Re: [LARTC] hashing filters
On Wed, Jan 12, 2005 at 07:08:03PM +0100, Valton Hashani wrote: j=0; while [ $j -le 254 ] do i=0; while [ $i -le 254 ] do hexi=`echo obase=16; $i | bc` echo tc filter add dev eth0 protocol ip parent 1:2 u32 ht 2:$hexi: match ip dst 192.168.$j.$i flowid 1:3 tc filter add dev eth0 protocol ip parent 1:2 u32 ht $j:$hexi match ip dst 192.168.$j.$i flowid 1:3 i=$((i+1)) done j=$((j+1)) done pgpqUOYJEdhpf.pgp Description: PGP signature
Re: [LARTC] hashing filters
On Wed, Jan 12, 2005 at 07:08:03PM +0100, Valton Hashani wrote: change te script to: i=0; while [ $i -le 254 ] do hexi=`echo obase=16; $i | bc` tc filter add dev eth0 protocol ip parent 1:2 u32 ht 2:$hexi: match ip dst 192.168.$j.$i flowid 1:3 i=$((i+1)) done connected with modifications from previous mail it should work. -- Tomasz Paszkowski Administrator Miejskie Sieci Informatyczne e-wro http://www.e-wro.pl pgpZrE1SlVyOk.pgp Description: PGP signature
[LARTC] hashing filters
Hi all, I am a newbie and I have not played a lot with tc utility. I have red maybe everything thathas to do withmassive filtering (maybe not everything).If you can help meon this I wouldappriciate that very much. I use tc utility with iproute2-ss040831. I want to limit bandwidth for the 192.168.0.0/16 subnet usingthis script. tc qdisc del dev eth0 roottc qdisc add dev eth0 root handle 1: htbtc class add dev eth0 parent 1: classid 1:2 htb rate 100Mbit ceil 100MBit tc filter add dev eth0 parent 1:2 handle 2: protocol ip u32 divisor 256tc filter add dev eth0 protocol ip parent 1: u32 match ip dst 192.168.0.0/16 hashkey mask 0x00ff at 12 link 2:tc class add dev eth0 parent 1:2 classid 1:3 htb rate 128Kbit ceil 128Kbit j=0; while [ $j -le 254 ] do i=0; while [ $i -le 254 ] do hexi=`echo "obase=16; $i" | bc` tc filter add dev eth0 protocol ip parent 1:2 u32 ht 2:$hexi: match ip dst 192.168.$j.$i flowid 1:3 i=$((i+1)) done j=$((j+1))done somewhere at 192.168.8.7/32 it appears on the screen this message RTNETLINK answers: File existsWe have an error talking to the kernel Can you tell me please what am I doing wrong. Thank you in advance Valton
Re: [LARTC] hashing filters
Hi, with a Tomasz suggestions I tried with the setup below but it appears at the same place, the same error. RTNETLINK answers: File exists We have an error talking to the kernel Is there any other way? Regards, Valton - tc qdisc del dev eth0 root tc qdisc add dev eth0 root handle 1: htb tc class add dev eth0 parent 1: classid 1:2 htb rate 100Mbit ceil 100MBit tc filter add dev eth0 parent 1:2 handle 2: protocol ip u32 divisor 256 #tc filter add dev eth0 protocol ip parent 1: u32 match ip dst 192.168.0.0/16 hashkey mask 0x00ff at 12 link 2: tc filter add dev eth0 protocol ip parent 1: u32 match ip dst 192.168.0.0/24 hashkey mask 0x00ff at 16 link 2: tc class add dev eth0 parent 1:2 classid 1:3 htb rate 128Kbit ceil 128Kbit j=0; while [ $j -le 254 ] do i=0; while [ $i -le 254 ] do hexi=`echo obase=16; $i | bc` echo tc filter add dev eth0 protocol ip parent 1:2 u32 ht 2:$hexi: match ip dst 192.168.$j.$i flowid 1:3 tc filter add dev eth0 protocol ip parent 1:2 u32 ht 2:$hexi: match ip dst 192.168.$j.$i flowid 1:3 i=$((i+1)) done j=$((j+1)) done - Original Message - From: Tomasz Paszkowski [EMAIL PROTECTED] To: Valton Hashani [EMAIL PROTECTED] Cc: lartc@mailman.ds9a.nl Sent: Wednesday, January 12, 2005 2:11 PM Subject: Re: [LARTC] hashing filters On Wed, Jan 12, 2005 at 01:27:18PM +0100, Valton Hashani wrote: Hi all, I am a newbie and I have not played a lot with tc utility. I have red maybe everything that has to do with massive filtering (maybe not everything). If you can help me on this I would appriciate that very much. I use tc utility with iproute2-ss040831. I want to limit bandwidth for the 192.168.0.0/16 subnet using this script. tc qdisc del dev eth0 root tc qdisc add dev eth0 root handle 1: htb tc class add dev eth0 parent 1: classid 1:2 htb rate 100Mbit ceil 100MBit tc filter add dev eth0 parent 1:2 handle 2: protocol ip u32 divisor 256 tc filter add dev eth0 protocol ip parent 1: u32 match ip dst 192.168.0.0/16 hashkey mask 0x00ff at 12 link 2: change to: tc filter add dev eth0 protocol ip parent 1: u32 match ip dst 192.168.0.0/24 hashkey mask 0x00ff at 16 link 2: tc class add dev eth0 parent 1:2 classid 1:3 htb rate 128Kbit ceil 128Kbit j=0; while [ $j -le 254 ] do i=0; while [ $i -le 254 ] do hexi=`echo obase=16; $i | bc` add hiere: echo tc filter add dev eth0 protocol ip parent 1:2 u32 ht 2:$hexi: match ip dst 192.168.$j.$i flowid 1:3 and show us results. tc filter add dev eth0 protocol ip parent 1:2 u32 ht 2:$hexi: match ip dst 192.168.$j.$i flowid 1:3 i=$((i+1)) done j=$((j+1)) done somewhere at 192.168.8.7/32 it appears on the screen this message RTNETLINK answers: File exists We have an error talking to the kernel Can you tell me please what am I doing wrong. -- Tomasz Paszkowski ___ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Hashing table based on FWMARK
We currently use iptables, matching packets based on IP address and marking them with an ID. Multiple IP addresses can be marked with the same ID. We then filter based on the ID. We have close to 2000 filters now and I'm looking into hashing tables. Is there any way to create a hashing filter based on the fwmark? Paul C. Diem [EMAIL PROTECTED] ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Hashing table based on FWMARK
WTF is hash or hash table ? are you looking into: ip rule help ? On Thu, 12 Aug 2004 00:53:40 -0500, Paul C. Diem [EMAIL PROTECTED] wrote: We currently use iptables, matching packets based on IP address and marking them with an ID. Multiple IP addresses can be marked with the same ID. We then filter based on the ID. We have close to 2000 filters now and I'm looking into hashing tables. Is there any way to create a hashing filter based on the fwmark? Paul C. Diem [EMAIL PROTECTED] ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ -- Bla bla ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
RE: [LARTC] Hashing table based on FWMARK
The hash tables created with: tc filter add ... handle A: u32 divisor B and distributed to with: tc filter add ... u32 ht C:: match ... hashkey mask D at E link A: the first line creates a hash table A with B entries and the second line directs packets to the table entries based on the result of applying the mask D to the match value. This substantially reduces the number filters that need to be searched for each packet since the kernel can simply use the hashkey as an index into the table. What I want to do is direct packets to hash table entries based on the firewall mark. I only see documentation and directing packets to hash table entries using the u32 selector. Since the firewall mark is not part of the packet itself, I can't use u32. Paul C. Diem [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of George Alexandru Dragoi Sent: Thursday, August 12, 2004 5:14 AM To: [EMAIL PROTECTED] Subject: Re: [LARTC] Hashing table based on FWMARK WTF is hash or hash table ? are you looking into: ip rule help ? On Thu, 12 Aug 2004 00:53:40 -0500, Paul C. Diem [EMAIL PROTECTED] wrote: We currently use iptables, matching packets based on IP address and marking them with an ID. Multiple IP addresses can be marked with the same ID. We then filter based on the ID. We have close to 2000 filters now and I'm looking into hashing tables. Is there any way to create a hashing filter based on the fwmark? Paul C. Diem [EMAIL PROTECTED] ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] hashing
On Tue, 6 Apr 2004 [EMAIL PROTECTED] wrote: Hi i have 2 class C 80.97.103.0/24 and 81.180.12.0/24 but i dont konw how to set hashing tables for HTB tc add dev eth0 parent 1: prio 0 handle 1: protocol ip u32 divisor 256 tc add dev eth0 parent 1: prio 0 protocol ip u32 match src 80.97.103.0/24 hashkey mask 0x00FF at 12 link 1: but i want 2 hashkey for 80.97.103.0/24 and for 81.180.12.0/24 can somebody help me ? tc filter add dev eth0 parent 1: prio 0 handle 1: protocol ip u32 divisor 256 tc finlter add dev eth0 parent 1: prio 0 protocol ip u32 match src 80.97.103.0/24 hashkey mask 0x00FF at 12 link 103: tc filter add dev eth0 parent 1: prio 0 protocol ip u32 match src 81.180.12.0/24 hashkey mask 0x00FF at 12 link 12: # Create filters for every ip # for 80.97.103.0/24 tc filter add dev eth0 parent 1: protocol ip u32 ht 103:2: flowid 1:2 tc filter add dev eth0 parent 1: protocol ip u32 ht 103:3: flowid 1:3 ... tc filter add dev eth0 parent 1: protocol ip u32 ht 103:fe: flowid 1:254 # now for 81.180.12.0/24 tc filter add dev eth0 parent 1: protocol ip u32 ht 12:2: flowid 1:402 tc filter add dev eth0 parent 1: protocol ip u32 ht 12:3: flowid 1:403 ... tc filter add dev eth0 parent 1: protocol ip u32 ht 12:fe: flowid 1:654 ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ --- Catalin(ux aka Dino) BOIE catab at deuroconsult.ro ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/