[LARTC] IMQ KERNEL PANIC 2.6.17.14 AND 2.6.21.1 No chain/target/match by that name
After starting to shape local traffic now i am getting a lot of kernel panics in tcp_retransmit, so i decided to update my kernel from 2.6.17.14 to 2.6.21.1 , the problem is that after that i get: # iptables -t mangle -A POSTROUTING -o eth0 -j IMQ --todev 0 iptables: No chain/target/match by that name so i can not redirect ttraffic to IMQ device. and modules are loaded. - # lsmod Module Size Used by ipt_ipp2p 6656 2 ipt_MASQUERADE 2688 1 sch_sfq 4864 31 cls_u32 6660 8 sch_htb14208 2 ipt_IMQ 1792 0 imq 3592 0 xt_mac 1792 19 ipt_LOG 5504 2 xt_limit2304 2 xt_multiport3200 4 xt_state2176 3 iptable_mangle 2304 1 iptable_nat 6020 1 nf_nat 13996 2 ipt_MASQUERADE,iptable_nat nf_conntrack_ipv4 12940 5 iptable_nat nf_conntrack 46584 5 ipt_MASQUERADE,xt_state,iptable_nat,nf_nat,nf_conntrack_ipv4 nfnetlink 4888 3 nf_nat,nf_conntrack_ipv4,nf_conntrack iptable_filter 2436 1 ip_tables 9560 3 iptable_mangle,iptable_nat,iptable_filter usbhid 19424 0 uhci_hcd 18836 0 via_rhine 18456 0 3c59x 35820 0 Any help ?? []'s Salatiel O maior prazer do inteligente é bancar o idiota diante de um idiota que banca o inteligente. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] IMQ action
Nikolay Nikolaev wrote: Hi. -j IMQ is equal -j ACCEPT...? i mean it after -j IMQ packet don't return in parent chain??? cause -j ACCEPT action accept the packet in the child chain and don't return it to parent... example: ipt=iptables -t mangle $ipt -N HTTP $ipt -A HTTP -j IMQ // after this packet packets go to -t nat tables? or // it return to parent chain (PREROUTING) in mangle? $ipt -N OTHER $ipt -A OTHER -j IMQ $ipt -A PREROUTING [expression] -j HTTP $ipt -A PREROUTING -j OTHER all this I do for ingress traffic. thx. I don't think -j IMQ is terminating as an iptables rule. Whether it sees packets before / after (de)nat in prerouting depends on the kernel config options and gets logged for 2.6s. For 2.4s there is a patch to make it hook after nat. Andy. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] IMQ action
Hi. -j IMQ is equal -j ACCEPT...? i mean it after -j IMQ packet don't return in parent chain??? cause -j ACCEPT action accept the packet in the child chain and don't return it to parent... example: ipt=iptables -t mangle $ipt -N HTTP $ipt -A HTTP -j IMQ // after this packet packets go to -t nat tables? or // it return to parent chain (PREROUTING) in mangle? $ipt -N OTHER $ipt -A OTHER -j IMQ $ipt -A PREROUTING [expression] -j HTTP $ipt -A PREROUTING -j OTHER all this I do for ingress traffic. thx. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] IMQ + NAT
Jonas Jasas wrote: Hello, I have eth0 - internet eth1..4 - local networks on eth0 i do $IPTABLES -A POSTROUTING -t nat -o eth0 -j MASQUERADE I want to balance out/in load for eth1..4 and localhost (mainly squid). Nat makes impossible to do it on eth0, so I installed IMQ. I need to get to on imq0 unnnated in/out traffic that I could make priorities for protocols and networks. Do somthing like this: prate=1Mbit localhost: rate=500kbit, ceil=prate vnc: rate=100kbit, ceil=prate web: rate=100kbit, ceilp=prate mail: rate=100kbit, ceil=prate eth1: rate=400kbit, ceil=prate ftp: rate=10kbit, ceil=prate eth2..4: rate=100kbit, ceil=prate (eth2...eth4 would split the same 100kbit) rdp: rate=90kbit, ceil=prate .. This load balance would be applyed for outgoing and incoming internet traffic. Where and how in iptables would be correct to -j IMQ ? Whether IMQ hooks before or after NAT is in the kernel config for 2.6 and needs patches for 2.4. You need AB = after prerouting, before postrouting (though you could do the latter with marks). IMQ logs where it hooks WRT NAT when loaded. Ingress traffic will be hooked by -j IMQ --todev 0 in PREROUTING mangle, egress by -j IMQ --todev 1 in POSTROUTING mangle. Andy. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] IMQ + NAT
Hello, I have eth0 - internet eth1..4 - local networks on eth0 i do $IPTABLES -A POSTROUTING -t nat -o eth0 -j MASQUERADE I want to balance out/in load for eth1..4 and localhost (mainly squid). Nat makes impossible to do it on eth0, so I installed IMQ. I need to get to on imq0 unnnated in/out traffic that I could make priorities for protocols and networks. Do somthing like this: prate=1Mbit localhost: rate=500kbit, ceil=prate vnc: rate=100kbit, ceil=prate web: rate=100kbit, ceilp=prate mail: rate=100kbit, ceil=prate eth1: rate=400kbit, ceil=prate ftp: rate=10kbit, ceil=prate eth2..4: rate=100kbit, ceil=prate (eth2...eth4 would split the same 100kbit) rdp: rate=90kbit, ceil=prate .. This load balance would be applyed for outgoing and incoming internet traffic. Where and how in iptables would be correct to -j IMQ ? Thank you! ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] IMQ slows computer to a crawl
I am attempting to implement IMQ on a 2.4.31 version kernel with iptables 1.3.3. I am following the example at http://www.linuximq.net/usage.html. When I enter the line iptables -t mangle -A POSTROUTING -o eth1 -j IMQ --todev1 (eth1 is the external interface), the computer slows to a crawl. OK, the CPU is only an AMD K6 233 which is not the world's greatest CPU, but egress shaping is done at acceptable speed. Neither top nor free is any help. top says the system is using 35% and user about 1%, with load averages in the range of 0.2x, 0.2x and 0.1x and top itself is at the top of the list. free says 3388 free mem and 780 used swap. Even attaching to a non connected device (change eth1 to eth2 in the above iptables line) creates this condition!?? Does anyone have any suggestions as to what might cause this huge slowdown? How do I troubleshoot this? I'll have to reimplement policing if I can't make IMQ work. Thanks for any assistance. -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] IMQ slows computer to a crawl - SOLVED
gypsy wrote: I am attempting to implement IMQ on a 2.4.31 version kernel with iptables 1.3.3. I am following the example at http://www.linuximq.net/usage.html. When I enter the line iptables -t mangle -A POSTROUTING -o eth1 -j IMQ --todev1 (eth1 is the external interface), the computer slows to a crawl. OK, the CPU is only an AMD K6 233 which is not the world's greatest CPU, but egress shaping is done at acceptable speed. Neither top nor free is any help. top says the system is using 35% and user about 1%, with load averages in the range of 0.2x, 0.2x and 0.1x and top itself is at the top of the list. free says 3388 free mem and 780 used swap. Even attaching to a non connected device (change eth1 to eth2 in the above iptables line) creates this condition!?? Does anyone have any suggestions as to what might cause this huge slowdown? How do I troubleshoot this? I'll have to reimplement policing if I can't make IMQ work. Thanks for any assistance. -- gypsy The answer is that the wrong IMQ device was specified. I loaded imq with: modprobe imq numdevs=1 That makes the --todev 0 not 1. Moreover, I was in the wrong mangle chain. WRONG: iptables -t mangle -A POSTROUTING -o eth1 -j IMQ --todev 1 RIGHT: iptables -t mangle -A PREROUTING -i eth1 -j IMQ --todev 0 So much for the documentation at http://www.linuximq.net/usage.html shrug. Thanks to http://wiki.nix.hu/cgi-bin/twiki/view/IMQ/WebHome -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] IMQ and nfcache
Hi, I'm working on the IMQ patch for 2.6.14-rc* and ran in trouble with nfcache. I have to be honest that I'm not following kernel devel as I should so I need to ask for a little help here. I know Mr Harald Welte removed nfcache but I'm not sure about the way to go. I have this at net/ipv4/netfilter/ipt-IMQ.c: static unsigned int imq_target(struct sk_buff **pskb, const struct net_device *in, const struct net_device *out, unsigned int hooknum, const void *targinfo, void *userdata) { struct ipt_imq_info *mr = (struct ipt_imq_info*)targinfo; (*pskb)-imq_flags = mr-todev | IMQ_F_ENQUEUE; (*pskb)-nfcache |= NFC_ALTERED; return IPT_CONTINUE; } I found that in places like ip_conntrack_core.c and ip_nat_core.c, nfcache references have just being removed. Tk in advance for any help. Cheers... Andre D. Correa, CISSP | Visite meus projetos pessoais: andre.correa (at) pobox.com| Visit my personal projects: http://andre.hiperlinks.com.br | - http://www.malware.com.br/ Sao Paulo / SP / Brazil| - http://www.linuximq.net/ ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] imq + htb
choros wrote: tc filter add dev imq0 parent 10:2 protocol ip prio 1 handle 3 fw classid 10:23 The filters need to be on the root - 10: or you need another filter on 10: to filter the packets to 10:2. Andy. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] imq + htb
Andy Furniss wrote: choros wrote: tc filter add dev imq0 parent 10:2 protocol ip prio 1 handle 3 fw classid 10:23 The filters need to be on the root - 10: or you need another filter on 10: to filter the packets to 10:2. Andy. thanks for your help . I did what you say and everything seems to be ok.. Jorge ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] imq + htb
Hi, i am running imq + htb on my router , the situation is like this eth0 = uplink to my provider eth1 = 1st customer eth2 = 2nd customer eth3 = 3th customer eth0 has limit 512 and i want to share this between eth1 eth2 and eth3 , but not working , this is the script i used, \\\ #!/bin/sh PATH=/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/sbin:/usr/local/bin iptables -t mangle -F 2/dev/null iptables -t mangle -X 2/dev/null iptables -t mangle -N markov iptables -t mangle -I PREROUTING -j markov iptables -t mangle -N markov2 iptables -t mangle -I POSTROUTING -j markov2 tc qdisc del dev imq0 root /dev/null 21 tc qdisc del dev imq1 root /dev/null 21 #bring up the imq0 ip link set dev imq0 up #marking of incoming from eth1,eth2,eth3 iptables -t mangle -A markov -i eth1 -j MARK --set-mark 1 iptables -t mangle -A markov -i eth2 -j MARK --set-mark 2 iptables -t mangle -A markov -i eth3 -j MARK --set-mark 3 #forward it to imq0 iptables -t mangle -A PREROUTING -i eth1 -j IMQ --todev 0 iptables -t mangle -A PREROUTING -i eth2 -j IMQ --todev 0 iptables -t mangle -A PREROUTING -i eth3 -j IMQ --todev 0 tc qdisc add dev imq0 root handle 10: htb default 20 tc class add dev imq0 parent 10: classid 10:2 \ htb rate 512Kbit ceil 512Kbit # #class for eth1 tc class add dev imq0 parent 10:2 classid 10:21 htb rate 128Kbit ceil 512Kbit # mark tc filter add dev imq0 parent 10:2 protocol ip prio 1 handle 1 fw classid 10:21 tc qdisc add dev imq0 parent 10:21 sfq perturb 15 ### # class for eth2 tc class add dev imq0 parent 10:2 classid 10:22 htb rate 128Kbit ceil 512Kbit #mark tc filter add dev imq0 parent 10:2 protocol ip prio 1 handle 2 fw classid 10:22 tc qdisc add dev imq0 parent 10:22 sfq perturb 15 # # class for eth3 tc class add dev imq0 parent 10:2 classid 10:23 htb rate 128Kbit ceil 512Kbit #mark tc filter add dev imq0 parent 10:2 protocol ip prio 1 handle 3 fw classid 10:23 tc qdisc add dev imq0 parent 10:23 sfq perturb 15 ## ## # outgoing traffic to eth1,eth2,eth3 #bring up imq1 ip link set dev imq1 up #make marks iptables -t mangle -A markov2 -o eth1 -j MARK --set-mark 21 iptables -t mangle -A markov2 -o eth2 -j MARK --set-mark 22 iptables -t mangle -A markov2 -o eth3 -j MARK --set-mark 23 #forward it to imq1 iptables -t mangle -A POSTROUTING -o eth1 -j IMQ --todev 1 iptables -t mangle -A POSTROUTING -o eth2 -j IMQ --todev 1 iptables -t mangle -A POSTROUTING -o eth3 -j IMQ --todev 1 tc qdisc add dev imq1 root handle 10: htb default 20 tc class add dev imq1 parent 10: classid 10:2 htb rate 512Kbit ceil 512Kbit ## # class for eth1 tc class add dev imq1 parent 10:2 classid 10:21 htb rate 128Kbit ceil 512Kbit # mark tc filter add dev imq1 parent 10:2 protocol ip prio 1 handle 21 fw classid 10:21 tc qdisc add dev imq1 parent 10:21 sfq perturb 15 # class for eth2 tc class add dev imq1 parent 10:2 classid 10:22 htb rate 128Kbit ceil 512Kbit #mark tc filter add dev imq1 parent 10:2 protocol ip prio 1 handle 22 fw classid 10:22 tc qdisc add dev imq1 parent 10:22 sfq perturb 15 # #class for eth3 tc class add dev imq1 parent 10:2 classid 10:23 htb rate 128Kbit ceil 512Kbit #mark tc filter add dev imq1 parent 10:2 protocol ip prio 1 handle 23 fw classid 10:23 tc qdisc add dev imq1 parent 10:23 sfq perturb 15 ## ## But the traffic is unshaped, i think maybe somethink wrong with the filters becouse if i do tc -s class show dev imq0 or imq1 while uploading or downloading traffic doesnt get to right class. If i take look in iptables -t mangle -L -n -v the packets are marked well OUTPUT OF tc -s class show dev imq0 class htb 10:22 parent 10:2 leaf 8026: prio 0 rate 128000bit ceil 512000bit burst 1615b cburst 1.625Kb Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) rate 0bit 0pps backlog 0b 0p requeues 0 lended: 0 borrowed: 0 giants: 0 tokens: 103424 ctokens: 26624 class htb 10:23 parent 10:2 leaf 8027: prio 0 rate 128000bit ceil 512000bit burst 1615b cburst 1.625Kb Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) rate 0bit 0pps backlog 0b 0p requeues 0 lended: 0 borrowed: 0 giants: 0 tokens: 103424 ctokens: 26624 \ PARTIAL OUTPUT of iptables -t mangle -L -n -v Chain markov (1 references) pkts bytes target prot opt in out source destination 96 8578 MARK all -- eth1 * 0.0.0.0/0 0.0.0.0/0 MARK set 0x1 25004 36M MARK all -- eth2 *
[LARTC] imq custom device numbers
I made some changes to IMQ, so it is now possible to have custom numbers for IMQ devices. Useful when working with VLANs. You can get it at http://tuxpowered.net/. Readme is on the website. -- | pozdrawiam / greetings | powered by Trustix, Gentoo and FreeBSD | | Kajetan Staszkiewicz | JID: [EMAIL PROTECTED] | |Vegeta | IMQ devnames: http://tuxpowered.net| +++ ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] IMQ
ive got such network: || |-| | WORLD |---|ROUTER/server| -- NATED LAN || |-| I want to use imq on ROUTER, what behaviour to choose ? AA, BA, AB, BB ?? -- ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] IMQ
Dariusz Dwornikowski ([EMAIL PROTECTED]) schrieb: I want to use imq on ROUTER, what behaviour to choose ? AA, BA, AB, BB ?? That depends on what you want to do. For example: *) BA - If you want to have all packets on the IMQ after the nat table - so you wouldn't see any internal ips anymore on the IMQ device. *) BB - If you want to have packets with internal ips on the IMQ before the pass the nat table. But you can't match on your external IP with BB. Cheers, Andreas ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] IMQ
Dariusz Dwornikowski ([EMAIL PROTECTED]) schrieb: I want to use imq on ROUTER, what behaviour to choose ? AA, BA, AB, BB ?? That depends on what you want to do. For example: *) BA - If you want to have all packets on the IMQ after the nat table - so you wouldn't see any internal ips anymore on the IMQ device. *) BB - If you want to have packets with internal ips on the IMQ before the pass the nat table. But you can't match on your external IP with BB. yes but i want to have two IMQ devices... for outside eth and inside eth -- ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] IMQ
yes but i want to have two IMQ devices... for outside eth and inside eth Ahmm.. don't know what you mean with that. But if you have a external Interface (ex eth0) on which you want to shape egress and also ingress shaping you simply do: ip link set imq0 up ip link set imq1 up ${IPTABLES} -t mangle -I PREROUTING -i ${EXT_DEV} -j IMQ --todev 0 ${IPTABLES} -t mangle -I POSTROUTING -o ${EXT_DEV} -j IMQ --todev 1 and put your QoS on imq0 and imq1... ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] IMQ
yes but i want to have two IMQ devices... for outside eth and inside eth Ahmm.. don't know what you mean with that. But if you have a external Interface (ex eth0) on which you want to shape egress and also ingress shaping you simply do: ip link set imq0 up ip link set imq1 up ${IPTABLES} -t mangle -I PREROUTING -i ${EXT_DEV} -j IMQ --todev 0 ${IPTABLES} -t mangle -I POSTROUTING -o ${EXT_DEV} -j IMQ --todev 1 and put your QoS on imq0 and imq1... i want to shape traffic for my clients and do not know what behaviour to choose... in your example will it be possible to match NATed addresses of my clients ? -- ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] IMQ
i want to shape traffic for my clients and do not know what behaviour to choose... in your example will it be possible to match NATed addresses of my clients ? you want to match the translated addresses of your clients (- external IP) - then BA is the correct behaviour. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] IMQ
i want to shape traffic for my clients and do not know what behaviour to choose... in your example will it be possible to match NATed addresses of my clients ? you want to match the translated addresses of your clients (- external IP) - then BA is the correct behaviour. no i want match their private addresses. i want imq0 for ext_if and imq1 for internal_if.. so i can traffic shaping on matched NATed ips -- ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] IMQ
no i want match their private addresses. i want imq0 for ext_if and imq1 for internal_if.. so i can traffic shaping on matched NATed ips Oh ok. I was irritated because you say NATed ips - for me this are all clients after the passed the nat table... So you ned BB. IMQ hook before the postrouting table (where your NAT will happen) and you have internal addresses on the imq device. thank you very much. -- ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] IMQ + HTB + little script problem
s.az wrote: I want to shape the incoming traffic ( download ) but using only fwmark, i know there are other methods, but i want to use this one particularly... So, first i create DOWNLOAD and mark with 20 all the traffic with destination 10.0.0.3 ( eth1 ) incoming from my internet device ( eth0 ). #$IPTABLES -t mangle -N DOWNLOAD #$IPTABLES -t mangle -I PREROUTING -i eth0 -j DOWNLOAD #$IPTABLES -t mangle -A DOWNLOAD -d 10.0.0.3 -p tcp -m tcp -j MARK --set-mark 20 #$IPTABLES -t mangle -A DOWNLOAD -j IMQ --todev 0 PREROUTING mangle is before de-nat so you won't see local addresses. If you really need to use imq then you can get it to hook after PREROUTING nat - but you still can't use marks. If you only want to shape forwarded traffic then you can do it on eth1 without needing imq. You could mark or CLASSIFY in FORWARD. If you classify you don't need any filters with htb you can do similar with mark and an empty fw filter on the root eg. $TC filter add dev eth1 parent 1: protocol ip prio 5 fw then a mark 0x10010 would get sent to class 0x1:10 Andy. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] IMQ + HTB + little script problem
I want to shape the incoming traffic ( download ) but using only fwmark, i know there are other methods, but i want to use this one particularly... So, first i create DOWNLOAD and mark with 20 all the traffic with destination 10.0.0.3 ( eth1 ) incoming from my internet device ( eth0 ). #$IPTABLES -t mangle -N DOWNLOAD #$IPTABLES -t mangle -I PREROUTING -i eth0 -j DOWNLOAD #$IPTABLES -t mangle -A DOWNLOAD -d 10.0.0.3 -p tcp -m tcp -j MARK --set-mark 20 #$IPTABLES -t mangle -A DOWNLOAD -j IMQ --todev 0 Then, i create the QOS rules $TC qdisc add dev imq0 root handle 1: htb default 10 $TC class add dev imq0 parent 1: classid 1:1 htb rate 128kbit burst 6k $TC class add dev imq0 parent 1:1 classid 1:10 htb rate 80kbit burst 6k prio 1 $TC class add dev imq0 parent 1:1 classid 1:20 htb rate 50kbit burst 6k prio 1 $TC qdisc add dev imq0 parent 1:10 handle 10: pfifo $TC filter add dev imq0 parent 1: protocol ip prio 5 handle 10 fw flowid 1:10 $TC filter add dev imq0 parent 1: protocol ip prio 6 handle 20 fw flowid 1:20 This thing does not work. I can't mark the packets with 20, but if i remove -d 10.0.0.3, the script marks and works but for all the eth1 device not only one ip. Any Idea? ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] IMQ on KPTD
Hi! I would like to thank very much for this great page with Kernel Packet Traveling Diagram and to suggest small update concerning IMQ. I think the sentence: IMQ in input comes before nat so IMQ does not know the real ip address. Ingress comes after nat, so ingress knows the real ip address. could be more precise like that: By default IMQ in PREROUTING comes before nat and in POSTROUTING after nat, so in both cases IMQ knows ip addresses as masqueraded (nated) if it is used. This could be changed with kernel parameters IMQ_BEHAVIOR_??. My opinion is based on IMQ patch by Patrick McHardy from www.linuximq.net. Best regards, Jarek Poplawski ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] IMQ on KPTD
In 2.6 kernel series, the IMQ patch allow you to change this behaviour. For 2.4 kernels I had seen (some time ago) something about it in IMQ faqs or there. You can changhe this behaviour, but I don't remember now if for 2.4 kernels were changing some #define in any .c or .h file. Best regards Jarek Poplawski wrote: Hi! I would like to thank very much for this great page with Kernel Packet Traveling Diagram and to suggest small update concerning IMQ. I think the sentence: IMQ in input comes before nat so IMQ does not know the real ip address. Ingress comes after nat, so ingress knows the real ip address. could be more precise like that: By default IMQ in PREROUTING comes before nat and in POSTROUTING after nat, so in both cases IMQ knows ip addresses as masqueraded (nated) if it is used. This could be changed with kernel parameters IMQ_BEHAVIOR_??. My opinion is based on IMQ patch by Patrick McHardy from www.linuximq.net. Best regards, Jarek Poplawski ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc -- Samuel Díaz García Director Gerente ArcosCom Wireless, S.L.L. mailto:[EMAIL PROTECTED] http://www.arcoscom.com Móvil: 651 93 72 48 Tlfn.: 956 70 13 15 Fax: 956 70 34 83 begin:vcard fn;quoted-printable:Samuel D=C3=ADaz Garc=C3=ADa n;quoted-printable:D=C3=ADaz Garc=C3=ADa;Samuel org:ArcosCom Wireless, S.L.L.;I+D+I adr;quoted-printable;quoted-printable:;;c/ Romero Gago, 19;Arcos de la Frontera;C=C3=A1diz;11630;Espa=C3=B1a email;internet:[EMAIL PROTECTED] title:Director Gerente tel;work:956 70 13 15 tel;fax:956 70 34 83 tel;cell:651 937 248 x-mozilla-html:FALSE url:http://www.arcoscom.com version:2.1 end:vcard ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] IMQ: why do I need IMQ ?
OK, i've got the ideea. In conclusion if i have a simple: LAN --- router --- WAN i don't need IMQ stuff :) thanks bye -- Radu Cugut mobile: +40 742 045686 web:http://rcugut.has.it ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] IMQ device support in tcng language??
Hi, I would like to ask whether there is support for the interface imq in the tcng language thats used for easy traffic control configuration instead of the tc command line tool. eg: dev imq0{ egress{} } Thanx and kind regards vinay __ Do you Yahoo!? Meet the all-new My Yahoo! - Try it today! http://my.yahoo.com ___ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] IMQ with IPSec
Hi, I would like to shape incomming traffic on eth0 and ipsec0 (binded to eth0). I need to set minimal bandwidth to some packets going via ipsec0 interface. It is running fine when I simply mark the ESP (protocol 50) packets in the PREROUTING chain - means all ipsec packets are shaped. Like: iptables -t mangle -A PREROUTING -i eth0 -p 50 -j MARK --set-mark 30 iptables -t mangle -A PREROUTING -i eth0 -p 50 -j RETURN The issue I'm dealing with is how can I mark packets based on internal destinantion/source IP in PREROUTING chain when it is encrypted ipsec packet. I can see the ipsec packet decrypted in FORWARD chain, but will that work correctly with IMQ, when I mark it here? Thanks, David ___ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] imq config
Dnia pitek 10 wrzesie 2004 05:22, Joel n.solanki napisa: Hello Andre... this is the scenario My linux router is connected to 1 Mbps leased line. Out of which i only want to use 100 kbps for my broadband clients. Linux router(100 kbps class 1:101(40kbps) class 1:102(40kbps) class 1:103(50kbps) class 1:104(30kbps) class 1:105(20kbps) lot of similar class But the total bandwidth linux should serve should be 100 kbps nothing more than that. I means i want global limit on server.Hope u understand the scenario. Is is possible??? Of course and it seems that you didn't read LARTC! :D Like Andre said - make a parent class with 100kbps and all other classes should be it's childs. Then it would work it the way you want it. -- .: Jakub Gazik (zytek) .: email:[EMAIL PROTECTED] .: JID:[EMAIL PROTECTED] .: http://www.misiaj.sie.pl [obsolete] ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] imq config
Hi Joel, you didn't told us details about your scenario or special needs but to me you don't look like a candidate for IMQ. It is ment to be used when you need to set global defaults or when you need to use egress filter features on ingress traffic. Based in your message I supose that a qdisc of 100Kbps and child qdiscs of 50 or 60Kbps would do what you need. This way it will restrict traffic to 100Kbps and child classes will borrow from each other when possible, but never higher then their parent. Hope it helps... Andre Joel n.solanki wrote: Dear all, I know this is not imq mailing list. But many of the users over here have done exactly what i want. Requirement:- I want to tight bound eth1 for 100 kbps but after i want to create many classes of 64 kbps or 50 kbps and others. But the total sum of classes is more than 100 kbps so my eth1 is not restrciting total bandwidth at 100kbps. According to search on google imq is the solution. So any body over here have done this type of configuration. if any plz give me some little examples. I have already patched and compiled the imq and kernel. Now need to configure imq. Any help ??? Regards, ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] imq config
Hello Andre... this is the scenario My linux router is connected to 1 Mbps leased line. Out of which i only want to use 100 kbps for my broadband clients. Linux router(100 kbps class 1:101(40kbps) class 1:102(40kbps) class 1:103(50kbps) class 1:104(30kbps) class 1:105(20kbps) lot of similar class But the total bandwidth linux should serve should be 100 kbps nothing more than that. I means i want global limit on server.Hope u understand the scenario. Is is possible??? thanks, On Thu, 2004-09-09 at 22:24, Andre Correa wrote: Hi Joel, you didn't told us details about your scenario or special needs but to me you don't look like a candidate for IMQ. It is ment to be used when you need to set global defaults or when you need to use egress filter features on ingress traffic. Based in your message I supose that a qdisc of 100Kbps and child qdiscs of 50 or 60Kbps would do what you need. This way it will restrict traffic to 100Kbps and child classes will borrow from each other when possible, but never higher then their parent. Hope it helps... Andre Joel n.solanki wrote: Dear all, I know this is not imq mailing list. But many of the users over here have done exactly what i want. Requirement:- I want to tight bound eth1 for 100 kbps but after i want to create many classes of 64 kbps or 50 kbps and others. But the total sum of classes is more than 100 kbps so my eth1 is not restrciting total bandwidth at 100kbps. According to search on google imq is the solution. So any body over here have done this type of configuration. if any plz give me some little examples. I have already patched and compiled the imq and kernel. Now need to configure imq. Any help ??? Regards, ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ -- Joel N.Solanki Network Administrator Phone No: 0265-550001/2/3/4/5 Ext: 211/212 Digtial 2 Virtual Internet Service Provider. http://www.packetraptor.com/ http://www.d2visp.com/ Gujarat (India) ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] imq config
Dear all, I know this is not imq mailing list. But many of the users over here have done exactly what i want. Requirement:- I want to tight bound eth1 for 100 kbps but after i want to create many classes of 64 kbps or 50 kbps and others. But the total sum of classes is more than 100 kbps so my eth1 is not restrciting total bandwidth at 100kbps. According to search on google imq is the solution. So any body over here have done this type of configuration. if any plz give me some little examples. I have already patched and compiled the imq and kernel. Now need to configure imq. Any help ??? Regards, -- Joel N.Solanki Network Administrator Phone No: 0265-550001/2/3/4/5 Ext: 211/212 Digtial 2 Virtual Internet Service Provider. http://www.packetraptor.com/ http://www.d2visp.com/ Gujarat (India) ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] IMQ on 2.6.x + iptraf = problem
Hi Bety, a problem like this was reported on IMQ mailling list a couple of weeks ago. It is still pending review but it must be somehow related to iptraf. :-| I'm sorry for not being able to give you some positive advice on it for now. Tks for reporting this issue. If you need assistance feel free to write me privately or to join our list at www.linuximq.net Cheers Andre [EMAIL PROTECTED] wrote: Does anybody have the following problem? Affected: IMQ interfaces with --todev target on PREROUTING chain appear only on 2.6.x kernels (2.4.x working good) Counters on PREROUTING chain working good (with iptraf sniffing on any interface), but imq interfaces lost TCP packets which are forwarded from the internet to the network behind router (only TCP; the rest of traffic like icmp, udp is ok). Try to make two imq interfaces on your internet interface and download file (via ftp, www or somtging else), NOT from your internet router but from computer behind NAT (behind router) and then enable iptraf. Because for router traffic everything working fine. your computer --- router (with nat, imq and iptraf) --- imq0, and imq1 --- internet interface --- Internet configuration: iptables -F iptables -X iptables -Z iptables -F -t nat iptables -X -t nat iptables -F -t mangle iptables -X -t mangle iptables -P FORWARD ACCEPT iptables -P INPUT ACCEPT iptables -P OUTPUT ACCEPT iptables -t nat -A POSTROUTING -s $i -o $INTERNET_ETH -d 0/0 -j SNAT --to $INTERNET_IP # Download iptables -t mangle -A PREROUTING -i $INTERNET_ETH -j IMQ --todev 0 # Upload iptables -t mangle -A POSTROUTING -o $INTERNET_ETH -j IMQ --todev 1 ip link set imq0 up ip link set imq1 up ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] imq patch question
hello list, i have a small question regarding the imq patch from www.linuximq.net by default it makes only 2 devices. how can i add interfaces (imqX)? applying the patch to a linux kernel doesn't let me build it as a module. thanks in advance, adrian ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] IMQ on 2.6.x + iptraf = problem
Does anybody have the following problem? Affected: IMQ interfaces with --todev target on PREROUTING chain appear only on 2.6.x kernels (2.4.x working good) Counters on PREROUTING chain working good (with iptraf sniffing on any interface), but imq interfaces lost TCP packets which are forwarded from the internet to the network behind router (only TCP; the rest of traffic like icmp, udp is ok). Try to make two imq interfaces on your internet interface and download file (via ftp, www or somtging else), NOT from your internet router but from computer behind NAT (behind router) and then enable iptraf. Because for router traffic everything working fine. your computer --- router (with nat, imq and iptraf) --- imq0, and imq1 --- internet interface --- Internet configuration: iptables -F iptables -X iptables -Z iptables -F -t nat iptables -X -t nat iptables -F -t mangle iptables -X -t mangle iptables -P FORWARD ACCEPT iptables -P INPUT ACCEPT iptables -P OUTPUT ACCEPT iptables -t nat -A POSTROUTING -s $i -o $INTERNET_ETH -d 0/0 -j SNAT --to $INTERNET_IP # Download iptables -t mangle -A PREROUTING -i $INTERNET_ETH -j IMQ --todev 0 # Upload iptables -t mangle -A POSTROUTING -o $INTERNET_ETH -j IMQ --todev 1 ip link set imq0 up ip link set imq1 up
Re: [LARTC] imq question
Hmm.. After a few hour of reading and testing finally it's working. IMQ upload limiting and tc with ip filter. What do you mean by that? It is working.. And so far seems stable.. - Original Message - From: Roy To: Alin Nonosel ; [EMAIL PROTECTED] Sent: Monday, August 23, 2004 6:45 AM Subject: Re: [LARTC] imq question You cant shape router upload or imq will crash. also that imq will not be able to shape traffic per each loacal ip with filters,but you can easily mark packets with iptables in forward of prerouting chain. - Original Message - From: Alin Nonosel To: [EMAIL PROTECTED] Sent: Tuesday, August 24, 2004 1:32 AM Subject: [LARTC] imq question Hi I've a stupid question. How can I shape upload using IMQ? Instead of putting a rule in iptables in PREROUTING should i use POSTROUTING? And another question is, can I make routing rule based on ip addresses assigned by iptables to an imq device?The idea is, let's say i have some rules in iptables like: -t mangle -A PREROUTING -s 192.168.0.0/16 -j IMQ --todev 0 Can i route this class thru another ip, something like fwmark is doing? with iptables marking the packets and ip rule fwmark? Best regards, Alin
Re: [LARTC] imq question
You cant shape router upload or imq will crash. also that imq will not be able to shape traffic per each loacal ip with filters,but you can easily mark packets with iptables in forward of prerouting chain. - Original Message - From: Alin Nonosel To: [EMAIL PROTECTED] Sent: Tuesday, August 24, 2004 1:32 AM Subject: [LARTC] imq question Hi I've a stupid question. How can I shape upload using IMQ? Instead of putting a rule in iptables in PREROUTING should i use POSTROUTING? And another question is, can I make routing rule based on ip addresses assigned by iptables to an imq device?The idea is, let's say i have some rules in iptables like: -t mangle -A PREROUTING -s 192.168.0.0/16 -j IMQ --todev 0 Can i route this class thru another ip, something like fwmark is doing? with iptables marking the packets and ip rule fwmark? Best regards, Alin
[LARTC] Imq implimentation
hello all, i intend to implimentJiri Fojtasek's imq implimentation here http://hyperfighter.jinak.cz/qos/ on my Linux shaper for production use,I will like to ask if people have implimented it and find it stable and useful as stated in the site. My bandwidth manager will have 3 interfaces , eth0 -internet(live ip, bridged with eth1), eth1(live ip bridged w eth0), eth2 -lan(local ip) . eth0 and eth1 arebridge ports. I have implimented a shaper over bridged interface before and it is ok.But i was using just 2 interfaces then, now I want to use 3 interfaces. I have read in the lartc that to impliment multiple interface BWM with linux, one must use an IMQ device- I do not know if there is another method? So if anybody has implimented the scenario in the Jirii's site or the one i described above using other method(s) other that imq,may he intimate me with a sample script to get started as I am yet to fully understand the internal workings of imq device. Thanks, IbrahimT Do you Yahoo!? Yahoo! Mail - 50x more storage than other providers!
[LARTC] imq contact
Hi there, I'm trying to contact imq maintainers but there is no contact address in www.linuximq.net. There is only a yahoo group but I don't have a yahoo account and it seems it doesn't like me a lot (it refused to create a new account). Anyone knows an email address for any IMQ developer? Its about an IMQ patch submission. V13 ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] imq contact
Am Sonntag, 8. August 2004 18:41 schrieb Stefanos Harhalakis: Hi there, I'm trying to contact imq maintainers but there is no contact address in www.linuximq.net. There is only a yahoo group but I don't have a yahoo account and it seems it doesn't like me a lot (it refused to create a new account). Anyone knows an email address for any IMQ developer? Its about an IMQ patch submission. try Andre Correa [EMAIL PROTECTED] V13 ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] IMQ htb question
Hello, I've just recently started to use IMQ and I got puzzled after seeing the imq usage example on the linuximq.net site: It was something like this: tc qdisc add dev imq0 handle 1: root htb default 1 tc class add dev imq0 parent 1: classid 1:1 htb rate 1mbit tc qdisc add dev imq0 parent 1:1 handle 10: htb default 5 tc class add dev imq0 parent 10: classid 10:1 htb rate 256kbit burst 30k prio 1 and I tried the following (like in the classic htb examples from lartc) and it worked: tc qdisc add dev imq0 handle 1: root htb default 99 tc class add dev imq0 parent 1: classid 1:1 htb rate 1mbit tc class add dev imq0 parent 1:1 classid 1:10 htb rate 100kbit tc class add dev imq0 parent 1:1 classid 1:99 htb rate 900kbit tc qdisc add dev imq0 parent 1:10 handle 100 sfq perturb 10 tc qdiisc add dev imq0 parent 1:99 handle 9 sfq perturb 10 Can someone help me understand the first example and why would someone create a root qdisc that redirects all traffic to a class and then instead of attaching child classes to that class, one would create a qdisc associated with that class and then attach the child classes to it. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] IMQ htb question
Mihai, there is no need to make it like that: qdisc-class-qdisc-client_classes ... this is just an example, not something that have to be followed. A possible use for a setup like that would be to have another qdisc child from 1:1 using CBQ for example, not HTB, and then child classes to attach clients. Regarding queue disciplines and classes, IMQ devices have no diferences from common ethX devices. The same structures and rules apply. So, don't get lost on it and keep doing it the way you use to. Anyway I'll simplify that example. You just should pay attention to the iptables stuff to redirect your traffic to the IMQ device. Good luck! Andre Mihai Tanasescu wrote: Hello, I've just recently started to use IMQ and I got puzzled after seeing the imq usage example on the linuximq.net site: It was something like this: tc qdisc add dev imq0 handle 1: root htb default 1 tc class add dev imq0 parent 1: classid 1:1 htb rate 1mbit tc qdisc add dev imq0 parent 1:1 handle 10: htb default 5 tc class add dev imq0 parent 10: classid 10:1 htb rate 256kbit burst 30k prio 1 and I tried the following (like in the classic htb examples from lartc) and it worked: tc qdisc add dev imq0 handle 1: root htb default 99 tc class add dev imq0 parent 1: classid 1:1 htb rate 1mbit tc class add dev imq0 parent 1:1 classid 1:10 htb rate 100kbit tc class add dev imq0 parent 1:1 classid 1:99 htb rate 900kbit tc qdisc add dev imq0 parent 1:10 handle 100 sfq perturb 10 tc qdiisc add dev imq0 parent 1:99 handle 9 sfq perturb 10 Can someone help me understand the first example and why would someone create a root qdisc that redirects all traffic to a class and then instead of attaching child classes to that class, one would create a qdisc associated with that class and then attach the child classes to it. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] IMQ + natin PREROUTING - it is almost 2 years since patch....
In fact we've being discussing lately at linuximq.net mailling list this subject and what would be the best way to enable this behavior change automatically. There is no problem on changing where IMQ hooks, after or before NAT for example, not that we found until now. The matter is what should be done to enable the selection of behaviors without needing to apply a patch or change the code itself. For IMQ as module I've thought about passing a parameter, but if it is compiled in the kernel what could be the way? Something in the /proc??? It should be possible to select from 4 diferent situations: PREROUTING POSTROUTING - 1 IMQ after NAT IMQ after NAT 2 IMQ before NAT IMQ after NAT 3 IMQ after NAT IMQ before NAT 4 IMQ before NAT IMQ before NAT Any ideas are welcome. tks Andre pljosh wrote: Hello there! I was reading this archive: http://mailman.ds9a.nl/pipermail/lartc/2002q3/004725.html It was almost two years ago when Patrick wrote a patch to switch IMQ with nat in PREROUTING chain... From www.linuximq.org I've downloaded newset IMQ driver for 2.4.26 and what can i see? The line that Patrick changed in that patch is still as it was in previous relases. Are there some side-effects or something that this patch wasent applied to official imq? -josh ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] IMQ + natin PREROUTING - it is almost 2 years since patch....
Hello there! I was reading this archive: http://mailman.ds9a.nl/pipermail/lartc/2002q3/004725.html It was almost two years ago when Patrick wrote a patch to switch IMQ with nat in PREROUTING chain... From www.linuximq.org I've downloaded newset IMQ driver for 2.4.26 and what can i see? The line that Patrick changed in that patch is still as it was in previous relases. Are there some side-effects or something that this patch wasent applied to official imq? -josh ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] IMQ stability
Hi Damion, the original IMQ implementation is under development by a group of people working at www.linuximq.net . There you'll find patchs for the lastest kernels and iptables, a simple FAQ and a mailling list. IMQ is being used by a lot of people in diferent environments. Some of then, like mine, are production with a large bandwidth being shaped. There are some known problem and we've being working on then. Two known issues are: some hangs trying to shape locally generated traffic and some rmmod problems on 2.6. The 2.6 version of IMQ is just a port of the original 2.4 version. I would like to invite you to join our mailling list and give IMQ a try. Right now it is more stable then people have being saying around and there are some guys working on it, releasing patchs for latest kernels and iptables and looking to its future. Good luck. Andre Damion de Soto wrote: Hi, I've never actually even tried to use the IMQ device before, but I've watched the emails go back and forth on various problems associated with it, and what looks like some general instability. How stable is it really ? Is it suitable for full-time use on a large number of routers ? Has anyone used it on ipsec0 + eth0 devices for shaping ? and lastly, any difference between the IMQ implementation on 2.4, and that on 2.6 ? Are they both still being developed ? thanks, ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] IMQ stability
Hi, I've never actually even tried to use the IMQ device before, but I've watched the emails go back and forth on various problems associated with it, and what looks like some general instability. How stable is it really ? Is it suitable for full-time use on a large number of routers ? Has anyone used it on ipsec0 + eth0 devices for shaping ? and lastly, any difference between the IMQ implementation on 2.4, and that on 2.6 ? Are they both still being developed ? thanks, -- ~~~ Damion de Soto - Software Engineer email: [EMAIL PROTECTED] SnapGear - A CyberGuard Company ---ph: +61 7 3435 2809 | Custom Embedded Solutions fax: +61 7 3891 3630 | and Security Appliancesweb: http://www.snapgear.com ~~~ --- Free Embedded Linux Distro at http://www.snapgear.org --- ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] IMQ compile procedure ??
Hi Andres, I'm sorry for not being able to contact you before but this week was full of new problems. Regarding IMQ compilation I would like to point you to our web site where you can get new patchs, find a quick updated FAQ and our mailling list. http://www.linuximq.net/ There we have all the patchs needed and keep then up-to-date with latest kernels. In you senario, kernel 2.4.26 and iptables 1.2.9, you need to: - patch your kernel using: http://www.linuximq.net/patchs/linux-2.4.24-imq.diff - configure it to enable IMQ. - recompile and install the new kernel as usual - patch iptables: we've discontinued that patch-o-matic patch in favor of an iptables sources patch directly: http://www.linuximq.net/patchs/IMQ.pom-ng.patch - then recompile and install iptables as usual. Be sure that libtipt_IMQ.so is installed by make install in the apropriate directory. That is all. If you need any help feel free to join our mailling list. http://groups.yahoo.com/group/linuximq Good luck! Andre ThE LinuX_KiD wrote: Hi Guys, I'm trying to compile IMQ with kernel-2.4.26 and iptables-1.2.9 and I want to know is this procedure is correct: - In Kernel 2.4.26 Directory (/usr/src/linux) # cd /usr/src/linux # wget http://www.linuximq.net/patchs/linux-2.4.24-imq.diff # patch -p1 linux-2.4.24-imq.diff - In Patch O Matic Directory (/usr/local/src/Patch-o-Matic) # cd /usr/local/src/Patch-o-Matic # wget http://www.linuximq.net/patchs/pom-20030625.diff # patch -p1 pom-20030625.diff - In IP Tables 1.2.9 Directory *** HERE (I DON'T KNOW WHY), I NEED TO CHANGE DIRECTORY NAME: *** # mv /usr/local/src/iptables-1.2.9 mv /usr/local/src/userspace - Patch o Matic in action... # cd /usr/local/src/Patch-o-Matic # ./runme --batch userspace/IMQ.patch # ./runme --batch userspace/IMQ.patch.ipv6 # chmod 0755 ../userspace/extensions/.IMQ* # ./runme userspace/IMQ.patch # ./runme --batch extra/CONNMARK.patch - Next, compile Kernel - Next, recompile IP Tables... and that is all (?) Andres... ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] IMQ NAT
Hi all, my IMQ device works OK (thanks to Andy Furniss), but now I've problems to attach the traffic in the qdisc's. This is my conf: --- INET | |eth0 300Kbps ROUTER (NAT) |eth1 | LAN --- MAX=300 tc qdisc add dev imq0 root handle 1: htb default 13 tc class add dev imq0 parent 1: classid 1:1 htb rate ${MAX}kbit ceil ${MAX}kbit tc class add dev imq0 parent 1:1 classid 1:10 htb rate 60kbit ceil ${MAX}kbit prio 0 tc class add dev imq0 parent 1:1 classid 1:11 htb rate 40kbit ceil ${MAX}kbit prio 1 tc class add dev imq0 parent 1:1 classid 1:12 htb rate 100kbit ceil ${MAX}kbit prio 2 tc class add dev imq0 parent 1:1 classid 1:13 htb rate 100kbit ceil ${MAX}kbit prio 3 tc qdisc add dev imq0 parent 1:10 handle 100: sfq tc qdisc add dev imq0 parent 1:11 handle 110: sfq tc qdisc add dev imq0 parent 1:12 handle 120: sfq tc qdisc add dev imq0 parent 1:13 handle 130: sfq tc filter add dev imq0 parent 1:0 protocol ip prio 1 handle 1 fw classid 1:10 tc filter add dev imq0 parent 1:0 protocol ip prio 2 handle 2 fw classid 1:11 tc filter add dev imq0 parent 1:0 protocol ip prio 3 handle 3 fw classid 1:12 tc filter add dev imq0 parent 1:0 protocol ip prio 4 handle 4 fw classid 1:13 ip link set imq0 up iptables -t mangle -A PREROUTING -i eth0 -j IMQ --todev 0 #ICMP iptables -t mangle -A PREROUTING -i eth0 -p icmp -j MARK --set-mark 1 iptables -t mangle -A PREROUTING -i eth0 -p icmp -j RETURN #SSH iptables -t mangle -A PREROUTING -i eth0 -p tcp --dport 22 -j MARK --set-mark 1 iptables -t mangle -A PREROUTING -i eth0 -p tcp --dport 22 -j RETURN ... I've patched the IMQ with the imq-nat patch, but all traffic goes to 1:13 #tc -s class show dev imq0 - ... class htb 1:13 parent 1:1 leaf 130: prio 3 rate 100Kbit ceil 300Kbit burst 1727b cburst 1983b Sent 8981846847 bytes 18055130 pkts (dropped 99, overlimits 0) lended: 8947767 borrowed: 9107363 giants: 0 tokens: 136320 ctokens: 52265 class htb 1:12 parent 1:1 leaf 120: prio 2 rate 100Kbit ceil 300Kbit burst 1727b cburst 1983b Sent 0 bytes 0 pkts (dropped 0, overlimits 0) lended: 0 borrowed: 0 giants: 0 tokens: 138240 ctokens: 52905 --- What happens?? I'm newbie in IMQ... Sorry for the long text ;) Thanks for the help!! Joan signature.asc Description: Esta parte del mensaje =?ISO-8859-1?Q?est=E1?= firmada digitalmente
Re: [LARTC] IMQ driver kernel options
Cord Buhlert wrote: Hi, i tried to insmod the imq.o module from http://pupa.da.ru/imq after a successful compile, but it thows this error: insmod imq.o imq.o: unresolved symbol nf_unregister_hook imq.o: unresolved symbol nf_register_hook I think I have some kernel options disabled, does anyone know which one(s)? Try loading it with modprobe instead, it tries to resolve the dependencies for you. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] IMQ driver amp; kernel options
which kernel you use? it is either possible that your kernel source is diferent from running kernel ot you have somethingn wron with netfilter are you sute you compiled iptables into kernel? preferably NOT as module. - Original Message - From: Cord Buhlert [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, April 02, 2004 3:05 PM Subject: [LARTC] IMQ driver amp; kernel options Hi, i tried to insmod the imq.o module from http://pupa.da.ru/imq after a successful compile, but it thows this error: insmod imq.o imq.o: unresolved symbol nf_unregister_hook imq.o: unresolved symbol nf_register_hook I think I have some kernel options disabled, does anyone know which one(s)? Thanks cord ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] IMQ iptables 1.2.9
Hi all, I found in http://trash.net/~kaber/imq/index.html#sources the precompiled iptables shared libs for 1.2.6 1.2.5, but my version is 1.2.9 (in Debian Sid) and I don't know how to patch the .deb file. I need the -j IMQ target... ¿What can I do? Thanks! signature.asc Description: Esta parte del mensaje =?ISO-8859-1?Q?est=E1?= firmada digitalmente
Re: [LARTC] IMQ patch for 2.6.3 kernel
Marc, I've just upgraded my kernel to 2.6.3 with the IMQ patch and it seems to be fine until now. Thanks alot, Codrin. On Fri, 5 Mar 2004, Marc-Christian Petersen wrote: On Friday 05 March 2004 00:00, The Codrinus wrote: Hi Codrin, I downloaded the latest imq patch for 2.6.x kernels from http://www.linuximq.net/patchs/linux-2.6.2-imq-4.diff I successfully applied the patch but when compiling IMQ I get the following error messages: What might be the problem ? that patch is b0rked. Use attached one. -- ciao, Marc ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] IMQ patch for 2.6.3 kernel
Sorry, but the patch is not broken. It compiles without errors. You just have to choose the right options in your config: CONFIG_IP_NF_TARGET_IMQ=y and CONFIG_IMQ=y and avoid using modules. Andre Marc-Christian Petersen wrote: On Friday 05 March 2004 00:00, The Codrinus wrote: Hi Codrin, I downloaded the latest imq patch for 2.6.x kernels from http://www.linuximq.net/patchs/linux-2.6.2-imq-4.diff I successfully applied the patch but when compiling IMQ I get the following error messages: What might be the problem ? that patch is b0rked. Use attached one. -- ciao, Marc # 2.6.3-WOLK1.1 # Patch from: http://www.linuximq.net/ # Build fixes: me diff -urN linux-2.6.orig/drivers/net/Kconfig linux-2.6.new/drivers/net/Kconfig --- linux-2.6.orig/drivers/net/Kconfig 2004-01-21 19:33:36.0 +0100 +++ linux-2.6.new/drivers/net/Kconfig 2004-01-25 15:08:20.0 +0100 @@ -85,6 +85,20 @@ To compile this driver as a module, choose M here: the module will be called eql. If unsure, say N. +config IMQ + tristate IMQ (intermediate queueing device) support + depends on NETDEVICES NETFILTER + ---help--- + The imq device(s) is used as placeholder for QoS queueing disciplines. + Every packet entering/leaving the ip stack can be directed through + the imq device where it's enqueued/dequeued to the attached qdisc. + This allows you to treat network devices as classes and distribute + bandwidth among them. Iptables is used to specify through which imq + device, if any, packets travel. + + To compile this driver as a module, choose M here: the module + will be called imq. If unsure, say N. + config TUN tristate Universal TUN/TAP device driver support depends on NETDEVICES diff -urN linux-2.6.orig/drivers/net/Makefile linux-2.6.new/drivers/net/Makefile --- linux-2.6.orig/drivers/net/Makefile 2004-01-21 19:33:36.0 +0100 +++ linux-2.6.new/drivers/net/Makefile 2004-01-25 15:08:20.0 +0100 @@ -110,6 +110,7 @@ endif obj-$(CONFIG_DUMMY) += dummy.o +obj-$(CONFIG_IMQ) += imq.o obj-$(CONFIG_DE600) += de600.o obj-$(CONFIG_DE620) += de620.o obj-$(CONFIG_AT1500) += lance.o diff -urN linux-2.6.orig/drivers/net/imq.c linux-2.6.new/drivers/net/imq.c --- linux-2.6.orig/drivers/net/imq.c 1970-01-01 01:00:00.0 +0100 +++ linux-2.6.new/drivers/net/imq.c 2004-01-25 15:08:51.0 +0100 @@ -0,0 +1,323 @@ +/* + * Pseudo-driver for the intermediate queue device. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version + * 2 of the License, or (at your option) any later version. + * + * Authors:Patrick McHardy, [EMAIL PROTECTED] + * + * The first version was written by Martin Devera, [EMAIL PROTECTED] + * + * Credits:Jan Rafaj [EMAIL PROTECTED] + * - Update patch to 2.4.21 + * Sebastian Strollo [EMAIL PROTECTED] + * - Fix Dead-loop on netdevice imq-issue + * Marcel Sebek [EMAIL PROTECTED] + * - Update to 2.6.2-rc1 + */ + +#include linux/config.h +#include linux/module.h +#include linux/kernel.h +#include linux/moduleparam.h +#include linux/skbuff.h +#include linux/netdevice.h +#include linux/rtnetlink.h +#include linux/if_arp.h +#include linux/netfilter.h +#include linux/netfilter_ipv4.h +#if defined(CONFIG_IPV6) || defined (CONFIG_IPV6_MODULE) +#include linux/netfilter_ipv6.h +#endif +#include linux/imq.h +#include net/pkt_sched.h + +static nf_hookfn imq_nf_hook; + +static struct nf_hook_ops imq_ingress_ipv4 = { + .hook = imq_nf_hook, + .owner = THIS_MODULE, + .pf = PF_INET, + .hooknum = NF_IP_PRE_ROUTING, + .priority = NF_IP_PRI_MANGLE + 1 +}; + +static struct nf_hook_ops imq_egress_ipv4 = { + .hook = imq_nf_hook, + .owner = THIS_MODULE, + .pf = PF_INET, + .hooknum = NF_IP_POST_ROUTING, + .priority = NF_IP_PRI_LAST +}; + +#if defined(CONFIG_IPV6) || defined (CONFIG_IPV6_MODULE) +static struct nf_hook_ops imq_ingress_ipv6 = { + .hook = imq_nf_hook, + .owner = THIS_MODULE, + .pf = PF_INET6, + .hooknum = NF_IP6_PRE_ROUTING, + .priority = NF_IP6_PRI_MANGLE + 1 +}; + +static struct nf_hook_ops imq_egress_ipv6 = { + .hook = imq_nf_hook, + .owner = THIS_MODULE, + .pf = PF_INET6, + .hooknum = NF_IP6_POST_ROUTING, + .priority = NF_IP6_PRI_LAST +}; +#endif + +static unsigned int numdevs = 2; + +module_param(numdevs, int, 0); + +static struct net_device *imq_devs; + + +static struct net_device_stats *imq_get_stats(struct net_device *dev) +{ + return (struct net_device_stats *)dev-priv; +} + +/* called for packets kfree'd in qdiscs at places other than enqueue */ +static void imq_skb_destructor(struct sk_buff *skb) +{ + struct nf_info *info = skb-nf_info; + + if (info) { + if (info-indev) + dev_put(info-indev); + if
Re: [LARTC] IMQ patch for 2.6.3 kernel
On Friday 05 March 2004 16:12, Andre Correa wrote: Hi Andre, Sorry, but the patch is not broken. It compiles without errors. You just have to choose the right options in your config: CONFIG_IP_NF_TARGET_IMQ=y and CONFIG_IMQ=y and avoid using modules. which is, in short words, broken :p ciao, Marc ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] IMQ patch for 2.6.3 kernel
I encountered errors with linux-2.6.2-imq-4.diff even if I marked both options as modules or not. But linux-2.6.4-rc2-imq-5.patch seems to be quite stable until now. Codrin. On Fri, 5 Mar 2004, Andre Correa wrote: Sorry, but the patch is not broken. It compiles without errors. You just have to choose the right options in your config: CONFIG_IP_NF_TARGET_IMQ=y and CONFIG_IMQ=y and avoid using modules. Andre Marc-Christian Petersen wrote: On Friday 05 March 2004 00:00, The Codrinus wrote: Hi Codrin, I downloaded the latest imq patch for 2.6.x kernels from http://www.linuximq.net/patchs/linux-2.6.2-imq-4.diff I successfully applied the patch but when compiling IMQ I get the following error messages: What might be the problem ? that patch is b0rked. Use attached one. -- ciao, Marc # 2.6.3-WOLK1.1 # Patch from: http://www.linuximq.net/ # Build fixes: me diff -urN linux-2.6.orig/drivers/net/Kconfig linux-2.6.new/drivers/net/Kconfig --- linux-2.6.orig/drivers/net/Kconfig 2004-01-21 19:33:36.0 +0100 +++ linux-2.6.new/drivers/net/Kconfig 2004-01-25 15:08:20.0 +0100 @@ -85,6 +85,20 @@ To compile this driver as a module, choose M here: the module will be called eql. If unsure, say N. +config IMQ + tristate IMQ (intermediate queueing device) support + depends on NETDEVICES NETFILTER + ---help--- + The imq device(s) is used as placeholder for QoS queueing disciplines. + Every packet entering/leaving the ip stack can be directed through + the imq device where it's enqueued/dequeued to the attached qdisc. + This allows you to treat network devices as classes and distribute + bandwidth among them. Iptables is used to specify through which imq + device, if any, packets travel. + + To compile this driver as a module, choose M here: the module + will be called imq. If unsure, say N. + config TUN tristate Universal TUN/TAP device driver support depends on NETDEVICES diff -urN linux-2.6.orig/drivers/net/Makefile linux-2.6.new/drivers/net/Makefile --- linux-2.6.orig/drivers/net/Makefile 2004-01-21 19:33:36.0 +0100 +++ linux-2.6.new/drivers/net/Makefile 2004-01-25 15:08:20.0 +0100 @@ -110,6 +110,7 @@ endif obj-$(CONFIG_DUMMY) += dummy.o +obj-$(CONFIG_IMQ) += imq.o obj-$(CONFIG_DE600) += de600.o obj-$(CONFIG_DE620) += de620.o obj-$(CONFIG_AT1500) += lance.o diff -urN linux-2.6.orig/drivers/net/imq.c linux-2.6.new/drivers/net/imq.c --- linux-2.6.orig/drivers/net/imq.c1970-01-01 01:00:00.0 +0100 +++ linux-2.6.new/drivers/net/imq.c 2004-01-25 15:08:51.0 +0100 @@ -0,0 +1,323 @@ +/* + * Pseudo-driver for the intermediate queue device. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version + * 2 of the License, or (at your option) any later version. + * + * Authors:Patrick McHardy, [EMAIL PROTECTED] + * + *The first version was written by Martin Devera, [EMAIL PROTECTED] + * + * Credits:Jan Rafaj [EMAIL PROTECTED] + * - Update patch to 2.4.21 + * Sebastian Strollo [EMAIL PROTECTED] + * - Fix Dead-loop on netdevice imq-issue + * Marcel Sebek [EMAIL PROTECTED] + * - Update to 2.6.2-rc1 + */ + +#include linux/config.h +#include linux/module.h +#include linux/kernel.h +#include linux/moduleparam.h +#include linux/skbuff.h +#include linux/netdevice.h +#include linux/rtnetlink.h +#include linux/if_arp.h +#include linux/netfilter.h +#include linux/netfilter_ipv4.h +#if defined(CONFIG_IPV6) || defined (CONFIG_IPV6_MODULE) +#include linux/netfilter_ipv6.h +#endif +#include linux/imq.h +#include net/pkt_sched.h + +static nf_hookfn imq_nf_hook; + +static struct nf_hook_ops imq_ingress_ipv4 = { + .hook = imq_nf_hook, + .owner = THIS_MODULE, + .pf = PF_INET, + .hooknum= NF_IP_PRE_ROUTING, + .priority = NF_IP_PRI_MANGLE + 1 +}; + +static struct nf_hook_ops imq_egress_ipv4 = { + .hook = imq_nf_hook, + .owner = THIS_MODULE, + .pf = PF_INET, + .hooknum= NF_IP_POST_ROUTING, + .priority = NF_IP_PRI_LAST +}; + +#if defined(CONFIG_IPV6) || defined (CONFIG_IPV6_MODULE) +static struct nf_hook_ops imq_ingress_ipv6 = { + .hook = imq_nf_hook, + .owner = THIS_MODULE, + .pf = PF_INET6, + .hooknum= NF_IP6_PRE_ROUTING, +
Re: [LARTC] imq or ingress+htb?
If you only need independent trafic classes then ingress is good option, but there is no way to prioritize trafic. Imq is quite stable now, if your kernel is 2.4.22 and later you can easily try compile this imq version as module. http://pupa.da.ru/imq - Original Message - From: Patrick Petersen [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, March 02, 2004 7:33 PM Subject: [LARTC] imq or ingress+htb? Todays quick question: Ive had problems with imq and getting my setup to work as planned. Im thinking that a better solution for shaping incoming traffic would be to put a little limit in the outer interface of the router box with ingress, and the shape traffic on the inner interface with htb. Would that be better than using imq? -- Patrick Petersen [EMAIL PROTECTED] ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] IMQ patch for iptables-1.2.9 and kernel 2.6.2 final !
Hi, I'm sorry for not being able to be really polite this time, but: Roy, can you please STOP telling that egress crashs IMQ!? We've discussed it lots of times before, here and at linuximq mailling list and the only known functionality that crashs IMQ (oriinal) is to touch local generated traffic... I've being using ingress+egress with IMQ in a server with a great amouunt of traffic, for a long period without any crashs. Please don't keep telling something known to be wrong or otherwise proove it so we can fix it... tks Andre Roy wrote: Roy, ''But this stability is probably not because my code is better but because I don't use egress shaping so the crash reasons still unknown.'' I need both ingress and egress traffic shaping, that's why I used the classic IMQ version. Egress shaping will crash original wersion even faster then mine, they both can do this , but then both will likely crash anyway you can do egress shaping on interface directly, and input+forward on imq device. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] IMQ patch for iptables-1.2.9 and kernel 2.6.2 final !
Hi, I'm sorry for not being able to be really polite this time, but: Roy, can you please STOP telling that egress crashs IMQ!? You are to late, I anot teling thi anymore, and I even wont use ingres and egress definitions anymore because they may cause missundersatndings. the better ones are input forward and output. This my post is probably too old to reply. seems I forgot to fix it on my page, I will do this now. But I cant edit or erase it from mailing list afterall ! We've discussed it lots of times before, here and at linuximq mailling list and the only known functionality that crashs IMQ (oriinal) is to touch local generated traffic... That is correct. I've being using ingress+egress with IMQ in a server with a great amouunt of traffic, for a long period without any crashs. Please don't keep telling something known to be wrong or otherwise proove it so we can fix it... As I told before I just used incorrect definitions, I will not use word egress anymore. tks Andre Roy wrote: Roy, But this stability is probably not because my code is better but because I don't use egress shaping so the crash reasons still unknown. I need both ingress and egress traffic shaping, that's why I used the classic IMQ version. Egress shaping will crash original wersion even faster then mine, they both can do this , but then both will likely crash anyway you can do egress shaping on interface directly, and input+forward on imq device. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] IMQ patch for iptables-1.2.9 and kernel 2.6.2 final !
Andre, thanks for doing this. I also felt like I need to say something for some time. Roy, you should also stop telling people your version would be more stable. IMQ's problems are related to specific setups, so I don't understand how you can state this without even understanding the problem. Evidence points to IMQs use of skb-destructor, which means you'll probably see problems when using IMQ with local tcp/udp traffic. Your approach of using NF_STOLEN instead of NF_QUEUE seems like a good idea, but besides beeing butt-ugly your code isn't usable for ingress traffic, so it's not a replacement for many people. Other bugs probably exist, I just had a short look. Patrick BTW: Not that I would care much, but why did you replace my copyright with credits for hook registration to Martin ? Martin's version did not even hook netfilter, it's clearly derived from my version. Andre Correa wrote: Hi, I'm sorry for not being able to be really polite this time, but: Roy, can you please STOP telling that egress crashs IMQ!? We've discussed it lots of times before, here and at linuximq mailling list and the only known functionality that crashs IMQ (oriinal) is to touch local generated traffic... I've being using ingress+egress with IMQ in a server with a great amouunt of traffic, for a long period without any crashs. Please don't keep telling something known to be wrong or otherwise proove it so we can fix it... tks Andre ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] IMQ and ISDN?
Hi, has anyone IMQ device running on an ISDN line for incoming shaping? I tried to but everytime a packet gets from the ippp0 to imq0 the kernel crashes. Does this work somewhere? thx 4 help cord ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] IMQ patch for iptables-1.2.9 and kernel 2.6.2 final !
Hi, I have successfully applied the IMQ patch for kernel-2.6.2 (final release) from http://www.linuximq.net, and now I have support for 4 IMQ devices loaded in kernel. But I don't know how to patch the iptables-1.2.9 to support the -j IMQ target. I tried the patch-o-matic for 2.4.x kernels, but it doesn't work for 2.6.x kernels. I also tried the patch-o-matic-ng for 2.6.x kernels, but when I give the batch script commands it says it's not implemented yet. I don't know how to manually apply the IMQ patches. ./runme --batch userspace/IMQ.patch Could anyone help me how to do this final step and append IMQ support to iptables? --- Hi again. I manually patched in the iptables-1.2.9/extensions directory, the files: .IMQ-test .IMQ-test6 libip6t-IMQ.c libipt-IMQ.c from the pom-20030625.diff file, and it passed. Now I have the imq devices up and running with kernel-2.6.2, but there is another problem: when I use iptables . -j IMQ I got Segmentation fault, and dmesg says: Unable to handle kernel NULL pointer dereference at virtual address 0001 printing eip: c0372908 *pde = 18ddc067 Oops: [#1] CPU:0 EIP:0060:[c0372908]Not tainted EFLAGS: 00010202 EIP is at imq_target+0x8/0x30 eax: 0001 ebx: c045f820 ecx: d8db7c04 edx: c045f820 esi: e08170f0 edi: e0817080 ebp: 0001 esp: d8db7b64 ds: 007b es: 007b ss: 0068 Process iptables (pid: 1648, threadinfo=d8db6000 task=d9e69900) Stack: c03695ee d8db7c04 e0817080 e0817110 0004 0001 e0817080 d8db7ba8 d8db6000 deff9420 deff9480 0070 0163 Call Trace: [c03695ee] translate_table+0x4be/0x760 [c0369e13] do_replace+0x193/0x6e0 [c0150087] vfree+0x27/0x40 [c036a5bd] do_ipt_set_ctl+0x6d/0x70 [c03079df] nf_sockopt+0x12f/0x140 [c0307a27] nf_setsockopt+0x37/0x40 [c032d317] ip_setsockopt+0x4a7/0xd90 [c0307964] nf_sockopt+0xb4/0x140 [c0307a67] nf_getsockopt+0x37/0x40 [c032e281] ip_getsockopt+0x681/0x7c0 [c01a2c01] journal_stop+0x201/0x360 [c0195d98] ext3_mark_iloc_dirty+0x28/0x40 [c0195ed0] ext3_mark_inode_dirty+0x50/0x60 [c019a5c4] __ext3_journal_stop+0x24/0x50 [c0195f49] ext3_dirty_inode+0x69/0xd0 [c0175d1e] __mark_inode_dirty+0xde/0xf0 [c013d0f1] buffered_rmqueue+0xd1/0x170 [c013d0f1] buffered_rmqueue+0xd1/0x170 [c013d22f] __alloc_pages+0x9f/0x330 [c013d22f] __alloc_pages+0x9f/0x330 [c013939c] find_get_page+0x2c/0x60 [c014726a] do_anonymous_page+0x17a/0x260 [c01473b5] do_no_page+0x65/0x3a0 [c014558b] pte_alloc_map+0x9b/0xc0 [c01478f4] handle_mm_fault+0xd4/0x180 [c011afec] do_page_fault+0x2fc/0x4dc [c034fce6] inet_setsockopt+0x36/0x40 [c02f69e2] sys_setsockopt+0x82/0xd0 [c02f7240] sys_socketcall+0x220/0x2a0 [c010aa35] sysenter_past_esp+0x52/0x71 Code: 0f b6 00 8b 11 83 c8 80 88 82 94 00 00 00 8b 01 81 88 84 00 Does anybody know why it crashes and how can I handle this mess ? thank you, Codrin. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] IMQ patch for iptables-1.2.9 and kernel 2.6.2 final !
On Thursday 19 February 2004 17:19, The Codrinus wrote: Hi, I have successfully applied the IMQ patch for kernel-2.6.2 (final release) from http://www.linuximq.net, and now I have support for 4 IMQ devices loaded in kernel. But I don't know how to patch the iptables-1.2.9 to support the -j IMQ target. I tried the patch-o-matic for 2.4.x kernels, but it doesn't work for 2.6.x kernels. I also tried the patch-o-matic-ng for 2.6.x kernels, but when I give the batch script commands it says it's not implemented yet. I don't know how to manually apply the IMQ patches. ./runme --batch userspace/IMQ.patch Could anyone help me how to do this final step and append IMQ support to iptables? I'm not sure, but I think you don't need iptables for the latest imq. All traffic is also flowing thru the imq devices. But I'm not sure. Stef -- [EMAIL PROTECTED] Using Linux as bandwidth manager http://www.docum.org/ #lartc @ irc.openprojects.net ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] IMQ patch for iptables-1.2.9 and kernel 2.6.2 final !
On Thursday 19 February 2004 17:19, The Codrinus wrote: Hi, I have successfully applied the IMQ patch for kernel-2.6.2 (final release) from http://www.linuximq.net, and now I have support for 4 IMQ devices loaded in kernel. But I don't know how to patch the iptables-1.2.9 to support the -j IMQ target. I tried the patch-o-matic for 2.4.x kernels, but it doesn't work for 2.6.x kernels. I also tried the patch-o-matic-ng for 2.6.x kernels, but when I give the batch script commands it says it's not implemented yet. I don't know how to manually apply the IMQ patches. ./runme --batch userspace/IMQ.patch Could anyone help me how to do this final step and append IMQ support to iptables? I'm not sure, but I think you don't need iptables for the latest imq. All traffic is also flowing thru the imq devices. But I'm not sure. Stef Well, iptables need in the extensions dir the following IMQ patch files: .IMQ-test .IMQ-test6 libipt_IMQ.c and libip6t_IMQ.c in order to support the -j IMQ --todev device option. I manually added these files because the patch-o-matic-ng doesn't know how to apply --batch option. (not implemented yet) The problem is after all, when I try to give an iptables command like: iptables -j IMQ --todev eth0 when running the patched kernel-2.6.2 i get segmentation fault and dmesg says the following coredump error: Unable to handle kernel NULL pointer dereference at virtual address 0001 printing eip: c0372908 *pde = 18ddc067 Oops: [#1] CPU:0 EIP:0060:[c0372908]Not tainted EFLAGS: 00010202 EIP is at imq_target+0x8/0x30 eax: 0001 ebx: c045f820 ecx: d8db7c04 edx: c045f820 esi: e08170f0 edi: e0817080 ebp: 0001 esp: d8db7b64 ds: 007b es: 007b ss: 0068 Process iptables (pid: 1648, threadinfo=d8db6000 task=d9e69900) Stack: c03695ee d8db7c04 e0817080 e0817110 0004 0001 e0817080 d8db7ba8 d8db6000 deff9420 deff9480 0070 0163 Call Trace: [c03695ee] translate_table+0x4be/0x760 [c0369e13] do_replace+0x193/0x6e0 [c0150087] vfree+0x27/0x40 [c036a5bd] do_ipt_set_ctl+0x6d/0x70 [c03079df] nf_sockopt+0x12f/0x140 [c0307a27] nf_setsockopt+0x37/0x40 [c032d317] ip_setsockopt+0x4a7/0xd90 [c0307964] nf_sockopt+0xb4/0x140 [c0307a67] nf_getsockopt+0x37/0x40 [c032e281] ip_getsockopt+0x681/0x7c0 [c01a2c01] journal_stop+0x201/0x360 [c0195d98] ext3_mark_iloc_dirty+0x28/0x40 [c0195ed0] ext3_mark_inode_dirty+0x50/0x60 [c019a5c4] __ext3_journal_stop+0x24/0x50 [c0195f49] ext3_dirty_inode+0x69/0xd0 [c0175d1e] __mark_inode_dirty+0xde/0xf0 [c013d0f1] buffered_rmqueue+0xd1/0x170 [c013d0f1] buffered_rmqueue+0xd1/0x170 [c013d22f] __alloc_pages+0x9f/0x330 [c013d22f] __alloc_pages+0x9f/0x330 [c013939c] find_get_page+0x2c/0x60 [c014726a] do_anonymous_page+0x17a/0x260 [c01473b5] do_no_page+0x65/0x3a0 [c014558b] pte_alloc_map+0x9b/0xc0 [c01478f4] handle_mm_fault+0xd4/0x180 [c011afec] do_page_fault+0x2fc/0x4dc [c034fce6] inet_setsockopt+0x36/0x40 [c02f69e2] sys_setsockopt+0x82/0xd0 [c02f7240] sys_socketcall+0x220/0x2a0 [c010aa35] sysenter_past_esp+0x52/0x71 Code: 0f b6 00 8b 11 83 c8 80 88 82 94 00 00 00 8b 01 81 88 84 00 I really don't know why it crashes and how can I handle this mess, Codrin. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] IMQ patch for iptables-1.2.9 and kernel 2.6.2 final !
You can try my imq version, which dows not require paching anything http://pupa.da.ru/imq and I think it should be more stable. - Original Message - From: The Codrinus [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, February 19, 2004 6:19 PM Subject: [LARTC] IMQ patch for iptables-1.2.9 and kernel 2.6.2 final ! Hi, I have successfully applied the IMQ patch for kernel-2.6.2 (final release) from http://www.linuximq.net, and now I have support for 4 IMQ devices loaded in kernel. But I don't know how to patch the iptables-1.2.9 to support the -j IMQ target. I tried the patch-o-matic for 2.4.x kernels, but it doesn't work for 2.6.x kernels. I also tried the patch-o-matic-ng for 2.6.x kernels, but when I give the batch script commands it says it's not implemented yet. I don't know how to manually apply the IMQ patches. ./runme --batch userspace/IMQ.patch Could anyone help me how to do this final step and append IMQ support to iptables? -- - Hi again. I manually patched in the iptables-1.2.9/extensions directory, the files: .IMQ-test .IMQ-test6 libip6t-IMQ.c libipt-IMQ.c from the pom-20030625.diff file, and it passed. Now I have the imq devices up and running with kernel-2.6.2, but there is another problem: when I use iptables . -j IMQ I got Segmentation fault, and dmesg says: Unable to handle kernel NULL pointer dereference at virtual address 0001 printing eip: c0372908 *pde = 18ddc067 Oops: [#1] CPU:0 EIP:0060:[c0372908]Not tainted EFLAGS: 00010202 EIP is at imq_target+0x8/0x30 eax: 0001 ebx: c045f820 ecx: d8db7c04 edx: c045f820 esi: e08170f0 edi: e0817080 ebp: 0001 esp: d8db7b64 ds: 007b es: 007b ss: 0068 Process iptables (pid: 1648, threadinfo=d8db6000 task=d9e69900) Stack: c03695ee d8db7c04 e0817080 e0817110 0004 0001 e0817080 d8db7ba8 d8db6000 deff9420 deff9480 0070 0163 Call Trace: [c03695ee] translate_table+0x4be/0x760 [c0369e13] do_replace+0x193/0x6e0 [c0150087] vfree+0x27/0x40 [c036a5bd] do_ipt_set_ctl+0x6d/0x70 [c03079df] nf_sockopt+0x12f/0x140 [c0307a27] nf_setsockopt+0x37/0x40 [c032d317] ip_setsockopt+0x4a7/0xd90 [c0307964] nf_sockopt+0xb4/0x140 [c0307a67] nf_getsockopt+0x37/0x40 [c032e281] ip_getsockopt+0x681/0x7c0 [c01a2c01] journal_stop+0x201/0x360 [c0195d98] ext3_mark_iloc_dirty+0x28/0x40 [c0195ed0] ext3_mark_inode_dirty+0x50/0x60 [c019a5c4] __ext3_journal_stop+0x24/0x50 [c0195f49] ext3_dirty_inode+0x69/0xd0 [c0175d1e] __mark_inode_dirty+0xde/0xf0 [c013d0f1] buffered_rmqueue+0xd1/0x170 [c013d0f1] buffered_rmqueue+0xd1/0x170 [c013d22f] __alloc_pages+0x9f/0x330 [c013d22f] __alloc_pages+0x9f/0x330 [c013939c] find_get_page+0x2c/0x60 [c014726a] do_anonymous_page+0x17a/0x260 [c01473b5] do_no_page+0x65/0x3a0 [c014558b] pte_alloc_map+0x9b/0xc0 [c01478f4] handle_mm_fault+0xd4/0x180 [c011afec] do_page_fault+0x2fc/0x4dc [c034fce6] inet_setsockopt+0x36/0x40 [c02f69e2] sys_setsockopt+0x82/0xd0 [c02f7240] sys_socketcall+0x220/0x2a0 [c010aa35] sysenter_past_esp+0x52/0x71 Code: 0f b6 00 8b 11 83 c8 80 88 82 94 00 00 00 8b 01 81 88 84 00 Does anybody know why it crashes and how can I handle this mess ? thank you, Codrin. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] IMQ patch for iptables-1.2.9 and kernel 2.6.2 final !
Roy, But this stability is probably not because my code is better but because I don't use egress shaping so the crash reasons still unknown. I need both ingress and egress traffic shaping, that's why I used the classic IMQ version. You can try my imq version, which dows not require paching anything http://pupa.da.ru/imq and I think it should be more stable. Hi, I have successfully applied the IMQ patch for kernel-2.6.2 (final release) from http://www.linuximq.net, and now I have support for 4 IMQ devices loaded in kernel. But I don't know how to patch the iptables-1.2.9 to support the -j IMQ target. I tried the patch-o-matic for 2.4.x kernels, but it doesn't work for 2.6.x kernels. I also tried the patch-o-matic-ng for 2.6.x kernels, but when I give the batch script commands it says it's not implemented yet. I don't know how to manually apply the IMQ patches. ./runme --batch userspace/IMQ.patch Could anyone help me how to do this final step and append IMQ support to iptables? -- - Hi again. I manually patched in the iptables-1.2.9/extensions directory, the files: .IMQ-test .IMQ-test6 libip6t-IMQ.c libipt-IMQ.c from the pom-20030625.diff file, and it passed. Now I have the imq devices up and running with kernel-2.6.2, but there is another problem: when I use iptables . -j IMQ I got Segmentation fault, and dmesg says: Unable to handle kernel NULL pointer dereference at virtual address 0001 printing eip: c0372908 *pde = 18ddc067 Oops: [#1] CPU:0 EIP:0060:[c0372908]Not tainted EFLAGS: 00010202 EIP is at imq_target+0x8/0x30 eax: 0001 ebx: c045f820 ecx: d8db7c04 edx: c045f820 esi: e08170f0 edi: e0817080 ebp: 0001 esp: d8db7b64 ds: 007b es: 007b ss: 0068 Process iptables (pid: 1648, threadinfo=d8db6000 task=d9e69900) Stack: c03695ee d8db7c04 e0817080 e0817110 0004 0001 e0817080 d8db7ba8 d8db6000 deff9420 deff9480 0070 0163 Call Trace: [c03695ee] translate_table+0x4be/0x760 [c0369e13] do_replace+0x193/0x6e0 [c0150087] vfree+0x27/0x40 [c036a5bd] do_ipt_set_ctl+0x6d/0x70 [c03079df] nf_sockopt+0x12f/0x140 [c0307a27] nf_setsockopt+0x37/0x40 [c032d317] ip_setsockopt+0x4a7/0xd90 [c0307964] nf_sockopt+0xb4/0x140 [c0307a67] nf_getsockopt+0x37/0x40 [c032e281] ip_getsockopt+0x681/0x7c0 [c01a2c01] journal_stop+0x201/0x360 [c0195d98] ext3_mark_iloc_dirty+0x28/0x40 [c0195ed0] ext3_mark_inode_dirty+0x50/0x60 [c019a5c4] __ext3_journal_stop+0x24/0x50 [c0195f49] ext3_dirty_inode+0x69/0xd0 [c0175d1e] __mark_inode_dirty+0xde/0xf0 [c013d0f1] buffered_rmqueue+0xd1/0x170 [c013d0f1] buffered_rmqueue+0xd1/0x170 [c013d22f] __alloc_pages+0x9f/0x330 [c013d22f] __alloc_pages+0x9f/0x330 [c013939c] find_get_page+0x2c/0x60 [c014726a] do_anonymous_page+0x17a/0x260 [c01473b5] do_no_page+0x65/0x3a0 [c014558b] pte_alloc_map+0x9b/0xc0 [c01478f4] handle_mm_fault+0xd4/0x180 [c011afec] do_page_fault+0x2fc/0x4dc [c034fce6] inet_setsockopt+0x36/0x40 [c02f69e2] sys_setsockopt+0x82/0xd0 [c02f7240] sys_socketcall+0x220/0x2a0 [c010aa35] sysenter_past_esp+0x52/0x71 Code: 0f b6 00 8b 11 83 c8 80 88 82 94 00 00 00 8b 01 81 88 84 00 Does anybody know why it crashes and how can I handle this mess ? ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] IMQ patch for iptables-1.2.9 and kernel 2.6.2 final !
Roy, ''But this stability is probably not because my code is better but because I don't use egress shaping so the crash reasons still unknown.'' I need both ingress and egress traffic shaping, that's why I used the classic IMQ version. Egress shaping will crash original wersion even faster then mine, they both can do this , but then both will likely crash anyway you can do egress shaping on interface directly, and input+forward on imq device. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] IMQ update ?
Hi Andres, there is a patch for 2.4.24 available at www.linuximq.net ... have a try on it and please let us know if you have any trouble using it. tks Andre ThE LinuX_KiD wrote: Hello I'm trying the excelent IMQ patch for iptbles and kernel 2.4.21 and works very well... but, there is a IMQ patch for 2.4.24 ? I've tested IMQ for kernels 2,4,21 but patch fails ! Best regards andres ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
RE: [LARTC] IMQ update ?
Hi, I've patched 2.4.24 with IMQ successfully !! thank you Andres - -Mensaje original- - De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] - nombre de Andre Correa - Enviado el: Martes, 03 de Febrero de 2004 09:56 a.m. - Para: ThE LinuX_KiD - CC: lartc - Asunto: Re: [LARTC] IMQ update ? - - - - Hi Andres, there is a patch for 2.4.24 available at www.linuximq.net ... - have a try on it and please let us know if you have any trouble using it. - - tks - - Andre - - - ThE LinuX_KiD wrote: - Hello - - I'm trying the excelent IMQ patch for - iptbles and kernel 2.4.21 and works - very well... - - but, there is a IMQ patch for 2.4.24 ? - - I've tested IMQ for kernels 2,4,21 but - patch fails ! - - Best regards - andres - ___ - LARTC mailing list / [EMAIL PROTECTED] - http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ - - - - ___ - LARTC mailing list / [EMAIL PROTECTED] - http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ - ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] IMQ update ?
Hello I'm trying the excelent IMQ patch for iptbles and kernel 2.4.21 and works very well... but, there is a IMQ patch for 2.4.24 ? I've tested IMQ for kernels 2,4,21 but patch fails ! Best regards andres ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] IMQ or shaping tx on 2 NICs?
hi all, i have tried out both IMQ and shaping transmit on 2 NICS downstream and upstream respectively, which method is preferred in terms of accuracy, stability etc pls advise tc ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] IMQ Stability
On Fri, Jan 23, 2004 at 10:29:13AM -0700, Michael S. Kazmier wrote: MSKHello all, MSKI have been doing a lot of archive searching over the last week reading MSKposts on IMQ and it's apparent stability / instability. I have seen a MSKnumber of posts about it not being maintained as well. Can anyone talk to MSKme about IMQ's stability in a heavy throughput environment (20 Mbps) and MSKwhat was causing IMQ to fail if you know. I use it and it's work OK for me Traffic at some router up to 30-40 Mbit IMQ has one trouble Don't assing address to imq interface becase kernel crash it you do this. -- Best regard, Aleksander Trotsai aka MAGE-RIPE aka MAGE-UANIC My PGP key at ftp://blackhole.adamant.ua/pgp/trotsai.key[.asc] Big trouble - ..disk or the processor is on fire. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] IMQ Stability
Hi Roy, Excelent Roy!!! Good job. Where we can get your IMQ port to test? Best Regards Remus - Original Message - From: Roy [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, January 25, 2004 3:49 AM Subject: Re: [LARTC] IMQ Stability Internet (eth0) - ppp0 - ppp1 - LAN (eth1) 10.0.0.0/8 this way dont seem excelent because it still lacks some functionality and what about using LO or dummy type interface instead of ppp? the new imq driver that i am developing will have unlimited posibilities it willbe fake interface wich passes all ip trafic without exception no mater which direction, destination and so on even localy generated and received trafic should pass it I removed iptables module so noo need to configure it just everything is catched. so you will be able to shape in + out in one also I am thinking about the chaining functionality is there any need to make chain of imq devices ? ( they will get the all same trafic) you will be able to use few shapers then but it will add latency. I almost finished my driver , but unfortunately there is no way to avoid patching kernel. I need to export ip_finish_output2 and ip_local_deliver_finish functions but dont know how to do that, and where is the best place. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
RE: [LARTC] IMQ Stability
Hello Alex, Perhaps I missed something below which ties eth0 and eth1 to the PPP pipe, or its just my unfamiliarity with PPP. Regardless, an interesting methodology. Do you think you could do the following: eth0ppp0standard linux bridging / routing---ppp1---eth1 The reason I ask is that I would like to, at the PPP level, apply CBQ or HTB rate shaping to my each end user (ie, limit traffic to 256K or something like that). And then, after each customer has their rate shaping, at the ETH level I would like to priorize traffic (ie, all www prio 3, ssh - telnet, prio 1, ftp prio 4, everything else prio 7) Thoughts? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alexander Clouter Sent: Saturday, January 24, 2004 7:05 PM To: [EMAIL PROTECTED] Subject: Re: [LARTC] IMQ Stability On Jan 24, [EMAIL PROTECTED] wrote: Thank you for the detailed discussion. There is no doubt that there is a need for an IMQ type device/funtionality. What would work really great, IMHO, is a fake or psuedo ethernet driver that simply sits as a shim between one or more real drivers. This fake device could allow us to Stack qdiscs in a way to allow one to shape traffic in multiple policies - ie, prioritize traffic AND allocate / rate shape end users. I have actually thought of utilizing the kernel bonding driver for this - attaching only a single slave to it - but haven't had time as yet. Not sure that this would do anything for ingress shaping though. I have been working on this with using what I call a ppp-pipe. The result is Internet (eth0) - ppp0 - ppp1 - LAN (eth1) 10.0.0.0/8 where ppp0ppp1 is on the local machine (and simulates two NICs with a crossover cable between them in the same machine). What you throw in at ppp0 appears at ppp1 and vice versa. This works fine, it also means you can shape on the ppp0/ppp1 interfaces and leave all the NAT stuff on the real interfaces. The command to create this ppp-pipe is (as root), so far I am not completely sure if you need to add to the first pppd command real ip:real ip for its parameters (you might also need 'xonxoff' too in both): # mkfifo /tmp/ppp-pipe # pppd noauth nodefaultroute notty /tmp/ppp-pipe | pppd noauth \ notty /tmp/ppp-pipe However there is a major problem..connection tracking. In the above setup you do iptables -t nat -I POSTROUTING -s 10.0.0.0/8 \ -d ! 10.0.0.0/8 -o eth0 -j MASQUERADE the '-o eth0' is very important, you also create some advance routing bits to make all traffic crossing the router to pass through the ppp-pipe; easy enough, but depends on your needs. Conntrack unfortunately notices that you did not want to NAT the packet straight away when it arrives on eth1 (if you do then you will be unable to shape fairly per IP, for example with ESFQ), but then later on when the packet resurfaces at ppp0 the 'nat' table is skipped. The only way about this is to use the patch-o-matic RAW patch and instruct it to skip connection tracking for packets on eth1 destined for the Internet. As I am now pure 2.6.x goodness I am in the middle of porting the patch myself (the patch-o-matic-ng does not work for me, could be me being lame though). Sure this is replacing one patch dependency with another, however IMQ really seems that it has been left out to rot; whilst the RAW patch probably is going to stay better maintained, hell its in the patch-o-matic for starters. Besides there are lots of advantages with the ppp-pipe, as now all you folks who want to shape over with IP-Aliasing can just use cunning ppp-pipes instead; whilst still keeping things very simple. So far the above should work in non-NAT (or rather connection tracking) setups but where you want the equilivent of IP-Aliased style shaping. Anyway thoughts would be apprieated, however when I was on #lartc it was its normal dead self so I was left dead in the water myself :( have fun Alex -- ___ Fortune favors the lucky. --- \ ^__^ \ (oo)\___ (__)\ )\/\ ||w | || || ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] IMQ Stability
the new imq driver that i am developing will have unlimited posibilities it willbe fake interface wich passes all ip trafic without exception no mater which direction, destination and so on even localy generated and received trafic should pass it May I suggest that if it's new code with new approach it should get a different name ? Rubens ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] IMQ Stability
On Jan 26, Michael S. Kazmier wrote: Hello Alex, Perhaps I missed something below which ties eth0 and eth1 to the PPP pipe, or its just my unfamiliarity with PPP. sorry I should of made it cleaner. If you read up on Advanced Routing HOWTO, its hopefully easy to understand. lets say: [EMAIL PROTECTED]:~$ cat /etc/iproute2/rt_tables # # reserved values # 255 local 254 main 253 default 0 unspec # # local # 1 inr.ruhep # inskipp 32 ppp-upstream 33 ppp-downstream you then type (something along the lines of): - ip route add default dev ppp1 table ppp-upstream ip route add default dev ppp0 table ppp-downstream ip rule add from 10.0.0.0/8 iif eth1 table ppp-upstream ip rule add to 10.0.0.0/8 iif eth0 table ppp-downstream ip route flush cache - In summary, this setups linux to do exactly what is in the diagram (below). The nice thing is after the above is setup you treat it as if its a physical interface, its a real ppp session. Any traffic that goes into ppp0 appears on ppp1 and vice versa; treat it like a fancy wormhole :) The advantage here over the IMQ-ng that is being made, from what I uderstand, is here the only patch you need is to bypass connection tracking on the Internet bound traffic from eth1 (for techie reasons), when it 'appears' from ppp1 then the connection tracking should be allowed to continue. This is where the RAW netfilter patch comes into play. Although you are swapping one kernel patch for another, the RAW one looks like its going to be around much longer and actually maintained, the other very important fact is that you can now (if you think about it, I will leave it as an exercise for you) use it to simulate those IP-Aliasing interfaces and actually now shape on that basis per pipe. The clue is true _source_ based routing ;) Regardless, an interesting methodology. Do you think you could do the following: eth0ppp0standard linux bridging / routing---ppp1---eth1 The reason I ask is that I would like to, at the PPP level, apply CBQ or HTB rate shaping to my each end user (ie, limit traffic to 256K or something like that). And then, after each customer has their rate shaping, at the ETH level I would like to priorize traffic (ie, all www prio 3, ssh - telnet, prio 1, ftp prio 4, everything else prio 7) Thoughts? in theory I guess you could setup a linu bridge over the ppp-pipe, however there is no point (from what I can see) as you are NATing, so the box is the default gateway for the other machines, plus more importantly, if you want a bridge why not just forget about the ppp-pipe and bridge over eth0-eth1. This is what my jdg-qos-script[1] from more or less day one. Anyway, feedback would be great on the above idea. Regards Alex [1] http://www.digriz.org.uk/jdg-qos-script/ -- _ / Genius is pain. \ | | \ -- John Lennon / - \ ^__^ \ (oo)\___ (__)\ )\/\ ||w | || || signature.asc Description: Digital signature
Re: [LARTC] IMQ Stability
Hi Roy, This is great news! Shaping in+out at once is not always wanted... Usually you want to shape them seperately because each direction has a different bandwidth and limits. So I think it should be optional (i.e. you should be able to configure if you want the ingress and/or the egress side). Your efforts are highly appreciated! Aron --- From: Roy [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: [LARTC] IMQ Stability Date: Sun, 25 Jan 2004 05:49:15 +0200 Internet (eth0) - ppp0 - ppp1 - LAN (eth1) 10.0.0.0/8 this way dont seem excelent because it still lacks some functionality and what about using LO or dummy type interface instead of ppp? the new imq driver that i am developing will have unlimited posibilities it willbe fake interface wich passes all ip trafic without exception no mater which direction, destination and so on even localy generated and received trafic should pass it I removed iptables module so noo need to configure it just everything is catched. so you will be able to shape in + out in one also I am thinking about the chaining functionality is there any need to make chain of imq devices ? ( they will get the all same trafic) you will be able to use few shapers then but it will add latency. I almost finished my driver , but unfortunately there is no way to avoid patching kernel. I need to export ip_finish_output2 and ip_local_deliver_finish functions but dont know how to do that, and where is the best place. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] IMQ Runtime error
hi all, i have applied all patches and compiled the kernel (2.4.21), iptables (1.2.9) and iproute2 (2.4.7-now-ss020116) however when i run modprobe imq numdevs=1, the system returns - imq.o: init_module: Device or resource busy the transcript is below - [EMAIL PROTECTED] project]# modprobe imq numdevs=1 /lib/modules/2.4.21-BW/kernel/drivers/net/imq.o: init_module: Device or resource busy Hint: insmod errors can be caused by incorrect module parameters, including invalid IO or IRQ parameters. You may find more information in syslog or the output from dmesg /lib/modules/2.4.21-BW/kernel/drivers/net/imq.o: insmod /lib/modules/2.4.21-BW/kernel/drivers/net/imq.o failed /lib/modules/2.4.21-BW/kernel/drivers/net/imq.o: insmod imq failed what could be wrong? thanks all, bye joseph ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] IMQ Runtime error
even if imq is quite useless right now this eeror is caused probably by other loaded modules for userspace queue nf_queue probably since imq uses the same function - Original Message - From: tc [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, January 26, 2004 1:33 AM Subject: [LARTC] IMQ Runtime error hi all, i have applied all patches and compiled the kernel (2.4.21), iptables (1.2.9) and iproute2 (2.4.7-now-ss020116) however when i run ''modprobe imq numdevs=1'', the system returns - imq.o: init_module: Device or resource busy the transcript is below - [EMAIL PROTECTED] project]# modprobe imq numdevs=1 /lib/modules/2.4.21-BW/kernel/drivers/net/imq.o: init_module: Device or resource busy Hint: insmod errors can be caused by incorrect module parameters, including invalid IO or IRQ parameters. You may find more information in syslog or the output from dmesg /lib/modules/2.4.21-BW/kernel/drivers/net/imq.o: insmod /lib/modules/2.4.21-BW/kernel/drivers/net/imq.o failed /lib/modules/2.4.21-BW/kernel/drivers/net/imq.o: insmod imq failed what could be wrong? thanks all, bye joseph ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] IMQ Stability
Thank you for the detailed discussion. There is no doubt that there is a need for an IMQ type device/funtionality. What would work really great, IMHO, is a fake or psuedo ethernet driver that simply sits as a shim between one or more real drivers. This fake device could allow us to Stack qdiscs in a way to allow one to shape traffic in multiple policies - ie, prioritize traffic AND allocate / rate shape end users. I have actually thought of utilizing the kernel bonding driver for this - attaching only a single slave to it - but haven't had time as yet. Not sure that this would do anything for ingress shaping though. Thanks again... Mike Probably I am going to continue imq development, so I know about it something. IMQ is very unpredictable you can use it all week or it may crash at once. and what is the most strange - crashes osccur everywhere in the kernel except in the driver itself this can be kernel bug as well. under high loag it crashes quite soom while in low load it can hold forewer this probably depends on cpu speed and looks that it tends to crash if you try to shape localy generated trafic if you use it for ingress only it wont have much problems. I have no hope to make it work, I rewrote the code completely few times and no use probably this way just cant work. I am going to use completely other way to do the same job. imq is trying to use userspace queue which dont like when packets are droped and seems there is no way to avoid droping while doing trafic shaping, so I will use another way by completely removing packets from iptables at some place and transmitting them directly where needed. thus replacing part of kernel code. this way I will be able at least to track the bug. P.S. iptables have another similar module ( ROUTE target ) i tryed it and it works in some cases ( i redirect trafic to lo interface) but not very good. - Original Message - From: Michael S. Kazmier [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, January 23, 2004 7:29 PM Subject: [LARTC] IMQ Stability Hello all, I have been doing a lot of archive searching over the last week reading posts on IMQ and it's apparent stability / instability. I have seen a number of posts about it not being maintained as well. Can anyone talk to me about IMQ's stability in a heavy throughput environment (20 Mbps) and what was causing IMQ to fail if you know. Thanks, Mike ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] IMQ Stability
Probably I am going to continue imq development, so I know about it something. IMQ is very unpredictable you can use it all week or it may crash at once. and what is the most strange - crashes osccur everywhere in the kernel except in the driver itself this can be kernel bug as well. under high loag it crashes quite soom while in low load it can hold forewer this probably depends on cpu speed and looks that it tends to crash if you try to shape localy generated trafic if you use it for ingress only it wont have much problems. I have no hope to make it work, I rewrote the code completely few times and no use probably this way just cant work. I am going to use completely other way to do the same job. imq is trying to use userspace queue which dont like when packets are droped and seems there is no way to avoid droping while doing trafic shaping, so I will use another way by completely removing packets from iptables at some place and transmitting them directly where needed. thus replacing part of kernel code. this way I will be able at least to track the bug. P.S. iptables have another similar module ( ROUTE target ) i tryed it and it works in some cases ( i redirect trafic to lo interface) but not very good. - Original Message - From: Michael S. Kazmier [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, January 23, 2004 7:29 PM Subject: [LARTC] IMQ Stability Hello all, I have been doing a lot of archive searching over the last week reading posts on IMQ and it's apparent stability / instability. I have seen a number of posts about it not being maintained as well. Can anyone talk to me about IMQ's stability in a heavy throughput environment (20 Mbps) and what was causing IMQ to fail if you know. Thanks, Mike ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] IMQ Stability
On Jan 24, [EMAIL PROTECTED] wrote: Thank you for the detailed discussion. There is no doubt that there is a need for an IMQ type device/funtionality. What would work really great, IMHO, is a fake or psuedo ethernet driver that simply sits as a shim between one or more real drivers. This fake device could allow us to Stack qdiscs in a way to allow one to shape traffic in multiple policies - ie, prioritize traffic AND allocate / rate shape end users. I have actually thought of utilizing the kernel bonding driver for this - attaching only a single slave to it - but haven't had time as yet. Not sure that this would do anything for ingress shaping though. I have been working on this with using what I call a ppp-pipe. The result is Internet (eth0) - ppp0 - ppp1 - LAN (eth1) 10.0.0.0/8 where ppp0ppp1 is on the local machine (and simulates two NICs with a crossover cable between them in the same machine). What you throw in at ppp0 appears at ppp1 and vice versa. This works fine, it also means you can shape on the ppp0/ppp1 interfaces and leave all the NAT stuff on the real interfaces. The command to create this ppp-pipe is (as root), so far I am not completely sure if you need to add to the first pppd command real ip:real ip for its parameters (you might also need 'xonxoff' too in both): # mkfifo /tmp/ppp-pipe # pppd noauth nodefaultroute notty /tmp/ppp-pipe | pppd noauth \ notty /tmp/ppp-pipe However there is a major problem..connection tracking. In the above setup you do iptables -t nat -I POSTROUTING -s 10.0.0.0/8 \ -d ! 10.0.0.0/8 -o eth0 -j MASQUERADE the '-o eth0' is very important, you also create some advance routing bits to make all traffic crossing the router to pass through the ppp-pipe; easy enough, but depends on your needs. Conntrack unfortunately notices that you did not want to NAT the packet straight away when it arrives on eth1 (if you do then you will be unable to shape fairly per IP, for example with ESFQ), but then later on when the packet resurfaces at ppp0 the 'nat' table is skipped. The only way about this is to use the patch-o-matic RAW patch and instruct it to skip connection tracking for packets on eth1 destined for the Internet. As I am now pure 2.6.x goodness I am in the middle of porting the patch myself (the patch-o-matic-ng does not work for me, could be me being lame though). Sure this is replacing one patch dependency with another, however IMQ really seems that it has been left out to rot; whilst the RAW patch probably is going to stay better maintained, hell its in the patch-o-matic for starters. Besides there are lots of advantages with the ppp-pipe, as now all you folks who want to shape over with IP-Aliasing can just use cunning ppp-pipes instead; whilst still keeping things very simple. So far the above should work in non-NAT (or rather connection tracking) setups but where you want the equilivent of IP-Aliased style shaping. Anyway thoughts would be apprieated, however when I was on #lartc it was its normal dead self so I was left dead in the water myself :( have fun Alex -- ___ Fortune favors the lucky. --- \ ^__^ \ (oo)\___ (__)\ )\/\ ||w | || || signature.asc Description: Digital signature
Re: [LARTC] IMQ Stability
Internet (eth0) - ppp0 - ppp1 - LAN (eth1) 10.0.0.0/8 this way dont seem excelent because it still lacks some functionality and what about using LO or dummy type interface instead of ppp? the new imq driver that i am developing will have unlimited posibilities it willbe fake interface wich passes all ip trafic without exception no mater which direction, destination and so on even localy generated and received trafic should pass it I removed iptables module so noo need to configure it just everything is catched. so you will be able to shape in + out in one also I am thinking about the chaining functionality is there any need to make chain of imq devices ? ( they will get the all same trafic) you will be able to use few shapers then but it will add latency. I almost finished my driver , but unfortunately there is no way to avoid patching kernel. I need to export ip_finish_output2 and ip_local_deliver_finish functions but dont know how to do that, and where is the best place. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] IMQ Stability
Hello all, I have been doing a lot of archive searching over the last week reading posts on IMQ and it's apparent stability / instability. I have seen a number of posts about it not being maintained as well. Can anyone talk to me about IMQ's stability in a heavy throughput environment (20 Mbps) and what was causing IMQ to fail if you know. Thanks, Mike ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] imq-patch for 2.4.24 kernel
Hi, is there an IMQ-patch available for kernel version 2.4.24? If so, where can I get it? greetz cord ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] IMQ problems :-(
On Sunday 04 January 2004 5:33 pm, Roy wrote: I have read about people having lots of problems with IMQ. So I just wanted to try it and see how stable it is on my box. I gather it could actually be problems with the Kernel and not the IMQ code?? That is possible but prpbably not because of bug in kernel I as I think it is because kernel handles local trafic diferently than forwarded so you cant use imq to shape trafic generated by server I am comtinuing development of imq abd I face this problem most of the time. Do you mean because it crashes ? I seem to be able to shape upstream from my gateway and forward OK using IMQ - I know I don't really need it for up because I could mark, and the nat patch only works down, but I've been testing the jdg script recently and haven't managed a crash yet. I am only on a home network that gets shutdown after 18 hours, though. I think that sounds even more messy :-) I only wanted to ingress shape with IMQ to ensure that I don't drop UDP or small TCP ACK packets for upload streams. I guess I will just give up on the idea and using ingress policing... Its not so important anyway as my DSL connection is very asymetric (2mbit D/L; 256kbit U/L) and upload shaping is more important. if only want to shape incoming trafic probably you can use imq quite safely, anyway as I see you dont need it at all you can easily shape all uploads anyway and since your download speed is high enough you dont need to worry about it. however imq can be usefull to control trafic so that you can download with kaza and browse web or play game without high latency. __ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] IMQ problems :-(
Hi Roy, Thanks for getting back to me so promptly. Imq is very invasive componemt which requires to recompile almost everyhing this diver is very unstable and will crash for sure, sooner or later depending on load. I have read about people having lots of problems with IMQ. So I just wanted to try it and see how stable it is on my box. I gather it could actually be problems with the Kernel and not the IMQ code?? I sugest you to leave iptables alone and just modify imq.c source to catch what you need. ir you dont have too much trafic it may not crash for all day. ( if you will use it for download shaping) I think that sounds even more messy :-) I only wanted to ingress shape with IMQ to ensure that I don't drop UDP or small TCP ACK packets for upload streams. I guess I will just give up on the idea and using ingress policing... Its not so important anyway as my DSL connection is very asymetric (2mbit D/L 256kbit U/L) and upload shaping is more important. Even if IMQ is fixed in kernel 2.6 (is it??) I won't be able to use it until I can update the driver for my conexant PCI ADSL modem (which works fine just now under kernel 2.4.22) -- Best regards, Robert ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] IMQ problems :-(
I have read about people having lots of problems with IMQ. So I just wanted to try it and see how stable it is on my box. I gather it could actually be problems with the Kernel and not the IMQ code?? That is possible but prpbably not because of bug in kernel I as I think it is because kernel handles local trafic diferently than forwarded so you cant use imq to shape trafic generated by server I am comtinuing development of imq abd I face this problem most of the time. I think that sounds even more messy :-) I only wanted to ingress shape with IMQ to ensure that I don't drop UDP or small TCP ACK packets for upload streams. I guess I will just give up on the idea and using ingress policing... Its not so important anyway as my DSL connection is very asymetric (2mbit D/L; 256kbit U/L) and upload shaping is more important. if only want to shape incoming trafic probably you can use imq quite safely, anyway as I see you dont need it at all you can easily shape all uploads anyway and since your download speed is high enough you dont need to worry about it. however imq can be usefull to control trafic so that you can download with kaza and browse web or play game without high latency. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] IMQ problems :-(
Hi I have built a custom TMB Mandrake kernel (2.4.22) with IMQ and ESFQ support. I statically compiled both (mistake?) ESFQ is sorted and working fine (I have succesfully patched IPROUTE2). I have got to the stage where I can see the IMQ device as UP with ifconfig. I can use TC to add QDISCs to the IMQ device. However I just cannot sort out IPTABLES to actually redirect packets to the IMQ device!! I have been trying for weeks to sort this problem out and its really helping to develop my Linux Zen awareness... Currently I am trying to patch iptables-1.2.8 with iptables-1.2.7a IMQ patch. I am not getting a .d dependency file for the lipipt_IMQ.c file in the iptables - extensions directory. I think this is because the IMQ patch looks for an ipt_IMQ.c file in directory .../net/ipv4/netfilter/ in my kernel sources. But my kernel source doesn't have this file. This is the common problem for all the older iptables -IMQ patches I have tried. Why don't I have this file in my kernel sources? Is it because I statically linked in supported for IMQ into the kernel? Do I need to recompile the kernel with IMQ selected as a module?? I am very new to Linux so these patches for this and patches for that plus something called 'patch-o-matic' are all getting a bit Yours in patchyness... Robert ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] IMQ problems :-(
Imq is very invasive componemt which requires to recompile almost everyhing this diver is very unstable and will crash for sure, sooner or later depending on load. I sugest you to leave iptables alone and just modify imq.c source to catch what you need. ir you dont have too much trafic it may not crash for all day. ( if you will use it for download shaping) ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] imq crash investigation
Hello. As you know Patrick McHardy stopped to support IMQ. As for now, this stuff has an annoying problem and I've made a little investigation of it. So, maybe it will be useful for someone. First, pass all traffic of the interface (as in, as out) though imq device. Something like: iptables -t mangle -I PREROUTING -i $DEV -j IMQ iptables -t mangle -I POSTROUTING -o $DEV -j IMQ This works ok. At least, after a day of running this setup seems to be stable. Now, lets attach a qdisc to imq: RATE=187 tc qdisc add dev imq0 handle 1: root tbf rate ${RATE}kbit \ burst 15kb/8 limit 15kb Ok, here it is. After some time (minutes,hours) I get a kernel panic. As far as I know, IMQ is the _only_ way for now in Linux to limit the total bandwidth of the link (in+out). It would be excellent if somebody, enough expirenced in kernel hacking, will be so kind to fix that problem. Best regards, Ivan Pesin ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] imq crash investigation
Now I am continuing imq development, but seems it is hopeless, no mater what i do it crashes when qdisc are used seems that it can be not imq problem but somthing wrong with htb. I completely rewrote imq driver, only device registration left. I checked many diferent variants of code, and no mater what, it crashes as allways I even made that packets are never dropped but still it crashes completely with no reason, probability to crash increases with load. here is new imq code: int wequeue=stats-rx_packets-stats-tx_packets; stats-rx_dropped=wequeue; if (wequeue 70){ nf_reinject(skb, info, NF_ACCEPT); //not alow to fill queue full so htb wont drop packets stats-tx_dropped++; return 0; } stats-rx_packets++; // the main part of the driver ( packets are newer dropped) skb-destructor = imq_skb_destructor; // not used this time skb-real_dev=skb-dev; //not used skb-dev=imq_dev; //not used also if (dev_queue_xmit(skb)){ skb-dev=skb-real_dev; printk(cant queue %p \n,skb); // if this occurs then queue is full. what never happens } //--- As you see it is so simple that there is no space for bugs. now kernel do not crash, it just hags completely with no output. so I suspect that there is problem with shaper itself or netfilter, or linux dont like when packets are reordered. Now I am going to try completely diferent idea, I thing I should name it not INQ but NFD because it will be netfilter interface( the part of netfilter core itself) so EVERYTHING will pass this interface. Hello. As you know Patrick McHardy stopped to support IMQ. As for now, this stuff has an annoying problem and I've made a little investigation of it. So, maybe it will be useful for someone. First, pass all traffic of the interface (as in, as out) though imq device. Something like: iptables -t mangle -I PREROUTING -i $DEV -j IMQ iptables -t mangle -I POSTROUTING -o $DEV -j IMQ This works ok. At least, after a day of running this setup seems to be stable. Now, lets attach a qdisc to imq: RATE=187 tc qdisc add dev imq0 handle 1: root tbf rate ${RATE}kbit \ burst 15kb/8 limit 15kb Ok, here it is. After some time (minutes,hours) I get a kernel panic. As far as I know, IMQ is the _only_ way for now in Linux to limit the total bandwidth of the link (in+out). It would be excellent if somebody, enough expirenced in kernel hacking, will be so kind to fix that problem. Best regards, Ivan Pesin ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] imq crash investigation
Roy wrote: Now I am continuing imq development, but seems it is hopeless, no mater what i do it crashes when qdisc are used seems that it can be not imq problem but somthing wrong with htb. Nope. I've tryed other qdiscs, classful/classless -- the same. ..skip.. As you see it is so simple that there is no space for bugs. now kernel do not crash, it just hags completely with no output. so I suspect that there is problem with shaper itself or netfilter, or linux dont like when packets are reordered. This could be. BTW, today experimenting I got a crash, which says this is kernel bug, file skbuff.c, line 92. Now I am going to try completely diferent idea, I thing I should name it not INQ but NFD because it will be netfilter interface( the part of netfilter core itself) so EVERYTHING will pass this interface. Ok, do you have a website? Regards, Ivan Pesin ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] imq crash investigation
so I suspect that there is problem with shaper itself or netfilter, or linux dont like when packets are reordered. This could be. BTW, today experimenting I got a crash, which says this is kernel bug, file skbuff.c, line 92. How do you get C code error line? I can only get function name and asm code offset. also I got diferent errors with original imq, usualy it was in tcp_retransmit_skb Now I am going to try completely diferent idea, I thing I should name it not IMQ but NFD because it will be netfilter interface( the part of netfilter core itself) so EVERYTHING will pass this interface. Ok, do you have a website? I dont have website for now, I only have http server where I can put something I have made htb web interface like in docum.org but it have much more features( all I was able to find about htb) but not finished completely As about this imq driver I had no luck to make it at least abit more usable my server addres is http://pupa.da.ru ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] imq crashes again (new version)
Hi, I decided to continue imq development since it is not much usable as is now. I am going to make imq the only place for all trafic shaping. But there is one problem that this driver is very unstable by some reason it crashes randomly under high load when dropping many packets. and what is most strange that craches occur in kernel itself in tcp_retransmit_skb() function I suspect that it may be kernel bug. I didnt changed it very much, I just made that everything goes throuth imq device. so it needs to handle quite a lot trafic, seems the same problem have original driver if you set it to capture everything. Anyway this driver behaves strangely if you will check how many packets are dropped by htb you will see that none of them !!! they are just dealayed for extremely long time I suspect that such queue consumes too much memory or kernel is trying retransmit packets forever.
[LARTC] IMQ causing network card reciever lockups
Hi! For the past months, my home nat-router has been acting up, locking random ports on the quad port ethernet NIC after 3-6 hours of use. After lots of lots of eliminating and debugging of modules, I have circled in on the IMQ-modules. So, IMQ locks up my ethernet ports. I'm running a quad D-Link DFE-580TX using the mainline sundance driver, kernel version is 2.4.23-rc3 based. The same happens with the becker driver, but is seems to revive the port after a ifdown/ifup cycle (might have been a fluke). In the kernel log I get this information (with the mainline driver), and I have to reboot to revive the port from coma again. Nov 29 10:36:25 puppen kernel: NETDEV WATCHDOG: eth4: transmit timed out Nov 29 10:36:25 puppen kernel: eth4: Transmit timed out, TxStatus 00 TxFrameId 00, resetting... Nov 29 10:36:25 puppen kernel: 00 07ded000 07ded010 0001(00) 04ea9542 802a Nov 29 10:36:25 puppen kernel: 01 07ded010 07ded020 0005(01) 04ea95c2 802a Nov 29 10:36:25 puppen kernel: 02 07ded020 07ded030 0009(02) 04ea90c2 802a Nov 29 10:36:25 puppen kernel: 03 07ded030 07ded040 000d(03) 04ea96c2 802a Nov 29 10:36:25 puppen kernel: 04 07ded040 07ded050 0011(04) 04ea9742 802a Nov 29 10:36:25 puppen kernel: 05 07ded050 8015(05) 04ea98c2 802a Nov 29 10:36:25 puppen kernel: 06 07ded060 07ded070 00010019(06) Nov 29 10:36:25 puppen kernel: 07 07ded070 07ded080 0001001d(07) Nov 29 10:36:25 puppen kernel: 08 07ded080 07ded090 0021(08) 014df7d2 803d Nov 29 10:36:25 puppen kernel: 09 07ded090 07ded0a0 0025(09) 014df8d2 803d Nov 29 10:36:25 puppen kernel: 0a 07ded0a0 07ded0b0 0029(0a) 014df9d2 8042 Nov 29 10:36:25 puppen kernel: 0b 07ded0b0 07ded0c0 002d(0b) 014dfad2 8040 Nov 29 10:36:25 puppen kernel: 0c 07ded0c0 07ded0d0 0031(0c) 03ef1812 8492 Nov 29 10:36:25 puppen kernel: 0d 07ded0d0 07ded0e0 0035(0d) 052a6812 85d6 Nov 29 10:36:25 puppen kernel: 0e 07ded0e0 07ded0f0 0039(0e) 014dfbd2 8042 Nov 29 10:36:25 puppen kernel: 0f 07ded0f0 07ded100 003d(0f) 0193f012 8494 Nov 29 10:36:25 puppen kernel: 10 07ded100 07ded110 0041(10) 0243d812 85ea Nov 29 10:36:25 puppen kernel: 11 07ded110 07ded120 0045(11) 01dff012 85ea Nov 29 10:36:25 puppen kernel: 12 07ded120 07ded130 0049(12) 01dff812 85ea Nov 29 10:36:25 puppen kernel: 13 07ded130 07ded140 004d(13) 014dfcd2 8042 Nov 29 10:36:25 puppen kernel: 14 07ded140 07ded150 0051(14) 06f46012 85ea Nov 29 10:36:25 puppen kernel: 15 07ded150 07ded160 0055(15) 0711f1c2 802a Nov 29 10:36:25 puppen kernel: 16 07ded160 07ded170 0059(16) 0711f242 802a Nov 29 10:36:25 puppen kernel: 17 07ded170 07ded180 005d(17) 0711fec2 802a Nov 29 10:36:25 puppen kernel: 18 07ded180 07ded190 0061(18) 04ea9142 802a Nov 29 10:36:25 puppen kernel: 19 07ded190 07ded1a0 0065(19) 04ea91c2 802a Nov 29 10:36:25 puppen kernel: 1a 07ded1a0 07ded1b0 0069(1a) 04ea9242 802a Nov 29 10:36:25 puppen kernel: 1b 07ded1b0 07ded1c0 006d(1b) 04ea93c2 802a Nov 29 10:36:25 puppen kernel: 1c 07ded1c0 07ded1d0 0071(1c) 04ea9342 802a Nov 29 10:36:25 puppen kernel: 1d 07ded1d0 07ded1e0 8075(1d) 04ea92c2 802a Nov 29 10:36:25 puppen kernel: 1e 07ded1e0 07ded1f0 0079(1e) 04ea9442 802a Nov 29 10:36:25 puppen kernel: 1f 07ded1f0 07ded000 007d(1f) 04ea94c2 802a Nov 29 10:36:25 puppen kernel: TxListPtr=07ded070 netif_queue_stopped=1 Nov 29 10:36:25 puppen kernel: cur_tx=38(06) dirty_tx=8(08) Nov 29 10:36:25 puppen kernel: cur_rx=22 dirty_rx=22 Nov 29 10:36:25 puppen kernel: cur_task=38 I can't see anything obvious in slabinfo, but the netif_queue_stopped=1 in the log above looks curious. Any fixes I can try? QoS is pretty much useless here without IMQ ;-) -- Mvh, André Tomt [EMAIL PROTECTED] ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] IMQ web page Doc
Hi all :) I'm searching doc about IMQ, but I don't find good info. Is http://trash.net/~kaber/imq/ the IMQ web page? exists others ?? Any webpage about QoS are welcome. thx, sorry 4 muy English ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] IMQ Patch Problem
Hi, I have applied the IMQ patch to 2.4.21 kernel. But, I don't see IMQ target(s) net Kerne - Networking_options - IP:Netfilter_Configuration. I don't know what I am missing? Venkatesh K
[LARTC] IMQ Patch Problem
Hi, I am sorry for sending mail in html format :( I have applied the IMQ patch to 2.4.21 kernel. But, I don't see IMQ target(s) net Kernel - Networking_options - IP:Netfilter_Configuration. I don't know what I am missing? Venkatesh K ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] IMQ and kernel 2.6 again
Hi, please avoid using reply to on a message when you want to start a new thread. This is annoying when you use a thread view of mails. Thank you. :-) -- Jeremie LE HEN aka TtZ/TataZ [EMAIL PROTECTED] [EMAIL PROTECTED] Hi! I'm a .signature virus! Copy me into your ~/.signature to help me spread! ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] IMQ Install Without Recompiling Kernel?
Hey guys, I finally got IMQ to work!!! This may be novel to many, but recompiling the kernel has always slightly intimidated me until now, even though I've successfully done it in the past. I've been working for three days now getting IMQ support into the kernel and iptables. First off, I didn't want to do a manual compile. So I followed the instructions for recompiling the RH src.rpm and it worked great after a little research. I had kernel support for imq devices, but no iptables support. So I began down the dark path of patch-o-matic. 99% of the docs out there are for the version of iptables-1.2.6a which was the last version of iptables to include patch-o-matic. Once I figured out how to work the patch-o-matic magic, I was felt like I was on my way. I never could get the new module sources created by iptables to be built into the new kernel-rpm with rpmbuild. So with more research, I found some great pointers about re-using the config out of the /boot directory. Once I edited that I recompiled and all was well with the world. I've been a fairly hard Linux user now for three years and using iproute2 now for a year. Now I understand that recompiling the kernel is second-nature to most on this list, but I just wanted to share a positive comment rather than a question for once. Most of the stuff involved with this process is fairly easy once you understand what's going on. That reminds me of a joke between my boss and I, There's no clear documentation on this because if you are messing with this, you should already know what you are doing. That actually stemmed from an installation of RADIUS about three years ago. In short and IMHO, use of the IMQ Device with classful queues is the absolute best method to apply fine-tuned ingress/egress control to a host/subnet. I want to say thanks to everyone to gave me great pointers and help on this. Walt - Original Message - From: David Boreham [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, September 25, 2003 4:26 PM Subject: Re: [LARTC] IMQ Install Without Recompiling Kernel? 1) Why is RH a bad choice? It's not necessarily bad, for example they can sell you good commercial support, and most commercial binary-only applications will only support RH kernels (e.g. Clearcase). However, RH tends to have their own ideas about a bunch of stuff which doesn't always match the 'mainstream'. This is why I quit using RH for my own projects and instead use Mandrake. It's RH-like, but rather more in sync with the 'normal' Linux environment. There are other distributions which have their own 'better' attributes for any given task too. 2) Why the sarcasm about not wanting to recompile the kernel? I love using Linux, and I have recompiled kernels before. However, in this application it may not be my best choice. You do not know my situation. I tried recompiling the kernel on this machine and had much trouble with the particular SCSI card in that machine. However, I felt this list was limited to routing issues and NOT kernel recompilation issues with a SCSI card. Yeah, try the RPM rebuilding route that I suggested. I too became frustrated with the typical Linux community suggestion that you should rebuild from source in the classic manner---I found that the result almost always breaks something which previously worked in the distro kernel. If you build from the source RPM, modulo some corner cases such as using a different compiler build, you'll be making exactly the same binary that RH made. 4) I'm not the qdisc or routing master, but from my reading I understand the following: -An egress qdisc applied to eth0 ONLY shapes traffic leaving eth0, NOT eth1, eth2, etc. Right, it's per-interface shaping. -I don't want to write an egress qdisc for each of my 9 interfaces, plus I also want ingress control. Correct. Plus, if you want to correctly share incoming bandwidth between nodes which are on the other side of more than one of those interfaces, then separate shaping won't do what you want (the queue at each interface has no knowledge of the situation at any of the other interfaces). Therefore you need IMQ. 5) I have different types of customers on each interface, hence different traffic flows and speeds. Without IMQ you'll be able to shape on each interface, but you won't be able to fairly distribute the same bandwidth between customers on different interfaces. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ** * This message has been scanned by CityNET's email scanner for viruses and dangerous content * * and is believed to be clean. CityNET is proud to use MailScanner. For more information * * concerning MailScanner, visit http://www.mailscanner.info
Re: [LARTC] IMQ Install Without Recompiling Kernel?
Thank you. I had not thought of that route. I will probably go with your suggestion. Walt - Original Message - From: David Boreham [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 24, 2003 12:40 PM Subject: Re: [LARTC] IMQ Install Without Recompiling Kernel? Why don't you take the RH kernel source, apply the imq patch, use the RH kernel options and recompile the kernel? A reasonably painless way to do this is to get the RH kernel RPM source. Modify the .spec file to add the patches, and rebuild. I've done this in the past and it tends to result in something which is closer to the original kernel than if you just take the source tree and compile that. It's also a more reproducable build process which helps if you need to do it several times (e.g. when RH releases a new kernel). ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ** * This message has been scanned by CityNET's email scanner for viruses and dangerous content * * and is believed to be clean. CityNET is proud to use MailScanner. For more information * * concerning MailScanner, visit http://www.mailscanner.info * ** ** * This message has been scanned by CityNET's email scanner for viruses and dangerous content * * and is believed to be clean. CityNET is proud to use MailScanner. For more information * * concerning MailScanner, visit http://www.mailscanner.info * ** ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/