[LARTC] tc filter oddities

[Justin Whitney]

I shape my upstream cable link with HTB from a script.  My voip traffic
(from the 192.168.0.14 host) gets priority over everything else to the
near-starvation of other classes; the rest of the traffic is split up
based on some priority rules (qos, empty ack packets, etc).  eth1 is the
uplink

I've been using HTB and fw marking for the job until recently, when I
changed the queue structure around a bit, and moved to tc filters (no
marking).

None of my filters are working, in fact none are being applied, or
respecting the 'parent' attribute that I give them.  All of my filters
end up with parent 1:  All qdiscs are empty save for the root qdisc, and
all packets from that one seem to be direct_packet_stat'd from it... 
when I added default values to the htb qdiscs, this just caused all
packets to filter down to whatever default class I specified, and
continue to get direct_packet_stat'd from those...

so.. I'm trying to sort out why my filters aren't working and why
they're not getting the parents I've intended.  comments on the sanity
of my queue structure are welcomed (as are all others), but really I
should be able to deal with that after my filters agree to work, as the
fw ones were beforehand.

copy of script (commented):

//root limited to 120kbits (on 128kbit link)
tc qdisc add root dev eth1 handle 1: htb
tc class add dev eth1 parent 1: classid 1:1 htb rate 120kbit ceil
120kbit burst 2k

//first one is voip, second one is everything else
//this is a change from how i was doing it before and is untested
tc class add dev eth1 parent 1:1 classid 1:10 htb rate 100kbit ceil
120kbit burst 2k prio 1
tc class add dev eth1 parent 1:1 classid 1:20 htb rate 20kbit ceil
120kbit burst 2k prio 2

//3 prio classes for the 'everything else' traffic
tc class add dev eth1 parent 1:20 classid 1:21 htb rate 40kbit burst 2k
prio 1
tc class add dev eth1 parent 1:20 classid 1:22 htb rate 40kbit burst 2k
prio 2
tc class add dev eth1 parent 1:20 classid 1:23 htb rate 40kbit burst 2k
prio 3

//sfq's for the prio classes
tc qdisc add dev eth1 parent 1:21 handle 121: sfq
tc qdisc add dev eth1 parent 1:22 handle 122: sfq
tc qdisc add dev eth1 parent 1:23 handle 123: sfq

//filters - first and second for voip and other
tc filter add dev eth1 parent 1:0 prio 1 protocol ip u32 match ip src
192.168.0.14 flowid 110:
tc filter add dev eth1 parent 1:0 prio 1 protocol ip u32 match ip dst 
0/0 flowid 1:20

//and others are for qos min-delay, empty-ack, and everything else
tc filter add dev eth1 parent 1:20 pref 2 protocol ip u32 match ip tos
0x10 0xff flowid 121:
tc filter add dev eth1 parent 1:20 pref 3 protocol ip u32 match ip
protocol 6 0xff match u8 0x10 0xff at nexthd r+13 match u16 0x
0xffc0 at 2 flowid 122:
tc filter add dev eth1 parent 1:20 pref 4 protocol ip route flowid 123:

---
tc -s -d qdisc ls:

qdisc sfq 123: dev eth1 quantum 1514b limit 128p flows 128/1024
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
 
qdisc sfq 122: dev eth1 quantum 1514b limit 128p flows 128/1024
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
 
qdisc sfq 121: dev eth1 quantum 1514b limit 128p flows 128/1024
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
 
qdisc htb 1: dev eth1 r2q 10 default 0 direct_packets_stat 166 ver 3.10
 Sent 27491 bytes 166 pkts (dropped 0, overlimits 0)

--
and perhaps more interesting is tc filter show dev eth1 (eth1=upstream)

filter parent 1: protocol ip pref 1 u32
filter parent 1: protocol ip pref 1 u32 fh 802: ht divisor 1
filter parent 1: protocol ip pref 1 u32 fh 802::800 order 2048 key ht
802 bkt 0 flowid 122:
  match 0006/00ff at 8
  match 0010/00ff at nexthdr+12
  match /ffc0 at 0
filter parent 1: protocol ip pref 1 u32 fh 801: ht divisor 1
filter parent 1: protocol ip pref 1 u32 fh 801::800 order 2048 key ht
801 bkt 0 flowid 121:
  match 0010/00ff at 0
filter parent 1: protocol ip pref 1 u32 fh 800: ht divisor 1
filter parent 1: protocol ip pref 1 u32 fh 800::800 order 2048 key ht
800 bkt 0 flowid 110:
  match c0a8000e/ at 12
filter parent 1: protocol ip pref 1 u32 fh 800::801 order 2049 key ht
800 bkt 0 flowid 1:20
  match / at 16

(parents == 1: ??!)

Thanks in advance all for your comments on this.

--Justin Whitney

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] tc filter oddities

[Justin Whitney]

Thanks, I ran with that and got things working.  The filters that I saw
as not respecting their parent attribute were in fact dupes from the u32
bug, and present in both 1:20 and 1: (according to filter show).

I made some adjustments to the queues, and i'll post my results later so
that anyone in a similar situation can have something to work from.

--Justin Whitney

On Fri, 2003-10-31 at 03:38, Catalin BOIE wrote:
 Hi!
 
  //root limited to 120kbits (on 128kbit link)
  tc qdisc add root dev eth1 handle 1: htb
  tc class add dev eth1 parent 1: classid 1:1 htb rate 120kbit ceil
  120kbit burst 2k
 
  //first one is voip, second one is everything else
  //this is a change from how i was doing it before and is untested
  tc class add dev eth1 parent 1:1 classid 1:10 htb rate 100kbit ceil
  120kbit burst 2k prio 1
  tc class add dev eth1 parent 1:1 classid 1:20 htb rate 20kbit ceil
  120kbit burst 2k prio 2
 
  //3 prio classes for the 'everything else' traffic
  tc class add dev eth1 parent 1:20 classid 1:21 htb rate 40kbit burst 2k
  prio 1
  tc class add dev eth1 parent 1:20 classid 1:22 htb rate 40kbit burst 2k
  prio 2
  tc class add dev eth1 parent 1:20 classid 1:23 htb rate 40kbit burst 2k
  prio 3
 
  //sfq's for the prio classes
  tc qdisc add dev eth1 parent 1:21 handle 121: sfq
  tc qdisc add dev eth1 parent 1:22 handle 122: sfq
  tc qdisc add dev eth1 parent 1:23 handle 123: sfq
 
  //filters - first and second for voip and other
  tc filter add dev eth1 parent 1:0 prio 1 protocol ip u32 match ip src
  192.168.0.14 flowid 110:
   
 I think here is 1:10, right?
 
 
  tc filter add dev eth1 parent 1:0 prio 1 protocol ip u32 match ip dst
  0/0 flowid 1:20
 
 OK, till here.
 
  //and others are for qos min-delay, empty-ack, and everything else
  tc filter add dev eth1 parent 1:20 pref 2 protocol ip u32 match ip tos
  0x10 0xff flowid 121:
 Here must be 1:21.
 
  tc filter add dev eth1 parent 1:20 pref 3 protocol ip u32 match ip
  protocol 6 0xff match u8 0x10 0xff at nexthd r+13 match u16 0x
  0xffc0 at 2 flowid 122:
 Here must be 1:22.
 
  tc filter add dev eth1 parent 1:20 pref 4 protocol ip route flowid 123:
 Here must be 1:23.
 
 Try this and come back.
 
 
  ---
  tc -s -d qdisc ls:
 
  qdisc sfq 123: dev eth1 quantum 1514b limit 128p flows 128/1024
   Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
 
  qdisc sfq 122: dev eth1 quantum 1514b limit 128p flows 128/1024
   Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
 
  qdisc sfq 121: dev eth1 quantum 1514b limit 128p flows 128/1024
   Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
 
  qdisc htb 1: dev eth1 r2q 10 default 0 direct_packets_stat 166 ver 3.10
   Sent 27491 bytes 166 pkts (dropped 0, overlimits 0)
 
  --
  and perhaps more interesting is tc filter show dev eth1 (eth1=upstream)
 
  filter parent 1: protocol ip pref 1 u32
  filter parent 1: protocol ip pref 1 u32 fh 802: ht divisor 1
  filter parent 1: protocol ip pref 1 u32 fh 802::800 order 2048 key ht
  802 bkt 0 flowid 122:
match 0006/00ff at 8
match 0010/00ff at nexthdr+12
match /ffc0 at 0
  filter parent 1: protocol ip pref 1 u32 fh 801: ht divisor 1
  filter parent 1: protocol ip pref 1 u32 fh 801::800 order 2048 key ht
  801 bkt 0 flowid 121:
match 0010/00ff at 0
  filter parent 1: protocol ip pref 1 u32 fh 800: ht divisor 1
  filter parent 1: protocol ip pref 1 u32 fh 800::800 order 2048 key ht
  800 bkt 0 flowid 110:
match c0a8000e/ at 12
  filter parent 1: protocol ip pref 1 u32 fh 800::801 order 2049 key ht
  800 bkt 0 flowid 1:20
match / at 16
 
  (parents == 1: ??!)
 
  Thanks in advance all for your comments on this.
 
  --Justin Whitney
 
  ___
  LARTC mailing list / [EMAIL PROTECTED]
  http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
 
 
 ---
 Catalin(ux) BOIE
 [EMAIL PROTECTED]
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/