb 15
##
##

But the traffic is unshaped, i think maybe somethink wrong with the 
filters becouse  if i do
tc -s class show dev imq0 or imq1 while uploading or downloading traffic 
doesnt get to right
class. If i take look in iptables -t mangle -L -n -v the packets are 
marked well

OUTPUT OF tc -s class show dev imq0
class htb 10:22 parent 10:2 leaf 8026: prio 0 rate 128000bit ceil 
512000bit burst 1615b cburst 1.625Kb

Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
lended: 0 borrowed: 0 giants: 0
tokens: 103424 ctokens: 26624

class htb 10:23 parent 10:2 leaf 8027: prio 0 rate 128000bit ceil 
512000bit burst 1615b cburst 1.625Kb

Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
lended: 0 borrowed: 0 giants: 0
tokens: 103424 ctokens: 26624
\
PARTIAL OUTPUT of iptables -t mangle -L -n -v
Chain markov (1 references)
pkts bytes target prot opt in out source   
destination
  96  8578 MARK   all  --  eth1   *   0.0.0.0/0
0.0.0.0/0   MARK set 0x1
25004   36M MARK   all  --  eth2   * 

[LARTC] imq custom device numbers

[Kajetan Staszkiewicz]

I made some changes to IMQ, so it is now possible to have custom numbers for 
IMQ devices. Useful when working with VLANs. You can get it at 
http://tuxpowered.net/. Readme is on the website. 

-- 
| pozdrawiam / greetings | powered by Trustix, Gentoo and FreeBSD |
|  Kajetan Staszkiewicz  | JID: [EMAIL PROTECTED]  |
|Vegeta  | IMQ devnames: http://tuxpowered.net|
+++
___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

[LARTC] IMQ

[Dariusz Dwornikowski]

ive got such network:


||   |-|
| WORLD  |---|ROUTER/server| -- NATED LAN
||   |-|


I want to use imq on ROUTER, what behaviour to choose ? AA, BA, AB, BB ??





-- 

___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] IMQ

[Andreas Unterkircher]

Dariusz Dwornikowski ([EMAIL PROTECTED]) schrieb:
 I want to use imq on ROUTER, what behaviour to choose ? AA, BA, AB, BB ??

That depends on what you want to do. For example:

*) BA - If you want to have all packets on the IMQ after the nat table - so
you wouldn't see any internal ips anymore on the IMQ device.
*) BB - If you want to have packets with internal ips on the IMQ before the
pass the nat table. But you can't match on your external IP with BB.

Cheers,
Andreas

___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] IMQ

[Dariusz Dwornikowski]

 Dariusz Dwornikowski ([EMAIL PROTECTED]) schrieb:
 I want to use imq on ROUTER, what behaviour to choose ? AA, BA, AB, BB
 ??

 That depends on what you want to do. For example:

 *) BA - If you want to have all packets on the IMQ after the nat table -
 so
 you wouldn't see any internal ips anymore on the IMQ device.
 *) BB - If you want to have packets with internal ips on the IMQ before
 the
 pass the nat table. But you can't match on your external IP with BB.

yes but i want to have two IMQ devices... for outside eth and inside eth



-- 

___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] IMQ

[Andreas Unterkircher]

 yes but i want to have two IMQ devices... for outside eth and inside eth

Ahmm.. don't know what you mean with that. But if you have a external
Interface (ex eth0) on which you want to shape egress and also ingress shaping
you simply do:

ip link set imq0 up
ip link set imq1 up

${IPTABLES} -t mangle -I PREROUTING -i ${EXT_DEV} -j IMQ --todev 0
${IPTABLES} -t mangle -I POSTROUTING -o ${EXT_DEV} -j IMQ --todev 1

and put your QoS on imq0 and imq1...

___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] IMQ

[Dariusz Dwornikowski]

 yes but i want to have two IMQ devices... for outside eth and inside eth

 Ahmm.. don't know what you mean with that. But if you have a external
 Interface (ex eth0) on which you want to shape egress and also ingress
 shaping
 you simply do:

 ip link set imq0 up
 ip link set imq1 up

 ${IPTABLES} -t mangle -I PREROUTING -i ${EXT_DEV} -j IMQ --todev 0
 ${IPTABLES} -t mangle -I POSTROUTING -o ${EXT_DEV} -j IMQ --todev 1

 and put your QoS on imq0 and imq1...

i want to shape traffic for my clients and do not know what behaviour to
choose...
in your example will it be possible to match NATed addresses of my clients ?



-- 

___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] IMQ

[Andreas Unterkircher]

 i want to shape traffic for my clients and do not know what behaviour to
 choose...
 in your example will it be possible to match NATed addresses of my clients ?

you want to match the translated addresses of your clients (- external IP) -
then BA is the correct behaviour.

___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] IMQ

[Dariusz Dwornikowski]

 i want to shape traffic for my clients and do not know what behaviour to
 choose...
 in your example will it be possible to match NATed addresses of my
 clients ?

 you want to match the translated addresses of your clients (- external
 IP) -
 then BA is the correct behaviour.


no i want match their private addresses.
i want imq0 for ext_if and imq1 for internal_if..

so i can traffic shaping on matched NATed ips


-- 

___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] IMQ

[Dariusz Dwornikowski]

 no i want match their private addresses.
 i want imq0 for ext_if and imq1 for internal_if..

 so i can traffic shaping on matched NATed ips

 Oh ok. I was irritated because you say NATed ips - for me this are all
 clients
 after the passed the nat table...

 So you ned BB. IMQ hook before the postrouting table (where your NAT will
 happen) and you have internal addresses on the imq device.



thank you very much.
-- 

___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] IMQ + HTB + little script problem

[Andy Furniss]

s.az wrote:
I want to shape the incoming traffic ( download ) but using only 
fwmark, i know there are other methods, but i want to use this one 
particularly...


So, first i create DOWNLOAD and mark  with 20 all the traffic with 
destination 10.0.0.3 ( eth1 ) incoming from my internet device ( eth0 ).


#$IPTABLES -t mangle -N DOWNLOAD
#$IPTABLES -t mangle -I PREROUTING -i eth0 -j DOWNLOAD
#$IPTABLES -t mangle -A DOWNLOAD -d 10.0.0.3 -p tcp -m tcp -j MARK 
--set-mark 20

#$IPTABLES -t mangle -A DOWNLOAD -j IMQ --todev 0


PREROUTING mangle is before de-nat so you won't see local addresses.
If you really need to use imq then you can get it to hook after 
PREROUTING nat - but you still can't use marks.


If you only want to shape forwarded traffic then you can do it on eth1 
without needing imq. You could mark or CLASSIFY in FORWARD.


If you classify you don't need any filters with htb you can do similar 
with mark and an empty fw filter on the root eg.


$TC filter add dev eth1 parent 1: protocol ip prio 5 fw

then a mark 0x10010 would get sent to class 0x1:10

Andy.
___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

[LARTC] IMQ + HTB + little script problem

[s.az]

I want to shape the incoming traffic ( download ) but using only 
fwmark, i know there are other methods, but i want to use this one 
particularly...


So, first i create DOWNLOAD and mark  with 20 all the traffic with 
destination 10.0.0.3 ( eth1 ) incoming from my internet device ( eth0 ).


#$IPTABLES -t mangle -N DOWNLOAD
#$IPTABLES -t mangle -I PREROUTING -i eth0 -j DOWNLOAD
#$IPTABLES -t mangle -A DOWNLOAD -d 10.0.0.3 -p tcp -m tcp -j MARK 
--set-mark 20

#$IPTABLES -t mangle -A DOWNLOAD -j IMQ --todev 0

Then, i create the QOS rules

$TC qdisc add dev imq0 root handle 1: htb default 10
$TC class add dev imq0 parent 1: classid 1:1 htb rate 128kbit burst 6k
$TC class add dev imq0 parent 1:1 classid 1:10 htb rate 80kbit burst 6k 
prio 1
$TC class add dev imq0 parent 1:1 classid 1:20 htb rate 50kbit burst 6k 
prio 1

$TC qdisc add dev imq0 parent 1:10 handle 10: pfifo
$TC filter add dev imq0 parent 1: protocol ip prio 5 handle 10 fw flowid 
1:10
$TC filter add dev imq0 parent 1: protocol ip prio 6 handle 20 fw flowid 
1:20


This thing does not work. I can't mark the  packets with 20,  but if i 
remove -d 10.0.0.3, the script marks and works but for all the eth1 
device not only one ip. Any Idea?


___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

[LARTC] IMQ on KPTD

[Jarek Poplawski]

Hi!

I would like to thank very much for this great page with Kernel Packet
Traveling Diagram and to suggest small update concerning IMQ.

I think the sentence:

IMQ in input comes before nat so IMQ does not know the real ip address.
Ingress comes after nat, so ingress knows the real ip address.

could be more precise like that:

By default IMQ in PREROUTING comes before nat  and in POSTROUTING after
nat,
so in both cases IMQ knows ip addresses as masqueraded (nated) if it is
used.
This could be changed with kernel parameters IMQ_BEHAVIOR_??.

My opinion is based on IMQ patch by Patrick McHardy from www.linuximq.net.

Best regards,

Jarek Poplawski
___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] IMQ on KPTD

[Samuel Díaz García]

In 2.6 kernel series, the IMQ patch allow you to change this behaviour.
For 2.4 kernels I had seen (some time ago) something about it in IMQ 
faqs or there.

You can changhe this behaviour, but I don't remember now if for 2.4 
kernels were changing some #define in any .c or .h file.

Best regards
Jarek Poplawski wrote:
Hi!
I would like to thank very much for this great page with Kernel Packet
Traveling Diagram and to suggest small update concerning IMQ.
I think the sentence:
IMQ in input comes before nat so IMQ does not know the real ip address.
Ingress comes after nat, so ingress knows the real ip address.
could be more precise like that:
By default IMQ in PREROUTING comes before nat  and in POSTROUTING after
nat,
so in both cases IMQ knows ip addresses as masqueraded (nated) if it is
used.
This could be changed with kernel parameters IMQ_BEHAVIOR_??.
My opinion is based on IMQ patch by Patrick McHardy from www.linuximq.net.
Best regards,
Jarek Poplawski
___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

--
   Samuel Díaz García
Director Gerente
ArcosCom Wireless, S.L.L.
mailto:[EMAIL PROTECTED]
http://www.arcoscom.com
Móvil: 651 93 72 48
Tlfn.: 956 70 13 15
Fax:   956 70 34 83
begin:vcard
fn;quoted-printable:Samuel D=C3=ADaz Garc=C3=ADa
n;quoted-printable:D=C3=ADaz Garc=C3=ADa;Samuel
org:ArcosCom Wireless, S.L.L.;I+D+I
adr;quoted-printable;quoted-printable:;;c/ Romero Gago, 19;Arcos de la Frontera;C=C3=A1diz;11630;Espa=C3=B1a
email;internet:[EMAIL PROTECTED]
title:Director Gerente
tel;work:956 70 13 15
tel;fax:956 70 34 83
tel;cell:651 937 248
x-mozilla-html:FALSE
url:http://www.arcoscom.com
version:2.1
end:vcard

___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] IMQ: why do I need IMQ ?

[Radu CUGUT]

OK, i've got the ideea. 
In conclusion if i have a simple:

LAN --- router --- WAN

i don't need IMQ stuff :)

thanks

bye




-- 


Radu Cugut

mobile: +40 742 045686
web:http://rcugut.has.it
___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

[LARTC] IMQ device support in tcng language??

[vinay mathew]

Hi,
I would like to ask whether there is support for the
interface imq in the tcng language thats used for easy
traffic control configuration instead of the tc
command line tool.
eg: dev imq0{
 egress{}
}
Thanx and kind regards
vinay



__ 
Do you Yahoo!? 
Meet the all-new My Yahoo! - Try it today! 
http://my.yahoo.com 
 

___
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] IMQ with IPSec

[David Hajek]

Hi,

I would like to shape incomming traffic on eth0 and ipsec0 (binded to eth0).
I need to set minimal bandwidth to some packets going via ipsec0
interface.

It is running fine when I simply mark the ESP (protocol 50) packets in the
PREROUTING chain - means all ipsec packets are shaped.
Like:
iptables -t mangle -A PREROUTING -i eth0 -p 50 -j MARK --set-mark 30
iptables -t mangle -A PREROUTING -i eth0 -p 50 -j RETURN


The issue I'm dealing with is how can I mark packets based on internal
destinantion/source IP in PREROUTING chain when it is
encrypted ipsec packet. I can see the ipsec packet decrypted in FORWARD
chain, but will that work correctly with IMQ, when I mark it here?

Thanks,
David

___
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] imq config

[zytek]

Dnia pitek 10 wrzesie 2004 05:22, Joel n.solanki napisa:
 Hello Andre...
 this is the scenario

 My linux router is connected to 1 Mbps leased line. Out of which i only
 want to use 100 kbps for my broadband clients.



 Linux router(100 kbps class 1:101(40kbps)   class 1:102(40kbps)
   class 1:103(50kbps)
   class 1:104(30kbps)
   class 1:105(20kbps)
   lot of similar class


 But the total bandwidth linux should serve should be 100 kbps nothing
 more than that. I means i want global limit on server.Hope u understand
 the scenario. Is is possible???

Of course and it seems that you didn't read LARTC! :D

Like Andre said - make a parent class with 100kbps and all other classes 
should be it's childs. Then it would work it the way you want it.

-- 
.: Jakub Gazik (zytek)
.: email:[EMAIL PROTECTED]
.: JID:[EMAIL PROTECTED]
.: http://www.misiaj.sie.pl [obsolete]
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] imq config

[Andre Correa]

Hi Joel, you didn't told us details about your scenario or special needs 
  but to me you don't look like a candidate for IMQ. It is ment to be 
used when you need to set global defaults or when you need to use egress 
filter features on ingress traffic.

Based in your message I supose that a qdisc of 100Kbps and child qdiscs 
of 50 or 60Kbps would do what you need. This way it will restrict 
traffic to 100Kbps and child classes will borrow from each other when 
possible, but never higher then their parent.

Hope it helps...
Andre
Joel n.solanki wrote:
Dear all,
I know this is not imq mailing list. But many of the users over here
have done exactly what i want.
Requirement:- I want to tight bound eth1 for 100 kbps
but after i want to create many classes of 64 kbps or 50 kbps and
others. But the total sum of classes is more than 100 kbps so my eth1 is
not restrciting total bandwidth at 100kbps.
According to search on google imq is the solution.
So any body over here have done this type of configuration.
if any plz give me some little examples.
I have already patched and compiled the imq and kernel.
Now need to configure imq.
Any help ???
Regards,
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] imq config

[Joel n.solanki]

Hello Andre...
this is the scenario

My linux router is connected to 1 Mbps leased line. Out of which i only
want to use 100 kbps for my broadband clients.



Linux router(100 kbps class 1:101(40kbps)   class 1:102(40kbps)
class 1:103(50kbps)
class 1:104(30kbps)
class 1:105(20kbps)
lot of similar class


But the total bandwidth linux should serve should be 100 kbps nothing
more than that. I means i want global limit on server.Hope u understand
the scenario. Is is possible???

thanks,



On Thu, 2004-09-09 at 22:24, Andre Correa wrote:
 Hi Joel, you didn't told us details about your scenario or special needs 
but to me you don't look like a candidate for IMQ. It is ment to be 
 used when you need to set global defaults or when you need to use egress 
 filter features on ingress traffic.
 
 Based in your message I supose that a qdisc of 100Kbps and child qdiscs 
 of 50 or 60Kbps would do what you need. This way it will restrict 
 traffic to 100Kbps and child classes will borrow from each other when 
 possible, but never higher then their parent.
 
 Hope it helps...
 
 Andre
 
 
 Joel n.solanki wrote:
  Dear all,
  
  I know this is not imq mailing list. But many of the users over here
  have done exactly what i want.
  
  Requirement:- I want to tight bound eth1 for 100 kbps
  but after i want to create many classes of 64 kbps or 50 kbps and
  others. But the total sum of classes is more than 100 kbps so my eth1 is
  not restrciting total bandwidth at 100kbps.
  
  According to search on google imq is the solution.
  
  So any body over here have done this type of configuration.
  if any plz give me some little examples.
  
  I have already patched and compiled the imq and kernel.
  Now need to configure imq.
  
  Any help ???
  
  Regards,
 
 ___
 LARTC mailing list / [EMAIL PROTECTED]
 http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
-- 
Joel N.Solanki
Network Administrator
Phone No: 0265-550001/2/3/4/5 Ext: 211/212
Digtial 2 Virtual Internet Service Provider.
http://www.packetraptor.com/
http://www.d2visp.com/
Gujarat (India)



___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] imq config

[Joel n.solanki]

Dear all,

I know this is not imq mailing list. But many of the users over here
have done exactly what i want.

Requirement:- I want to tight bound eth1 for 100 kbps
but after i want to create many classes of 64 kbps or 50 kbps and
others. But the total sum of classes is more than 100 kbps so my eth1 is
not restrciting total bandwidth at 100kbps.

According to search on google imq is the solution.

So any body over here have done this type of configuration.
if any plz give me some little examples.

I have already patched and compiled the imq and kernel.
Now need to configure imq.

Any help ???

Regards,
-- 
Joel N.Solanki
Network Administrator
Phone No: 0265-550001/2/3/4/5 Ext: 211/212
Digtial 2 Virtual Internet Service Provider.
http://www.packetraptor.com/
http://www.d2visp.com/
Gujarat (India)



___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] IMQ on 2.6.x + iptraf = problem

[Andre Correa]

Hi Bety, a problem like this was reported on IMQ mailling list a couple 
of weeks ago. It is still pending review but it must be somehow related 
  to iptraf. :-|

I'm sorry for not being able to give you some positive advice on it 
for now.

Tks for reporting this issue. If you need assistance feel free to write 
me privately or to join our list at www.linuximq.net

Cheers
Andre

[EMAIL PROTECTED] wrote:
Does anybody have the following problem?
Affected:
IMQ interfaces with --todev target on PREROUTING chain
appear only on 2.6.x kernels (2.4.x working good)
Counters on PREROUTING chain working good (with iptraf sniffing on any
interface), but imq interfaces lost TCP packets which are forwarded from the
internet to the network behind router (only TCP; the rest of traffic like
icmp, udp is ok).
Try to make two imq interfaces on your internet interface and download file
(via ftp, www or somtging else),  NOT from your internet router but from
computer behind NAT (behind router) and then enable iptraf. Because for
router traffic everything working fine.
your computer --- router (with nat, imq and iptraf) --- imq0, and imq1 ---
internet interface --- Internet
configuration:
  iptables -F
  iptables -X
  iptables -Z
  iptables -F -t nat
  iptables -X -t nat
  iptables -F -t mangle
  iptables -X -t mangle
  iptables -P FORWARD ACCEPT
  iptables -P INPUT ACCEPT
  iptables -P OUTPUT ACCEPT
iptables -t nat -A POSTROUTING -s $i -o $INTERNET_ETH -d 0/0 -j SNAT --to
$INTERNET_IP
  # Download
iptables -t mangle -A PREROUTING -i $INTERNET_ETH -j IMQ --todev 0
  # Upload
iptables -t mangle -A POSTROUTING -o $INTERNET_ETH -j IMQ --todev 1
ip link set imq0 up
ip link set imq1 up
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] imq patch question

[adi]

hello list,

i have a small question regarding the imq patch from www.linuximq.net
by default it makes only 2 devices. how can i add interfaces (imqX)?

applying the patch to a linux kernel doesn't let me build it as a module.

thanks in advance,
adrian
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] IMQ on 2.6.x + iptraf = problem

[bety1]

Does anybody have the following problem?


Affected:
IMQ interfaces with --todev target on PREROUTING chain
appear only on 2.6.x kernels (2.4.x working good)

Counters on PREROUTING chain working good (with iptraf sniffing on any
interface), but imq interfaces lost TCP packets which are forwarded from the
internet to the network behind router (only TCP; the rest of traffic like
icmp, udp is ok).

Try to make two imq interfaces on your internet interface and download file
(via ftp, www or somtging else), NOT from your internet router but from
computer behind NAT (behind router) and then enable iptraf. Because for
router traffic everything working fine.

your computer --- router (with nat, imq and iptraf) --- imq0, and imq1 ---
internet interface --- Internet

configuration:
 iptables -F
 iptables -X
 iptables -Z
 iptables -F -t nat
 iptables -X -t nat
 iptables -F -t mangle
 iptables -X -t mangle

 iptables -P FORWARD ACCEPT
 iptables -P INPUT ACCEPT
 iptables -P OUTPUT ACCEPT

iptables -t nat -A POSTROUTING -s $i -o $INTERNET_ETH -d 0/0 -j SNAT --to
$INTERNET_IP

 # Download
 iptables -t mangle -A PREROUTING -i $INTERNET_ETH -j IMQ --todev 0

 # Upload
 iptables -t mangle -A POSTROUTING -o $INTERNET_ETH -j IMQ --todev 1

ip link set imq0 up
ip link set imq1 up

Re: [LARTC] imq question

[Alin Nonosel]

Hmm.. After a few hour of reading and testing 
finally it's working. IMQ upload limiting and tc with ip filter. What do you 
mean by that? It is working.. And so far seems stable..


  - Original Message - 
  From: 
  Roy 
  To: Alin Nonosel ; [EMAIL PROTECTED] 
  Sent: Monday, August 23, 2004 6:45 
  AM
  Subject: Re: [LARTC] imq question
  
  You cant shape router upload or imq will 
  crash.
  also that imq will not be able to shape traffic 
  per each loacal ip with filters,but you can easily mark packets with 
  iptables in forward of prerouting chain.
  
  
  
  
- Original Message - 
From: 
Alin Nonosel 
To: [EMAIL PROTECTED] 
Sent: Tuesday, August 24, 2004 1:32 
AM
Subject: [LARTC] imq question

Hi

I've a stupid question. How can I shape upload 
using IMQ?
Instead of putting a rule in iptables in 
PREROUTING should i use POSTROUTING?
And another question is, can I make routing 
rule based on ip addresses assigned by iptables to an imq device?The 
idea is, let's say i have some rules in iptables like: -t mangle -A 
PREROUTING -s 192.168.0.0/16 -j IMQ --todev 0
Can i route this class thru another ip, 
something like fwmark is doing? with iptables marking the packets and ip 
rule fwmark?

Best regards,
Alin

Re: [LARTC] imq question

[Roy]

You cant shape router upload or imq will 
crash.
also that imq will not be able to shape traffic per 
each loacal ip with filters,but you can easily mark packets with iptables 
in forward of prerouting chain.




  - Original Message - 
  From: 
  Alin Nonosel 
  To: [EMAIL PROTECTED] 
  Sent: Tuesday, August 24, 2004 1:32 
  AM
  Subject: [LARTC] imq question
  
  Hi
  
  I've a stupid question. How can I shape upload 
  using IMQ?
  Instead of putting a rule in iptables in 
  PREROUTING should i use POSTROUTING?
  And another question is, can I make routing rule 
  based on ip addresses assigned by iptables to an imq device?The idea is, 
  let's say i have some rules in iptables like: -t mangle -A PREROUTING -s 
  192.168.0.0/16 -j IMQ --todev 0
  Can i route this class thru another ip, something 
  like fwmark is doing? with iptables marking the packets and ip rule 
  fwmark?
  
  Best regards,
  Alin
  

[LARTC] Imq implimentation

[ibro tj]

hello all,
i intend to implimentJiri Fojtasek's imq implimentation here http://hyperfighter.jinak.cz/qos/ on my Linux shaper for production use,I will like to ask if people have implimented it and find it stable and useful as stated in the site.

My bandwidth manager will have 3 interfaces , eth0 -internet(live ip, bridged with eth1), eth1(live ip bridged w eth0),  eth2 -lan(local ip) . eth0 and eth1 arebridge ports.

I have implimented a shaper over bridged interface before and it is ok.But i was using just 2 interfaces then, now I want to use 3 interfaces.

I have read in the lartc that to impliment multiple interface BWM with linux, one must use an IMQ device- I do not know if there is another method?

So if anybody has implimented the scenario in the Jirii's site or the one i described above using other method(s) other that imq,may he intimate me with a sample script to get started as I am yet to fully understand the internal workings of imq device.

Thanks,

IbrahimT
		Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!

[LARTC] imq contact

[Stefanos Harhalakis]

Hi there,

  I'm trying to contact imq maintainers but there is no contact address in 
www.linuximq.net. There is only a yahoo group but I don't have a yahoo 
account and it seems it doesn't like me a lot (it refused to create a new 
account).

  Anyone knows an email address for any IMQ developer? Its about an IMQ patch 
submission.

V13
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] imq contact

[Horst Graffy]

Am Sonntag, 8. August 2004 18:41 schrieb Stefanos Harhalakis:
 Hi there,

   I'm trying to contact imq maintainers but there is no contact address in
 www.linuximq.net. There is only a yahoo group but I don't have a yahoo
 account and it seems it doesn't like me a lot (it refused to create a new
 account).

   Anyone knows an email address for any IMQ developer? Its about an IMQ
 patch submission.
try Andre Correa [EMAIL PROTECTED]

 V13
 ___
 LARTC mailing list / [EMAIL PROTECTED]
 http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] IMQ htb question

[Mihai Tanasescu]

Hello,
I've just recently started to use IMQ and I got puzzled after seeing the 
imq usage example on the linuximq.net site:

It was something like this:
tc qdisc add dev imq0 handle 1: root htb default 1
tc class add dev imq0 parent 1: classid 1:1 htb rate 1mbit
tc qdisc add dev imq0 parent 1:1 handle 10: htb default 5
tc class add dev imq0 parent 10: classid 10:1 htb rate 256kbit burst 30k 
prio 1

and I tried the following (like in the classic htb examples from lartc) 
and it worked:

tc qdisc add dev imq0 handle 1: root htb default 99
tc class add dev imq0 parent 1: classid 1:1 htb rate 1mbit
tc class add dev imq0 parent 1:1 classid 1:10 htb rate 100kbit
tc class add dev imq0 parent 1:1 classid 1:99 htb rate  900kbit
tc qdisc add dev imq0 parent 1:10 handle 100 sfq perturb 10
tc qdiisc add dev imq0 parent 1:99 handle 9 sfq perturb 10
Can someone help me understand the first example and why would someone 
create a root qdisc that redirects all traffic to a class and then 
instead of attaching child classes to that class,  one would create a 
qdisc associated with that class and then attach the child classes to it.


___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] IMQ htb question

[Andre Correa]

Mihai, there is no need to make it like that: 
qdisc-class-qdisc-client_classes ... this is just an example, not 
something that have to be followed.

A possible use for a setup like that would be to have another qdisc 
child from 1:1 using CBQ for example, not HTB, and then child classes to 
attach clients.

Regarding queue disciplines and classes, IMQ devices have no diferences 
from common ethX devices. The same structures and rules apply.

So, don't get lost on it and keep doing it the way you use to. Anyway 
I'll simplify that example.

You just should pay attention to the iptables stuff to redirect your 
traffic to the IMQ device.

Good luck!
Andre

Mihai Tanasescu wrote:
Hello,
I've just recently started to use IMQ and I got puzzled after seeing the 
imq usage example on the linuximq.net site:

It was something like this:
tc qdisc add dev imq0 handle 1: root htb default 1
tc class add dev imq0 parent 1: classid 1:1 htb rate 1mbit
tc qdisc add dev imq0 parent 1:1 handle 10: htb default 5
tc class add dev imq0 parent 10: classid 10:1 htb rate 256kbit burst 30k 
prio 1

and I tried the following (like in the classic htb examples from lartc) 
and it worked:

tc qdisc add dev imq0 handle 1: root htb default 99
tc class add dev imq0 parent 1: classid 1:1 htb rate 1mbit
tc class add dev imq0 parent 1:1 classid 1:10 htb rate 100kbit
tc class add dev imq0 parent 1:1 classid 1:99 htb rate  900kbit
tc qdisc add dev imq0 parent 1:10 handle 100 sfq perturb 10
tc qdiisc add dev imq0 parent 1:99 handle 9 sfq perturb 10
Can someone help me understand the first example and why would someone 
create a root qdisc that redirects all traffic to a class and then 
instead of attaching child classes to that class,  one would create a 
qdisc associated with that class and then attach the child classes to it.


___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] IMQ + natin PREROUTING - it is almost 2 years since patch....

[Andre Correa]

In fact we've being discussing lately at linuximq.net mailling list this 
subject and what would be the best way to enable this behavior change 
automatically.

There is no problem on changing where IMQ hooks, after or before NAT for 
example, not that we found until now.

The matter is what should be done to enable the selection of behaviors 
without needing to apply a patch or change the code itself. For IMQ as 
module I've thought about passing a parameter, but if it is compiled in 
the kernel what could be the way? Something in the /proc???

It should be possible to select from 4 diferent situations:
PREROUTING POSTROUTING
-
 1  IMQ after NAT  IMQ after NAT
 2  IMQ before NAT IMQ after NAT
 3  IMQ after NAT  IMQ before NAT
 4  IMQ before NAT IMQ before NAT
Any ideas are welcome.
tks
Andre

pljosh wrote:
Hello there!
I was reading this archive:
http://mailman.ds9a.nl/pipermail/lartc/2002q3/004725.html
It was almost two years ago when Patrick wrote a patch to switch IMQ 
with nat in PREROUTING chain...

 From www.linuximq.org I've downloaded newset IMQ driver for 2.4.26 and 
what can i see? The line that Patrick changed in that patch is still as 
it was in previous relases.

Are there some side-effects or something that this patch wasent applied 
to official imq?

-josh
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] IMQ + natin PREROUTING - it is almost 2 years since patch....

[pljosh]

Hello there!
I was reading this archive:
http://mailman.ds9a.nl/pipermail/lartc/2002q3/004725.html
It was almost two years ago when Patrick wrote a patch to switch IMQ 
with nat in PREROUTING chain...

From www.linuximq.org I've downloaded newset IMQ driver for 2.4.26 and 
what can i see? The line that Patrick changed in that patch is still as 
it was in previous relases.

Are there some side-effects or something that this patch wasent applied 
to official imq?

-josh
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] IMQ stability

[Andre Correa]

Hi Damion, the original IMQ implementation is under development by a 
group of people working at www.linuximq.net . There you'll find patchs 
for the lastest kernels and iptables, a simple FAQ and a mailling list.

IMQ is being used by a lot of people in diferent environments. Some of 
then, like mine, are production with a large bandwidth being shaped.

There are some known problem and we've being working on then. Two known 
issues are: some hangs trying to shape locally generated traffic and 
some rmmod problems on 2.6.

The 2.6 version of IMQ is just a port of the original 2.4 version.
I would like to invite you to join our mailling list and give IMQ a try. 
Right now it is more stable then people have being saying around and 
there are some guys working on it, releasing patchs for latest kernels 
and iptables and looking to its future.

Good luck.
Andre
Damion de Soto wrote:
Hi,
I've never actually even tried to use the IMQ device before,
but I've watched the emails go back and forth on various problems 
associated with it, and what looks like some general instability.

How stable is it really ?  Is it suitable for full-time use on a large 
number of routers ?
Has anyone used it on ipsec0 + eth0 devices for shaping ?

and lastly, any difference between the IMQ implementation on 2.4, and 
that on 2.6 ?
Are they both still being developed ?

thanks,
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] IMQ stability

[Damion de Soto]

Hi,
I've never actually even tried to use the IMQ device before,
but I've watched the emails go back and forth on various problems associated with it, 
and what looks like some general instability.

How stable is it really ?  Is it suitable for full-time use on a large number of 
routers ?
Has anyone used it on ipsec0 + eth0 devices for shaping ?

and lastly, any difference between the IMQ implementation on 2.4, and that on 2.6 ?
Are they both still being developed ?
thanks,
--
~~~
Damion de Soto - Software Engineer  email: [EMAIL PROTECTED]
SnapGear - A CyberGuard Company ---ph: +61 7 3435 2809
 | Custom Embedded Solutions  fax: +61 7 3891 3630
 | and Security Appliancesweb: http://www.snapgear.com
~~~
 ---  Free Embedded Linux Distro at   http://www.snapgear.org  ---
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] IMQ compile procedure ??

[Andre Correa]

Hi Andres, I'm sorry for not being able to contact you before but this 
week was full of new problems. Regarding IMQ compilation I would like to 
point you to our web site where you can get new patchs, find a quick 
updated FAQ and our mailling list.

http://www.linuximq.net/
There we have all the patchs needed and keep then up-to-date with latest 
 kernels.

In you senario, kernel 2.4.26 and iptables 1.2.9, you need to:
- patch your kernel using: 
http://www.linuximq.net/patchs/linux-2.4.24-imq.diff
- configure it to enable IMQ.
- recompile and install the new kernel as usual

- patch iptables: we've discontinued that patch-o-matic patch in favor 
of an iptables sources patch directly:
http://www.linuximq.net/patchs/IMQ.pom-ng.patch
- then recompile and install iptables as usual. Be sure that 
libtipt_IMQ.so is installed by make install in the apropriate directory.

That is all. If you need any help feel free to join our mailling list.
http://groups.yahoo.com/group/linuximq
Good luck!
Andre

ThE LinuX_KiD wrote:
Hi Guys,
I'm trying to compile IMQ with kernel-2.4.26 and iptables-1.2.9
and I want to know is this procedure is correct:

- In Kernel 2.4.26 Directory  (/usr/src/linux)
# cd /usr/src/linux
# wget http://www.linuximq.net/patchs/linux-2.4.24-imq.diff
# patch -p1  linux-2.4.24-imq.diff
- In  Patch O Matic Directory (/usr/local/src/Patch-o-Matic)

# cd /usr/local/src/Patch-o-Matic
# wget http://www.linuximq.net/patchs/pom-20030625.diff
# patch -p1  pom-20030625.diff
- In IP Tables 1.2.9 Directory
	***
	HERE (I DON'T KNOW WHY), I NEED TO CHANGE DIRECTORY NAME: 
	***

# mv /usr/local/src/iptables-1.2.9   mv /usr/local/src/userspace
- Patch o Matic in action...
	# cd /usr/local/src/Patch-o-Matic
	# ./runme --batch userspace/IMQ.patch
	# ./runme --batch userspace/IMQ.patch.ipv6
	# chmod 0755 ../userspace/extensions/.IMQ*
	# ./runme userspace/IMQ.patch   
	# ./runme  --batch extra/CONNMARK.patch

- Next, compile Kernel
- Next, recompile IP Tables... and that is all (?)

Andres...
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] IMQ NAT

[Joan Fuster Monzó]

Hi all, my IMQ device works OK (thanks to Andy Furniss), but now I've
problems to attach the traffic in the qdisc's. This is my conf:

---
INET
 |
 |eth0  300Kbps
ROUTER (NAT)
 |eth1
 |
LAN
---

MAX=300

tc qdisc add dev imq0 root handle 1: htb default 13
   

tc class add dev imq0 parent 1: classid 1:1 htb rate ${MAX}kbit ceil
${MAX}kbit
   

tc class add dev imq0 parent 1:1 classid 1:10 htb rate 60kbit ceil
${MAX}kbit prio 0
tc class add dev imq0 parent 1:1 classid 1:11 htb rate 40kbit ceil
${MAX}kbit prio 1
tc class add dev imq0 parent 1:1 classid 1:12 htb rate 100kbit ceil
${MAX}kbit prio 2
tc class add dev imq0 parent 1:1 classid 1:13 htb rate 100kbit ceil
${MAX}kbit prio 3
   

tc qdisc add dev imq0 parent 1:10 handle 100: sfq
tc qdisc add dev imq0 parent 1:11 handle 110: sfq
tc qdisc add dev imq0 parent 1:12 handle 120: sfq
tc qdisc add dev imq0 parent 1:13 handle 130: sfq
   

tc filter add dev imq0 parent 1:0 protocol ip prio 1 handle 1 fw classid
1:10
tc filter add dev imq0 parent 1:0 protocol ip prio 2 handle 2 fw classid
1:11
tc filter add dev imq0 parent 1:0 protocol ip prio 3 handle 3 fw classid
1:12
tc filter add dev imq0 parent 1:0 protocol ip prio 4 handle 4 fw classid
1:13

ip link set imq0 up

iptables -t mangle -A PREROUTING -i eth0 -j IMQ --todev 0
   

#ICMP  
   
iptables -t mangle -A PREROUTING -i eth0 -p icmp -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -i eth0 -p icmp -j RETURN
   

#SSH   
   
iptables -t mangle -A PREROUTING -i eth0 -p tcp  --dport 22 -j MARK
--set-mark 1
iptables -t mangle -A PREROUTING -i eth0 -p tcp  --dport 22 -j RETURN

...


I've patched the IMQ with the imq-nat patch, but all traffic goes to
1:13

#tc -s class show dev imq0
-
...

class htb 1:13 parent 1:1 leaf 130: prio 3 rate 100Kbit ceil 300Kbit
burst 1727b cburst 1983b
 Sent 8981846847 bytes 18055130 pkts (dropped 99, overlimits 0)
 lended: 8947767 borrowed: 9107363 giants: 0
 tokens: 136320 ctokens: 52265
 
class htb 1:12 parent 1:1 leaf 120: prio 2 rate 100Kbit ceil 300Kbit
burst 1727b cburst 1983b
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
 lended: 0 borrowed: 0 giants: 0
 tokens: 138240 ctokens: 52905

---

What happens?? I'm newbie in IMQ... Sorry for the long text ;) Thanks
for the help!!

Joan


signature.asc
Description: Esta parte del mensaje =?ISO-8859-1?Q?est=E1?= firmada	digitalmente

Re: [LARTC] IMQ driver kernel options

[Andre Tomt]

Cord Buhlert wrote:
Hi,
i tried to insmod the imq.o module from http://pupa.da.ru/imq after a
successful compile, but it thows this error:
 
  insmod imq.o
 imq.o: unresolved symbol nf_unregister_hook
 imq.o: unresolved symbol nf_register_hook
 

I think I have some kernel options disabled, does anyone know which
one(s)? 
Try loading it with modprobe instead, it tries to resolve the 
dependencies for you.
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] IMQ driver amp; kernel options

[Roy]

which kernel you use?

it is either possible that your kernel source is diferent from running
kernel
ot you
have somethingn wron with netfilter
are you sute you compiled iptables into kernel? preferably NOT as module.



- Original Message - 
From: Cord Buhlert [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, April 02, 2004 3:05 PM
Subject: [LARTC] IMQ driver amp; kernel options


 Hi,
 i tried to insmod the imq.o module from http://pupa.da.ru/imq after a
 successful compile, but it thows this error:

   insmod imq.o
  imq.o: unresolved symbol nf_unregister_hook
  imq.o: unresolved symbol nf_register_hook


 I think I have some kernel options disabled, does anyone know which
 one(s)?


 Thanks
 cord
 ___
 LARTC mailing list / [EMAIL PROTECTED]
 http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/


___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] IMQ iptables 1.2.9

[Joan Fuster Monzó]

Hi all, I found in http://trash.net/~kaber/imq/index.html#sources the
precompiled iptables shared libs for 1.2.6  1.2.5, but my version is
1.2.9 (in Debian Sid) and I don't know how to patch the .deb file. I
need the -j IMQ target... ¿What can I do?

Thanks!


signature.asc
Description: Esta parte del mensaje =?ISO-8859-1?Q?est=E1?= firmada	digitalmente

Re: [LARTC] IMQ patch for 2.6.3 kernel

[The Codrinus]

Marc,
I've just upgraded my kernel to 2.6.3 with the IMQ patch and it seems to 
be fine until now.

Thanks alot,
Codrin.

On Fri, 5 Mar 2004, Marc-Christian Petersen wrote:

 On Friday 05 March 2004 00:00, The Codrinus wrote:
 
 Hi Codrin,
 
  I downloaded the latest imq patch for 2.6.x kernels from
  http://www.linuximq.net/patchs/linux-2.6.2-imq-4.diff
  I successfully applied the patch but when compiling IMQ I get the
  following error messages:
  What might be the problem ?
 that patch is b0rked. Use attached one.
 
 --
 ciao, Marc
 
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] IMQ patch for 2.6.3 kernel

[Andre Correa]

Sorry, but the patch is not broken. It compiles without errors. You just 
have to choose the right options in your config:

CONFIG_IP_NF_TARGET_IMQ=y
and
CONFIG_IMQ=y
and avoid using modules.

Andre

Marc-Christian Petersen wrote:
On Friday 05 March 2004 00:00, The Codrinus wrote:

Hi Codrin,


I downloaded the latest imq patch for 2.6.x kernels from
http://www.linuximq.net/patchs/linux-2.6.2-imq-4.diff
I successfully applied the patch but when compiling IMQ I get the
following error messages:
What might be the problem ?
that patch is b0rked. Use attached one.

--
ciao, Marc


# 2.6.3-WOLK1.1

# Patch from: http://www.linuximq.net/

# Build fixes: me

diff -urN linux-2.6.orig/drivers/net/Kconfig linux-2.6.new/drivers/net/Kconfig
--- linux-2.6.orig/drivers/net/Kconfig	2004-01-21 19:33:36.0 +0100
+++ linux-2.6.new/drivers/net/Kconfig	2004-01-25 15:08:20.0 +0100
@@ -85,6 +85,20 @@
 	  To compile this driver as a module, choose M here: the module
 	  will be called eql.  If unsure, say N.
 
+config IMQ
+	tristate IMQ (intermediate queueing device) support
+	depends on NETDEVICES  NETFILTER
+	---help---
+	  The imq device(s) is used as placeholder for QoS queueing disciplines.
+	  Every packet entering/leaving the ip stack can be directed through
+	  the imq device where it's enqueued/dequeued to the attached qdisc.
+	  This allows you to treat network devices as classes and distribute
+	  bandwidth among them. Iptables is used to specify through which imq
+	  device, if any, packets travel.
+
+	  To compile this driver as a module, choose M here: the module
+	  will be called imq.  If unsure, say N.
+
 config TUN
 	tristate Universal TUN/TAP device driver support
 	depends on NETDEVICES
diff -urN linux-2.6.orig/drivers/net/Makefile linux-2.6.new/drivers/net/Makefile
--- linux-2.6.orig/drivers/net/Makefile	2004-01-21 19:33:36.0 +0100
+++ linux-2.6.new/drivers/net/Makefile	2004-01-25 15:08:20.0 +0100
@@ -110,6 +110,7 @@
 endif
 
 obj-$(CONFIG_DUMMY) += dummy.o
+obj-$(CONFIG_IMQ) += imq.o
 obj-$(CONFIG_DE600) += de600.o
 obj-$(CONFIG_DE620) += de620.o
 obj-$(CONFIG_AT1500) += lance.o
diff -urN linux-2.6.orig/drivers/net/imq.c linux-2.6.new/drivers/net/imq.c
--- linux-2.6.orig/drivers/net/imq.c	1970-01-01 01:00:00.0 +0100
+++ linux-2.6.new/drivers/net/imq.c	2004-01-25 15:08:51.0 +0100
@@ -0,0 +1,323 @@
+/*
+ * Pseudo-driver for the intermediate queue device.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ *
+ * Authors:Patrick McHardy, [EMAIL PROTECTED]
+ *
+ * 	   The first version was written by Martin Devera, [EMAIL PROTECTED]
+ *
+ * Credits:Jan Rafaj [EMAIL PROTECTED]
+ *  - Update patch to 2.4.21
+ * Sebastian Strollo [EMAIL PROTECTED]
+ *  - Fix Dead-loop on netdevice imq-issue
+ * Marcel Sebek [EMAIL PROTECTED]
+ *  - Update to 2.6.2-rc1
+ */
+
+#include linux/config.h
+#include linux/module.h
+#include linux/kernel.h
+#include linux/moduleparam.h
+#include linux/skbuff.h
+#include linux/netdevice.h
+#include linux/rtnetlink.h
+#include linux/if_arp.h
+#include linux/netfilter.h
+#include linux/netfilter_ipv4.h
+#if defined(CONFIG_IPV6) || defined (CONFIG_IPV6_MODULE)
+#include linux/netfilter_ipv6.h
+#endif
+#include linux/imq.h
+#include net/pkt_sched.h
+
+static nf_hookfn imq_nf_hook;
+
+static struct nf_hook_ops imq_ingress_ipv4 = {
+	.hook		= imq_nf_hook,
+	.owner		= THIS_MODULE,
+	.pf		= PF_INET,
+	.hooknum	= NF_IP_PRE_ROUTING,
+	.priority	= NF_IP_PRI_MANGLE + 1
+};
+
+static struct nf_hook_ops imq_egress_ipv4 = {
+	.hook		= imq_nf_hook,
+	.owner		= THIS_MODULE,
+	.pf		= PF_INET,
+	.hooknum	= NF_IP_POST_ROUTING,
+	.priority	= NF_IP_PRI_LAST
+};
+
+#if defined(CONFIG_IPV6) || defined (CONFIG_IPV6_MODULE)
+static struct nf_hook_ops imq_ingress_ipv6 = {
+	.hook		= imq_nf_hook,
+	.owner		= THIS_MODULE,
+	.pf		= PF_INET6,
+	.hooknum	= NF_IP6_PRE_ROUTING,
+	.priority	= NF_IP6_PRI_MANGLE + 1
+};
+
+static struct nf_hook_ops imq_egress_ipv6 = {
+	.hook		= imq_nf_hook,
+	.owner		= THIS_MODULE,
+	.pf		= PF_INET6,
+	.hooknum	= NF_IP6_POST_ROUTING,
+	.priority	= NF_IP6_PRI_LAST
+};
+#endif
+
+static unsigned int numdevs = 2;
+
+module_param(numdevs, int, 0);
+
+static struct net_device *imq_devs;
+
+
+static struct net_device_stats *imq_get_stats(struct net_device *dev)
+{
+	return (struct net_device_stats *)dev-priv;
+}
+
+/* called for packets kfree'd in qdiscs at places other than enqueue */
+static void imq_skb_destructor(struct sk_buff *skb)
+{
+	struct nf_info *info = skb-nf_info;
+
+	if (info) {
+		if (info-indev)
+			dev_put(info-indev);
+		if 

Re: [LARTC] IMQ patch for 2.6.3 kernel

[Marc-Christian Petersen]

On Friday 05 March 2004 16:12, Andre Correa wrote:

Hi Andre,

 Sorry, but the patch is not broken. It compiles without errors. You just
 have to choose the right options in your config:
 CONFIG_IP_NF_TARGET_IMQ=y
 and
 CONFIG_IMQ=y
 and avoid using modules.

which is, in short words, broken :p

ciao, Marc
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] IMQ patch for 2.6.3 kernel

[The Codrinus]

I encountered  errors with linux-2.6.2-imq-4.diff even if I marked both 
options as modules or not. But linux-2.6.4-rc2-imq-5.patch seems to be  
quite stable until now.

Codrin.

On Fri, 5 Mar 2004, Andre Correa wrote:

 
 Sorry, but the patch is not broken. It compiles without errors. You just 
 have to choose the right options in your config:
 
 CONFIG_IP_NF_TARGET_IMQ=y
 and
 CONFIG_IMQ=y
 
 and avoid using modules.
 
 Andre
 
 
 Marc-Christian Petersen wrote:
  On Friday 05 March 2004 00:00, The Codrinus wrote:
  
  Hi Codrin,
  
  
 I downloaded the latest imq patch for 2.6.x kernels from
 http://www.linuximq.net/patchs/linux-2.6.2-imq-4.diff
 I successfully applied the patch but when compiling IMQ I get the
 following error messages:
 What might be the problem ?
  
  that patch is b0rked. Use attached one.
  
  --
  ciao, Marc
  
  
  
  
  # 2.6.3-WOLK1.1
  
  # Patch from: http://www.linuximq.net/
  
  # Build fixes: me
  
  diff -urN linux-2.6.orig/drivers/net/Kconfig linux-2.6.new/drivers/net/Kconfig
  --- linux-2.6.orig/drivers/net/Kconfig  2004-01-21 19:33:36.0 +0100
  +++ linux-2.6.new/drivers/net/Kconfig   2004-01-25 15:08:20.0 +0100
  @@ -85,6 +85,20 @@
To compile this driver as a module, choose M here: the module
will be called eql.  If unsure, say N.
   
  +config IMQ
  +   tristate IMQ (intermediate queueing device) support
  +   depends on NETDEVICES  NETFILTER
  +   ---help---
  + The imq device(s) is used as placeholder for QoS queueing disciplines.
  + Every packet entering/leaving the ip stack can be directed through
  + the imq device where it's enqueued/dequeued to the attached qdisc.
  + This allows you to treat network devices as classes and distribute
  + bandwidth among them. Iptables is used to specify through which imq
  + device, if any, packets travel.
  +
  + To compile this driver as a module, choose M here: the module
  + will be called imq.  If unsure, say N.
  +
   config TUN
  tristate Universal TUN/TAP device driver support
  depends on NETDEVICES
  diff -urN linux-2.6.orig/drivers/net/Makefile linux-2.6.new/drivers/net/Makefile
  --- linux-2.6.orig/drivers/net/Makefile 2004-01-21 19:33:36.0 +0100
  +++ linux-2.6.new/drivers/net/Makefile  2004-01-25 15:08:20.0 +0100
  @@ -110,6 +110,7 @@
   endif
   
   obj-$(CONFIG_DUMMY) += dummy.o
  +obj-$(CONFIG_IMQ) += imq.o
   obj-$(CONFIG_DE600) += de600.o
   obj-$(CONFIG_DE620) += de620.o
   obj-$(CONFIG_AT1500) += lance.o
  diff -urN linux-2.6.orig/drivers/net/imq.c linux-2.6.new/drivers/net/imq.c
  --- linux-2.6.orig/drivers/net/imq.c1970-01-01 01:00:00.0 +0100
  +++ linux-2.6.new/drivers/net/imq.c 2004-01-25 15:08:51.0 +0100
  @@ -0,0 +1,323 @@
  +/*
  + * Pseudo-driver for the intermediate queue device.
  + *
  + * This program is free software; you can redistribute it and/or
  + * modify it under the terms of the GNU General Public License
  + * as published by the Free Software Foundation; either version
  + * 2 of the License, or (at your option) any later version.
  + *
  + * Authors:Patrick McHardy, [EMAIL PROTECTED]
  + *
  + *The first version was written by Martin Devera, [EMAIL 
  PROTECTED]
  + *
  + * Credits:Jan Rafaj [EMAIL PROTECTED]
  + *  - Update patch to 2.4.21
  + * Sebastian Strollo [EMAIL PROTECTED]
  + *  - Fix Dead-loop on netdevice imq-issue
  + * Marcel Sebek [EMAIL PROTECTED]
  + *  - Update to 2.6.2-rc1
  + */
  +
  +#include linux/config.h
  +#include linux/module.h
  +#include linux/kernel.h
  +#include linux/moduleparam.h
  +#include linux/skbuff.h
  +#include linux/netdevice.h
  +#include linux/rtnetlink.h
  +#include linux/if_arp.h
  +#include linux/netfilter.h
  +#include linux/netfilter_ipv4.h
  +#if defined(CONFIG_IPV6) || defined (CONFIG_IPV6_MODULE)
  +#include linux/netfilter_ipv6.h
  +#endif
  +#include linux/imq.h
  +#include net/pkt_sched.h
  +
  +static nf_hookfn imq_nf_hook;
  +
  +static struct nf_hook_ops imq_ingress_ipv4 = {
  +   .hook   = imq_nf_hook,
  +   .owner  = THIS_MODULE,
  +   .pf = PF_INET,
  +   .hooknum= NF_IP_PRE_ROUTING,
  +   .priority   = NF_IP_PRI_MANGLE + 1
  +};
  +
  +static struct nf_hook_ops imq_egress_ipv4 = {
  +   .hook   = imq_nf_hook,
  +   .owner  = THIS_MODULE,
  +   .pf = PF_INET,
  +   .hooknum= NF_IP_POST_ROUTING,
  +   .priority   = NF_IP_PRI_LAST
  +};
  +
  +#if defined(CONFIG_IPV6) || defined (CONFIG_IPV6_MODULE)
  +static struct nf_hook_ops imq_ingress_ipv6 = {
  +   .hook   = imq_nf_hook,
  +   .owner  = THIS_MODULE,
  +   .pf = PF_INET6,
  +   .hooknum= NF_IP6_PRE_ROUTING,
  +   

Re: [LARTC] imq or ingress+htb?

[Roy]

If you only need independent trafic classes then ingress is good option, but
there is no way to prioritize trafic.

Imq is quite stable now, if your kernel is 2.4.22 and later you can easily
try compile this imq version as module.
http://pupa.da.ru/imq


- Original Message - 
From: Patrick Petersen [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, March 02, 2004 7:33 PM
Subject: [LARTC] imq or ingress+htb?


 Todays quick question:

 Ive had problems with imq and getting my setup to work as planned. Im
 thinking that a better solution for shaping incoming traffic would be to
 put a little limit in the outer interface of the router box with ingress,
 and the shape traffic on the inner interface with htb. Would that be
 better than using imq?
 -- 
 Patrick Petersen [EMAIL PROTECTED]

 ___
 LARTC mailing list / [EMAIL PROTECTED]
 http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/


___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] IMQ patch for iptables-1.2.9 and kernel 2.6.2 final !

[Andre Correa]

Hi, I'm sorry for not being able to be really polite this time, but:

Roy, can you please STOP telling that egress crashs IMQ!?

We've discussed it lots of times before, here and at linuximq mailling 
list and the only known functionality that crashs IMQ (oriinal) is to 
touch local generated traffic...

I've being using ingress+egress with IMQ in a server with a great 
amouunt of traffic, for a long period without any crashs.

Please don't keep telling something known to be wrong or otherwise 
proove it so we can fix it...

tks

Andre



Roy wrote:
Roy,
''But this stability is probably not because my code is better but
because

I don't use egress shaping so the crash reasons still unknown.''

I need both ingress and egress traffic shaping, that's why I used the
classic IMQ version.


Egress shaping will crash original wersion even faster then mine,
they both can do this , but then both will likely crash
anyway you can do egress shaping on interface directly,
and input+forward on imq device.
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] IMQ patch for iptables-1.2.9 and kernel 2.6.2 final !

[Roy]

 Hi, I'm sorry for not being able to be really polite this time, but:

 Roy, can you please STOP telling that egress crashs IMQ!?
You are to late, I anot teling thi anymore, and I even wont use
ingres and egress definitions anymore because they may cause
missundersatndings.
the better ones are input forward and output.

This my post is probably too old to reply.
seems I forgot to fix it on my page, I will do this now.
But I cant edit or erase it from mailing list afterall !


 We've discussed it lots of times before, here and at linuximq mailling
 list and the only known functionality that crashs IMQ (oriinal) is to
 touch local generated traffic...
That is correct.

 I've being using ingress+egress with IMQ in a server with a great
 amouunt of traffic, for a long period without any crashs.

 Please don't keep telling something known to be wrong or otherwise
 proove it so we can fix it...
As I told before I just used incorrect definitions,
I will not use word egress anymore.



 tks

 Andre



 Roy wrote:
 Roy,
  But this stability is probably not because my
 code is better but
 
  because
 
  I don't use egress shaping so the crash reasons still
 unknown.
 
 
 I need both ingress and egress traffic shaping, that's why I
 used the
 classic IMQ version.
 
 
 
  Egress shaping will crash original wersion even faster then
 mine,
  they both can do this , but then both will likely crash
  anyway you can do egress shaping on interface directly,
  and input+forward on imq device.
 
  ___
  LARTC mailing list / [EMAIL PROTECTED]
  http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
 
 

 ___
 LARTC mailing list / [EMAIL PROTECTED]
 http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/



___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] IMQ patch for iptables-1.2.9 and kernel 2.6.2 final !

[Patrick McHardy]

Andre,
thanks for doing this. I also felt like I need to say something for
some time. Roy, you should also stop telling people your version would
be more stable. IMQ's problems are related to specific setups, so I
don't understand how you can state this without even understanding the
problem. Evidence points to IMQs use of skb-destructor, which means
you'll probably see problems when using IMQ with local tcp/udp traffic.
Your approach of using NF_STOLEN instead of NF_QUEUE seems like a good
idea, but besides beeing butt-ugly your code isn't usable for ingress
traffic, so it's not a replacement for many people. Other bugs probably
exist, I just had a short look.
Patrick

BTW: Not that I would care much, but why did you replace my copyright
with credits for hook registration to Martin ? Martin's version did not
even hook netfilter, it's clearly derived from my version.
Andre Correa wrote:
Hi, I'm sorry for not being able to be really polite this time, but:

Roy, can you please STOP telling that egress crashs IMQ!?

We've discussed it lots of times before, here and at linuximq mailling 
list and the only known functionality that crashs IMQ (oriinal) is to 
touch local generated traffic...

I've being using ingress+egress with IMQ in a server with a great 
amouunt of traffic, for a long period without any crashs.

Please don't keep telling something known to be wrong or otherwise 
proove it so we can fix it...

tks

Andre

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] IMQ and ISDN?

[Cord Buhlert]

Hi,
has anyone IMQ device running on an ISDN line for incoming shaping? I
tried to but everytime a packet gets from the ippp0 to imq0 the kernel
crashes.
Does this work somewhere?

thx 4 help

cord
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] IMQ patch for iptables-1.2.9 and kernel 2.6.2 final !

[The Codrinus]

Hi,
I have successfully applied the IMQ patch for kernel-2.6.2 (final
release) from http://www.linuximq.net, and now I have support for 4 IMQ
devices loaded in kernel. But I don't know how to patch the iptables-1.2.9
to support the -j IMQ target. I tried the patch-o-matic for 2.4.x kernels,
but it doesn't work for 2.6.x kernels. I also tried the patch-o-matic-ng
for 2.6.x kernels, but when I give the batch script commands it says it's
not implemented yet. I don't know how to manually apply the IMQ patches.

./runme --batch userspace/IMQ.patch

Could anyone help me how to do this final step and append IMQ support to
iptables?

---

Hi again.
I manually patched in the iptables-1.2.9/extensions directory, the files:
.IMQ-test
.IMQ-test6
libip6t-IMQ.c
libipt-IMQ.c
from the pom-20030625.diff file, and it passed. Now I have the imq devices
up and running with kernel-2.6.2, but there is another problem: when I use
iptables . -j IMQ I got Segmentation fault, and dmesg says:

Unable to handle kernel NULL pointer dereference at virtual address 
0001
 printing eip:
c0372908
*pde = 18ddc067
Oops:  [#1]
CPU:0
EIP:0060:[c0372908]Not tainted
EFLAGS: 00010202
EIP is at imq_target+0x8/0x30
eax: 0001   ebx: c045f820   ecx: d8db7c04   edx: c045f820
esi: e08170f0   edi: e0817080   ebp: 0001   esp: d8db7b64
ds: 007b   es: 007b   ss: 0068
Process iptables (pid: 1648, threadinfo=d8db6000 task=d9e69900)
Stack: c03695ee d8db7c04 e0817080 e0817110 0004 0001 e0817080 
d8db7ba8
   d8db6000 deff9420 deff9480 0070    
0163
          

Call Trace:
 [c03695ee] translate_table+0x4be/0x760
 [c0369e13] do_replace+0x193/0x6e0
 [c0150087] vfree+0x27/0x40
 [c036a5bd] do_ipt_set_ctl+0x6d/0x70
 [c03079df] nf_sockopt+0x12f/0x140
 [c0307a27] nf_setsockopt+0x37/0x40
 [c032d317] ip_setsockopt+0x4a7/0xd90
 [c0307964] nf_sockopt+0xb4/0x140
 [c0307a67] nf_getsockopt+0x37/0x40
 [c032e281] ip_getsockopt+0x681/0x7c0
 [c01a2c01] journal_stop+0x201/0x360
 [c0195d98] ext3_mark_iloc_dirty+0x28/0x40
 [c0195ed0] ext3_mark_inode_dirty+0x50/0x60
 [c019a5c4] __ext3_journal_stop+0x24/0x50
 [c0195f49] ext3_dirty_inode+0x69/0xd0
 [c0175d1e] __mark_inode_dirty+0xde/0xf0
 [c013d0f1] buffered_rmqueue+0xd1/0x170
 [c013d0f1] buffered_rmqueue+0xd1/0x170
 [c013d22f] __alloc_pages+0x9f/0x330
 [c013d22f] __alloc_pages+0x9f/0x330
 [c013939c] find_get_page+0x2c/0x60
 [c014726a] do_anonymous_page+0x17a/0x260
 [c01473b5] do_no_page+0x65/0x3a0
 [c014558b] pte_alloc_map+0x9b/0xc0
 [c01478f4] handle_mm_fault+0xd4/0x180
 [c011afec] do_page_fault+0x2fc/0x4dc
 [c034fce6] inet_setsockopt+0x36/0x40
 [c02f69e2] sys_setsockopt+0x82/0xd0
 [c02f7240] sys_socketcall+0x220/0x2a0
 [c010aa35] sysenter_past_esp+0x52/0x71

Code: 0f b6 00 8b 11 83 c8 80 88 82 94 00 00 00 8b 01 81 88 84 00


Does anybody know why it crashes and how can I handle this mess ?

thank you,
Codrin.
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] IMQ patch for iptables-1.2.9 and kernel 2.6.2 final !

[Stef Coene]

On Thursday 19 February 2004 17:19, The Codrinus wrote:
 Hi,
 I have successfully applied the IMQ patch for kernel-2.6.2 (final
 release) from http://www.linuximq.net, and now I have support for 4 IMQ
 devices loaded in kernel. But I don't know how to patch the iptables-1.2.9
 to support the -j IMQ target. I tried the patch-o-matic for 2.4.x kernels,
 but it doesn't work for 2.6.x kernels. I also tried the patch-o-matic-ng
 for 2.6.x kernels, but when I give the batch script commands it says it's
 not implemented yet. I don't know how to manually apply the IMQ patches.

 ./runme --batch userspace/IMQ.patch

 Could anyone help me how to do this final step and append IMQ support to
 iptables?
I'm not sure, but I think you don't need iptables for the latest imq.  All 
traffic is also flowing thru the imq devices.  But I'm not sure.

Stef

-- 
[EMAIL PROTECTED]
 Using Linux as bandwidth manager
     http://www.docum.org/
     #lartc @ irc.openprojects.net
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] IMQ patch for iptables-1.2.9 and kernel 2.6.2 final !

[The Codrinus]

 On Thursday 19 February 2004 17:19, The Codrinus wrote:
  Hi,
  I have successfully applied the IMQ patch for kernel-2.6.2 (final
  release) from http://www.linuximq.net, and now I have support for 4 IMQ
  devices loaded in kernel. But I don't know how to patch the iptables-1.2.9
  to support the -j IMQ target. I tried the patch-o-matic for 2.4.x kernels,
  but it doesn't work for 2.6.x kernels. I also tried the patch-o-matic-ng
  for 2.6.x kernels, but when I give the batch script commands it says it's
  not implemented yet. I don't know how to manually apply the IMQ patches.
 
  ./runme --batch userspace/IMQ.patch  
 
  Could anyone help me how to do this final step and append IMQ support to
  iptables?
 I'm not sure, but I think you don't need iptables for the latest imq.  All
 traffic is also flowing thru the imq devices.  But I'm not sure.

 Stef


Well, iptables need in the extensions dir the following IMQ patch files:
.IMQ-test
.IMQ-test6
libipt_IMQ.c and 
libip6t_IMQ.c  
in order to support the -j IMQ --todev device option.

I manually added these files because the patch-o-matic-ng doesn't know how 
to apply --batch option. (not implemented yet)
The problem is after all, when I try to give an iptables command like:

iptables  -j IMQ --todev eth0 when running the patched kernel-2.6.2

i get segmentation fault and dmesg says the following coredump error:


Unable to handle kernel NULL pointer dereference at virtual address 
0001
 printing eip:
c0372908
*pde = 18ddc067
Oops:  [#1]
CPU:0
EIP:0060:[c0372908]Not tainted
EFLAGS: 00010202
EIP is at imq_target+0x8/0x30
eax: 0001   ebx: c045f820   ecx: d8db7c04   edx: c045f820
esi: e08170f0   edi: e0817080   ebp: 0001   esp: d8db7b64
ds: 007b   es: 007b   ss: 0068
Process iptables (pid: 1648, threadinfo=d8db6000 task=d9e69900)
Stack: c03695ee d8db7c04 e0817080 e0817110 0004 0001 e0817080
d8db7ba8
   d8db6000 deff9420 deff9480 0070   
0163
         

Call Trace:
 [c03695ee] translate_table+0x4be/0x760
 [c0369e13] do_replace+0x193/0x6e0
 [c0150087] vfree+0x27/0x40
 [c036a5bd] do_ipt_set_ctl+0x6d/0x70
 [c03079df] nf_sockopt+0x12f/0x140
 [c0307a27] nf_setsockopt+0x37/0x40
 [c032d317] ip_setsockopt+0x4a7/0xd90
 [c0307964] nf_sockopt+0xb4/0x140
 [c0307a67] nf_getsockopt+0x37/0x40
 [c032e281] ip_getsockopt+0x681/0x7c0
 [c01a2c01] journal_stop+0x201/0x360
 [c0195d98] ext3_mark_iloc_dirty+0x28/0x40
 [c0195ed0] ext3_mark_inode_dirty+0x50/0x60
 [c019a5c4] __ext3_journal_stop+0x24/0x50
 [c0195f49] ext3_dirty_inode+0x69/0xd0
 [c0175d1e] __mark_inode_dirty+0xde/0xf0
 [c013d0f1] buffered_rmqueue+0xd1/0x170
 [c013d0f1] buffered_rmqueue+0xd1/0x170
 [c013d22f] __alloc_pages+0x9f/0x330
 [c013d22f] __alloc_pages+0x9f/0x330
 [c013939c] find_get_page+0x2c/0x60
 [c014726a] do_anonymous_page+0x17a/0x260
 [c01473b5] do_no_page+0x65/0x3a0
 [c014558b] pte_alloc_map+0x9b/0xc0
 [c01478f4] handle_mm_fault+0xd4/0x180
 [c011afec] do_page_fault+0x2fc/0x4dc
 [c034fce6] inet_setsockopt+0x36/0x40
 [c02f69e2] sys_setsockopt+0x82/0xd0
 [c02f7240] sys_socketcall+0x220/0x2a0
 [c010aa35] sysenter_past_esp+0x52/0x71

Code: 0f b6 00 8b 11 83 c8 80 88 82 94 00 00 00 8b 01 81 88 84 00


I really don't know why it crashes and how can I handle this mess,
Codrin.
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] IMQ patch for iptables-1.2.9 and kernel 2.6.2 final !

[Roy]

You can try my imq version, which dows not require paching anything

http://pupa.da.ru/imq
and I think it should be more stable.






- Original Message - 
From: The Codrinus [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, February 19, 2004 6:19 PM
Subject: [LARTC] IMQ patch for iptables-1.2.9 and kernel 2.6.2 final !




 Hi,
 I have successfully applied the IMQ patch for kernel-2.6.2 (final
 release) from http://www.linuximq.net, and now I have support for 4 IMQ
 devices loaded in kernel. But I don't know how to patch the iptables-1.2.9
 to support the -j IMQ target. I tried the patch-o-matic for 2.4.x kernels,
 but it doesn't work for 2.6.x kernels. I also tried the patch-o-matic-ng
 for 2.6.x kernels, but when I give the batch script commands it says it's
 not implemented yet. I don't know how to manually apply the IMQ patches.

 ./runme --batch userspace/IMQ.patch

 Could anyone help me how to do this final step and append IMQ support to
 iptables?

 --
-

 Hi again.
 I manually patched in the iptables-1.2.9/extensions directory, the files:
 .IMQ-test
 .IMQ-test6
 libip6t-IMQ.c
 libipt-IMQ.c
 from the pom-20030625.diff file, and it passed. Now I have the imq devices
 up and running with kernel-2.6.2, but there is another problem: when I use
 iptables . -j IMQ I got Segmentation fault, and dmesg says:

 Unable to handle kernel NULL pointer dereference at virtual address
 0001
  printing eip:
 c0372908
 *pde = 18ddc067
 Oops:  [#1]
 CPU:0
 EIP:0060:[c0372908]Not tainted
 EFLAGS: 00010202
 EIP is at imq_target+0x8/0x30
 eax: 0001   ebx: c045f820   ecx: d8db7c04   edx: c045f820
 esi: e08170f0   edi: e0817080   ebp: 0001   esp: d8db7b64
 ds: 007b   es: 007b   ss: 0068
 Process iptables (pid: 1648, threadinfo=d8db6000 task=d9e69900)
 Stack: c03695ee d8db7c04 e0817080 e0817110 0004 0001 e0817080
 d8db7ba8
d8db6000 deff9420 deff9480 0070   
 0163
      
 
 Call Trace:
  [c03695ee] translate_table+0x4be/0x760
  [c0369e13] do_replace+0x193/0x6e0
  [c0150087] vfree+0x27/0x40
  [c036a5bd] do_ipt_set_ctl+0x6d/0x70
  [c03079df] nf_sockopt+0x12f/0x140
  [c0307a27] nf_setsockopt+0x37/0x40
  [c032d317] ip_setsockopt+0x4a7/0xd90
  [c0307964] nf_sockopt+0xb4/0x140
  [c0307a67] nf_getsockopt+0x37/0x40
  [c032e281] ip_getsockopt+0x681/0x7c0
  [c01a2c01] journal_stop+0x201/0x360
  [c0195d98] ext3_mark_iloc_dirty+0x28/0x40
  [c0195ed0] ext3_mark_inode_dirty+0x50/0x60
  [c019a5c4] __ext3_journal_stop+0x24/0x50
  [c0195f49] ext3_dirty_inode+0x69/0xd0
  [c0175d1e] __mark_inode_dirty+0xde/0xf0
  [c013d0f1] buffered_rmqueue+0xd1/0x170
  [c013d0f1] buffered_rmqueue+0xd1/0x170
  [c013d22f] __alloc_pages+0x9f/0x330
  [c013d22f] __alloc_pages+0x9f/0x330
  [c013939c] find_get_page+0x2c/0x60
  [c014726a] do_anonymous_page+0x17a/0x260
  [c01473b5] do_no_page+0x65/0x3a0
  [c014558b] pte_alloc_map+0x9b/0xc0
  [c01478f4] handle_mm_fault+0xd4/0x180
  [c011afec] do_page_fault+0x2fc/0x4dc
  [c034fce6] inet_setsockopt+0x36/0x40
  [c02f69e2] sys_setsockopt+0x82/0xd0
  [c02f7240] sys_socketcall+0x220/0x2a0
  [c010aa35] sysenter_past_esp+0x52/0x71

 Code: 0f b6 00 8b 11 83 c8 80 88 82 94 00 00 00 8b 01 81 88 84 00


 Does anybody know why it crashes and how can I handle this mess ?

 thank you,
 Codrin.
 ___
 LARTC mailing list / [EMAIL PROTECTED]
 http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/


___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] IMQ patch for iptables-1.2.9 and kernel 2.6.2 final !

[The Codrinus]

Roy,
 But this stability is probably not because my code is better but  because 
 I don't use egress shaping so the crash reasons still unknown.

I need both ingress and egress traffic shaping, that's why I used the 
classic IMQ version.

 You can try my imq version, which dows not require paching anything
 
 http://pupa.da.ru/imq
 and I think it should be more stable.
 
 
  Hi,
  I have successfully applied the IMQ patch for kernel-2.6.2 (final
  release) from http://www.linuximq.net, and now I have support for 4 IMQ
  devices loaded in kernel. But I don't know how to patch the iptables-1.2.9
  to support the -j IMQ target. I tried the patch-o-matic for 2.4.x kernels,
  but it doesn't work for 2.6.x kernels. I also tried the patch-o-matic-ng
  for 2.6.x kernels, but when I give the batch script commands it says it's
  not implemented yet. I don't know how to manually apply the IMQ patches.
 
  ./runme --batch userspace/IMQ.patch
 
  Could anyone help me how to do this final step and append IMQ support to
  iptables?
 
  --
 -
 
  Hi again.
  I manually patched in the iptables-1.2.9/extensions directory, the files:
  .IMQ-test
  .IMQ-test6
  libip6t-IMQ.c
  libipt-IMQ.c
  from the pom-20030625.diff file, and it passed. Now I have the imq devices
  up and running with kernel-2.6.2, but there is another problem: when I use
  iptables . -j IMQ I got Segmentation fault, and dmesg says:
 
  Unable to handle kernel NULL pointer dereference at virtual address
  0001
   printing eip:
  c0372908
  *pde = 18ddc067
  Oops:  [#1]
  CPU:0
  EIP:0060:[c0372908]Not tainted
  EFLAGS: 00010202
  EIP is at imq_target+0x8/0x30
  eax: 0001   ebx: c045f820   ecx: d8db7c04   edx: c045f820
  esi: e08170f0   edi: e0817080   ebp: 0001   esp: d8db7b64
  ds: 007b   es: 007b   ss: 0068
  Process iptables (pid: 1648, threadinfo=d8db6000 task=d9e69900)
  Stack: c03695ee d8db7c04 e0817080 e0817110 0004 0001 e0817080
  d8db7ba8
 d8db6000 deff9420 deff9480 0070   
  0163
       
  
  Call Trace:
   [c03695ee] translate_table+0x4be/0x760
   [c0369e13] do_replace+0x193/0x6e0
   [c0150087] vfree+0x27/0x40
   [c036a5bd] do_ipt_set_ctl+0x6d/0x70
   [c03079df] nf_sockopt+0x12f/0x140
   [c0307a27] nf_setsockopt+0x37/0x40
   [c032d317] ip_setsockopt+0x4a7/0xd90
   [c0307964] nf_sockopt+0xb4/0x140
   [c0307a67] nf_getsockopt+0x37/0x40
   [c032e281] ip_getsockopt+0x681/0x7c0
   [c01a2c01] journal_stop+0x201/0x360
   [c0195d98] ext3_mark_iloc_dirty+0x28/0x40
   [c0195ed0] ext3_mark_inode_dirty+0x50/0x60
   [c019a5c4] __ext3_journal_stop+0x24/0x50
   [c0195f49] ext3_dirty_inode+0x69/0xd0
   [c0175d1e] __mark_inode_dirty+0xde/0xf0
   [c013d0f1] buffered_rmqueue+0xd1/0x170
   [c013d0f1] buffered_rmqueue+0xd1/0x170
   [c013d22f] __alloc_pages+0x9f/0x330
   [c013d22f] __alloc_pages+0x9f/0x330
   [c013939c] find_get_page+0x2c/0x60
   [c014726a] do_anonymous_page+0x17a/0x260
   [c01473b5] do_no_page+0x65/0x3a0
   [c014558b] pte_alloc_map+0x9b/0xc0
   [c01478f4] handle_mm_fault+0xd4/0x180
   [c011afec] do_page_fault+0x2fc/0x4dc
   [c034fce6] inet_setsockopt+0x36/0x40
   [c02f69e2] sys_setsockopt+0x82/0xd0
   [c02f7240] sys_socketcall+0x220/0x2a0
   [c010aa35] sysenter_past_esp+0x52/0x71
 
  Code: 0f b6 00 8b 11 83 c8 80 88 82 94 00 00 00 8b 01 81 88 84 00
 
 
  Does anybody know why it crashes and how can I handle this mess ?

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] IMQ patch for iptables-1.2.9 and kernel 2.6.2 final !

[Roy]

 Roy,
  ''But this stability is probably not because my code is better but
because
  I don't use egress shaping so the crash reasons still unknown.''

I need both ingress and egress traffic shaping, that's why I used the
classic IMQ version.


Egress shaping will crash original wersion even faster then mine,
they both can do this , but then both will likely crash
anyway you can do egress shaping on interface directly,
and input+forward on imq device.

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] IMQ update ?

[Andre Correa]

Hi Andres, there is a patch for 2.4.24 available at www.linuximq.net ... 
have a try on it and please let us know if you have any trouble using it.

tks

Andre

ThE LinuX_KiD wrote:
Hello

I'm trying the excelent IMQ patch for
iptbles and kernel 2.4.21 and works 
very well...

but, there is a IMQ patch for 2.4.24  ?

I've tested IMQ for kernels  2,4,21 but
patch fails !
Best regards
andres
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

RE: [LARTC] IMQ update ?

[ThE LinuX_KiD]

Hi,

I've patched 2.4.24 with IMQ successfully !!
thank you

Andres

- -Mensaje original-
- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
- nombre de Andre Correa
- Enviado el: Martes, 03 de Febrero de 2004 09:56 a.m.
- Para: ThE LinuX_KiD
- CC: lartc
- Asunto: Re: [LARTC] IMQ update ?
-
-
-
- Hi Andres, there is a patch for 2.4.24 available at www.linuximq.net ...
- have a try on it and please let us know if you have any trouble using it.
-
- tks
-
- Andre
-
-
- ThE LinuX_KiD wrote:
-  Hello
- 
-  I'm trying the excelent IMQ patch for
-  iptbles and kernel 2.4.21 and works
-  very well...
- 
-  but, there is a IMQ patch for 2.4.24  ?
- 
-  I've tested IMQ for kernels  2,4,21 but
-  patch fails !
- 
-  Best regards
-  andres
-  ___
-  LARTC mailing list / [EMAIL PROTECTED]
-  http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
- 
- 
-
- ___
- LARTC mailing list / [EMAIL PROTECTED]
- http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
-

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] IMQ update ?

[ThE LinuX_KiD]

Hello

I'm trying the excelent IMQ patch for
iptbles and kernel 2.4.21 and works 
very well...

but, there is a IMQ patch for 2.4.24  ?

I've tested IMQ for kernels  2,4,21 but
patch fails !

Best regards
andres
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] IMQ or shaping tx on 2 NICs?

[tc]

hi all, i have tried out both IMQ and shaping transmit on 2 NICS downstream and
upstream respectively, which method is preferred in terms of accuracy,
stability etc
pls advise
tc
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] IMQ Stability

[Alexander Trotsai]

On Fri, Jan 23, 2004 at 10:29:13AM -0700, Michael S. Kazmier wrote:
MSKHello all,

MSKI have been doing a lot of archive searching over the last week reading
MSKposts on IMQ and it's apparent stability / instability.  I have seen a
MSKnumber of posts about it not being maintained as well.  Can anyone talk to
MSKme about IMQ's stability in a heavy throughput environment (20 Mbps) and
MSKwhat was causing IMQ to fail if you know.

I use it and it's work OK for me
Traffic at some router up to 30-40 Mbit

IMQ has one trouble
Don't assing address to imq interface becase kernel crash it
you do this.

-- 
Best regard, Aleksander Trotsai aka MAGE-RIPE aka MAGE-UANIC
My PGP key at ftp://blackhole.adamant.ua/pgp/trotsai.key[.asc]
Big trouble - ..disk or the processor is on fire.
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] IMQ Stability

[Remus]

Hi Roy,

Excelent Roy!!!
Good job.

Where we can get your IMQ port to test?


Best Regards

Remus



- Original Message - 
From: Roy [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Sunday, January 25, 2004 3:49 AM
Subject: Re: [LARTC] IMQ Stability


 Internet (eth0) - ppp0 - ppp1 - LAN (eth1) 10.0.0.0/8


 this way dont seem excelent because it still lacks some functionality
 and what about using LO or dummy  type interface instead of ppp?

 the new imq driver that i am developing will have unlimited posibilities
 it willbe fake interface wich passes all ip trafic without exception no
 mater which direction, destination and so on
 even localy generated and received trafic should pass it
 I removed iptables module so noo need to configure it just everything is
 catched.
 so you will be able to shape in + out in one

 also I am thinking about the chaining functionality
 is there any need to make chain of imq devices ? ( they will get the all
 same trafic)
 you will be able to use few shapers then but it will add latency.

 I almost finished my driver , but unfortunately there is no way to avoid
 patching kernel.

 I need to export ip_finish_output2 and ip_local_deliver_finish functions
but
 dont know how to do that, and where is the best place.




 ___
 LARTC mailing list / [EMAIL PROTECTED]
 http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/


___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

RE: [LARTC] IMQ Stability

[Michael S. Kazmier]

Hello Alex,

Perhaps I missed something below which ties eth0 and eth1 to the PPP pipe,
or its just my unfamiliarity with PPP.

Regardless, an interesting methodology.  Do you think you could do the
following:

eth0ppp0standard linux bridging / routing---ppp1---eth1 

The reason I ask is that I would like to, at the PPP level, apply CBQ or HTB
rate shaping to my each end user (ie, limit traffic to 256K or something
like that).  And then, after each customer has their rate shaping, at the
ETH level I would like to priorize traffic (ie, all www prio 3, ssh -
telnet, prio 1, ftp prio 4, everything else prio 7)

Thoughts?

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Alexander Clouter
Sent: Saturday, January 24, 2004 7:05 PM
To: [EMAIL PROTECTED]
Subject: Re: [LARTC] IMQ Stability

On Jan 24, [EMAIL PROTECTED] wrote:
 Thank you for the detailed discussion.  There is no doubt that there is a
 need for an IMQ type device/funtionality.  What would work really great,
 IMHO, is a fake or psuedo ethernet driver that simply sits as a shim
 between one or more real drivers.  This fake device could allow us to
 Stack qdiscs in a way to allow one to shape traffic in multiple
 policies  - ie, prioritize traffic AND allocate / rate shape end users. 
 I have actually thought of utilizing the kernel bonding driver for this -
 attaching only a single slave to it - but haven't had time as yet.  Not
 sure that this would do anything for ingress shaping though.
 
I have been working on this with using what I call a ppp-pipe.  The result
is

Internet (eth0) - ppp0 - ppp1 - LAN (eth1) 10.0.0.0/8

where ppp0ppp1 is on the local machine (and simulates two NICs with a 
crossover cable between them in the same machine).  What you throw in at
ppp0 
appears at ppp1 and vice versa.  This works fine, it also means you can
shape 
on the ppp0/ppp1 interfaces and leave all the NAT stuff on the real 
interfaces.

The command to create this ppp-pipe is (as root), so far I am not completely

sure if you need to add to the first pppd command real ip:real ip for 
its parameters (you might also need 'xonxoff' too in both):

# mkfifo /tmp/ppp-pipe
# pppd noauth nodefaultroute notty  /tmp/ppp-pipe | pppd noauth \
notty  /tmp/ppp-pipe

However there is a major problem..connection tracking.  In the above 
setup you do

iptables -t nat -I POSTROUTING -s 10.0.0.0/8 \
-d ! 10.0.0.0/8 -o eth0 -j MASQUERADE

the '-o eth0' is very important, you also create some advance routing bits
to
make all traffic crossing the router to pass through the ppp-pipe; easy
enough, but depends on your needs.  Conntrack unfortunately notices that you
did not want to NAT the packet straight away when it arrives on eth1 (if you
do then you will be unable to shape fairly per IP, for example with ESFQ),
but then later on when the packet resurfaces at ppp0 the 'nat' table is 
skipped.  The only way about this is to use the patch-o-matic RAW patch and 
instruct it to skip connection tracking for packets on eth1 destined for the

Internet.

As I am now pure 2.6.x goodness I am in the middle of porting the patch 
myself (the patch-o-matic-ng does not work for me, could be me being lame 
though).

Sure this is replacing one patch dependency with another, however IMQ really
seems that it has been left out to rot; whilst the RAW patch probably is
going to stay better maintained, hell its in the patch-o-matic for starters.

Besides there are lots of advantages with the ppp-pipe, as now all you folks
who want to shape over with IP-Aliasing can just use cunning ppp-pipes
instead; whilst still keeping things very simple.  So far the above should
work in non-NAT (or rather connection tracking) setups but where you want
the
equilivent of IP-Aliased style shaping.

Anyway thoughts would be apprieated, however when I was on #lartc it was its

normal dead self so I was left dead in the water myself :(

have fun

Alex

-- 
 ___ 
 Fortune favors the lucky. 
 --- 
\   ^__^
 \  (oo)\___
(__)\   )\/\
||w |
|| ||

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] IMQ Stability

[rubens]

 the new imq driver that i am developing will have unlimited posibilities
 it willbe fake interface wich passes all ip trafic without exception no
 mater which direction, destination and so on
 even localy generated and received trafic should pass it

May I suggest that if it's new code with new approach it should get a
different name ?

Rubens

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] IMQ Stability

[Alexander Clouter]

On Jan 26, Michael S. Kazmier wrote:
 Hello Alex,
 
 Perhaps I missed something below which ties eth0 and eth1 to the PPP pipe,
 or its just my unfamiliarity with PPP.
 
sorry I should of made it cleaner.  If you read up on Advanced Routing HOWTO, 
its hopefully easy to understand.

lets say:

[EMAIL PROTECTED]:~$ cat /etc/iproute2/rt_tables 
#
# reserved values
#
255 local
254 main
253 default
0   unspec
#
# local
#
1   inr.ruhep

# inskipp
32  ppp-upstream
33  ppp-downstream


you then type (something along the lines of):

-
ip route add default dev ppp1 table ppp-upstream
ip route add default dev ppp0 table ppp-downstream
ip rule add from 10.0.0.0/8 iif eth1 table ppp-upstream
ip rule add to 10.0.0.0/8 iif eth0 table ppp-downstream
ip route flush cache
-

In summary, this setups linux to do exactly what is in the diagram (below).  
The nice thing is after the above is setup you treat it as if its a physical 
interface, its a real ppp session.  Any traffic that goes into ppp0 appears 
on ppp1 and vice versa; treat it like a fancy wormhole :)

The advantage here over the IMQ-ng that is being made, from what I uderstand, 
is here the only patch you need is to bypass connection tracking on the 
Internet bound traffic from eth1 (for techie reasons), when it 'appears' from 
ppp1 then the connection tracking should be allowed to continue.  This is 
where the RAW netfilter patch comes into play.

Although you are swapping one kernel patch for another, the RAW one looks 
like its going to be around much longer and actually maintained, the other 
very important fact is that you can now (if you think about it, I will leave 
it as an exercise for you) use it to simulate those IP-Aliasing interfaces 
and actually now shape on that basis per pipe.  The clue is true _source_ 
based routing ;)

 Regardless, an interesting methodology.  Do you think you could do the
 following:
 
 eth0ppp0standard linux bridging / routing---ppp1---eth1 
 
 The reason I ask is that I would like to, at the PPP level, apply CBQ or HTB
 rate shaping to my each end user (ie, limit traffic to 256K or something
 like that).  And then, after each customer has their rate shaping, at the
 ETH level I would like to priorize traffic (ie, all www prio 3, ssh -
 telnet, prio 1, ftp prio 4, everything else prio 7)
 
 Thoughts?
 
in theory I guess you could setup a linu bridge over the ppp-pipe, however 
there is no point (from what I can see) as you are NATing, so the box is the 
default gateway for the other machines, plus more importantly, if you want a 
bridge why not just forget about the ppp-pipe and bridge over eth0-eth1.  
This is what my jdg-qos-script[1] from more or less day one.

Anyway, feedback would be great on the above idea.

Regards

Alex

[1] http://www.digriz.org.uk/jdg-qos-script/

-- 
 _ 
/ Genius is pain. \
| |
\ -- John Lennon  /
 - 
\   ^__^
 \  (oo)\___
(__)\   )\/\
||w |
|| ||


signature.asc
Description: Digital signature

Re: [LARTC] IMQ Stability

[Aron Brand]

Hi Roy,

This is great news! 
Shaping in+out at once is not always wanted... Usually you want to shape
them seperately because each direction has a different bandwidth and
limits. So I think it should be optional (i.e. you should be able to
configure if you want the ingress and/or the egress side).

Your efforts are highly appreciated!
Aron

---
From: Roy [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [LARTC] IMQ Stability
Date: Sun, 25 Jan 2004 05:49:15 +0200

Internet (eth0) - ppp0 - ppp1 - LAN (eth1) 10.0.0.0/8


this way dont seem excelent because it still lacks some functionality
and what about using LO or dummy  type interface instead of ppp?

the new imq driver that i am developing will have unlimited posibilities
it willbe fake interface wich passes all ip trafic without exception no
mater which direction, destination and so on
even localy generated and received trafic should pass it
I removed iptables module so noo need to configure it just everything is
catched.
so you will be able to shape in + out in one

also I am thinking about the chaining functionality
is there any need to make chain of imq devices ? ( they will get the all
same trafic)
you will be able to use few shapers then but it will add latency.

I almost finished my driver , but unfortunately there is no way to avoid
patching kernel.

I need to export ip_finish_output2 and ip_local_deliver_finish functions
but
dont know how to do that, and where is the best place.

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] IMQ Runtime error

[tc]

hi all, i have applied all patches and compiled the kernel (2.4.21), iptables
(1.2.9) and iproute2 (2.4.7-now-ss020116) however when i run modprobe imq
numdevs=1, the system returns - imq.o: init_module: Device or resource busy

the transcript is below -

[EMAIL PROTECTED] project]# modprobe imq numdevs=1
/lib/modules/2.4.21-BW/kernel/drivers/net/imq.o: init_module: Device or resource
busy
Hint: insmod errors can be caused by incorrect module parameters, including
invalid IO or IRQ parameters.
  You may find more information in syslog or the output from dmesg
/lib/modules/2.4.21-BW/kernel/drivers/net/imq.o: insmod
/lib/modules/2.4.21-BW/kernel/drivers/net/imq.o failed
/lib/modules/2.4.21-BW/kernel/drivers/net/imq.o: insmod imq failed

what could be wrong? thanks all,
bye
joseph
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] IMQ Runtime error

[Roy]

even if imq is quite useless right now
this eeror is caused probably by other loaded modules for userspace queue
nf_queue probably
since imq uses the same function




- Original Message - 
From: tc [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, January 26, 2004 1:33 AM
Subject: [LARTC] IMQ Runtime error


 hi all, i have applied all patches and compiled the kernel
 (2.4.21), iptables
 (1.2.9) and iproute2 (2.4.7-now-ss020116) however when i run ''modprobe
imq
 numdevs=1'', the system returns - imq.o: init_module: Device or resource
busy

 the transcript is below -

 [EMAIL PROTECTED] project]# modprobe imq numdevs=1
 /lib/modules/2.4.21-BW/kernel/drivers/net/imq.o: init_module: Device or
resource
 busy
 Hint: insmod errors can be caused by incorrect module parameters,
including
 invalid IO or IRQ parameters.
   You may find more information in syslog or the output from dmesg
 /lib/modules/2.4.21-BW/kernel/drivers/net/imq.o: insmod
 /lib/modules/2.4.21-BW/kernel/drivers/net/imq.o failed
 /lib/modules/2.4.21-BW/kernel/drivers/net/imq.o: insmod imq failed

 what could be wrong? thanks all,
 bye
 joseph
 ___
 LARTC mailing list / [EMAIL PROTECTED]
 http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/


___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] IMQ Stability

[mkazmier]

Thank you for the detailed discussion.  There is no doubt that there is a
need for an IMQ type device/funtionality.  What would work really great,
IMHO, is a fake or psuedo ethernet driver that simply sits as a shim
between one or more real drivers.  This fake device could allow us to
Stack qdiscs in a way to allow one to shape traffic in multiple
policies  - ie, prioritize traffic AND allocate / rate shape end users. 
I have actually thought of utilizing the kernel bonding driver for this -
attaching only a single slave to it - but haven't had time as yet.  Not
sure that this would do anything for ingress shaping though.

Thanks again...

Mike

 Probably I am going to continue imq development, so I know about it
 something.

 IMQ is very unpredictable you can use it all week or it may crash at once.
 and what is the most strange - crashes osccur everywhere in the kernel
 except in the driver itself
 this can be kernel bug as well.
 under high loag it crashes quite soom while in low load it can hold
 forewer
 this probably depends on cpu speed and looks that it tends to crash if you
 try to shape localy generated trafic
 if you use it for ingress only it wont have much problems.

 I have no hope to make it work, I rewrote the code completely few times
 and
 no use
 probably this way just cant work.

 I am going to use completely other way to do the same job.
 imq is trying to use userspace queue which dont like when packets are
 droped
 and seems there is no way to avoid droping
 while doing trafic shaping, so I will use another way by completely
 removing
 packets from iptables at some place and transmitting them directly where
 needed.
 thus replacing part of kernel code.
 this way I will be able at least  to track the bug.

 P.S. iptables have another similar module ( ROUTE target ) i tryed it and
 it
 works in some cases ( i redirect trafic to lo interface) but not very
 good.


 - Original Message -
 From: Michael S. Kazmier [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Sent: Friday, January 23, 2004 7:29 PM
 Subject: [LARTC] IMQ Stability


 Hello all,

 I have been doing a lot of archive searching over the last week reading
 posts on IMQ and it's apparent stability / instability.  I have seen a
 number of posts about it not being maintained as well.  Can anyone talk
 to
 me about IMQ's stability in a heavy throughput environment (20 Mbps) and
 what was causing IMQ to fail if you know.

 Thanks,

 Mike

 ___
 LARTC mailing list / [EMAIL PROTECTED]
 http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/




___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] IMQ Stability

[Roy]

Probably I am going to continue imq development, so I know about it
something.

IMQ is very unpredictable you can use it all week or it may crash at once.
and what is the most strange - crashes osccur everywhere in the kernel
except in the driver itself
this can be kernel bug as well.
under high loag it crashes quite soom while in low load it can hold forewer
this probably depends on cpu speed and looks that it tends to crash if you
try to shape localy generated trafic
if you use it for ingress only it wont have much problems.

I have no hope to make it work, I rewrote the code completely few times and
no use
probably this way just cant work.

I am going to use completely other way to do the same job.
imq is trying to use userspace queue which dont like when packets are droped
and seems there is no way to avoid droping
while doing trafic shaping, so I will use another way by completely removing
packets from iptables at some place and transmitting them directly where
needed.
thus replacing part of kernel code.
this way I will be able at least  to track the bug.

P.S. iptables have another similar module ( ROUTE target ) i tryed it and it
works in some cases ( i redirect trafic to lo interface) but not very good.


- Original Message - 
From: Michael S. Kazmier [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, January 23, 2004 7:29 PM
Subject: [LARTC] IMQ Stability


 Hello all,

 I have been doing a lot of archive searching over the last week reading
 posts on IMQ and it's apparent stability / instability.  I have seen a
 number of posts about it not being maintained as well.  Can anyone talk to
 me about IMQ's stability in a heavy throughput environment (20 Mbps) and
 what was causing IMQ to fail if you know.

 Thanks,

 Mike

 ___
 LARTC mailing list / [EMAIL PROTECTED]
 http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/


___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] IMQ Stability

[Alexander Clouter]

On Jan 24, [EMAIL PROTECTED] wrote:
 Thank you for the detailed discussion.  There is no doubt that there is a
 need for an IMQ type device/funtionality.  What would work really great,
 IMHO, is a fake or psuedo ethernet driver that simply sits as a shim
 between one or more real drivers.  This fake device could allow us to
 Stack qdiscs in a way to allow one to shape traffic in multiple
 policies  - ie, prioritize traffic AND allocate / rate shape end users. 
 I have actually thought of utilizing the kernel bonding driver for this -
 attaching only a single slave to it - but haven't had time as yet.  Not
 sure that this would do anything for ingress shaping though.
 
I have been working on this with using what I call a ppp-pipe.  The result is

Internet (eth0) - ppp0 - ppp1 - LAN (eth1) 10.0.0.0/8

where ppp0ppp1 is on the local machine (and simulates two NICs with a 
crossover cable between them in the same machine).  What you throw in at ppp0 
appears at ppp1 and vice versa.  This works fine, it also means you can shape 
on the ppp0/ppp1 interfaces and leave all the NAT stuff on the real 
interfaces.

The command to create this ppp-pipe is (as root), so far I am not completely 
sure if you need to add to the first pppd command real ip:real ip for 
its parameters (you might also need 'xonxoff' too in both):

# mkfifo /tmp/ppp-pipe
# pppd noauth nodefaultroute notty  /tmp/ppp-pipe | pppd noauth \
notty  /tmp/ppp-pipe

However there is a major problem..connection tracking.  In the above 
setup you do

iptables -t nat -I POSTROUTING -s 10.0.0.0/8 \
-d ! 10.0.0.0/8 -o eth0 -j MASQUERADE

the '-o eth0' is very important, you also create some advance routing bits to
make all traffic crossing the router to pass through the ppp-pipe; easy
enough, but depends on your needs.  Conntrack unfortunately notices that you
did not want to NAT the packet straight away when it arrives on eth1 (if you
do then you will be unable to shape fairly per IP, for example with ESFQ),
but then later on when the packet resurfaces at ppp0 the 'nat' table is 
skipped.  The only way about this is to use the patch-o-matic RAW patch and 
instruct it to skip connection tracking for packets on eth1 destined for the 
Internet.

As I am now pure 2.6.x goodness I am in the middle of porting the patch 
myself (the patch-o-matic-ng does not work for me, could be me being lame 
though).

Sure this is replacing one patch dependency with another, however IMQ really
seems that it has been left out to rot; whilst the RAW patch probably is
going to stay better maintained, hell its in the patch-o-matic for starters. 
Besides there are lots of advantages with the ppp-pipe, as now all you folks
who want to shape over with IP-Aliasing can just use cunning ppp-pipes
instead; whilst still keeping things very simple.  So far the above should
work in non-NAT (or rather connection tracking) setups but where you want the
equilivent of IP-Aliased style shaping.

Anyway thoughts would be apprieated, however when I was on #lartc it was its 
normal dead self so I was left dead in the water myself :(

have fun

Alex

-- 
 ___ 
 Fortune favors the lucky. 
 --- 
\   ^__^
 \  (oo)\___
(__)\   )\/\
||w |
|| ||


signature.asc
Description: Digital signature

Re: [LARTC] IMQ Stability

[Roy]

Internet (eth0) - ppp0 - ppp1 - LAN (eth1) 10.0.0.0/8


this way dont seem excelent because it still lacks some functionality
and what about using LO or dummy  type interface instead of ppp?

the new imq driver that i am developing will have unlimited posibilities
it willbe fake interface wich passes all ip trafic without exception no
mater which direction, destination and so on
even localy generated and received trafic should pass it
I removed iptables module so noo need to configure it just everything is
catched.
so you will be able to shape in + out in one

also I am thinking about the chaining functionality
is there any need to make chain of imq devices ? ( they will get the all
same trafic)
you will be able to use few shapers then but it will add latency.

I almost finished my driver , but unfortunately there is no way to avoid
patching kernel.

I need to export ip_finish_output2 and ip_local_deliver_finish functions but
dont know how to do that, and where is the best place.




___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] IMQ Stability

[Michael S. Kazmier]

Hello all,

I have been doing a lot of archive searching over the last week reading
posts on IMQ and it's apparent stability / instability.  I have seen a
number of posts about it not being maintained as well.  Can anyone talk to
me about IMQ's stability in a heavy throughput environment (20 Mbps) and
what was causing IMQ to fail if you know.

Thanks,

Mike

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] imq-patch for 2.4.24 kernel

[Cord Buhlert]

Hi,
is there an IMQ-patch available for kernel version 2.4.24?
If so, where can I get it?

greetz
cord

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] IMQ problems :-(

[Andy Furniss]

On Sunday 04 January 2004  5:33 pm, Roy wrote:
  I have read about people having lots of problems with IMQ. So I just

 wanted to

  try it and see how stable it is on my box. I gather it could actually
  be problems with the Kernel and not the IMQ code??

 That is possible but prpbably not because of bug in kernel I
 as I think it is because kernel handles local trafic diferently than
 forwarded

 so you cant use imq to shape trafic generated by server
 I am comtinuing development of imq abd I face this problem most of the
 time.


Do you mean because it crashes ?

I seem to be able to shape upstream from my gateway and forward OK using 
IMQ - I know I don't really need it for up because I could mark, and the 
nat patch only works down, but I've been testing the jdg script recently 
and haven't managed a crash yet. I am only on a home network that gets 
shutdown after 18 hours, though.



  I think that sounds even more messy :-)
  I only wanted to ingress shape with IMQ to ensure that I don't drop
  UDP or small TCP ACK packets for upload streams. I guess I will just
  give up on the idea and using ingress policing... Its not so important
  anyway

 as my

  DSL connection is very asymetric (2mbit D/L; 256kbit U/L) and upload
  shaping is more important.

 if only want to shape incoming trafic probably you can use imq quite
 safely,

 anyway as I see you dont need it at all you can easily shape all uploads
 anyway
 and since your download speed is high enough you dont need to worry
 about it.

 however imq can be usefull to control trafic so that you can download
 with kaza and browse web or play game without high latency.
__
 LARTC mailing list / [EMAIL PROTECTED]
 http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] IMQ problems :-(

[Robert Walker]

Hi Roy,

Thanks for getting back to me so promptly.

 Imq is very invasive componemt which requires to recompile almost everyhing
 this diver is very unstable and will crash for sure, sooner or later
 depending on load.

I have read about people having lots of problems with IMQ. So I just wanted to
try it and see how stable it is on my box. I gather it could actually
be problems with the Kernel and not the IMQ code??

 I sugest you to leave iptables alone and just modify imq.c source to catch
 what you need.
 ir you dont have too much trafic it may not crash for all day. ( if you will
 use it for download shaping)

I think that sounds even more messy :-)
I only wanted to ingress shape with IMQ to ensure that I don't drop UDP
or small TCP ACK packets for upload streams. I guess I will just give
up on the idea and using ingress policing... Its not so important anyway as my
DSL connection is very asymetric (2mbit D/L  256kbit U/L) and upload
shaping is more important.

Even if IMQ is fixed in kernel 2.6 (is it??) I won't be able to use it until I
can update the driver for my conexant PCI ADSL modem (which works fine
just now under kernel 2.4.22)

-- 
Best regards,
 Robert


___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] IMQ problems :-(

[Roy]

 I have read about people having lots of problems with IMQ. So I just
wanted to
 try it and see how stable it is on my box. I gather it could actually
 be problems with the Kernel and not the IMQ code??

That is possible but prpbably not because of bug in kernel I
as I think it is because kernel handles local trafic diferently than
forwarded

so you cant use imq to shape trafic generated by server
I am comtinuing development of imq abd I face this problem most of the time.

 I think that sounds even more messy :-)
 I only wanted to ingress shape with IMQ to ensure that I don't drop UDP
 or small TCP ACK packets for upload streams. I guess I will just give
 up on the idea and using ingress policing... Its not so important anyway
as my
 DSL connection is very asymetric (2mbit D/L; 256kbit U/L) and upload
 shaping is more important.

if only want to shape incoming trafic probably you can use imq quite safely,

anyway as I see you dont need it at all you can easily shape all uploads
anyway
and since your download speed is high enough you dont need to worry about
it.

however imq can be usefull to control trafic so that you can download with
kaza and browse web or play game without high latency.


___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] IMQ problems :-(

[Robert Walker]

Hi

I have built a custom TMB Mandrake kernel (2.4.22) with IMQ and ESFQ
support. I statically compiled both (mistake?) ESFQ is sorted and
working fine (I have succesfully patched IPROUTE2).

I have got to the stage where I can see the IMQ device as UP with ifconfig.
I can use TC to add QDISCs to the IMQ device. However I just cannot sort out
IPTABLES to actually redirect packets to the IMQ device!! I have been trying
for weeks to sort this problem out and its really helping to develop
my Linux Zen awareness...

Currently I am trying to patch iptables-1.2.8 with iptables-1.2.7a IMQ
patch. I am not getting a .d dependency file for the lipipt_IMQ.c file
in the iptables - extensions directory. I think this is because the
IMQ patch looks for an ipt_IMQ.c file in directory
.../net/ipv4/netfilter/ in my kernel sources. But my kernel source
doesn't have this file. This is the common problem for all the older iptables
-IMQ patches I have tried.

Why don't I have this file in my kernel sources? Is it because I
statically linked in supported for IMQ into the kernel? Do I need to
recompile the kernel with IMQ selected as a module??

I am very new to Linux so these patches for this and patches for that
plus something called 'patch-o-matic' are all getting a bit

Yours in patchyness...

Robert


___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] IMQ problems :-(

[Roy]

Imq is very invasive componemt which requires to recompile almost everyhing
this diver is very unstable and will crash for sure, sooner or later
depending on load.

I sugest you to leave iptables alone and just modify imq.c source to catch
what you need.
ir you dont have too much trafic it may not crash for all day. ( if you will
use it for download shaping)

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] imq crash investigation

[Ivan Pesin]

Hello.

As you know Patrick McHardy stopped to support IMQ. As for now, this 
stuff has an annoying problem and I've made a little investigation of 
it. So, maybe it will be useful for someone.

First, pass all traffic of the interface (as in, as out) though imq 
device. Something like:

iptables -t mangle -I PREROUTING -i $DEV -j IMQ
iptables -t mangle -I POSTROUTING -o $DEV -j IMQ
This works ok. At least, after a day of running this setup seems to be 
stable. Now, lets attach a qdisc to imq:

RATE=187
tc qdisc add dev imq0 handle 1: root tbf rate ${RATE}kbit \
burst 15kb/8 limit 15kb
Ok, here it is. After some time (minutes,hours) I get a kernel panic.

As far as I know, IMQ is the _only_ way for now in Linux to limit the 
total bandwidth of the link (in+out). It would be excellent if somebody, 
 enough expirenced in kernel hacking, will be so kind to fix that problem.

Best regards,
  Ivan Pesin
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] imq crash investigation

[Roy]

Now I am continuing imq development, but seems it is hopeless, no mater what
i do it crashes when qdisc are used
seems that it can be not imq problem but somthing wrong with htb.
I completely rewrote imq driver, only device registration left. I checked
many diferent variants of code, and no mater what, it crashes as allways
I even made that packets are never dropped but still  it crashes completely
with no reason, probability to crash increases with load.

here is new imq code:

int wequeue=stats-rx_packets-stats-tx_packets;
stats-rx_dropped=wequeue;
if (wequeue 70){
nf_reinject(skb, info, NF_ACCEPT);  //not alow to fill queue full so htb
wont drop packets
stats-tx_dropped++;
return 0;
}
stats-rx_packets++;
//  the main part of the driver ( packets are newer dropped)
skb-destructor = imq_skb_destructor; // not used this time
skb-real_dev=skb-dev; //not used
skb-dev=imq_dev; //not used also
if (dev_queue_xmit(skb)){
skb-dev=skb-real_dev;
printk(cant queue %p \n,skb);  // if this occurs then queue is full. what
never happens
}
//---
As you see it is so simple that there is no space for bugs.
now kernel do not crash, it just hags completely with no output.

so I suspect that there is problem with shaper itself or netfilter, or linux
dont like when packets are reordered.

Now I am going to try completely diferent idea, I thing I should name it not
INQ but  NFD because it will be netfilter interface( the part of netfilter
core itself) so EVERYTHING will pass this interface.





 Hello.

 As you know Patrick McHardy stopped to support IMQ. As for now, this
 stuff has an annoying problem and I've made a little investigation of
 it. So, maybe it will be useful for someone.

 First, pass all traffic of the interface (as in, as out) though imq
 device. Something like:

 iptables -t mangle -I PREROUTING -i $DEV -j IMQ
 iptables -t mangle -I POSTROUTING -o $DEV -j IMQ

 This works ok. At least, after a day of running this setup seems to be
 stable. Now, lets attach a qdisc to imq:

 RATE=187
 tc qdisc add dev imq0 handle 1: root tbf rate ${RATE}kbit \
  burst 15kb/8 limit 15kb

 Ok, here it is. After some time (minutes,hours) I get a kernel panic.

 As far as I know, IMQ is the _only_ way for now in Linux to limit the
 total bandwidth of the link (in+out). It would be excellent if somebody,
   enough expirenced in kernel hacking, will be so kind to fix that
problem.

 Best regards,
Ivan Pesin
 ___
 LARTC mailing list / [EMAIL PROTECTED]
 http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] imq crash investigation

[Ivan Pesin]

Roy wrote:
Now I am continuing imq development, but seems it is hopeless, no mater what
i do it crashes when qdisc are used
seems that it can be not imq problem but somthing wrong with htb.
Nope. I've tryed other qdiscs, classful/classless -- the same.

..skip..

As you see it is so simple that there is no space for bugs.
now kernel do not crash, it just hags completely with no output.
so I suspect that there is problem with shaper itself or netfilter, or linux
dont like when packets are reordered.
This could be. BTW, today experimenting I got a crash, which says this 
is kernel bug, file skbuff.c, line 92.


Now I am going to try completely diferent idea, I thing I should name it not
INQ but  NFD because it will be netfilter interface( the part of netfilter
core itself) so EVERYTHING will pass this interface.
Ok, do you have a website?

Regards,
Ivan Pesin
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] imq crash investigation

[Roy]

  so I suspect that there is problem with shaper itself or netfilter, or
linux
  dont like when packets are reordered.
 This could be. BTW, today experimenting I got a crash, which says this
 is kernel bug, file skbuff.c, line 92.
How do you get C code error line?
I can only get function name and asm code offset.

also I got diferent errors with original imq, usualy it was in
tcp_retransmit_skb

  Now I am going to try completely diferent idea, I thing I should name it
not
  IMQ but  NFD because it will be netfilter interface( the part of
netfilter
  core itself) so EVERYTHING will pass this interface.
 Ok, do you have a website?

I dont have website for now, I only have http server   where I can put
something
I have made htb web interface like in docum.org but it have much more
features( all I was able to find about htb) but not finished completely
As about this imq driver I had no luck to make it at least abit more usable

my server addres is http://pupa.da.ru


___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] imq crashes again (new version)

[Roy]

Hi,

I decided to continue imq development since it is 
not much usable as is now.
I am going to make imq the only place for all 
trafic shaping.
But there is one problem that this driver is very 
unstable by some reason it crashes randomly under high load when dropping many 
packets.
and what is most strange that craches occur in 
kernel itself in tcp_retransmit_skb() function I suspect that it may be kernel 
bug.
I didnt changed it very much, I just made that 
everything goes throuth imq device. so it needs to handle quite a lot trafic, 

seems the same problem have original driver if you 
set it to capture everything.

Anyway this driver behaves strangely if you will 
check how many packets are dropped by htb you will see that none of them !!! 
they are just dealayed for extremely long time
I suspect that such queue consumes too much memory 
or kernel is trying retransmit packets forever.

[LARTC] IMQ causing network card reciever lockups

[Andre Tomt]

Hi!

For the past months, my home nat-router has been acting up, locking
random ports on the quad port ethernet NIC after 3-6 hours of use. After
lots of lots of eliminating and debugging of modules, I have circled in
on the IMQ-modules.

So, IMQ locks up my ethernet ports. I'm running a quad D-Link DFE-580TX
using the mainline sundance driver, kernel version is 2.4.23-rc3 based.
The same happens with the becker driver, but is seems to revive the port
after a ifdown/ifup cycle (might have been a fluke). In the kernel log I
get this information (with the mainline driver), and I have to reboot to
revive the port from coma again.

Nov 29 10:36:25 puppen kernel: NETDEV WATCHDOG: eth4: transmit timed out
Nov 29 10:36:25 puppen kernel: eth4: Transmit timed out, TxStatus 00 TxFrameId 00, 
resetting...
Nov 29 10:36:25 puppen kernel: 00 07ded000 07ded010 0001(00) 04ea9542 802a
Nov 29 10:36:25 puppen kernel: 01 07ded010 07ded020 0005(01) 04ea95c2 802a
Nov 29 10:36:25 puppen kernel: 02 07ded020 07ded030 0009(02) 04ea90c2 802a
Nov 29 10:36:25 puppen kernel: 03 07ded030 07ded040 000d(03) 04ea96c2 802a
Nov 29 10:36:25 puppen kernel: 04 07ded040 07ded050 0011(04) 04ea9742 802a
Nov 29 10:36:25 puppen kernel: 05 07ded050  8015(05) 04ea98c2 802a
Nov 29 10:36:25 puppen kernel: 06 07ded060 07ded070 00010019(06)  
Nov 29 10:36:25 puppen kernel: 07 07ded070 07ded080 0001001d(07)  
Nov 29 10:36:25 puppen kernel: 08 07ded080 07ded090 0021(08) 014df7d2 803d
Nov 29 10:36:25 puppen kernel: 09 07ded090 07ded0a0 0025(09) 014df8d2 803d
Nov 29 10:36:25 puppen kernel: 0a 07ded0a0 07ded0b0 0029(0a) 014df9d2 8042
Nov 29 10:36:25 puppen kernel: 0b 07ded0b0 07ded0c0 002d(0b) 014dfad2 8040
Nov 29 10:36:25 puppen kernel: 0c 07ded0c0 07ded0d0 0031(0c) 03ef1812 8492
Nov 29 10:36:25 puppen kernel: 0d 07ded0d0 07ded0e0 0035(0d) 052a6812 85d6
Nov 29 10:36:25 puppen kernel: 0e 07ded0e0 07ded0f0 0039(0e) 014dfbd2 8042
Nov 29 10:36:25 puppen kernel: 0f 07ded0f0 07ded100 003d(0f) 0193f012 8494
Nov 29 10:36:25 puppen kernel: 10 07ded100 07ded110 0041(10) 0243d812 85ea
Nov 29 10:36:25 puppen kernel: 11 07ded110 07ded120 0045(11) 01dff012 85ea
Nov 29 10:36:25 puppen kernel: 12 07ded120 07ded130 0049(12) 01dff812 85ea
Nov 29 10:36:25 puppen kernel: 13 07ded130 07ded140 004d(13) 014dfcd2 8042
Nov 29 10:36:25 puppen kernel: 14 07ded140 07ded150 0051(14) 06f46012 85ea
Nov 29 10:36:25 puppen kernel: 15 07ded150 07ded160 0055(15) 0711f1c2 802a
Nov 29 10:36:25 puppen kernel: 16 07ded160 07ded170 0059(16) 0711f242 802a
Nov 29 10:36:25 puppen kernel: 17 07ded170 07ded180 005d(17) 0711fec2 802a
Nov 29 10:36:25 puppen kernel: 18 07ded180 07ded190 0061(18) 04ea9142 802a
Nov 29 10:36:25 puppen kernel: 19 07ded190 07ded1a0 0065(19) 04ea91c2 802a
Nov 29 10:36:25 puppen kernel: 1a 07ded1a0 07ded1b0 0069(1a) 04ea9242 802a
Nov 29 10:36:25 puppen kernel: 1b 07ded1b0 07ded1c0 006d(1b) 04ea93c2 802a
Nov 29 10:36:25 puppen kernel: 1c 07ded1c0 07ded1d0 0071(1c) 04ea9342 802a
Nov 29 10:36:25 puppen kernel: 1d 07ded1d0 07ded1e0 8075(1d) 04ea92c2 802a
Nov 29 10:36:25 puppen kernel: 1e 07ded1e0 07ded1f0 0079(1e) 04ea9442 802a
Nov 29 10:36:25 puppen kernel: 1f 07ded1f0 07ded000 007d(1f) 04ea94c2 802a
Nov 29 10:36:25 puppen kernel: TxListPtr=07ded070 netif_queue_stopped=1
Nov 29 10:36:25 puppen kernel: cur_tx=38(06) dirty_tx=8(08)
Nov 29 10:36:25 puppen kernel: cur_rx=22 dirty_rx=22
Nov 29 10:36:25 puppen kernel: cur_task=38

I can't see anything obvious in slabinfo, but the
netif_queue_stopped=1 in the log above looks curious.

Any fixes I can try? QoS is pretty much useless here without IMQ ;-)

-- 
Mvh,
André Tomt
[EMAIL PROTECTED]

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] IMQ web page Doc

[Vicent Roca Daniel]

Hi all :)

I'm searching doc about IMQ, but I don't find good info.
Is http://trash.net/~kaber/imq/ the IMQ web page? exists others ??
Any webpage about QoS are welcome.
thx, sorry 4 muy English
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] IMQ Patch Problem

[Venkatesh. K]

Hi,

I have applied the IMQ patch to 2.4.21 kernel.

But, I don't see IMQ target(s) net Kerne - 
Networking_options - IP:Netfilter_Configuration.

I don't know what I am missing?

Venkatesh K

[LARTC] IMQ Patch Problem

[Venkatesh. K]

Hi,

I am sorry for sending mail in html format :(

I have applied the IMQ patch to 2.4.21 kernel.

But, I don't see IMQ target(s) net Kernel - Networking_options -
IP:Netfilter_Configuration.

I don't know what I am missing?

Venkatesh K

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] IMQ and kernel 2.6 again

[jeremie le-hen]

Hi,

please avoid using reply to on a message when you want to start a new
thread.  This is annoying when you use a thread view of mails.

Thank you. :-)
-- 
Jeremie LE HEN aka TtZ/TataZ  [EMAIL PROTECTED]
 [EMAIL PROTECTED]
Hi! I'm a .signature virus! Copy me into your ~/.signature to help me spread!
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] IMQ Install Without Recompiling Kernel?

[Walter D. Wyndroski]

Hey guys, I finally got IMQ to work!!! This may be novel to many, but
recompiling the kernel has always slightly intimidated me until now, even
though I've successfully done it in the past. I've been working for three
days now getting IMQ support into the kernel and iptables.

First off, I didn't want to do a manual compile. So I followed the
instructions for recompiling the RH src.rpm and it worked great after a
little research. I had kernel support for imq devices, but no iptables
support. So I began down the dark path of patch-o-matic. 99% of the docs out
there are for the version of iptables-1.2.6a which was the last version of
iptables to include patch-o-matic. Once I figured out how to work the
patch-o-matic magic, I was felt like I was on my way. I never could get the
new module sources created by iptables to be built into the new kernel-rpm
with rpmbuild. So with more research, I found some great pointers about
re-using the config out of the /boot directory. Once I edited that I
recompiled and all was well with the world.

I've been a fairly hard Linux user now for three years and using
iproute2 now for a year. Now I understand that recompiling the kernel is
second-nature to most on this list, but I just wanted to share a positive
comment rather than a question for once. Most of the stuff involved with
this process is fairly easy once you understand what's going on. That
reminds me of a joke between my boss and I, There's no clear documentation
on this because if you are messing with this, you should already know what
you are doing. That actually stemmed from an installation of RADIUS about
three years ago.

In short and IMHO, use of the IMQ Device with classful queues is the
absolute best method to apply fine-tuned ingress/egress control to a
host/subnet. I want to say thanks to everyone to gave me great pointers and
help on this.

Walt


- Original Message - 
From: David Boreham [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, September 25, 2003 4:26 PM
Subject: Re: [LARTC] IMQ Install Without Recompiling Kernel?


  1) Why is RH a bad choice?

 It's not necessarily bad, for example they can sell you
 good commercial support, and most commercial binary-only
 applications will only support RH kernels (e.g. Clearcase).
 However, RH tends to have their own ideas about a bunch of
 stuff which doesn't always match the 'mainstream'.

 This is why I quit using
 RH for my own projects and instead use Mandrake.
 It's RH-like, but rather more in sync with the 'normal'
 Linux environment. There are other distributions which
 have their own 'better' attributes for any given task too.

  2) Why the sarcasm about not wanting to recompile the kernel? I love
using
  Linux, and I have recompiled kernels before. However, in this
application
 it
  may not be my best choice. You do not know my situation. I tried
 recompiling
  the kernel on this machine and had much trouble with the particular SCSI
  card in that machine. However, I felt this list was limited to routing
  issues and NOT kernel recompilation issues with a SCSI card.

 Yeah, try the RPM rebuilding route that I suggested.
 I too became frustrated with the typical Linux community
 suggestion that you should rebuild from source in the
 classic manner---I found that the result almost always
 breaks something which previously worked in the distro kernel.
 If you build from the source RPM, modulo some corner
 cases such as using a different compiler build, you'll be
 making exactly the same binary that RH made.

  4) I'm not the qdisc or routing master, but from my reading I understand
 the
  following:
  -An egress qdisc applied to eth0 ONLY shapes traffic leaving
eth0,
  NOT eth1, eth2, etc.

 Right, it's per-interface shaping.

  -I don't want to write an egress qdisc for each of my 9
 interfaces,
  plus I also want ingress control.

 Correct. Plus, if you want to correctly share incoming bandwidth between
 nodes which are on the other side of more than one of those interfaces,
 then separate shaping won't do what you want (the queue at each
 interface has no knowledge of the situation at any of the other
interfaces).
 Therefore you need IMQ.

  5) I have different types of customers on each interface, hence
different
  traffic flows and speeds.

 Without IMQ you'll be able to shape on each interface,
 but you won't be able to fairly distribute the same bandwidth
 between customers on different interfaces.



 ___
 LARTC mailing list / [EMAIL PROTECTED]
 http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/



**
 * This message has been scanned by CityNET's email scanner for viruses and
dangerous content *
 * and is believed to be clean.  CityNET is proud to use MailScanner.  For
more information   *
 * concerning MailScanner, visit http://www.mailscanner.info

Re: [LARTC] IMQ Install Without Recompiling Kernel?

[Walter D. Wyndroski]

Thank you. I had not thought of that route. I will probably go with your
suggestion.

Walt

- Original Message - 
From: David Boreham [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, September 24, 2003 12:40 PM
Subject: Re: [LARTC] IMQ Install Without Recompiling Kernel?


  Why don't you take the RH kernel source, apply the imq patch, use the RH
  kernel options and recompile the kernel?

 A reasonably painless way to do this is to get the RH kernel RPM source.
 Modify the .spec file to add the patches, and rebuild. I've done this in
the
 past and it tends to result in something which is closer to the original
 kernel than if you just take the source tree and compile that. It's also a
 more reproducable build process which helps if you need to do it
 several times (e.g. when RH releases a new kernel).


 ___
 LARTC mailing list / [EMAIL PROTECTED]
 http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/



**
 * This message has been scanned by CityNET's email scanner for viruses and
dangerous content *
 * and is believed to be clean.  CityNET is proud to use MailScanner.  For
more information   *
 * concerning MailScanner, visit http://www.mailscanner.info
*


**





**
* This message has been scanned by CityNET's email scanner for viruses and dangerous 
content *
* and is believed to be clean.  CityNET is proud to use MailScanner.  For more 
information   *
* concerning MailScanner, visit http://www.mailscanner.info
  *
**

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/