Re: [LARTC] tcng + esfq
Sam LARTC wrote: > FYI, > >i've just created a quick patch adding esfq (Enhanced Stochastic > Fairness queueing discipline) for tcng (Traffic Control Next > Generation). > Patch is located at http://devel.dob.sk/tcng+esfq. > Enjoy. I put a link to your patch page on the ESFQ page. Next time I make a release I'll put a note in the README as well. I don't use tcng, but I had a quick look at your patch and noticed a very minor error: diff -urN tcng/tcc/q_esfq.c tcng-sam/tcc/q_esfq.c --- tcng/tcc/q_esfq.c 1970-01-01 01:00:00.0 +0100 +++ tcng-sam/tcc/q_esfq.c 2007-05-06 15:37:32.154594952 +0200 @@ -0,0 +1,78 @@ +/* + * q_esfq.c - Enhanced Statistical Fair Queuing qdisc ESFQ stands for "Enhanced Stochastic Fairness Queueing". That's all. -Corey ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] tcng + esfq
FYI, i've just created a quick patch adding esfq (Enhanced Stochastic Fairness queueing discipline) for tcng (Traffic Control Next Generation). Patch is located at http://devel.dob.sk/tcng+esfq. Enjoy. Sam ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] TCNG on openSuSE 10.2
I'm trying to get TCNG working on an openSuSE 10.2 machine, may I ask for compilation help here, or is it out of context for this list? Did something replace TCNG? Roger Venable Ann Arbor, Michigan, USA ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] TCNG and filter priorities
Hello, A while ago I switched a bandwidth management setup from bash shell script using tc to a MUCH more readable tcng solution (yes, the same one I asked for help with earlier. It worked perfectly, thanks) and it's working very well. However, one of our clients now has a slightly unique situation, in that they're using colocation hosting to host their webserver with us, but keep the database server it connects to on their own connection, which only gets 2 Mbit to the outer world. I need to set up a special rule in the shaping script to specifically cover that connection and that connection only at a speed of 10 Mbit. Now back when I used tc directly I could just add a higher prio value to the tc filter statement, but I can't find the proper syntax to TCNG to make this setup work. What am I missing? -- Rens Houben |opinions are mine Resident linux guru and sysadmin | if my employers have one Systemec Internet Services. |they'll tell you themselves PGP key at http://marduk.systemec.nl/~shadur/shadur.key.asc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] tcng not working as expected
Hi, Looking at the following sample, shouldn't the client1_a be restricted to 35kBps even when there is 50kBps available. Please see the following configuration and suggest. What I wanted to do is I have clients grouped on VIP and Poor. The VIP clients and poor clients may be subscribed with the same bandwidth but I would like to prioritize the VIP clients. The VIP client will get the allocated rate. If VIP is not using the links then poor clients will get allocated rates, otherwise they are supressed. Among the VIP clients they will get the allocated bandwidth, some may be 64kbps, some may be 128kbps. e.g. In case of full utilization, the VIP client with 64kbps should get full 64kbps but the poor client with 128kbps may get much lower. I will appreciate your suggestion. regds, Rajendra. #include "fields.tc" #include "ports.tc" #define LANSIDE eth0 #define WANSIDE eth1 /*# Shape DOWNLOAD Traffic */ /*#*/ dev LANSIDE { egress { class ( <$client1_a> ) if ip_dst == 10.10.10.24; class ( <$client1_b> ) if ip_dst == 10.10.10.22; class ( <$client2> ) if ip_dst == 10.10.10.23; htb() { //Total Bandwidth class (rate 50kBps, ceil 50kBps) { //VIP clients class (rate 40kBps, ceil 50kBps) { $client1_a = class (rate 35kBps, ceil 35kBps) ; $client1_b = class (rate 10kBps, ceil 10kBps) ; } //Poor clients class (rate 10kBps, ceil 50kBps) { $client2 = class (rate 35kBps, ceil 35kBps) ; } } } //End of qdiscs (HTB) } } //End of device (LANSIDE) /*# Shape UPLOAD Traffic ##*/ /*#*/ ~ ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] TCNG issue - parent class restrictions are not honored
Greetings Rens, : I've been migrating an existing htb-based traffic shaper from a : hideous (I'm allowed to call it that - I wrote the damn atrocity : myself) tc shell script into a TCNG configuration file, and after : a few false starts I think I managed to get the syntax right. I know what you mean about "hideous" shell scripts to manage traffic control. They can quickly become rather horrid-looking. I'm a big fan of tcng for its simpler syntax. OK, so your problem actually has nothing to do with tcng, though. It is strictly an HTB-related matter. Summary of your problem? In HTB, rate is guaranteed. Longer description follows. : However, during tests it looks like some of the tiers aren't : passing their restrictions on to lower levels. In fact, it is quite the opposite. The embedded (or nested) tiers are taking more than you wish them to take. This will require a slight change in your configuration. : $business = class ( rate 20Mbps, ceil 20Mbps ) { : // list of business-class clients, including : $client1 = class ( rate 2Mbps, ceil 2Mbps ) { sfq; } : $client2 = class ( rate 2Mbps, ceil 2Mbps ) { sfq; } : } The above configuration basically says the following: $business is guaranteed access to 20Mbps, and no more than 20Mbps. $client1 is guaranteed access to 2Mbps, but no more than 2Mbps. $client2 is guaranteed access to 2Mbps, but no more than 2Mbps. This means that HTB is not even going to bother checking any dequeued rates against a borrowing model until $client1 or $client2 (each individually) reach 2Mbps usage. That's a total of 2Mbps per client. You have overcommitted. [ As a side note, when you set a child classes rate and ceil to the same value, you don't get the benefit of the bandwidth sharing. ] Now, what you describe tells me something very different. : When this setup was tested, both client 1 and client 2 received 2 : Mbps of bandwidth, so the attached filters worked properly. But : when the rate and ceil of $business was lowered to 2Mbps, both : client 1 and client 2 *still* received 2 Mbps, even when they : were simultaneously downloading. This is probably what you actually want: $business is guaranteed access to 2Mbps, and no more than 2Mbps. $client1 is guaranteed access to 800kbps, but no more than 2Mbps. $client2 is guaranteed access to 800kbps, but no more than 2Mbps. First, the two clients will each be guaranteed 800kbps. If they are both transmitting as fast as possible, then they are implicitly competing for the remaining 400kbps of the total 2Mbps. In HTB, an inner class (in your case, $business) will divide up the remaining available bandwidth between the various children, all the way up to its own ceiling (ceil). Now, try the following, and see how this works for you: $business = class ( rate 2Mbps, ceil 2Mbps ) { // list of business-class clients, including $client1 = class ( rate 800kbps, ceil 2Mbps ) { sfq; } $client2 = class ( rate 800kbps, ceil 2Mbps ) { sfq; } } I hope I have clarified the behaviour for you, but you may find more detail on the HTB borrowing (sharing) model in the user guide [0] and in a section in my Traffic Control HOWTO [1]. Good luck and happy shaping! -Martin [0] http://luxik.cdi.cz/~devik/qos/htb/manual/userg.htm#sharing [1] http://tldp.org/HOWTO/Traffic-Control-HOWTO/classful-qdiscs.html#qc-htb-borrowing -- Martin A. Brown http://linux-ip.net/ ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] TCNG question
Paul, : I have used tcng to help start me with some tc code that i can : put into a bash script and call from a c program. I have to : dynamically : : 1. Add filters for communications between different nodes. : 2. Delete these filters as communications cease between the : nodes and : 3. Make sure they have enough bandwidth by limiting everything : else. : : e.g > Node 1 wants to make a voip call to Node 2. My c program : recieves both ip's, both ports and the bw that the call requires. : I then have to add/change the tc rules/filters to allow this to : happen. Then i recieve a request for another call, same thing. : Then call 1 hangs up, i delete that filter and change other : necessary info. I have seen a number of people try dynamic class and filter insertion. I can't say that I've ever seen it work particularly elegantly. I hope somebody will also show you what s/he has done to deal with this problem, but here's how I'd solve the problem: Build a class hierarchy that accommodates the total number of VoIP calls that your network can support at any one time. class $root, rate $MAX, ceil $MAX | +- classes $voip,rate $VOIPMAX, ceil $VOIPMAX || |+ class $voip.0 rate $PCR, ceil $PCR |+ class $voip.1 rate $PCR, ceil $PCR | [ ... ] |+ class $voip.N rate $PCR, ceil $PCR | +- class $rest, rate $RESTMIN, ceil $MAX N = total number of VoIP clients PCR = per call rate (64kbit?) VOIPMAX = PCR * N MAX = total bandwidth available to you RESTMIN = minimum guaranteed bandwidth for bulk, should, roughly MAX - VOIPMAX - You simply classify any VoIP UDP flows into the $voip.0, $voip.1 ... $voip.N classes and you forget about it. (See also toward the bottom of this message.) Now every one of your N-VoIP clients can have guaranteed access at per-call-rate (PCR). This is most distinctly not dynamic, and probably rather hackish by comparison to something more RSVP-like. What's the beauty of the above model? First, you don't have to fiddle with it at all once it's installed. Second, HTB will take care of sharing the bandwidth between your VoIP callers and the rest of the traffic ($rest). What's the shortcoming of the model? You have to have enough bandwidth to allocate one VoIP class to each of your VoIP users without hitting your $MAX rate. Viewed from another angle, you must not have more potential VoIP callers than you have available bandwidth. : I am finding this extremely difficult. i.e > I have : little/nothing working. The concept of dynamic traffic control structures has come up periodically on this list, and you may find some benefit to trawling the archives for earlier discussions. I'm quite certain there are some nuggets of knowledge available in the archive. : Do you know what might be the best way to approach this problem ? : : Currently i'm simply trying to write a bash script containing tc : commands and call that bash script from my c code. One other thing you could consider is building the above structure, but not installing any filters. While I have not used the netfilter CLASSIFY target, you could have your bash script insert CLASSIFY rules into a custom chain. Then, you have a set of traffic control structures in the kernel and you use netfilter rules to select which flows go into the VoIP classes. Good luck, -Martin -- Martin A. Brown http://linux-ip.net/ ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] TCNG issue - parent class restrictions are not honored
Hi, I've been migrating an existing htb-based traffic shaper from a hideous (I'm allowed to call it that - I wrote the damn atrocity myself) tc shell script into a TCNG configuration file, and after a few false starts I think I managed to get the syntax right. However, during tests it looks like some of the tiers aren't passing their restrictions on to lower levels. For example, part of the configuration looks like this: htb() { $root=class ( rate 1024Mbps, ceil 1024Mbps ) { // Gigabit ethernet interface $enterprise = class ( rate 45Mbps, ceil 45Mbps ) { // list of enterprise-level clients } $business = class ( rate 20Mbps, ceil 20Mbps ) { // list of business-class clients, including $client1 = class ( rate 2Mbps, ceil 2Mbps ) { sfq; } $client2 = class ( rate 2Mbps, ceil 2Mbps ) { sfq; } } // And so on. } } When this setup was tested, both client 1 and client 2 received 2 Mbps of bandwidth, so the attached filters worked properly. But when the rate and ceil of $business was lowered to 2Mbps, both client 1 and client 2 *still* received 2 Mbps, even when they were simultaneously downloading. The interim file generated by tcc *looks* okay, although it's a little harder to read. Can anyone point out to me what I did wrong, or where I made an erroneous assumption? -- Rens Houben |opinions are mine Resident linux guru and sysadmin | if my employers have one Systemec Internet Services. |they'll tell you themselves PGP key at http://marduk.systemec.nl/~shadur/shadur.key.asc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] TCNG question
Greetings again Paul, : class ( <$call1> ) if ip_dst == 10.100.1.6 && tcp_dport == 22 : if ip_src == 10.100.1.4 && tcp_sport == 22 :; : : Now when i apply this traffic TO 6 on port 22 is indeed limited : to the speed i specify BUT it doesn't seem to take the src into : account at all. If i change the src to anything, even an address : that doesn't exist it still limits the speed. : : I need this class to only apply is both source and destination : ips are satisfied. Are you using tcng class selection paths in your configuration file? Could you show us a bit more of your config file? Tell us a bit about your networking configuration. Is this a device acting as a router (L3) or a bridge (L2)? Is there any NAT involved? In order to help you solve this problem, we'll need to know a bit more about your networking configuration. -Martin -- Martin A. Brown http://linux-ip.net/ ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] TCNG question
Hey all, i have a class.class ( <$call1> ) if ip_dst == 10.100.1.6 && tcp_dport == 22 if ip_src == 10.100.1.4 && tcp_sport == 22 ;Now when i apply this traffic TO 6 on port 22 is indeed limited to the speed i specify BUT it doesn't seem to take the src into account at all. If i change the src to anything, even an address that doesn't exist it still limits the speed. I need this class to only apply is both source and destination ips are satisfied. Anyone know whats going on ? ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] TCNG HTB prioritize traffic for each IP separately.
Hi, Yes! This (htb-gen software) perfectly meets my demand. I have also drawn a similar solution with tcng but unable to prioritize traffic for each user separately. Again, I seek someone would help me about how to do it with tcng. I have prioritize the traffic but the higher priority traffic completely stops the flow of lower prio traffic. I want the higher priority traffic be using the 90% of the allocated bandwith to the user and remaing 10% to the lower priority traffic. I would be grateful if someone shows me a sample code for using tcng. Here is the code I did, but could not achieve my goal. dev "eth0" { htb() { // This is the class for first client. He will be allocated 128kbps // And within this 128kbps, traffic are prioritized. class (rate 128 kbps, ceil 128 kbps) if ip_dst == 192.168.0.20 { prio { class (1) if tcp_sport == 80 || tcp_sport == 443 || tcp_sport == 22; class (2) if 1; //The high prio has completely halted the low prio traffic. } } // Another user, no traffic prioritization for him. class (rate 400 kbps, ceil 400 kbps) if ip_dst == 192.168.0.15; // And there may be many other users who I will allocate the // traffic as above and each may or may not have prioritization separately. } } With above setup, when the user (192.168.0.20) downloads every kinds of traffic, the high priority sucks all 128kbps of b/w leaving low prio traffic absolutely dead. How could I setup the user (192.168.0.20) such that when there is full traffic of all kinds the high prio traffic uses about 90% of 128kbps and remaining used by low prio traffic. Anyway, "htb-gen by Luciano" did it for me. Is there a way I could define first, 2nd and 3rd proiority traffic in "htb-gen by Luciano"? You only have features of high and low prio and that is too set for every users. Anyway, it does most of all what I want, but do not use tcng. However, I have a thirst to complete my setup with tcng. If someone need a quick solution, htb-gen is easy and reliable. Thanks Luciano for this. Okay, I have yet another query regarding HTB. When the sum of the rates is greater than the total rate/ceil of the total downlink then how will htb behave. Talking only about download, say, I have a link of 512 kbps down and I have 5 users each allocated 128kbps down and 5 other users with each 64kbps down, it is assumed that only few comes online at a time. So, until the users those have the sum of current rates less than or equal to 512kbps the HTB works fine. But what if all the user comes online at a time and use the kink to their full extent. How will the bandwidth shared among users. What does the htb theory says regarding this? I read in htb faq but the scenario it depicted is not so clear to relate with this scenario. > On Monday 29 May 2006 02:47, [EMAIL PROTECTED] wrote: >> Hi, >> I have several users on the lanside each allocated separate IP >> addresses. >> I need to allocate th traffic to each IP addresses certain portion of >> total uplink. >> >> Say, 192.168.0.2 rate 128kbps, ceil 128kbps. >> 192.168.0.3 rate 65kbps, ceil 128kbps >> 129.168.0.4 rate 64kbps, ceil 64kbps. >> and so on >> >> Also, for each user i would like to prioritize the traffic within the >> allocated bandwidth. >> >> say for (192.168.0.2 rate 128kbps, ceil128kbps), i would like to set >> prio >> 1 for http or https traffic and prio 2 for others. >> >> Please suggest how do i achieve this using tcng and htb, or any other >> solution. > > I think htb-gen[1] fits perfectly* in the scenario that you've described. > > [1] http://freshmeat.net/projects/htb-gen/ > -- > Luciano > *and not because i'm the author P) > ___ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] TCNG HTB prioritize traffic for each IP separately.
Hi, Yes! This (htb-gen software) perfectly meets my demand. I have also drawn a similar solution with tcng but unable to prioritize traffic for each user separately. Again, I seek someone would help me about how to do it with tcng. I have prioritize the traffic but the higher priority traffic completely stops the flow of lower prio traffic. I want the higher priority traffic be using the 90% of the allocated bandwith to the user and remaing 10% to the lower priority traffic. I would be grateful if someone shows me a sample code for using tcng. Here is the code I did, but could not achieve my goal. dev "eth0" { htb() { // This is the class for first client. He will be allocated 128kbps // And within this 128kbps, traffic are prioritized. class (rate 128 kbps, ceil 128 kbps) if ip_dst == 192.168.0.20 { prio { class (1) if tcp_sport == 80 || tcp_sport == 443 || tcp_sport == 22; class (2) if 1; //The high prio has completely halted the low prio traffic. } } // Another user, no traffic prioritization for him. class (rate 400 kbps, ceil 400 kbps) if ip_dst == 192.168.0.15; // And there may be many other users who I will allocate the // traffic as above and each may or may not have prioritization separately. } } With above setup, when the user (192.168.0.20) downloads every kinds of traffic, the high priority sucks all 128kbps of b/w leaving low prio traffic absolutely dead. How could I setup the user (192.168.0.20) such that when there is full traffic of all kinds the high prio traffic uses about 90% of 128kbps and remaining used by low prio traffic. Anyway, "htb-gen by Luciano" did it for me. Is there a way I could define first, 2nd and 3rd proiority traffic in "htb-gen by Luciano"? You only have features of high and low prio and that is too set for every users. Anyway, it does most of all what I want, but do not use tcng. However, I have a thirst to complete my setup with tcng. If someone need a quick solution, htb-gen is easy and reliable. Thanks Luciano for this. Okay, I have yet another query regarding HTB. When the sum of the rates is greater than the total rate/ceil of the total downlink then how will htb behave. Talking only about download, say, I have a link of 512 kbps down and I have 5 users each allocated 128kbps down and 5 other users with each 64kbps down, it is assumed that only few comes online at a time. So, until the users those have the sum of current rates less than or equal to 512kbps the HTB works fine. But what if all the user comes online at a time and use the kink to their full extent. How will the bandwidth shared among users. What does the htb theory says regarding this? I read in htb faq but the scenario it depicted is not so clear to relate with this scenario. > On Monday 29 May 2006 02:47, [EMAIL PROTECTED] wrote: >> Hi, >> I have several users on the lanside each allocated separate IP >> addresses. >> I need to allocate th traffic to each IP addresses certain portion of >> total uplink. >> >> Say, 192.168.0.2 rate 128kbps, ceil 128kbps. >> 192.168.0.3 rate 65kbps, ceil 128kbps >> 129.168.0.4 rate 64kbps, ceil 64kbps. >> and so on >> >> Also, for each user i would like to prioritize the traffic within the >> allocated bandwidth. >> >> say for (192.168.0.2 rate 128kbps, ceil128kbps), i would like to set >> prio >> 1 for http or https traffic and prio 2 for others. >> >> Please suggest how do i achieve this using tcng and htb, or any other >> solution. > > I think htb-gen[1] fits perfectly* in the scenario that you've described. > > [1] http://freshmeat.net/projects/htb-gen/ > -- > Luciano > *and not because i'm the author P) > ___ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] TCNG HTB priority and bandwidth
On Monday 29 May 2006 02:47, [EMAIL PROTECTED] wrote: > Hi, > I have several users on the lanside each allocated separate IP addresses. > I need to allocate th traffic to each IP addresses certain portion of > total uplink. > > Say, 192.168.0.2 rate 128kbps, ceil 128kbps. > 192.168.0.3 rate 65kbps, ceil 128kbps > 129.168.0.4 rate 64kbps, ceil 64kbps. > and so on > > Also, for each user i would like to prioritize the traffic within the > allocated bandwidth. > > say for (192.168.0.2 rate 128kbps, ceil128kbps), i would like to set prio > 1 for http or https traffic and prio 2 for others. > > Please suggest how do i achieve this using tcng and htb, or any other > solution. I think htb-gen[1] fits perfectly* in the scenario that you've described. [1] http://freshmeat.net/projects/htb-gen/ -- Luciano *and not because i'm the author P) ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] TCNG HTB priority and bandwidth
Hi, I have several users on the lanside each allocated separate IP addresses. I need to allocate th traffic to each IP addresses certain portion of total uplink. Say, 192.168.0.2 rate 128kbps, ceil 128kbps. 192.168.0.3 rate 65kbps, ceil 128kbps 129.168.0.4 rate 64kbps, ceil 64kbps. and so on Also, for each user i would like to prioritize the traffic within the allocated bandwidth. say for (192.168.0.2 rate 128kbps, ceil128kbps), i would like to set prio 1 for http or https traffic and prio 2 for others. Please suggest how do i achieve this using tcng and htb, or any other solution. With regds, Rajendra Adhikari ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] TCNG HTB Branching the class not working. (bug or what)
Hi, I am new to traffic control in linux. However, i have able to grab many new knowledge in recent days. I find tcng somewhat easy to use (although lack proper doc. of its usage). I want to control traffic of several IP Addresses connected to my LANSIDE. What I want is , i want to separate certain bandwidth to all my clients. dev "etho" { htb() { class ( rate 400kbps, ceil 400kbps) if ip_dst == 192.168.0.9 class ( rate 400kbps, ceil 400kbps) if ip_dst == 192.168.0.10 . and so on for every IP. } It compiles and work well with no syntax error. However For each IP I want to prioritize the traffic. Say, priority 1 for http traffic and priority 2 for other, each host limiting within their allocated bandwidth. I tried the following configuration, and also compiled without syntax error. But it did not work. Starnge, when I looked tc files (#tcc files.tc), it generates unusal tc commnds. I guess, its a bug on tcc compiler or it happens to my box due to some misconfgurations? Please look at the following example where I have a problem [EMAIL PROTECTED] traffic]# cat test1.tc #include "fields.tc" #include "ports.tc" #define LANSIDE eth0 #define WANSIDE eth1 /*# Shape DOWNLOAD Traffic */ /*#*/ dev LANSIDE { htb() { //Main link bandwidth class (rate 128kbps, ceil 128kbps) { //Client 1 class (rate 128kbps, ceil 128kbps) if ip_dst == 192.168.0.9 { class (prio 1, rate 128kbps, ceil 128kbps) if tcp_sport == 80; class (prio 2, rate 128kbps, ceil 128kbps) if 1; } //Client 2 class (rate 64kbps, ceil 64kbps) if ip_dst == 192.168.0.20 { class (prio 1, rate 64kbps, ceil 64kbps) if tcp_sport ==80; class (prio 2, rate 128kbps, ceil 128kbps) if 1; } } // end of root class } //End of qdiscs (HTB) } //End of device (LANSIDE) [EMAIL PROTECTED] traffic]# tcc -r test1.tc tc qdisc del dev eth0 root # Device eth0 tc qdisc add dev eth0 handle 1:0 root htb tc class add dev eth0 parent 1:0 classid 1:1 htb rate 16000bps ceil 16000bps tc class add dev eth0 parent 1:1 classid 1:2 htb rate 16000bps ceil 16000bps tc class add dev eth0 parent 1:2 classid 1:3 htb rate 16000bps ceil 16000bps prio 1 tc class add dev eth0 parent 1:2 classid 1:4 htb rate 16000bps ceil 16000bps prio 2 tc class add dev eth0 parent 1:1 classid 1:5 htb rate 8000bps ceil 8000bps tc class add dev eth0 parent 1:5 classid 1:6 htb rate 8000bps ceil 8000bps prio 1 tc class add dev eth0 parent 1:5 classid 1:7 htb rate 16000bps ceil 16000bps prio 2 tc filter add dev eth0 parent 1:1 protocol all prio 1 u32 match u32 0xc0a80009 0x at 16 classid 1:2 tc filter add dev eth0 parent 1:1 protocol all prio 1 handle 1:0:0 u32 divisor 1 tc filter add dev eth0 parent 1:1 protocol all prio 1 u32 match u8 0x6 0xff at 9 offset at 0 mask 0f00 shift 6 eat link 1:0:0 tc filter add dev eth0 parent 1:1 protocol all prio 1 handle 1:0:1 u32 ht 1:0:0 match u16 0x50 0x at 0 classid 1:3 tc filter add dev eth0 parent 1:1 protocol all prio 1 u32 match u32 0x0 0x0 at 0 classid 1:4 SEE here we haven't got any u32 filter for classes 1:5, 1:6 or 1:7. What is the problem? Is it a bug?? As each class has filter, defines in .tc file why tcc could not make a filter for this. One thing, I haven't succeeded in using tcng branching the class aas above. Even a simple configuration (although it compiles). But it works if I do not branch any class. I will appreciate your help. With regds, Rajendra Adhikari Subisucable Internet Kathmandu, Nepal. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] tcng
On Tuesday 14 March 2006 11:42, Larry Brigman wrote: > But tcng has as a part of it tcsim which allows you to experiment with > a tc configuration > without taking a box down. True, if you can read the source and figure out on your own how to use it meaningfully. Perhaps I just missed something obvious, but never managed to get it to do anything interesting on my end. -- Jason Boxman http://edseek.com/ - Linux and FOSS stuff ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] tcng
On 3/13/06, Jason Boxman <[EMAIL PROTECTED]> wrote: > On Monday 06 March 2006 19:41, Juan Felipe Botero wrote: > > Nobody knows something new about tcng? > > > > I really think that this kind of language help people, i order to do easier > > configurations > > > > i want to know how can i do in tcng a nested classes configuration with > > HTB? > > From the number of tcng questions I've seen go unanswered, including my own, > I'd say skip it and learn `tc` itself. You'll be glad you did. But tcng has as a part of it tcsim which allows you to experiment with a tc configuration without taking a box down. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] tcng
On Monday 06 March 2006 19:41, Juan Felipe Botero wrote: > Nobody knows something new about tcng? > > I really think that this kind of language help people, i order to do easier > configurations > > i want to know how can i do in tcng a nested classes configuration with > HTB? From the number of tcng questions I've seen go unanswered, including my own, I'd say skip it and learn `tc` itself. You'll be glad you did. -- Jason Boxman http://edseek.com/ - Linux and FOSS stuff ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] tcng
Nobody knows something new about tcng? I really think that this kind of language help people, i order to do easier configurations i want to know how can i do in tcng a nested classes configuration with HTB?-- Juan Felipe Botero Ingeniería de sistemasUniversidad de Antioquia ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] TCNG make test error
Hi: I try to install TCNG into my Fedora core3 but make test error,so when I compile my tc code , I saw the same error -> cpp: unregnized option `-$'my cpp verwion is cpp-3.4.2-6.fc3 , put kernel 2.4.27 & iproute2-2.6.9 source under tcsim/ , can anybody tell how to fix this problem??ThanksFionna___ 最新版 Yahoo!奇摩即時通訊 7.0,免費網路電話任你打! http://messenger.yahoo.com.tw/___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] tcng questions: TCP_ACK, ebtables
Hi all, I have a couple of questions regarding tcng behavior. First - I want to mark TCP_ACK packets as high priority, a common case. I figured the tcp_ACK rule in fields4.tc would be enough but I've come across Jason Boxman's tutorial and he recommends using: class( <$ack> ) if ip_len < 64 && ip_hl == 0x5 && (raw[33].b >> 4) & 0xff; So basically the tcp_ACK rule doesn't work? Has it been fixed? Which way is right? Secondly - I was wondering if anyone is trying to use l7filter on a bridging Ethernet setup. It looks to me like the packets don't get to the iptables layer so whatever marking I do with l7filter doesn't affect packets going through the bridge, only packets addressed to the bridge itself (which I have given an IP so that I can run some other things on it). Do I need to look into ebtables marking? I don't know if l7filter works with ebtables anyway. Or am I doing something wrong? The system I'm working with is running Debian sarge and kernel 2.6.14.4 with the l7filter patch. Thanks for any help. James ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] tcng example on using ingress without IMQ
hi all. i really need help. i need a working example on shaping the ingress per user using tcng without IMQon a mechine which has two interfaces, and acts like a firewall, and NAT for intrenet connection sharing: eth0 is the external facing the Internet. eth1 is the internal towards my LAN/office network. Please i dont want other than tcng code. iptables code i read on some pages seems vague to me. Please no old tc code. ONLY TCNG. I cant do run IMQ cos i dont wanna do any kernel compilation. and i did not find any suitable understandable basic ingress shaping example. please the HowTo needs more examples on real life situations. what i read also on some page is that the egress (if i have the above situation) i must do egress shaping on eth0 and ingress shaping/policing on eth1. is this theory correct? thanks ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] tcng on 2.6 kernel
Yes, you simply have to add your kernel version in the configure script (KVERSION if I remember correctly). Cheers, Andreas ddaasd ([EMAIL PROTECTED]) schrieb: > > Hi, > I've tried to compile tcng on my 2.6.12 kernel and the ./configure > returned that only 2.4 and 2.5 are supported. > > So, doesn't tcng compile also on 2.6 kernel? > > -- > ddaas > > ___ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] tcng on 2.6 kernel
Hi, I've tried to compile tcng on my 2.6.12 kernel and the ./configure returned that only 2.4 and 2.5 are supported. So, doesn't tcng compile also on 2.6 kernel? -- ddaas ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] tcng and rule set reloads
I'm considering using tcng for compiling a set of HTB bandwidth allocations, which may change now and then, due to new users, etc. There may be a simple web front-end to change the allocations. All allocations are done by subnets, no complicated rules involving matching on ports. My questions are: 1. Is there any disruption to the running HTB if a new set of actions is loaded, after deleting the current set with the first line of tc qdisc del dev eth0X root 2. If there is a disruption, it is possible to postprocess the generated actions so that only subtrees are affected. I'm thinking of a simple approach of grepping for the various handles and sending the outputs to various files where they will be compared with the previous output and the file is not loaded if there has been no change. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] tcng version 10b
... is on SourceForge: http://tcng.sourceforge.net/dist/tcng-10b.tar.gz md5sum d28bc6b1ed8973814213942288ab5d18 See also http://tcng.sourceforge.net/ This release fixes a few compatibility problems with internationalization and with kernels using strange version names. Also, the "mtu" parameter of TBF is now optional. The complete list of changes is below. - Werner --- CHANGES --- - the "mtu" parameter in TBF is now optional - tcsim now uses KVERSION[NUM] instead of KFULLVERSION[NUM] to avoid breaking if EXTRAVERSION contains multiple dots or other surprises (reported by Eduardo Grosclaude) - scripts/runtests.sh now runs commands with LANG=C, to avoid localized error messages (reported by Eduardo Grosclaude) -- _ / Werner Almesberger, Buenos Aires, Argentina [EMAIL PROTECTED] / /_http://www.almesberger.net// ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] tcng version 10a
... is on SourceForge: http://tcng.sourceforge.net/dist/tcng-10a.tar.gz md5sum 3f58447fdf393cbe3c584d80089806dc See also http://tcng.sourceforge.net/ This release changes a bunch of things, hence the jump in the version number: - the name of the traffic control compiler has changed from "tcc" to "tcng". This has become necessary because of a name conflicy with the "Tiny C Compiler". For now tcng uses both names, but I'll remove the "tcc" part soon. - tcng and tcsim are now compatible with iproute2 maintained by Stephen Hemminger. A first consequence of this is that HTB no longer needs a separate patch. Also supporting other new traffic control components will be easier by having an up to date version of iproute2. - last but not least, tcsim can now use the 2.4.27 kernel (just in time before 2.4.28 gets released, I know :-) I didn't go through the whole array of compatibility tests yet, so there could be problems if you're not using the 2.4.27 kernel and iproute2-2.6.9-ss040831. The complete list of changes is below. - Werner --- CHANGES --- - configure is compatible with 2.4.27 - updated kernel version example in README from 2.4.26 to 2.4.27 - scripts/compatibility.sh: added 2.4.27 - changed name of "tcc" to "tcng", for collision with "tiny cc" (reported by Matthias Urlichs) - scripts/localize.sh: now installs a wrapper for "tcng", pointing to "tcc" - scripts/symlinks.sh: now adds a link from "tcng" to "tcc" - tcsim/tcsim.c: now calls "tcc" as "tcng" - configure: changed "tcc" to "tcng" at all user-visible places - tcc/tcc.c: no longer identifies itself as "tcc" when invoked with -V - Makefile: the binary distribution for "tcc" is now called "tcng" - build/{tcng,tcsim}.spec.in: changed most references for "tcc" to "tcng" - Makefile: removed lib/tcng/include/klib/kernel/include from TCSIM_BINDIST - configure now uses include/SNAPSHOT.h instead of RELNOTES to detect iproute2 version - configure is now compatible with iproute2-2.6.8-ss040730 and iproute2-2.6.9-ss040831 (updated tests/cbqroot and tests/tbf) - tcng/README now recommends to download iproute2-2.6.9-ss040831.tar.gz (this also affects tcsim.spec) - recent versions of iproute2 only support MPUs <= 255 bytes (updated tests/mpu) - tcng can now use "conform-exceed" instead of "action" (updated tests/drop) - configure: new options "--action" (or "-a") and "--conform-exceed" (or "-A") to override action handling - tcc/Makefile now depends on ../config -- _ / Werner Almesberger, Buenos Aires, Argentina [EMAIL PROTECTED] / /_http://www.almesberger.net// ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
RE: [LARTC] TCNG compilation/translation bug/question
Hi all, Ooops, please ignore my previous e-mail. I reversed the bits and bytes. Groeten, Joost Kraaijeveld Askesis B.V. Molukkenstraat 14 6524NB Nijmegen tel: 024-3888063 / 06-51855277 fax: 024-3608416 e-mail: [EMAIL PROTECTED] web: www.askesis.nl ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] TCNG compilation/translation bug/question
Hi all, The following ingress statement: $host2 = SLB(cbs 1024kb, cir 2048kbps); class(<>) if ip_dst == 81.175.84.2 && SLB_else_drop($host2); is compiled by TCNG into the folling tc command: ... tc filter add dev eth0 parent :0 protocol all prio 1 u32 match u32 0x51af5402 0x at 16 classid :0 police index 505 rate 256000bps burst 131072 mpu 0 action drop/pass ... (BTW: the ip address may be wrong due not being able to translate dotted decimal to hexedecimal, but the rest is correct) I do not understand the relation between the SLB with "cbs 1024, cir 2048, default mpu" and the tc command with "rate 256000bps burst 131072 mpu 0": I expected that the SLB specs would be translated into something like "rate 2048*8bps burst 1024*8 mpu0". Is this a bug or do I just understand the it? If the latter, can anyone explain the translation to me? TIA Groeten, Joost Kraaijeveld Askesis B.V. Molukkenstraat 14 6524NB Nijmegen tel: 024-3888063 / 06-51855277 fax: 024-3608416 e-mail: [EMAIL PROTECTED] web: www.askesis.nl ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] TCNG on a Linux NAT router question
1.On interface outgoing to internet: NAT is done before shaping. You must mark your packets in mangle table and then shape by mark using tcng. 2.On interface outgoing to LAN: You can shape by local address. Good Luck. P.S: You must shape two ways out because your connetcion get overflow. - Original Message - From: "Joost Kraaijeveld" <[EMAIL PROTECTED]> To: "Lartc (E-mail)" <[EMAIL PROTECTED]> Sent: Saturday, September 18, 2004 9:53 AM Subject: [LARTC] TCNG on a Linux NAT router question Hi all, I want to apply traffic control using TCNG 1.30 on a NAT router. Can I use the IP addresses on my LAN to shape the traffic on the outgoing interface, with other words, does the address translation take place before or after traffic control? (Or does it depend and if so, on what?) Groeten, Joost Kraaijeveld Askesis B.V. Molukkenstraat 14 6524NB Nijmegen tel: 024-3888063 / 06-51855277 fax: 024-3608416 e-mail: [EMAIL PROTECTED] web: www.askesis.nl ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] TCNG syntax for ingress / policing questions
Hi all, I have 2 questions regarding policing 1. What is the problem with policing as in most mesages I can find people say don't but I have not found a why? 2. I have the egress below working (numbers in example are bogus, I know). How do I add an ingress policy? /* compile this file with tcc filename > limit.sh and run that file */ dev eth1 { egress { class ( <$myhost> ) if ip_dst == 172.31.0.2; class ( <$others> ) if 1 ; htb () { class ( rate 2048kbps, ceil 2048kbps ) { $myhost = class ( rate 1024kbps, ceil 1024kbps ) ; $others = class ( rate 10bps, ceil 500kbps ) ; } } } } Groeten, Joost Kraaijeveld Askesis B.V. Molukkenstraat 14 6524NB Nijmegen tel: 024-3888063 / 06-51855277 fax: 024-3608416 e-mail: [EMAIL PROTECTED] web: www.askesis.nl ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] TCNG on a Linux NAT router question
Hi all, I want to apply traffic control using TCNG 1.30 on a NAT router. Can I use the IP addresses on my LAN to shape the traffic on the outgoing interface, with other words, does the address translation take place before or after traffic control? (Or does it depend and if so, on what?) Groeten, Joost Kraaijeveld Askesis B.V. Molukkenstraat 14 6524NB Nijmegen tel: 024-3888063 / 06-51855277 fax: 024-3608416 e-mail: [EMAIL PROTECTED] web: www.askesis.nl ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] tcng and scheduling ssh
On 07/09/04 Michael P. Soulier did say: > #include "fields.tc" > #include "ports.tc" > > dev "eth0" { > egress { > // Voice traffic > class (<$voice>) > if udp_dport >= 2 && udp_dport <= 23000; > // SSH connections > class (<$interactive>) > if tcp_dport == PORT_SSH; > // Everything else > class (<$other>) > if 1; > > prio { > $voice = class { fifo; } > $interactive = class { fifo; } > $other = class { fifo; } > } > } > } Scratch that. This configuration seems to work fine on egress. PEBKAC. Mike -- Michael P. Soulier <[EMAIL PROTECTED]>, 613-592-2122 x2522 6000/6010/60* Development, Mitel Networks Corporation "...the word HACK is used as a verb to indicate a massive amount of nerd-like effort." -Harley Hahn, A Student's Guide to Unix ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] tcng and scheduling ssh
Hey people, I have the following tcng configuration: #include "fields.tc" #include "ports.tc" dev "eth0" { egress { // Voice traffic class (<$voice>) if udp_dport >= 2 && udp_dport <= 23000; // SSH connections class (<$interactive>) if tcp_dport == PORT_SSH; // Everything else class (<$other>) if 1; prio { $voice = class { fifo; } $interactive = class { fifo; } $other = class { fifo; } } } } So, this should be a simple prio queue, with the above udp traffic classified as voice, and getting the highest priority. Second, should be ssh traffic, and then everything else. The problem is that while the packet counts on the second band go up initially after the ssh connection, the subsequent traffic, obviously handled by iptables connection tracking, seems to all go to the third band. Should it not all go to the second, as it's still tcp port 22? Thanks, Mike -- Michael P. Soulier <[EMAIL PROTECTED]>, 613-592-2122 x2522 6000/6010/60* Development, Mitel Networks Corporation "...the word HACK is used as a verb to indicate a massive amount of nerd-like effort." -Harley Hahn, A Student's Guide to Unix ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] TCNG Port Range
I'd like to set up a filter based on a port range. I tried something like class( <$test> ) if tcp_sport > 2001 && tcp_sport < 2015 ; But it seems to 'hang' with this in there.. Is this the best/right way to go about this? if not, what is the best way? Thanks ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] TCNG + kernel 2.6
Has anyone compiled tcng with kernel 2.6 ? Any clue ?
Re: [LARTC] tcng + NAT
class ( <$adsl_medium> ) if meta_nfmark == 0x30; It works great. Thanks for help :D. > Hello, > > you can try: > > > . > . > . > > // ip header type of service > class ( <$adsl_high> ) if ip_tos == 0x80; > // metadata packet mark > class ( <$adsl_medium> ) if meta_nfmark == 0x30; > . > . > . > Cheers > > Charles > > > > > On Mon, 2004-08-02 at 18:02, [EMAIL PROTECTED] wrote: > > > > Does anybody know how to you use tcng with packet marking. I'm > > masquerading my connection so to shape outbound traffic I need to mark > > packets with iptables. But how to you make tcng to recognize marked > > packets? > > > > Thanks for your help. > > ___ > LARTC mailing list / [EMAIL PROTECTED] > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] tcng + NAT
Hello, you can try: . . . // ip header type of service class ( <$adsl_high> ) if ip_tos == 0x80; // metadata packet mark class ( <$adsl_medium> ) if meta_nfmark == 0x30; . . . Cheers Charles On Mon, 2004-08-02 at 18:02, [EMAIL PROTECTED] wrote: > > Does anybody know how to you use tcng with packet marking. I'm > masquerading my connection so to shape outbound traffic I need to mark > packets with iptables. But how to you make tcng to recognize marked > packets? > > Thanks for your help. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] tcng + NAT
Does anybody know how to you use tcng with packet marking. I'm masquerading my connection so to shape outbound traffic I need to mark packets with iptables. But how to you make tcng to recognize marked packets? Thanks for your help.
Re: [LARTC] tcng/tc setup
On Wednesday 14 July 2004 05:54, Gareth Glaccum wrote: > Hi all, > Can someone please help with a tcng setup? I have played with tc and tcng > in the past, and now would like to get some serious rules in place. > However, I have a difficulty in setting them up. I'd suggest using `tc` and using Netfilter to classify traffic. There are quite a few matches you just can't do with tcng. > And I wrote out some rules. These rules seem to be correct, as far as I can > tell, but I stupidly forgot that this is all egress, and it cannot be done > as easily with ingress. Can someone please help by showing me how I can > modify these to give me control over the bandwidth in (albeit limited) as > well as out? Also could someone explain how I can easily write flows to > test all of the possible traffic I might be experiencing? tcng is supposed to let you perform all kinds of simulations on your traffic, but I have never gotten it to work. If someone has produced useful information, I'd love to know how. > My aim is, that any normal ssh to any machine, whether comming from the DMZ > to the internet, or from the LAN to the internet, should get at least 2KB/s > low-latency traffic each, even if other machines or other connections are > being made in the background. > I am wondering whether my first qdisc should infact be an SFQ and then HTBs > below it? That is not possible. sfq is a classless qdisc. It cannot contain anything. You would need to attach sfq to htb classes, instead, for instance. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] tcng/tc setup
Hi all, Can someone please help with a tcng setup? I have played with tc and tcng in the past, and now would like to get some serious rules in place. However, I have a difficulty in setting them up. My setup is as follows: One machine working as a firewall: eth0 is the interface connected to a 512K DSL line eth1 is connected to a LAN eth2 is connected to another LAN, a bit like a DMZ eth1 and 2 are totaly different subnets, 10.1.1.x and 10.2.1.x both class B, (sorry, this is a system I inherited, I am slowly getting ready to collapse it all to class C). I wanted to set the following rules: High priority data needs to be some ssh from 10.1.1.x/16 (all) to external IPs. Priority is to be given to data going to 10.1.1.x/16 over the DMZ data. Input is 55KB/s, output is 25KB/s To the DMZ from the LAN, there should be no throttling. To the LAN from the DMZ, there should be no throttling. (100Mbs/s) SSH data should be given priority over HTTP SMTP should be given priority over HTTP HTTP is given priority over anything else Interfaces, eth0, 512Kb/s input, 256 Kb/s output eth1, 100Mb/s each way eth2, 100Mb/s each way And I wrote out some rules. These rules seem to be correct, as far as I can tell, but I stupidly forgot that this is all egress, and it cannot be done as easily with ingress. Can someone please help by showing me how I can modify these to give me control over the bandwidth in (albeit limited) as well as out? Also could someone explain how I can easily write flows to test all of the possible traffic I might be experiencing? My aim is, that any normal ssh to any machine, whether comming from the DMZ to the internet, or from the LAN to the internet, should get at least 2KB/s low-latency traffic each, even if other machines or other connections are being made in the background. I am wondering whether my first qdisc should infact be an SFQ and then HTBs below it? All help will be gratefully received. Thank you, Gareth - Start long probably incorrect tcng code (I have left out the ingress code I had, because it didn't work at all, and I didn't understand any of it) #define INTERNET eth0 #define LAN eth1 #define DMZ eth2 #define INTERNET_IP 0.0.0.0/0 #define DMZ_IP 10.2.1.0/16 #define LAN_IP 10.1.1.0/16 #define maxadsl 600kbps/2 #define highadsl 500kbps/2 #define medadsl 400kbps/2 #define midadsl 300kbps/2 #define lowadsl 200kbps/2 #define intadsl 150kbps/2 #define vloadsl 100kbps/2 #define noadsl 50kbps/2 dev INTERNET { $meter = trTCM( cir 128kbps, cbs 10kB, pir 200kbps, pbs 10 kB ); egress { class(<$lanssh>) if tcp_sport == 22 || tcp_dport == 22 if ip_src == LAN_IP || ip_dst == LAN_IP; class(<$dmzssh>) if tcp_sport == 22 || tcp_dport == 22 if ip_src == DMZ_IP || ip_dst == DMZ_IP; class(<$ssh>) if tcp_sport == 22 || tcp_dport == 22 if ip_tos_delay==1 ; class(<$smtp>) if tcp_sport == 25 || tcp_dport == 25; class(<$lanhttp>) if tcp_sport == 80 || tcp_dport == 80 if ip_src == LAN_IP || ip_dst == LAN_IP; class(<$dmzhttp>) if tcp_sport == 80 || tcp_dport == 80 if ip_src == DMZ_IP || ip_dst == DMZ_IP; class(<$http>) if tcp_sport == 80 || tcp_dport == 80; class(<$othermed>) if trTCM_green( $meter); class(<$otherslow>) if trTCM_yellow( $meter); drop if trTCM_red ( $meter); class(<$otherslow>) if 1; drop if 1; htb(){ class ( rate maxadsl, ceil maxadsl){ $ssh = class ( rate medadsl, ceil highadsl) { $lanssh = class ( rate midadsl , ceil medadsl){ sfq ( perturb 10 sec );}; $dmzssh = class (rate vloadsl, ceil lowadsl){ sfq ( perturb 10 sec );}; }; $smtp = class ( rate midadsl, ceil highadsl) {sfq ( perturb 10 sec );}; $http = class ( rate lowadsl, ceil highadsl) { $lanhttp = class (rate lowadsl , ceil highadsl) {sfq ( perturb 10 sec );}; $dmzhttp = class (rate lowadsl, ceil highadsl) {sfq ( perturb 10 sec );}; }; $othermed = class ( rate lowadsl, ceil medadsl) {sfq ( perturb 10 sec );}; $otherslow = class ( rate noadsl, ceil intadsl) {sfq ( perturb 10 sec );}; } } } } _ Express yourself with cool new emoticons http://www.msn.co.uk/specials/myemo ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] TCNG on kernel 2.6.x?
Heya all, Has anyone ported tcng to kernel 2.6.x yet? I tried to compile and it was fairly specific in terms of what kernels it would and would not work with. Not being much of a kernel hacker I didn't trust disabling the checks *grins*. John D.
[LARTC] tcng configuration question??
> Message: 8 > To: [EMAIL PROTECTED] > From: "John B Dunning/NS/WSC" <[EMAIL PROTECTED]> > Date: Thu, 20 May 2004 08:23:53 -0500 > Subject: [LARTC] tcng configuration question?? > > { > egress > { > class (<$four_vip>) > if ip_src == 192.168.4.2/32; This is wrong. correct: if ip_src == 192.168.4.2; or if ip_src:32 == 192.168.4.2; - Jacob ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] tcng configuration question??
Greetings all, OK - just started playing around with traffic shaping - have imq and htb and (I think) everything else I need in the kernel and running well. My initial lab task was to protect a H.323 session over a simulated half T1 while adding bulk traffic - got that accomplished after slogging through learning tc and decided in short order that a more intuitive interface would be required to scale this to multiple networks with more complex traffic patterns. I settles in on tcng because I thought the architecture looked pretty snifty - still do though I'm open to suggestions. I do have a tcng configuration question though. I'm trying to replicate my earlier simple configuration with TC. I'm sure what I have is far from optimal - but I wanted to stick as close to my original tc architecture as I could so: dev "imq0" { egress { class (<$four_vip>) if ip_src == 192.168.4.2/32; class (<$six_vip>) if ip_src == 192.168.6.2/32; class (<$four_all>) if ip_src == 192.168.4.0/24; class (<$six_all>) if ip_src == 192.168.6.0/24; htb (rate 1600 kbps) { class (rate 800 kbps) { $four_vip = class (prio 1) { sfq; } $four_all = class (prio 2) { sfq; } } class (rate 800 kbps) { $six_vip = class (prio 1) { sfq; } $six_all = class (prio 2) { sfq; } } } } } This config compiles with no errors to: tc qdisc del dev imq0 root # Device imq0 tc qdisc add dev imq0 handle 1:0 root dsmark indices 8 default_index 0 tc qdisc add dev imq0 handle 2:0 parent 1:0 htb tc class add dev imq0 parent 2:0 classid 2:1 htb rate 10bps tc class add dev imq0 parent 2:1 classid 2:2 htb rate 10bps prio 1 tc qdisc add dev imq0 handle 3:0 parent 2:2 sfq tc class add dev imq0 parent 2:1 classid 2:3 htb rate 10bps prio 2 tc qdisc add dev imq0 handle 4:0 parent 2:3 sfq tc class add dev imq0 parent 2:0 classid 2:4 htb rate 10bps tc class add dev imq0 parent 2:4 classid 2:5 htb rate 10bps prio 1 tc qdisc add dev imq0 handle 5:0 parent 2:5 sfq tc class add dev imq0 parent 2:4 classid 2:6 htb rate 10bps prio 2 tc qdisc add dev imq0 handle 6:0 parent 2:6 sfq tc filter add dev imq0 parent 2:0 protocol all prio 1 tcindex mask 0x7 shift 0 tc filter add dev imq0 parent 2:0 protocol all prio 1 handle 4 tcindex classid 2:6 tc filter add dev imq0 parent 2:0 protocol all prio 1 handle 3 tcindex classid 2:3 tc filter add dev imq0 parent 2:0 protocol all prio 1 handle 2 tcindex classid 2:5 tc filter add dev imq0 parent 2:0 protocol all prio 1 handle 1 tcindex classid 2:2 tc filter add dev imq0 parent 1:0 protocol all prio 1 u32 match u32 0xc0a80402 0x at 12 classid 1:1 tc filter add dev imq0 parent 1:0 protocol all prio 1 u32 match u32 0xc0a80602 0x at 12 classid 1:2 tc filter add dev imq0 parent 1:0 protocol all prio 1 u32 match u32 0xc0a80400 0x at 12 classid 1:3 tc filter add dev imq0 parent 1:0 protocol all prio 1 u32 match u32 0xc0a80600 0x at 12 classid 1:4 My q
[LARTC] tcng help
Hey all, I need to make a setup for VoIP using Linux QoS. For that, I decided to follow Leonardo Balliache (http://www.opalsoft.net/qos/VoIP.htm) recomendations; an Ingress filter to forward the SIP packets to from the incoming interface (eth2) to the outgoing one (eth0) as soon as possible, with minimum delay, and a PRIO filter for the outgoing interface. Im quite a newbie to tcng, and I really would like to use it as a front end to tc. So I´d like to know if somebody could give a hand translating "Mark every packet comming from eth2 with the highest priority" and "all packets that came from eth2 when going out through eth0 should have minimum delay and all the bandwidth needed" to the tcng language. I suppose it would be something like that, using just tc (please correct me if Im wrong): tc qdisc add dev eth2 handle : ingress tc filter add dev eth2 parent : protocol ip prio 1 u32 match ip protocol 17 0xff police rate 240kbit burst 15kb continue flowid :1 and on the egress side: tc qdisc add dev eth0 root handle 1: prio tc filter add dev eth0 parent 1:0 protocol ip prio 1 handle 1 tcindex classid 1:1 Should I add another class for all other "non-privileged" flows? Any help will be greatly appreaciated. Thanks, Marcelo ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] tcng version 9m
... is on SourceForge: http://tcng.sourceforge.net/dist/tcng-9m.tar.gz md5sum 636d382f6db917b385e7a6f158136ca2 See also http://tcng.sourceforge.net/ This release contains the upgrade to 2.4.26, plus a few compatibility changes. There's also a major bug that strangely went undetected until recently, when Laurent Moutel reported that his classifiers behaved unexpectedly: if testing fields in a "late" header before testing fields in an "early" header (e.g. TCP port before IP address), the u32 output generated by tcc had the offsets wrong. I didn't have time to properly fix this yet, but tcc now detects this problem, and prints an error message. So if it reports unsupported offset sequence - please try to reorder matches try to make sure that tests connected by && test headers in the order in which the appear in the packet. The complete list of changes is below. - Werner --- CHANGES --- - configure is compatible with 2.4.26 - updated kernel version example in README from 2.4.25 to 2.4.26 - scripts/compatibility.sh: added 2.4.26 - installation example in README now also mentions downloading the iproute2 tarball from Debian - configure and scripts/minisrc.sh now also recognize the Debian iproute tarball - tcsim/setup.klib: added "time_after" and "time_after_eq" to linux/sched.h - tcsim/setup.klib: converts dsfield.h to remove bare newlines from strings (needed to build tcsim with old kernel sources and a new gcc) - if_u32.c:dump_and now checks if any but the last && term changes the offset group (tests/tcng-9m; updated tests/tcng-2i, reported by Laurent Moutel) - tcsim/Makefile: compile tcsim.c without kernel includes, to avoid confusing glibc headers (reported by Nuutti Kotivuori) -- _ / Werner Almesberger, Buenos Aires, Argentina [EMAIL PROTECTED] / /_http://www.almesberger.net// ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] tcng ingress policing question
Hi all I started playing with tcng to generate my tc rules, but I have some difficulty implementing my rules... The script below generates an error: # Device eth0 tc qdisc add dev eth0 ingress beginner.tc:2: don't know how to build meter for this The script is below, I changed the real IP numbers for XXs and YYs, since it doesn't really matter what they are. eth0 is the external interface The intention is to limit the rate in most cases to 1 Mbit/s, the linux distr. mirror's may cause a bit more and within the ISP we're not charged with higher rates than we agreed on. Anyone know why tcc can't do this, or is it something I should be doing in the egress part? (I'd prefer not to, since I have more than 2 interfaces...) TIA Simon PS, the other interfaces don't have any queues, since this would be handled by the ingress policing in this way. == script: == dev eth0 { ingress { $police_isp = SLB( cbs 100kB, cir 5 kbps ); $police_mirror = SLB( cbs 20kB, cir 2000 kbps ); $police_other = SLB( cbs 10kB, cir 1000 kbps ); class(<>) if (ip_src == XXX.XXX.XXX.XXX || /* external host */ ip_src == YYY.YYY.YYY.YYY ) && /* backup traffic */ SLB_ok($police_isp); class(<>) if ( ip_src == host("host.mirror.one") || ip_src == host("host.mirror.two") ) && SLB_ok($police_mirror); class(<>) if SLB_ok($police_other); } egress { class(<$isp>) if ip_src == XXX.XXX.XXX.XXX /* external host */ if ip_src == YYY.YYY.YYY.YYY; /* backup traffic */ class(<$other>) if 1; htb () { class ( rate 10 kbps ) { $isp = class ( prio 2, rate 5 kbps ) { sfq ( perturb 5 sec ); }; $other = class ( prio 1, rate 1000 kbps ) { sfq ( perturb 10 sec ); }; } } } } dev eth3 { ingress { $policer = SLB( cbs 10kB, cir 500 kbps ); class ( <> ) if SLB_ok( $policer ); drop if 1; } egress { } } ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] tcng and ip_len
On Friday 16 April 2004 17:07, Jason Boxman wrote: > I can't seem to match packets less than 512 bytes: > > class( <$bulk> ) > if tcp_dport == 81 && !( ip_len & 0xfe00 ) > ; > or > if tcp_dport == 81 && ip_len < 512 Reversing the rule such that it is: if ip_len < 512 && tcp_dport == 81 works as expected. I have no idea why. I'd guess the IP header matches need to come first, but I have a rule that matches tcp_sport first and it has worked fine. if tcp_sport == 22 && ip_tos_delay == 1 -- Jason Boxman Perl Programmer / *NIX Systems Administrator Shimberg Center for Affordable Housing | University of Florida http://edseek.com/ - Linux and FOSS stuff ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] tcng and ip_len
I can't seem to match packets less than 512 bytes: class( <$bulk> ) if tcp_dport == 81 && !( ip_len & 0xfe00 ) ; or if tcp_dport == 81 && ip_len < 512 Both rules match any packet I send to port 81, even when the total IP length is much greater than 512 bytes: class htb 2:4 parent 2:1 leaf 5: prio 1 rate 8000bps ceil 24000bps burst 6Kb cburst 1839b Sent 244592 bytes 168 pkts (dropped 0, overlimits 0) rate 932bps lended: 94 borrowed: 74 giants: 0 tokens: -72884 ctokens: 22937 244592 / 168 = 1455.9 bytes/packet I captured the traffic to verify the packets indeed were greater than 512 bytes. If anyone knows what I'm doing wrong, let me know. Thanks! ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] TCNG per IP...
Hi all. Im trying to shape some traffic, and i see that the best way to do that is using TCNG. The thing is: I dont know how to shape bandwidth per IP. Exemple: 192.168.1.20 > 256kbit(down) 128kbit(up) 192.168.1.21 > 512kbit(down) 128kbit(up) 192.168.1.22 > 180kbit(down) 128kbit(up) 192.168.1.23 > 768kbit(down) 128kbit(up) . . . Does anyone has an exemple script that i could just edit it and use? Thanks a lot. Cristiano
[LARTC] tcng TCP ACK match
Hello. I have been trying to duplicate these u32 matching rules using TCNG, but without much success: tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32\ match ip protocol 6 0xff \ match u8 0x05 0x0f at 0 \ match u16 0x 0xffc0 at 2 \ match u8 0x10 0xff at 33 \ flowid 1:10 Wondershaper 1.1a implements this and if I run it things seem to be shaped as expected. But this TCNG configuration doesn't product the same results. Does anyone know what I did wrong? dev "eth0" { egress { /* if (raw[33] >> 4) & 1; */ class( <$ack> ) if (ip_hl == 0x5) && (ip_len & 0xffc0) && tcp_ACK; class( <$other> ) if 1; htb() { class ( rate 230kbps, ceil 230kbps ) { $ack = class( rate 64kbps, ceil 230kbps, prio 1 ) { sfq; } $other = class( rate 64kbps, ceil 230kbps, prio 2 ) { sfq; } } } } } Which generates: tc qdisc add dev eth0 handle 1:0 root dsmark indices 4 default_index 0 tc qdisc add dev eth0 handle 2:0 parent 1:0 htb tc class add dev eth0 parent 2:0 classid 2:1 htb rate 28750bps ceil 28750bps tc class add dev eth0 parent 2:1 classid 2:2 htb rate 8000bps ceil 28750bps prio 1 tc qdisc add dev eth0 handle 3:0 parent 2:2 sfq tc class add dev eth0 parent 2:1 classid 2:3 htb rate 8000bps ceil 28750bps prio 2 tc qdisc add dev eth0 handle 4:0 parent 2:3 sfq tc filter add dev eth0 parent 2:0 protocol all prio 1 tcindex mask 0x3 shift 0 tc filter add dev eth0 parent 2:0 protocol all prio 1 handle 2 tcindex classid 2:3 tc filter add dev eth0 parent 2:0 protocol all prio 1 handle 1 tcindex classid 2:2 tc filter add dev eth0 parent 1:0 protocol all prio 1 u32 match u8 0x6 0xff at 9 match u8 0x5 0xf at 0 match u16 0x0 0xffc0 at 2 classid 1:2 tc filter add dev eth0 parent 1:0 protocol all prio 1 handle 1:0:0 u32 divisor 1 tc filter add dev eth0 parent 1:0 protocol all prio 1 u32 match u8 0x6 0xff at 9 match u8 0x5 0xf at 0 offset at 0 mask 0f00 shift 6 eat link 1:0:0 tc filter add dev eth0 parent 1:0 protocol all prio 1 handle 1:0:1 u32 ht 1:0:0 match u8 0x10 0x10 at 13 classid 1:1 tc filter add dev eth0 parent 1:0 protocol all prio 1 u32 match u8 0x6 0xff at 9 match u8 0x5 0xf at 0 classid 1:2 tc filter add dev eth0 parent 1:0 protocol all prio 1 u32 match u32 0x0 0x0 at 0 classid 1:2 Thanks in advance! -- Jason Boxman Perl Programmer / *NIX Systems Administrator Shimberg Center for Affordable Housing | University of Florida http://edseek.com/ - Linux and FOSS stuff ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Fw: [Fwd: Re: [LARTC] TCNG]
Hi Martin, I tried the suggested script, but it doesn't seem to be working, I adapted it along the lines of #include "fields.tc" #include "ports.tc" #define MY_PDA 10.1.1.8 #define MY_LAPTOP 10.1.1.20 #define INTERFACE eth1 dev INTERFACE { egress{ class ( <$video> ) if tcp_sport == 1755 && ip_dst == MY_LAPTOP ; class ( <$video> ) if tcp_sport == 554 && ip_dst == MY_LAPTOP ; class ( <$video> ) if udp_sport == 1755 && ip_dst == MY_LAPTOP ; class ( <$video> ) if udp_sport == 554 && ip_dst == MY_LAPTOP ; class ( <$other> ) if 1; htb() { class ( rate 3500kbps, ceil 3500kbps ) { $video = class ( rate 30kbps, ceil 30kbps ) { sfq; } ; $laptop = class ( rate 50kbps, ceil 1500kbps ) { sfq; } ; $pda = class ( rate 50kbps, ceil 50kbps ) { sfq; } ; $other = class ( rate 150kbps, ceil 150kbps ) { sfq; } ; } } } } The BW of the video stream on the MY_LAPTOP device is roughly 150 kbps, suggesting that is has not been pick up by the criteria. I use this: #!/bin/sh IPTABLES=/sbin/iptables # ALL LINES BELOW ARE NAT ROUTING # flush out all old rules $IPTABLES -F -t nat # turn on NAT (IP MASQ for outgoing packets) $IPTABLES -A POSTROUTING -t nat -o eth0 -j MASQUERADE # enable IP Forwarding (of incoming packets) echo 1 > /proc/sys/net/ipv4/ip_forward route add default gw 10.0.0.1 # WIRELESS CARD SETUP iwconfig eth1 mode ad-hoc iwconfig eth1 essid BKR_FYP To setup my masqueradingI'm puzzled, can you suggest a way to start debuggin this? Again many thanks, Barry. Original Message Subject: Re: [LARTC] TCNGDate: Wed, 3 Mar 2004 22:55:50 -0600 (CST)From: Martin A. Brown <[EMAIL PROTECTED]>To: Barry Rooney <[EMAIL PROTECTED]>CC: [EMAIL PROTECTED]References: <[EMAIL PROTECTED]><[EMAIL PROTECTED]><[EMAIL PROTECTED]>Barry,: Eth0 is connected to a private network which has on it a Media Server: streaming rtsp files Eth1 is a wireless card on an ad-hoc network with: a laptop, a pda, and a desktop.Understood.: The idea is then to imitate different QoS levels to the different: devices, the idea being that the pda shouldn't need as much bw as the: desktop etc. So the three devices get dhcp leases dependant on their: mac address, and then their ip address is used to identify them and: (hopefully) tc will then allow me to create sfqs for each device.Understood.: I have tested the devices without any shaping, and also with shaping of: all rtsp/mms protocol based traffic to the 50kb class. This works and: has been confirmed by the stats on the media client, it can be quite: clearly seen any way the video starts to jump and stutter.OK.: However I have been unable to get the shaping to only occur on one: device, maybe the laptop for example whose address is 10.1.1.10I don't really understand what you mean here.Have you tried creating separate classes for each device?sfq doesn't do any shapinghtb (classes) perform shapingSo, here's a fractured/partial tcng config:#define MY_PDA 10.1.1.8#define MY_LAPTOP 10.1.1.10class ( <$video> ) if tcp_sport == PORT_RTSP && ip_dst == MY_LAPTOP ;class ( <$laptop> ) if ip_dst == MY_LAPTOP ;class ( <$pda>) if ip_dst == MY_PDA ;class ( <$other>) if 1 ;htb() {class ( rate 3500kbps, ceil 3500kbps ) {$video = class ( rate 50kbps, ceil 50kbps ) { sfq; } ;$laptop = class ( rate 50kbps, ceil 1500kbps ) { sfq; } ;$pda = class ( rate 50kbps, ceil 50kbps ) { sfq; } ;$other = class ( rate 200kbps, ceil 3500kbps ) { sfq; } ;}}I can't tell if this does what you'd like, but maybe it does.Good luck,-Martin--Martin A. Brown --- SecurePipe, Inc. --- [EMAIL PROTECTED]___LARTC mailing list / [EMAIL PROTECTED]http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ --- Begin Message --- - Original Message From: "Barry Rooney" <[EMAIL PROTECTED]>To: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>Subject: [Fwd: Re: [LARTC] TCNG]Date: 09/03/04 22:04 Original Message Subject: Re: [LARTC] TCNGDate: Wed, 3 Mar 2004 22:55:50 -0600 (CST)From: Martin A. Brown <[EMAIL PROTECTED]>To: Barry Rooney <[EMAIL PROTECTED]>CC: [EMAIL PROTECTED]References: <[EMAIL PROTECTED]><[EMAIL PROTECTED]><[EMAIL PROTECTED]>Barry,: Eth0 is connected to a private network which has on it a Media Server: streaming rtsp files Eth1 is a wireless card on an ad-hoc network with: a laptop, a pda, and a desktop.Understood.: The idea is then to imitate different QoS levels to the different: devices, the idea being that the pda shouldn't need as much bw as the: desktop etc. So the three devices get dhcp leases dependant on their: mac address, and then their ip address is used to identify them and: (hopefully) tc will then allow me to create sfqs for each device.U
[LARTC] TCNG compilation problem
Hi! I want to install tcng with tcsim, but I get several errors when trying to compile it: cc -g -Wl,-E -o tcsim tcsim.o jiffies.o timer.o command.o var.o host.o attr.o lex.yy.o y.tab.o ksvc.o klink.o usvc.o module.o trace.o klib/klib.o ulib/ulib.o -lfl -lm -ldl -L../shared -ltcngmisc ulib/ulib.o(.text+0xf0a): In function `get_addr_1': /usr/src/tcng/tcsim/ulib/iproute2/lib/utils.c:163: undefined reference to `dnet_pton' ulib/ulib.o(.text+0x13f9): In function `rt_addr_n2a': /usr/src/tcng/tcsim/ulib/iproute2/lib/utils.c:357: undefined reference to `ipx_ntop' ulib/ulib.o(.text+0x1425):/usr/src/tcng/tcsim/ulib/iproute2/lib/utils.c:362: undefined reference to `dnet_ntop' collect2: ld returned 1 exit status make[2]: *** [tcsim] Error 1 make[2]: Leaving directory `/usr/src/tcng/tcsim' make[1]: *** [tcsim] Error 2 make[1]: Leaving directory `/usr/src/tcng/tcsim' make: *** [all] Error 1 These are the steps I followed: 1. Re-build the kernel with QoS and diffserv support. (version 2.4.24) 2. Apply htb patch to iproute2 source. 3. Modify the Config file on iproute2 sources like this: TC_CONFIG_DIFFSERV=y 4. Try to build tcng ... failed :( I guess I just don't understand this part of the iproute2 README: "KERNEL_INCLUDE should point to correct linux kernel include directory. ADDLIB should contain inet_* functions, if your libc contains obsolete resolver library (<4.9.4) and you have no correct libresolv. ADDLIB should also contain dnet_* functions if you don't have a libdnet with support for them. If your libdnet does have support, then comment out that line and uncomment the line to add -ldnet to LDLIBS. LDLIBS should be empty, if you have no libresolv." Any help would be appreciated. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] TCNG
Barry, : Eth0 is connected to a private network which has on it a Media Server : streaming rtsp files Eth1 is a wireless card on an ad-hoc network with : a laptop, a pda, and a desktop. Understood. : The idea is then to imitate different QoS levels to the different : devices, the idea being that the pda shouldn't need as much bw as the : desktop etc. So the three devices get dhcp leases dependant on their : mac address, and then their ip address is used to identify them and : (hopefully) tc will then allow me to create sfqs for each device. Understood. : I have tested the devices without any shaping, and also with shaping of : all rtsp/mms protocol based traffic to the 50kb class. This works and : has been confirmed by the stats on the media client, it can be quite : clearly seen any way the video starts to jump and stutter. OK. : However I have been unable to get the shaping to only occur on one : device, maybe the laptop for example whose address is 10.1.1.10 I don't really understand what you mean here. Have you tried creating separate classes for each device? sfq doesn't do any shaping htb (classes) perform shaping So, here's a fractured/partial tcng config: #define MY_PDA 10.1.1.8 #define MY_LAPTOP 10.1.1.10 class ( <$video> ) if tcp_sport == PORT_RTSP && ip_dst == MY_LAPTOP ; class ( <$laptop> ) if ip_dst == MY_LAPTOP ; class ( <$pda>) if ip_dst == MY_PDA ; class ( <$other>) if 1 ; htb() { class ( rate 3500kbps, ceil 3500kbps ) { $video = class ( rate 50kbps, ceil 50kbps ){ sfq; } ; $laptop = class ( rate 50kbps, ceil 1500kbps ) { sfq; } ; $pda= class ( rate 50kbps, ceil 50kbps ){ sfq; } ; $other = class ( rate 200kbps, ceil 3500kbps ) { sfq; } ; } } I can't tell if this does what you'd like, but maybe it does. Good luck, -Martin -- Martin A. Brown --- SecurePipe, Inc. --- [EMAIL PROTECTED] ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] TCNG
Hi Martin, Eth0 is connected to a private network which has on it a Media Server streaming rtsp files Eth1 is a wireless card on an ad-hoc network with a laptop, a pda, and a desktop. The idea is then to imitate different QoS levels to the different devices, the idea being that the pda shouldn't need as much bw as the desktop etc. So the three devices get dhcp leases dependant on their mac address, and then their ip address is used to identify them and (hopefully) tc will then allow me to create sfqs for each device. I have tested the devices without any shaping, and also with shaping of all rtsp/mms protocol based traffic to the 50kb class. This works and has been confirmed by the stats on the media client, it can be quite clearly seen any way the video starts to jump and stutter. However I have been unable to get the shaping to only occur on one device, maybe the laptop for example whose address is 10.1.1.10 Martin A. Brown wrote: Hello Barry, : I'm using TCNG to restrict certain types of traffic to certain ip : addresses using a Linux router, and some masq'd computers behind it. You didn't tell us anything about the networks behind eth1. So, is this host running as an Internet access device? : #define INTERFACE eth1 : : dev INTERFACE { : egress { : : /* In class selection path, the filters come first! DSmark */ : class ( <$video> ) if tcp_sport == 554 && ip_dst == 10.1.1.10; : class ( <$other> ) if 1 ; : : /* section in which we configure the qdiscs and classes */ : : htb () { : class ( rate 3500kbps, ceil 3500kbps ) { : : $video = class ( rate 50kbps, ceil 50kbps ) { sfq; } ; : $other = class ( rate 1000kbps, ceil 3450kbps ) { sfq; } ; : : } : } : } : } : Doesn't seem to be working... Are you able to tell if traffic is classified at all into any classes ("tc -s class show dev eth1")? What happens if you [off-hours] drop your maximum rate (3500kbps) to something much slower (2000kbps)? Are you actually shaping traffic? Presumably, given the above configuration, the host 10.1.1.10 is a client and is located on the network reachable via eth1. The Internet (the source of the tcp/554 packets) must be reachable on another interface. -Martin ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] TCNG
Hello Barry, : I'm using TCNG to restrict certain types of traffic to certain ip : addresses using a Linux router, and some masq'd computers behind it. You didn't tell us anything about the networks behind eth1. So, is this host running as an Internet access device? : #define INTERFACE eth1 : : dev INTERFACE { : egress { : : /* In class selection path, the filters come first! DSmark */ : class ( <$video> ) if tcp_sport == 554 && ip_dst == 10.1.1.10; : class ( <$other> ) if 1 ; : : /* section in which we configure the qdiscs and classes */ : : htb () { : class ( rate 3500kbps, ceil 3500kbps ) { : : $video = class ( rate 50kbps, ceil 50kbps ) { sfq; } ; : $other = class ( rate 1000kbps, ceil 3450kbps ) { sfq; } ; : : } : } : } : } : Doesn't seem to be working... Are you able to tell if traffic is classified at all into any classes ("tc -s class show dev eth1")? What happens if you [off-hours] drop your maximum rate (3500kbps) to something much slower (2000kbps)? Are you actually shaping traffic? Presumably, given the above configuration, the host 10.1.1.10 is a client and is located on the network reachable via eth1. The Internet (the source of the tcp/554 packets) must be reachable on another interface. -Martin -- Martin A. Brown --- SecurePipe, Inc. --- [EMAIL PROTECTED] ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] TCNG
Hi All, I'm using TCNG to restrict certain types of traffic to certain ip addresses using a Linux router, and some masq'd computers behind it. Unfortunately something like this... #include "fields.tc" #include "ports.tc" #define INTERFACE eth1 dev INTERFACE { egress { /* In class selection path, the filters come first! DSmark */ class ( <$video> ) if tcp_sport == 554 && ip_dst == 10.1.1.10; class ( <$other> ) if 1 ; /* section in which we configure the qdiscs and classes */ htb () { class ( rate 3500kbps, ceil 3500kbps ) { $video = class ( rate 50kbps, ceil 50kbps ) { sfq; } ; $other = class ( rate 1000kbps, ceil 3450kbps ) { sfq; } ; } } }} Doesn't seem to be working... Any ideas Thanks. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] tcng version 9l
... is on SourceForge: http://tcng.sourceforge.net/dist/tcng-9l.tar.gz md5sum b1dde4ec97fa042d76d498cf87019551 See also http://tcng.sourceforge.net/ Since I cleaned up so many things for Gentoo yesterday, here's one for Debian 3.0. The main problems were: - its CPP doesn't like variadic macros with an empty argument list - its CPP really wants -$, even if -std=c99 is set There was also a race condition beween an exit handler (that had no business being invoked in the first place) and CPP termination in tcsim. Funny that this didn't show up earlier. Last but not least, there was one more 32 bit-ism I hadn't caught yet. The complete list of changes is below. - Werner --- CHANGES --- Version 9l (29-FEB-2004) - configure did not preserve the YACC setting across sessions - configure now complains if -k, -i, -d, -t, or -y have no argument - tcc and tcsim now use -$ if -std=c99 does not work (updated tests/cppdollar) - configure: new options "-$" and "--c99" (or "-c99") to override dollar handling - the writer helper process of tcsim now always exits with _exit, to avoid running the exit handler that kills cpp - runtests.sh converts " parse " to " syntax " in stderr if expecting an error, because some YACCs print "parse error" instead of "syntax error" - examples/prio+fw, examples/tbf, examples-ng/pfifo_fast, examples-ng/prio+fw, examples/priority, tests/idiomatic, tests/packet, tests/tcsattpro, tests/tcsattpsv, tests/tcsattset, tests/tcsdefinc, tests/trace, tests/u32dlb, and tests/u32slb now avoid using variadic macros with an empty argument list all, to keep some versions of CPP from complaining - tests/tcng-7g forced a syntax error at EOF, which yielded inconsistent results with different versions of CPP - updated kernel version example in tcng/README from 2.4.22 to 2.4.25 - q_htb.c: used ~0UL to mean "0xUL" - moved removal of .depend from "clean" to "spotless" make target - tcsim/Makefile: removed left-over dependencies on module cleanup targets "ephemeral-mod" and "clean-mod" - tcsim/modules/Makefile did not define OBJS -- _ / Werner Almesberger, Buenos Aires, Argentina [EMAIL PROTECTED] / /_http://www.almesberger.net// ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] tcng version 9k
... is on SourceForge: http://tcng.sourceforge.net/dist/tcng-9k.tar.gz md5sum 330440ac8cd8991fc1a09feacee0612e See also http://tcng.sourceforge.net/ This release addresses various compatibility issues: - compatibility with GCC 3.3.3 - better compatibility with Gentoo Linux - a few general 64 bit improvements and corrections - amd64-specific changes The 64 bit part went surprisingly smoothly. tcc and tcsim now run on amd64, and the regression tests like the new CPU, too. tcng should still work on PPC, but since I don't have a local PPC machine, I didn't test this. Another new feature is that configure's -i option now also accepts a tarball (like -k does). The complete list of changes is below. - Werner --- CHANGES --- Version 9k (28-FEB-2004) - cpp 3.3.3 unceremoniously dropped "-$", so we're now using "-std=c99" (updated tests/cppdollar, tests/phasep) - tcc and tcsim now invoke cpp with argv[0] set to the name of cpp (instead of the name with which tcc or tcsim was invoked), for cpp 3.3.3 compatibility (updated tests/tcng-6u) - POSIX obsoleted "tail -N", using "tail -n N" now (updated tests/tstcond) - Makefile: added remark that the ebuild that comes with tcng isn't nearly as good as the one from Gentoo - build system now uses bison if "configure" finds no yacc - configure: added option --yacc (-y) to set the YACC command - toys/comtc now uses extension .i instead of .cpp, since the latter caused cpp to switch to C++ mode - configure: changed "dir_or_tarball" to "dir_or_tar.bz2" in description of "--kernel" argument - configure now also accepts tarballs for iproute2 - added scripts/minisrc.sh which extracts the files needed to build tcsim from an iproute2 tarball - changed UNDEF_U32 from ~0UL to ~0U for 64 bit compatibility - tcc/ext_io.c:expand_errors added casts to avoid complaints when using a pointer difference in printf on 64 bit - setup.klib: elements of "struct timeval" are now "unsigned long" instead of "unsigned" for better compatibility with glibc on 64 bit - kmod_cc and tcmod_cc now use -fPIC for amd64 compatibility - tcc/ext/Makefile and tcc/ext/tcc-ext-test.in now use -fPIC for amd64 compatibility - tcc/iflib_actdb.c:debug_subtree printed pointer to policier instead of its number - setup.klib: linux/types.h now just #includes stddef.h instead of trying its own definitions for size_t and NULL - changed long obsolete "make upload" to equal "make upload-sf" -- _ / Werner Almesberger, Buenos Aires, Argentina [EMAIL PROTECTED] / /_http://www.almesberger.net// ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] tcng version 9j
... is on SourceForge: http://tcng.sourceforge.net/dist/tcng-9j.tar.gz md5sum d0f0b1b20a6711f447d5321138ab5852 See also http://tcng.sourceforge.net/ This is a maintenance release that mainly synchronizes with current 2.4 kernels. The complete list of changes is below. - Werner --- CHANGES --- Version 9j (26-FEB-2004) - Makefile: targets "tcc" and "tcsim" depend also on "shared" (reported by Mustafa Ogun) - configure is compatible with 2.4.24 and 2.4.25 - scripts/compatibility.sh: added 2.4.23, 2.4.24, and 2.4.25 - minksrc.sh now only extracts kernel source from tarball if the source has not already been extracted - moved progress reporting from "configure" to "minksrc.sh" - "make clean" now also removes temporary files of "configure" -- _ / Werner Almesberger, Buenos Aires, Argentina [EMAIL PROTECTED] / /_http://www.almesberger.net// ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] [tcng] link-quality
Hi! This is my second post in this list with this problem and I need clearing. Situation is this: My host is a WLAN Access Point (AP) and I am using one network card. The host is going to generate packets to stations and those links with good uplink to the host are going to have priority in the downlink. Incomming Information in the uplink are going to be stored and used at egress to regulate downlink traffic. Incomming packets are only information given and flow quality is within the ttl-field. > ingress (Classifying, using information in ttl-field). Packet generated from packet generator. | -->egress (regulating downlink traffic) After some tests using tcng and reading [1], [2], [3], [4], I have realised that: * I cannot use DSMARK instead of ingress, sins I only have one wireless network card (wlan0) in my host. * Using u32 filter, I dont know how to store link quality after classification in ingress. Q: Can I store the link quality in a variable/structure in ingress after classification and use this information at egress? * Using tcindex: I have to use hash-table or set_tcindex and use this information at egress. * RSVP does not scale, so my choice will be to use tcindex, where I classify flows into classes using tcindex. Is tcindex and rsvp possible solutions to this problem using tcng [5]? Or is there another better solution to this problem? [1] Leonardo Balliache http://www.opalsoft.net/qos/DS-210.htm [2] tcng Reference Manual http://linux-ip.net/gl/tcng/node165.html [3] http://almesberger.net/cv/papers.html [4] http://almesberger.net/cv/papers/dsid-01.ps.gz [5] http://linux-ip.net/gl/tcng/node165.html - Johan- ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] TCng && (wrr || esfq) ?
Anyone have acomplished this? tcc just gives syntax error :( -- pagarbiai, ArtÅras Ålajus ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] tcng ingress examples
> Hi, > I'am looking for tcng examples where ingress is used. > Please post me some (working) examples, no need for explanation. > Thank you > Alex Here is an example of ingress policing. I haven't tested this script under Linux. - Jacob dev "s0e0" { ingress { $from_c1_net = ip_src:24 == 10.10.1.0; $c1_ssh_cir = 20Mbps; $c1_ssh_pir = 30Mbps; $c1_http_cir = 120Mbps; $c1_http_pir = 200Mbps; $c1_other_cir = 60Mbps; $c1_other_pir = 100Mbps; $from_c1_ssh = $from_c1_net && tcp_sport == PORT_SSH; $c1_ssh_pol = DLB(cir $c1_ssh_cir,cbs 20kB,pir $c1_ssh_pir,pbs 5kB); class (<>) if $from_c1_ssh && DLB_ok($c1_ssh_pol); drop if $from_c1_ssh; $from_c1_http = $from_c1_net && tcp_sport == PORT_HTTP; $c1_http_pol = DLB(cir $c1_http_cir,cbs 50kB,pir $c1_http_pir,pbs 20kB); class (<>) if $from_c1_http && DLB_ok($c1_http_pol); drop if $from_c1_http; $from_c1_other = $from_c1_net; $c1_other_pol = DLB(cir $c1_other_cir,cbs 30kB,pir $c1_other_pir,pbs 20kB); class (<>) if $from_c1_other && DLB_ok($c1_other_pol); drop if $from_c1_other; /* * Second customer, etc. */ class (<>) if 1; } } ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] tcng error
hi all, below is my tcng configuration (based on wondershaper) which yields an error that i do not understand ... can't dump subexpression (if_u32.c, access expected) [==]--[&.IPv6 address]--[==]--[access]-- (none) | | | +-- 9 | | | `-- 8 | | `--[offset]--[access]-- (none) | | | +-- 2 | | | `-- 16 | | `--[<<]--[&]--[access]-- (none) | | | | +-- 0 | | | | `-- 8 | | | `-- 15 | | `-- 2 | `-- ::::::: `-- 80 can anyone comment on why this is happening? additionally, any expressions getting active/passive ftp into $medium would be greatly appreciated -- i would imagine that i have to mark in netfilter?? thanks charles here comes the config ... :-) #define DEVICE eth0 #define DOWNLINK 1024 #define UPLINK 512 #include "fields.tc" #include "ports.tc" dev DEVICE { egress { class (<$high>) if ip_proto == IPPROTO_ICMP || tcp_ACK || tcp_dport == 8080 || tcp_dport == 18082 || tcp_dport == 18083; class (<$medium>) if ip_proto == tcp_dport == 80 || tcp_dport == 25 ; class (<$low>) if 1; htb () { class (rate UPLINK kbps, burst 6kB) { $high = class (prio 1, rate UPLINK kbps) { sfq (perturb 10 sec); }; $medium = class (prio 2, rate (0.9*UPLINK) kbps) { sfq (perturb 10 sec); }; $low = class (prio 3, rate (0.8*UPLINK) kbps) { sfq (perturb 10 sec); }; } } } }
[LARTC] tcng ingress examples
Hi, I'am looking for tcng examples where ingress is used. Please post me some (working) examples, no need for explanation. Thank you Alex ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] tcng version 9i
... is on SourceForge: http://tcng.sourceforge.net/dist/tcng-9i.tar.gz md5sum 50f497a7539e4c03c5783b410b132127 See also http://tcng.sourceforge.net/ Highlights: - added support for TBF with an inner queuing discipline (Kernel >= 2.4.22 or >= 2.5.75. iproute2 doesn't change.) - added an ebuild script for Gentoo (contributed by "raptor") - cleaned up the tcsim build process a little and added a script that runs all regression tests involving tcsim on all supported kernels Here's an example for the new and improved TBF: tbf (mtu 1.5kB,limit 10kB,rate 1kBps,burst 2kB) { fifo; } (Since TBF doesn't really have classes, tcng won't let you try to specify one. Internally, it adds a class, which is also visible at the external interface.) The complete list of changes is below. - Werner --- CHANGES --- Version 9i (22-NOV-2003) - tcc now supports TBF with an inner qdisc (tests/tbfqdsyn, tests/tbfqdtc, tests/tbfqdext, tests/tbfqdrun) - removed redundant flag QDISC_HAS_DEFAULT - added build/tcng.ebuild file for Gentoo (by "raptor") - Makefile: added "gentoo" target - setup.klib no longer uses a symbolic link to the original source tree - configure: added option --no-defaults to skip loading of old config file - tcsim/Makefile.unclean tcsim/modules/Makefile: object files now depend on the config file - added scripts/minksrc.sh which extracts the files needed to build tcsim from a kernel tarball - added scripts/compatibility.sh which runs all regression tests involving tcsim for all supported kernel versions - Makefile: added "compatibility" target - "make sf-upload" now prints the MD5 message digest before uploading - configure: removed 2.4.11 kernel, which was withdrawn - configure: -k argument can be a kernel tarball - runtests.sh: added option -t to run only tests probably using tcsim - setup.klib: unconditionally defining LONG_MAX in include/linux/kernel.h broke 2.5.4 builds -- _ / Werner Almesberger, Buenos Aires, Argentina [EMAIL PROTECTED] / /_http://www.almesberger.net// ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] tcng issue
> Well--I was going to write a short answer, which would have said something > like "look at the parent of the filters". But...that wouldn't have helped > much. So here's a long-winded message about your config file and > situation. Thanks for writing the long version... > I'm going to guess that your configuration for device eth1 looks something > like this: Your guess is amazingly identical to original config file... > - Is this similar to your config file? (I only had your processed > tc output to examine, so I may have gotten it wrong.) Similar as a twin. > - Do you really want to put ( ssh ) and ( ip_tos_delay ) in the same > class? Or did you meant to put ( ssh and ip_tos_delay ) in this > class? Just curious Yes, I want... but the main reason behind migrating to tcc is trying to make the traffic control semantics to appear. The obscure tc syntax makes it very hard to know what policy is really in place. > - Why do you use "not_tcp_incoming"? Are you trying to prioritize the > ACKs? If so, just use "if tcp_ACK". (Which leads to the next > question...) Will change that. > - It looks to me as though eth1 must be on the internal interface of a > router with a few servers inside. Is this accurate? If you are > trying to shape your outbound connectivity, you may wish to review > the rules for shaping [0]. Nope. eth1 is the external interface, and is connected to a xDSL modem/router; there are no servers inside, only workstations, but the machine which is doing traffic control is also a mail server reachable from the outside. IMQ is used to get ingress traffic from eth1 in order to apply traffic control to it. > [ important (key, in fact), but repetitive prefix > "tc filter add dev eth1 parent 1:1 protocol all prio 1" > snipped ] > > tc filter add dev eth1 parent 1:1 protocol all prio 1 ... > > They are all attached to the object 1:1, which means that they won't get > called directly by a packet needing to be dequeued! Your filters are > there, though, and you'll be able to see that they are indeed installed if > you examine the filters on object 1:1, as follows: > > tc filter show dev eth1 parent 1:1 Here they are, lost in space... > Frankly, I didn't know how to deal with this "problem" when I first > started playing with tcng, so I made peace with dsmark, and now I use the > class selection path construct in my tcng configurations, which makes for > much less wrangling with tc (the command-line critter). It's not too hard > to get a kernel and iproute2 with dsmark [1]. My first draft used class selection path, but I changed it in order to easy up deployment. My understanding of the tcng docs was that both constructs were valid... is there a BugZilla for tcng ? Main issue in requiring dsmark is kernel/tools changes. For one machine it is not a problem, but for a dozen... and clients don't like getting billed for something with no direct benefit for them. Besides legacy issues, I saw that class selection path establishes an indirection thru set_tc_index. What would be the performance penalty for such a construct ? > After you have your dsmark-capable kernel you need only have a "tc" which > groks dsmark. Many distributions provide modular dsmark support; you can > simply type "modprobe sch_dsmark && modprobe cls_tcindex". We usually rebuild the kernel from original sources... it seems that our defaults also include modular suport for dsmark. > Now, try something like the class selection path example [2], and jump for > joy! Now you can use language constructs that are far more understandable > to humans, and let tcng (tcc) do the heavy lifting. That's the idea. > Suddenly traffic control isn't hard at all! It solves syntax issues, but there is the real ones out there... > * To others reading this list! If you post a question about a tcng >config, please post your tcng config file. The tc-style output can >easily be generated with a working tcc. Thank you! Ooops, I saw few questions regarding tcng and thought it would be a limitation. May be a tcc CGI would be handy ? Thanks a lot. Rubens ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] tcng issue
Hello Rubens, Well--I was going to write a short answer, which would have said something like "look at the parent of the filters". But...that wouldn't have helped much. So here's a long-winded message about your config file and situation. : After migrating a tc-based script to tcc (from the tcng package), we : are having a filter issue. The script generated by tcc with tc commands : is not configuring the tc filters; "tc filter show" results in none : after the script is run, although no error message is generated from : the "tc filter add". Classes and qdiscs seem to be ok. I tried to rebuild your configuration (or something darned close), but I don't know what idiomatic constructs you might have used. The output from the config file below is the same as the output you posted, although the source may be different.* I'm going to guess that your configuration for device eth1 looks something like this: dev eth1 { /* begin deviceeth1 */ htb { /* begin HTB qdisc */ class ( rate 128 kbps, burst 6144 B ) { /* begin HTB root class */ class ( rate 32 kbps, ceil 96 kbps, burst 6144 B, prio 1 ) if not_tcp_incoming if tcp_dport == PORT_SSH if ip_tos == 0x10 { /* begin class for SSH */ sfq ( perturb 10 s ); } /* end class for SSH */ class ( rate 32 kbps, ceil 32 kbps, burst 6144 B, prio 1 ) if tcp_dport == PORT_SMTP { /* begin class for SMTP */ sfq ( perturb 10 s ); } /* end class for SMTP */ class ( rate 32 kbps, ceil 32 kbps, burst 6144 B, prio 1 ) if tcp_dport == PORT_HTTP { /* begin inner HTB class */ sfq ( perturb 10 s ); } /* end inner HTB class */ class ( rate 32 kbps, ceil 64 kbps, burst 6144 B, prio 2 ) if ip_proto == IPPROTO_TCP { /* begin inner HTB class */ sfq ( perturb 10 s ); } /* end inner HTB class */ } /* end root HTB class */ } /* end HTB qdisc */ } /* end deviceeth1 */ This is not a bad tcng config file, but I have some questions about it. - Is this similar to your config file? (I only had your processed tc output to examine, so I may have gotten it wrong.) - Do you really want to put ( ssh ) and ( ip_tos_delay ) in the same class? Or did you meant to put ( ssh and ip_tos_delay ) in this class? Just curious - Why do you use "not_tcp_incoming"? Are you trying to prioritize the ACKs? If so, just use "if tcp_ACK". (Which leads to the next question...) - It looks to me as though eth1 must be on the internal interface of a router with a few servers inside. Is this accurate? If you are trying to shape your outbound connectivity, you may wish to review the rules for shaping [0]. [ important (key, in fact), but repetitive prefix "tc filter add dev eth1 parent 1:1 protocol all prio 1" snipped ] : handle 3:0:0 u32 divisor 1 : u32 match u8 0x6 0xff at 9 offset at 0 mask 0f00 shift 6 eat link 3:0:0 : handle 3:0:1 u32 ht 3:0:0 match u16 0x16 0x at 2 classid 1:2 : u32 match u8 0x6 0xff at 9 match u8 0x10 0xff at 1 classid 1:2 A bit of ssh, eh? And low delay? : handle 4:0:0 u32 divisor 1 : u32 match u8 0x6 0xff at 9 offset at 0 mask 0f00 shift 6 eat link 4:0:0 : handle 4:0:1 u32 ht 4:0:0 match u16 0x19 0x at 2 classid 1:3 And some SMTP. : handle 5:0:0 u32 divisor 1 : u32 match u8 0x6 0xff at 9 offset at 0 mask 0f00 shift 6 eat link 5:0:0 : handle 5:0:1 u32 ht 5:0:0 match u16 0x50 0x at 2 classid 1:4 And a bit of HTTP. : Any hints ? But, of course! Back up from tcng for a moment and look at the command-line (tc-style) output again, and notice where all of the filters are rooted. tc filter add dev eth1 parent 1:1 protocol all prio 1 ... They are all attached to the object 1:1, which means that they won't get called directly by a packet needing to be dequeued! Your filters are there, though, and you'll be able to see that they are indeed installed if you examine the filters on object 1:1, as follows: tc filter show dev eth1 parent 1:1 Frankly, I didn't know how to deal with this "problem" when I first started playing with tcng, so I made peace with dsmark, and now I use the class selection path construct in my tcng configurations, which makes for much less wrangling with tc (the command-line critter). It's not too hard to get a kernel and iproute2 with dsmark [1]. After you have your dsmark-capable kernel you need
[LARTC] tcng issue
Hi. After migrating a tc-based script to tcc (from the tcng package), we are having a filter issue. The script generated by tcc with tc commands is not configuring the tc filters; "tc filter show" results in none after the script is run, although no error message is generated from the "tc filter add". Classes and qdiscs seem to be ok. This is the output of tcc: tc qdisc del dev eth1 root # Device eth1 tc qdisc add dev eth1 handle 1:0 root htb tc class add dev eth1 parent 1:0 classid 1:1 htb rate 16000bps burst 6144 tc class add dev eth1 parent 1:1 classid 1:2 htb rate 4000bps ceil 12000bps burst 6144 prio 1 tc qdisc add dev eth1 handle 2:0 parent 1:2 sfq perturb 10 tc class add dev eth1 parent 1:1 classid 1:3 htb rate 4000bps ceil 4000bps burst 6144 prio 1 tc qdisc add dev eth1 handle 3:0 parent 1:3 sfq perturb 10 tc class add dev eth1 parent 1:1 classid 1:4 htb rate 4000bps ceil 4000bps burst 6144 prio 1 tc qdisc add dev eth1 handle 4:0 parent 1:4 sfq perturb 10 tc class add dev eth1 parent 1:1 classid 1:5 htb rate 4000bps ceil 8000bps burst 6144 prio 2 tc qdisc add dev eth1 handle 5:0 parent 1:5 sfq perturb 10 tc filter add dev eth1 parent 1:1 protocol all prio 1 handle 1:0:0 u32 divisor 1 tc filter add dev eth1 parent 1:1 protocol all prio 1 u32 match u8 0x6 0xff at 9 offset at 0 mask 0f00 shift 6 eat link 1:0:0 tc filter add dev eth1 parent 1:1 protocol all prio 1 handle 1:0:1 u32 ht 1:0:0 match u8 0x0 0x2 at 13 classid 1:2 tc filter add dev eth1 parent 1:1 protocol all prio 1 handle 2:0:0 u32 divisor 1 tc filter add dev eth1 parent 1:1 protocol all prio 1 u32 match u8 0x6 0xff at 9 offset at 0 mask 0f00 shift 6 eat link 2:0:0 tc filter add dev eth1 parent 1:1 protocol all prio 1 handle 2:0:1 u32 ht 2:0:0 match u8 0x10 0x10 at 13 classid 1:2 tc filter add dev eth1 parent 1:1 protocol all prio 1 handle 3:0:0 u32 divisor 1 tc filter add dev eth1 parent 1:1 protocol all prio 1 u32 match u8 0x6 0xff at 9 offset at 0 mask 0f00 shift 6 eat link 3:0:0 tc filter add dev eth1 parent 1:1 protocol all prio 1 handle 3:0:1 u32 ht 3:0:0 match u16 0x16 0x at 2 classid 1:2 tc filter add dev eth1 parent 1:1 protocol all prio 1 u32 match u8 0x6 0xff at 9 match u8 0x10 0xff at 1 classid 1:2 tc filter add dev eth1 parent 1:1 protocol all prio 1 handle 4:0:0 u32 divisor 1 tc filter add dev eth1 parent 1:1 protocol all prio 1 u32 match u8 0x6 0xff at 9 offset at 0 mask 0f00 shift 6 eat link 4:0:0 tc filter add dev eth1 parent 1:1 protocol all prio 1 handle 4:0:1 u32 ht 4:0:0 match u16 0x19 0x at 2 classid 1:3 tc filter add dev eth1 parent 1:1 protocol all prio 1 handle 5:0:0 u32 divisor 1 tc filter add dev eth1 parent 1:1 protocol all prio 1 u32 match u8 0x6 0xff at 9 offset at 0 mask 0f00 shift 6 eat link 5:0:0 tc filter add dev eth1 parent 1:1 protocol all prio 1 handle 5:0:1 u32 ht 5:0:0 match u16 0x50 0x at 2 classid 1:4 tc filter add dev eth1 parent 1:1 protocol all prio 1 u32 match u8 0x6 0xff at 9 classid 1:5 tc filter add dev eth1 parent 1:1 protocol all prio 1 u32 match u32 0x0 0x0 at 0 classid 1:2 tc qdisc del dev imq0 root # Device imq0 tc qdisc add dev imq0 handle 1:0 root htb tc class add dev imq0 parent 1:0 classid 1:1 htb rate 32000bps burst 6144 tc class add dev imq0 parent 1:1 classid 1:2 htb rate 8000bps ceil 32000bps burst 6144 prio 1 tc qdisc add dev imq0 handle 2:0 parent 1:2 sfq perturb 10 tc class add dev imq0 parent 1:1 classid 1:3 htb rate 8000bps ceil 32000bps burst 6144 prio 1 tc qdisc add dev imq0 handle 3:0 parent 1:3 sfq perturb 10 tc class add dev imq0 parent 1:1 classid 1:4 htb rate 8000bps ceil 32000bps burst 6144 prio 2 tc qdisc add dev imq0 handle 4:0 parent 1:4 sfq perturb 10 tc class add dev imq0 parent 1:1 classid 1:5 htb rate 8000bps ceil 32000bps burst 6144 prio 2 tc qdisc add dev imq0 handle 5:0 parent 1:5 sfq perturb 10 tc filter add dev imq0 parent 1:1 protocol all prio 1 handle 1:0:0 u32 divisor 1 tc filter add dev imq0 parent 1:1 protocol all prio 1 u32 match u8 0x6 0xff at 9 offset at 0 mask 0f00 shift 6 eat link 1:0:0 tc filter add dev imq0 parent 1:1 protocol all prio 1 handle 1:0:1 u32 ht 1:0:0 match u8 0x0 0x2 at 13 classid 1:2 tc filter add dev imq0 parent 1:1 protocol all prio 1 handle 2:0:0 u32 divisor 1 tc filter add dev imq0 parent 1:1 protocol all prio 1 u32 match u8 0x6 0xff at 9 offset at 0 mask 0f00 shift 6 eat link 2:0:0 tc filter add dev imq0 parent 1:1 protocol all prio 1 handle 2:0:1 u32 ht 2:0:0 match u8 0x10 0x10 at 13 classid 1:2 tc filter add dev imq0 parent 1:1 protocol all prio 1 u32 match u8 0x6 0xff at 9 match u8 0x10 0xff at 1 classid 1:2 tc filter add dev imq0 parent 1:1 protocol all prio 1 handle 3:0:0 u32 divisor 1 tc filter add dev imq0 parent 1:1 protocol all prio 1 u32 match u8 0x6 0xff at 9 offset at 0 mask 0f00 shift 6 eat link 3:0:0 tc filter add dev imq0 parent 1:1 pr
[LARTC] [tcng] nfmark & if
hi there, will the following config work : class (<$class1>) if nfmark == VALUE && $condition1; class (<$class2>) if $condition1; class (<$class3>) if nfmark == VALUE && $condition2; class (<$class4>) if $condition2; class (<$class5>) if nfmark == VALUE && $condition3; class (<$class6>) if $condition3; .. tia ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] tcng version 9h
Hi, I tried compiled tcng withj HTB support using a vanilla 2.4.22 Linux Kernel. I downloaded iproute2 and the HTB patch from the locations suggested in the README file that comes with tcng. After compilation, some tests fail doing a 'make test'. For the first test, I used gcc 2.95.4 and gcc-3.0 (debian woody), and a test fails: http://www.geocities.com/arhuaco/post/tcng-9hlog-debian-woody.txt For the second one, I used gcc 3.3.2 (Debian - Knoppix 3.3), and it failed in a different way. http://www.geocities.com/arhuaco/post/tcng-9hlog-knoppix-3.3.txt The Knoppix kernel is not a vanilla kernel, but by reading tests/README I think it doesn't matter for the tests. Well, I'd like to know if I'm doing something wrong. Regards, Nelson.- >Quoting Werner Almesberger (Fri, 7 Nov 2003 00:20:47 -0300 : >(snip ... ) > .. is on SourceForge: > http://tcng.sourceforge.net/dist/tcng-9h.tar.gz > md5sum 9b7c520f92b312a5a00da12bad35f57d >(snip ... ) -- http://geocities.com/arhuaco The first principle is that you must not fool yourself and you are the easiest person to fool. -- Richard Feynman. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] tcng version 9h
... is on SourceForge: http://tcng.sourceforge.net/dist/tcng-9h.tar.gz md5sum 9b7c520f92b312a5a00da12bad35f57d See also http://tcng.sourceforge.net/ This release upgrades to the current 2.4 kernels, fixes a few minor glitches in the build system, and adds the options --no-manual and --with-manual to configure, so that tcng can be build without the documentation (also, configure uses --no-manual if it can't find latex or dvips). The complete list of changes is below. - Werner --- CHANGES --- Version 9h (7-NOV-2003) --- - tcc/ext/Makefile: dependencies now only include .c files compiled in that directory, removing a warning when building RPMs - split tcsim/Makefile into Makefile.unclean and Makefile.clean to avoid rebuilding klib and ulib when cleaning up after configuration changes - configure is compatible with 2.4.22 and 2.4.23 (pre-release, tested with 2.4.23-pre9) - setup.klib generates linux/smp.h needed for 2.4.22 - tcsim/trace.c and tcsim/modules/sch_discard.c adjust ..._drop prototype for interface change in 2.4.22 - setup.klib clears LANG before using sed on [^ -~] - setup.klib adds "err" and "error_report" members to "struct sock" in af_netlink.c (for 2.4.23) - updated kernel version example in tcng/README from 2.4.21 to 2.4.22 - configure: added options --no-manual and --with-manual (abbreviations -m and -M) to allow building tcng with or without the documentation (suggested by "raptor") - configure: automatically assumes --no-manual if either latex or dvips is not in the PATH -- _ / Werner Almesberger, Buenos Aires, Argentina [EMAIL PROTECTED] / /_http://www.almesberger.net// ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] tcng version 9g
... is on SourceForge: http://tcng.sourceforge.net/dist/tcng-9g.tar.gz md5sum 63ef58e3d3c2cf5298524fb174168681 See also http://tcng.sourceforge.net/ Yes, it's been an eternity since the last release, sorry. I'm obviously having too much fun with umlsim :-) This one starts a round of catch-up releases by fixing a few minor bugs. The next release will add compatibility with more recent 2.4 kernels (of course, tcc should also work on 2.5/2.6), and then there will be one with some new stuff I've accumulated. The complete list of changes is below. - Werner --- CHANGES --- Version 9g (6-NOV-2003) --- - tcsim leaked memory for variable names (fixed by Dimitry Ketov) - tcsim now frees commands after execution (based on a patch by Dimitry Ketov) - tcsim -c freed command variables on each access (tests/tcng-9g) - scripts/runtests.sh: the -c option had no effect and was not mentioned in the usage - changed "tree color meter" to "three color meter" in documentation (fixed by Martin A. Brown) -- _ / Werner Almesberger, Buenos Aires, Argentina [EMAIL PROTECTED] / /_http://www.almesberger.net// ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] tcng newie
> I get this: > > Unknown qdisc "dsmark", hence option "indices" is unparsable > > I looked for some information on the net and found that many people say > that TC_CONFIG_DIFFSERV should be set to "y" in iproute/Config . ... > > What's wrong here?! What should I do?:( PLEASE HELP! :) Your "tc" binary doesn't support the "dsmark" option. You need to recompile iproute2 from source and change that Config file in the source tgz before you compile. Unfourtenatelly it might fail to compile, and then I dont have an answer for you. I've been struggling to compile iproute2 on my Slackware-9.1/kernel-2.4.22 box, searched google.com and I didn't find a sollution that would work :( YMMV -- Damjan Georgievski jabberID: [EMAIL PROTECTED] ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] tcng newie
Hi everyone!!! This is my first post here... I have a problem and I'd like to know if someone here could help me. I kinda new to traffic control. I have practically no idea about it. I'm trying to learn about it now. I want to use htb to priorize some kinds of packets. I copied some scpripts from a howto about traffic control and htb. I'm trying to use tcng... The thing is that when I run this line: tc qdisc add dev eth0 handle 1:0 root dsmark indices 8 default_index 0 I get this: Unknown qdisc "dsmark", hence option "indices" is unparsable I looked for some information on the net and found that many people say that TC_CONFIG_DIFFSERV should be set to "y" in iproute/Config . I searched "iproute" in my hard drive and didn't find anything. I did find /etc/iproute2...but this directory only has 4 or 5 files and none of them is called Config or somehting like that. I'm using SuSE 8.2 and I checked and found out that iproute2 is installed (it shows on yast) What's wrong here?! What should I do?:( PLEASE HELP! :) Marcelo ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] TCNG building problems...help
]- try to build w/o tcsim, (if u need it u will have to find a solution then :")) i.e. ./configure --no-tcsim make make test |Hi, | |I downloaded the latest tcng release, however am having problems to |build it.below are the kind of error messages am getting. Do u people |have a clue as to why this is happening ? | | | |Thanks in advance | | | |=- | |- | |- | |- | |- | |make[3]: Entering directory |`/home/joolia/tcnge/tcng/tcsim/ulib/iproute2/lib' | |gcc -D_GNU_SOURCE -O2 -Wstrict-prototypes -Wall -Werror -g |-I../include-glibc -include ../include-glibc/glibc-bugs.h |-I/home/joolia/tcnge/tcng/tcsim/klib/include -I../include |-DRESOLVE_HOSTNAMES -c -o ll_map.o ll_map.c | |gcc -D_GNU_SOURCE -O2 -Wstrict-prototypes -Wall -Werror -g |-I../include-glibc -include ../include-glibc/glibc-bugs.h |-I/home/joolia/tcnge/tcng/tcsim/klib/include -I../include |-DRESOLVE_HOSTNAMES -c -o libnetlink.o libnetlink.c | |libnetlink.c: In function `rtnl_dump_filter': | |libnetlink.c:130: warning: comparison between signed and unsigned | |libnetlink.c: In function `rtnl_talk': | |libnetlink.c:227: warning: comparison between signed and unsigned | |libnetlink.c:253: warning: comparison between signed and unsigned | |libnetlink.c: In function `rtnl_listen': | |libnetlink.c:329: warning: comparison between signed and unsigned | |libnetlink.c: In function `rtnl_from_file': | |libnetlink.c:394: warning: comparison between signed and unsigned | |libnetlink.c: In function `addattr32': | |libnetlink.c:421: warning: comparison between signed and unsigned | |libnetlink.c: In function `addattr_l': | |libnetlink.c:436: warning: comparison between signed and unsigned | |make[3]: *** [libnetlink.o] Error 1 | |make[3]: Leaving directory |`/home/joolia/tcnge/tcng/tcsim/ulib/iproute2/lib' | |make[2]: *** [iproute2/lib/libnetlink.a] Error 2 | |make[2]: Leaving directory `/home/joolia/tcnge/tcng/tcsim/ulib' | |make[1]: *** [ulib/ulib.o] Error 2 | |make[1]: Leaving directory `/home/joolia/tcnge/tcng/tcsim' | |make: *** [all] Error 1 | | | | | | | | ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] TCNG building problems...help
Hi, I downloaded the latest tcng release, however am having problems to build it…below are the kind of error messages am getting. Do u people have a clue as to why this is happening ? Thanks in advance =- - - - - make[3]: Entering directory `/home/joolia/tcnge/tcng/tcsim/ulib/iproute2/lib' gcc -D_GNU_SOURCE -O2 -Wstrict-prototypes -Wall -Werror -g -I../include-glibc -include ../include-glibc/glibc-bugs.h -I/home/joolia/tcnge/tcng/tcsim/klib/include -I../include -DRESOLVE_HOSTNAMES -c -o ll_map.o ll_map.c gcc -D_GNU_SOURCE -O2 -Wstrict-prototypes -Wall -Werror -g -I../include-glibc -include ../include-glibc/glibc-bugs.h -I/home/joolia/tcnge/tcng/tcsim/klib/include -I../include -DRESOLVE_HOSTNAMES -c -o libnetlink.o libnetlink.c libnetlink.c: In function `rtnl_dump_filter': libnetlink.c:130: warning: comparison between signed and unsigned libnetlink.c: In function `rtnl_talk': libnetlink.c:227: warning: comparison between signed and unsigned libnetlink.c:253: warning: comparison between signed and unsigned libnetlink.c: In function `rtnl_listen': libnetlink.c:329: warning: comparison between signed and unsigned libnetlink.c: In function `rtnl_from_file': libnetlink.c:394: warning: comparison between signed and unsigned libnetlink.c: In function `addattr32': libnetlink.c:421: warning: comparison between signed and unsigned libnetlink.c: In function `addattr_l': libnetlink.c:436: warning: comparison between signed and unsigned make[3]: *** [libnetlink.o] Error 1 make[3]: Leaving directory `/home/joolia/tcnge/tcng/tcsim/ulib/iproute2/lib' make[2]: *** [iproute2/lib/libnetlink.a] Error 2 make[2]: Leaving directory `/home/joolia/tcnge/tcng/tcsim/ulib' make[1]: *** [ulib/ulib.o] Error 2 make[1]: Leaving directory `/home/joolia/tcnge/tcng/tcsim' make: *** [all] Error 1
[LARTC] [tcng] is there a way to not build the DOCS ?
is there way to not build DOCS ? when doing 'make', 'make install' or better specify in ./configure step.. I'm not in .rpm distro how to exclude this from the installation process too... !? tia make[1]: Leaving directory `/var/tmp/portage/tcng-9f/work/tcng/doc' make[1]: Entering directory `/var/tmp/portage/tcng-9f/work/tcng/build' sed 's/\$VERSION/'`cat ../VERSION`'/g;s|\$PWD|'`pwd`\|g \ tcng.spec || { rm -f tcng.spec; exit 1; } sed 's/\$VERSION/'`cat ../VERSION`'/g;s|\$PWD|g'`pwd`\| \ tcsim.spec || { rm -f tcsim.spec; exit 1; } echo "macrofiles: `rpm --showrc | \ sed '/^macrofiles .*: /s///p;d'`:`pwd`/rpmmacros" >rpmrc /bin/sh: line 1: rpm: command not found echo "%_topdir `pwd`/../rpm" >rpmmacros { . ../config; while read l; do eval echo $l; done; } \ valgrind.supp make[1]: Leaving directory `/var/tmp/portage/tcng-9f/work/tcng/build' ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] tcng version 9f
... is on SourceForge: http://tcng.sourceforge.net/dist/tcng-9f.tar.gz md5sum 28ff5fdd6e63ef1895728d20f660f0a1 (See also http://tcng.sourceforge.net/) This just is the upgrade for 2.4.21-final compatibility. It also fixes some things that broke tcsim builds with some old kernels. The complete list of changes is below. - Werner --- CHANGES --- Version 9f (19-JUN-2003) - updated kernel version example in tcng/README from 2.4.20 to 2.4.21 - setup.klib is now compatible with 2.4.21 (final release) (by Dimitry Ketov) - fixed setup.klib compatibility with old kernels, like 2.4.3 -- _ / Werner Almesberger, Buenos Aires, Argentina [EMAIL PROTECTED] / /_http://www.almesberger.net// ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] [tcng+htb] dsmark_dequeue: unsupported protocol 2054
i use redhat 8.0 (kernel 2.4.20-13.8) with iproute2-2.4.7-now-ss020116.try and tcng-9e i patched iproute2 and tc with the htb3.6-020525-patch from http://luxik.cdi.cz/~devik/qos/htb/ everything is working fine apart from the annoying error message: dsmark_dequeu: unsupported protocol 2054 i read in the artchive http://mailman.ds9a.nl/pipermail/lartc/2002q3/004855.html that this derives from ARP. in my tcng-config there is a line: /* Best Effort */ class (<$be>,mask 0, value 0x00) if 1; is this the reason for the error message because dsmark tries to remark the ARP-packet? how can i avoid this? regards martin ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] [tcng] tcng <-> class/qdisc id ?
hi, I see that tcc need some time and a processor power to generate the TC commands, my question is : - If I generate Location maps ("tcc -l tcc.conf") on different computer will the elemets match ? i.e. What I want is to generate location map on different computer, (so that I can to see which class-id from which part of my tcc-configuration was generated).. and I want to separate this 'cause it is time consuming and hog the CPU ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] tcng/tcsim - Can't simulate my script using HTB
On Monday 02 June 2003 14:20, Augusto Miranda Martins wrote: > I've got a tcng script where I use the HTB qdisc, when > I try to simulate it via tcsim, it print's out the > message: > > qdisc htb not found > > Does tcsim support HTB? > > When I'm using CBQ instead of HTB it presents no error > messages and do the simulation properly. Have you htb support in the kernel? Stef -- [EMAIL PROTECTED] "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.oftc.net ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] tcng/tcsim - Can't simulate my script using HTB
I've got a tcng script where I use the HTB qdisc, when I try to simulate it via tcsim, it print's out the message: qdisc htb not found Does tcsim support HTB? When I'm using CBQ instead of HTB it presents no error messages and do the simulation properly. Thanks, Augusto. ___ Yahoo! Mail Mais espaço, mais segurança e gratuito: caixa postal de 6MB, antivírus, proteção contra spam. http://br.mail.yahoo.com/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] [tcng] ip-range
> Message: 10 > Date: Sat, 15 Mar 2003 01:28:01 +0200 > From: raptor <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: [LARTC] [tcng] ip-range > > Is there a way in tcng to specify range instead a list of addresses, what I mean > instead : > > drop if (ip_src == 192.168.0.2 || ip_src == 192.168.0.3 || ip_src == 192.168.0.4 || > ip_src == 192.168.0.5); > > may be : > > drop if (ip_src == 192.168.0.2 .. 192.168.0.5); > drop if (ip_src == 192.168.0.2 - 192.168.0.5); > > or better : > > drop if (ip_src == 192.168.0.2-5); > > How about: drop if (ip_src >= 192.168.0.2 && ip_src <= 192.168.0.5); - Jacob ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Subject: [LARTC] [tcng] X:Y to tcng corespondence !
> Message: 8 > Date: Fri, 14 Mar 2003 21:49:49 +0200 > From: raptor <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: [LARTC] [tcng] X:Y to tcng corespondence ! > > Is there a easy way that I to get class-id<->tcng-class-path conversation > and vs. versa.. > > --__--__-- There are couple files can be created by tcc: # cat a.tc dev "s0e0" { egress { drop if ip_proto == 30; class (<>) if 1; } } dev "s1e0" { egress { drop if vlan_id == 0; class (<>) if 1; } } # cat tcc_map device s0e0 - a.tc 1 qdisc s0e0:1 - a.tc 2 class s0e0:1:0 - a.tc 4 qdisc s0e0:2 - a.tc 2 filter s0e0:1::1 - a.tc 2 element s0e0:1::1:0 - a.tc 3 element s0e0:1::1:1 - a.tc 5 device s1e0 - a.tc 8 qdisc s1e0:1 - a.tc 9 class s1e0:1:0 - a.tc 11 qdisc s1e0:2 - a.tc 9 filter s1e0:1::1 - a.tc 9 element s1e0:1::1:0 - a.tc 10 element s1e0:1::1:1 - a.tc 12 # cat var_file { device s0e0 { qdisc s0e0:1 } } { device s1e0 { qdisc s1e0:1 } } - Jacob ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] [tcng] ip-range
Is there a way in tcng to specify range instead a list of addresses, what I mean instead : drop if (ip_src == 192.168.0.2 || ip_src == 192.168.0.3 || ip_src == 192.168.0.4 || ip_src == 192.168.0.5); may be : drop if (ip_src == 192.168.0.2 .. 192.168.0.5); drop if (ip_src == 192.168.0.2 - 192.168.0.5); or better : drop if (ip_src == 192.168.0.2-5); ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] [tcng] X:Y to tcng corespondence !
Is there a easy way that I to get class-id<->tcng-class-path conversation and vs. versa.. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] [tcng] avoiding dsmark; help with nested classifiers
Hello all, Pardon the long mail, I'll accept flames if I have irritated anybody. Here are three snippets of different ways to approach a tcng configuration. Unfortunately, I must not quite understand tcng syntax I could work around it, build a new kernel and so forth, but I'm curious about this behaviour of tcng. It almost strikes me as "by-design" or a feature of the language--I'd just like to understand why this is happening, and if there is a way I can solve my conundrum! Intended goal: - support nested HTB classes; top level class to limit total bandwidth, - add internal classes to limit (and isolate) certain types of traffic. - use tcng; much more readable (Thank goodness!) Working example (simpler than reality...lab/test sort of thing) has all filters attached to 1:0, and traffic is divided up roughly like this (see example): - class 1:1 HTB ( rate = ceil = 1544k ) - class 1:2 ( rate = 128k, ceil = 512k ), interactive traffic - class 1:3 ( rate = 512k, ceil = 1544k ), bulk (mail/web/scp) - class 1:4 ( rate = 128k, ceil = 768k ), default If I use the tcng class selection path construct (see Example #1), I'll need support for dsmark in my kernel, and being a lazy admin, I'd rather work around this requirement This was not unexpected, since Werner clearly outlined the requirement of dsmark support on this very list (if not elsewhere): http://mailman.ds9a.nl/pipermail/lartc/2002q3/004504.html If I put my classifiers in the internal classes (1:2, 1:3, 1:4) (see Example #2), then the filters are attached to parent 1:1, which means that they never get called. This is intuitive given the syntax and structure of the tcng language. My clever workaround failed miserably, however, when I tried to select all IP packets with TCP segments in class 1:1 the class closest to the root (see Example #3). I'm not sure what to make of this. My questions: - How can I nest classes with filters without using dsmark? - Am I overlooking a very simple solution? - What section of the manual should I re-read? - Anybody have an example of nested HTB classes or CBQ classes without dsmark or class selection path? Thanks in advance, -Martin # -- Example #1 class selection path; requires dsmark kernel support # #include "fields.tc" #include "ports.tc" # dev eth0 { egress { class ( <$ssh> ) if tcp_sport == 22 || ip_tos_delay == 1 ; class ( <$bulk> ) if tcp_sport == 22 || tcp_dport == 80 ; class ( <$other> ) if 1 ; htb () { class ( rate 1544kbps, ceil 1544kbps ) { $ssh = class ( rate 128kbps, ceil 512kbps ) ; $bulk = class ( rate 512kbps, ceil 1544kbps ) ; $other = class ( rate 128kbps, ceil 768kbps ) ; } } } } # # -- most output suppressed...; word wrapped/shell escaped for #readability # $ tcc lartc-example-1.tcc | grep filter | head -4 tc filter add dev eth0 parent 2:0 protocol all \ prio 1 tcindex mask 0x3 shift 0 tc filter add dev eth0 parent 2:0 protocol all \ prio 1 handle 3 tcindex classid 2:4 tc filter add dev eth0 parent 2:0 protocol all \ prio 1 handle 2 tcindex classid 2:3 tc filter add dev eth0 parent 2:0 protocol all \ prio 1 handle 1 tcindex classid 2:2 # <-- more lines of "tc filter" would have been here --> # -- Example #2; all tc filter commands attach to parent 1:1 # #include "fields.tc" #include "ports.tc" # dev eth0 { htb { class ( rate 1544kbps, ceil 1544kbps ) { class ( rate 128kbps, ceil 512kbps ) \ if tcp_dport == 22 && ip_tos_delay == 1 { sfq ( perturb 10s ); } class ( rate 512kbps, ceil 1544kbps ) \ if tcp_dport == 25 || tcp_dport == 80 { sfq ( perturb 10s ); } class ( rate 128kbps, ceil 768kbps ) { sfq ( perturb 10s ); } } } } # # -- word wrapped/shell escaped for readability # $ tcc lartc-example-2.tcc | grep filter | head -4 tc filter add dev eth0 parent 1:1 protocol all prio 1 \ handle 1:0:0 u32 divisor 1 tc filter add dev eth0 parent 1:1 protocol all prio 1 \ u32 match u8 0x6 0xff at 9 offset at 0 mask 0f00 \ shift 6 eat link 1:0:0 tc filter add dev eth0 parent 1:1 protocol all prio 1 \ handle 1:0:1 u32 ht 1:0:0 match u16 0x16 0x at 2 \ match u8 0x10 0x10 at 1 classid 1:2 tc filter add dev eth0 parent 1:1 protocol all prio 1 \ handle 2:0:0 u32 divisor 1 # -- Example #3; differs from #2 in line 3, "if ip_proto == IPPROTO_TCP" #only one tc filter command appears in output--filter command for #selecting IP packets with TCP segments # #include "fields.tc" #include "ports.tc" # dev eth0 { htb { class ( rate 1544kbps, ceil 1544kbps ) if ip_proto == IPPROTO_TCP { class ( rate 128kbps, ceil 512kbps ) \ if tcp_dport == 22 && ip_tos_delay == 1 { sfq ( perturb 10s ); } class ( rate 512kbps, ceil 1544kbps ) \ if tcp_dport == 25 || tcp_dport == 80 { sfq ( perturb 10s ); } class ( rate 128k
Re: [LARTC] [tcng] specifing interface in IF ?!
I was reading the some of the post and idea comes to my mind... If I mark the packets incoming from some interface with iptables and then use this mark for classifing in tcng.. (I see there is "fw"-classifier in tcng language, dont know how to use it...). Did u tried something like this.. Jacob Teplitsky <[EMAIL PROTECTED]> wrote: | |> Subject: [LARTC] [tcng] specifing interface in IF ?! |> |> does anyone know how can I make class-path based on interface from which the packet comes ?! | |We implemented something like this: |dev "s0e0" { |ingress { |class (<>,set_color(GREEN)) |if tcp_dport == PORT_HTTP; |class (<>,set_color(YELLOW)) |if tcp_dport == PORT_SMTP; |class (<>,set_color(RED)) |if 1; |} |} | |dev "s1e0" { |egress { |class (<>,set_dscp(0x12)) |if color == GREEN; |class (<>,set_dscp(0x23)) |if color == YELLOW; |class (<>,set_dscp(0x34)) |if color == RED; |drop if 1; /* not reached */ | |fifo; |} |} | |but you can't do this with tcng-tc. | |- Jacob |___ |LARTC mailing list / [EMAIL PROTECTED] |http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ | ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] TCNG fw classifier question
[EMAIL PROTECTED] [EMAIL PROTECTED] wrote: >I think I must have the syntax wrong for using the firewall classifier >in TCNG. Can anyone offer any suggestions for what I am doing wrong. >Details below... I am answering my own question here in hopes that anyone reading the archive might benefit. Working syntax is below: dev eth0 { htb (rate 128kbps, ceil 150kbps ) { $c1 = class { htb (rate 100kbps, ceil 120kbps ) { class if 1 { sfq(perturb 10secs); } } }; $c2 = class { htb (rate 50kbps, ceil 60kbps ) { class if 1 { sfq(perturb 10secs); } } }; fw { class $c1 on (1); class $c2 on (2); } } } ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] TCNG fw classifier question
I think I must have the syntax wrong for using the firewall classifier in TCNG. Can anyone offer any suggestions for what I am doing wrong. Details below... #include "packet.def" dev eth0 10 { htb (rate 128kbps, ceil 150kbps ) { fw; class (0x100) { htb (rate 100kbps, ceil 120kbps ) { class if 1 { sfq(perturb 10secs); } } } class (0x200) { htb (rate 50kbps, ceil 60kbps ) { class if 1 { sfq(perturb 10secs); } } } } } send nfmark=0x100 TCP_PCK() send nfmark=0x200 TCP_PCK() end Invoked with tcsim -v -v -v test3.tcsim. You can see in the resulting simulation run that the packet never makes it to the queues I had intended, namely the sfqs. .00 T : qdisc add dev eth0 handle 1:0 root htb 0.00 T : class add dev eth0 parent 1:0 classid 1:100 htb rate 16000bps ceil 18750bps 0.00 T : qdisc add dev eth0 handle 2:0 parent 1:100 htb 0.00 T : class add dev eth0 parent 2:0 classid 2:1 htb rate 12500bps ceil 15000bps 0.00 T : qdisc add dev eth0 handle 3:0 parent 2:1 sfq perturb 10 0.00 T : filter add dev eth0 parent 2:0 protocol all prio 1 u32 match u32 0x0 0x0 at 0 classid 2:1 0.00 T : class add dev eth0 parent 1:0 classid 1:200 htb rate 16000bps ceil 18750bps 0.00 T : qdisc add dev eth0 handle 4:0 parent 1:200 htb 0.00 T : class add dev eth0 parent 4:0 classid 4:1 htb rate 6250bps ceil 7500bps 0.00 T : qdisc add dev eth0 handle 5:0 parent 4:1 sfq perturb 10 0.00 T : filter add dev eth0 parent 4:0 protocol all prio 1 u32 match u32 0x0 0x0 at 0 classid 4:1 0.00 T : filter add dev eth0 parent 1:0 protocol all prio 1 fw 0.00 E : 0x80ced10 60 : eth0: 453c 4000 0a01 121a006a 4500 4006 0a01 121a006a 5000 0.00 e : 0x80ced10 60 : <0> calling htb (1:0) 0.00 c : 0x80ced10 60 : <1> calling fw at 1:0, prio 0x0001 0.00 c : 0x80ced10 60 : <1> fw at 1:0 returns OK (0) (0:100, 0x0) 0.00 e : 0x80ced10 60 : <0> htb (1:0) returns SUCCESS (0) 0.00 d : 0x0 0 : <0> calling htb (1:0) 0.00 d : 0x80ced10 60 : <0> htb (1:0) 0.00 D : 0x80ced10 60 : eth0: 453c 4000 0a01 121a006a 4500 4006 0a01 121a006a 5000 0.00 E : 0x80cf088 60 : eth0: 453c 4006 0a01 121a006b 4500 4006 0a01 121a006b 5000 0.00 e : 0x80cf088 60 : <0> calling htb (1:0) 0.00 c : 0x80cf088 60 : <1> calling fw at 1:0, prio 0x0001 0.00 c : 0x80cf088 60 : <1> fw at 1:0 returns OK (0) (0:200, 0x0) 0.00 e : 0x80cf088 60 : <0> htb (1:0) returns SUCCESS (0) 0.05 d : 0x0 0 : <0> calling htb (1:0) 0.05 d : 0x80cf088 60 : <0> htb (1:0) 0.05 D : 0x80cf088 60 : eth0: 453c 4006 0a01 121a006b 4500 4006 0a01 121a006b 5000 0.10 d : 0x0 0 : <0> calling htb (1:0) 0.10 d : 0x0 0 : <0> htb (1:0) 0.10 d : 0x0 0 : <0> calling htb (1:0) 0.10 d : 0x0 0 : <0> htb (1:0) 1.00 d : 0x0 0 : <0> calling htb (1:0) 1.00 d : 0x0 0 : <0> htb (1:0) 1.00 d : 0x0 0 : <0> calling htb (1:0) 1.00 d : 0x0 0 : <0> htb (1:0) 1.00 d : 0x0 0 : <0> calling htb (1:0) 1.00 d : 0x0 0 : <0> htb (1:0) 10.00 d : 0x0 0 : <0> calling htb (1:0) 10.00 d : 0x0 0 : <0> htb (1:0) 10.00 d : 0x0 0 : <0> calling htb (1:0) 10.00 d : 0x0 0 : <0> htb (1:0) 3600.00 d : 0x0 0 : <0> calling htb (1:0) 3600.00 d : 0x0 0 : <0> htb (1:0) ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] tcng and network processor
Chris Clark wrote: > I am considering a project to translate tcc output (C code or external > interface) to network processor code, so that the NP can do the actual > traffic shaping. As Jacob has pointed out, tcc's external interface is what you're looking for. > I have a platform using the Intel IXP1200 NP on a PCI > card, which functions as a NIC for the host PC running Linux. This > approach would reduce the processing load on the host. It's about time somebody tackles the Intel NPs :-) Actually, it would be good if - provided you get this project rolling - you could find a way to get Intel to let you release your code generator. - Werner -- _ / Werner Almesberger, Buenos Aires, Argentina [EMAIL PROTECTED] / /_http://www.almesberger.net// ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] [tcng] classes on several interfaces at once ?
raptor wrote: > is it possible with the tcng-macros or something else to make classes > in such a way so that I write them once and set simultaneously classes > on many interfaces.. what i mean , something like this : Well, probably :-) It's up to you do decide how much time you want to spend on some intricate macro hack, or if you want to write a script that generates full or partial tcng output instead. While it can be fun to create something exceedingly complicated in cpp (try meters.tc for a taste), you have to consider that time_spent = O(something^complexity) :-) - Werner -- _ / Werner Almesberger, Buenos Aires, Argentina [EMAIL PROTECTED] / /_http://www.almesberger.net// ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] [tcng] the difference ?!
Whoops, haven't checked LARTC in a while ... raptor wrote: > what is the difference between : > > police(), bucket(...) and SLB(..)/DLB() and friends ?! "police" refers to the policing component of the traffic control subsystem in the kernel. "bucket" (with the "conform" and "count" operators) is an abstracted single bucket. If you actually use it, and you're generating "tc" output, tcc will express its function in terms of "police". SLB, DLB, etc. are basically expressions that use buckets. Again, tcc will (try to *) express them using "police", plus some classification tricks. (*) Buckets can be used for arbitrary constructs that exceed what can be done with the policing mechanisms of kernel traffic control. The "dictionary tcc uses is in tcc/if_u32.c:map Think of it as "police" being a pocket calculator, "bucket" being the basic arithmetic operations, and SLB, etc. being some common formulas, like the compound interest formula. If presented with such a formula, tcc will then know which buttons to press on the pocket calculator. - Werner -- _ / Werner Almesberger, Buenos Aires, Argentina [EMAIL PROTECTED] / /_http://www.almesberger.net// ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] [tcng] the difference ?!
> > Message: 6 > Date: Fri, 28 Feb 2003 17:40:43 -0500 > From: raptor <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: [LARTC] [tcng] the difference ?! > > what is the difference between : > > police(), bucket(...) and SLB(..)/DLB() and friends ?! Check tcng/lib/tcng/include/meters.tc - Jacob ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] [tcng] specifing interface in IF ?!
> Subject: [LARTC] [tcng] specifing interface in IF ?! > > does anyone know how can I make class-path based on interface from which the packet > comes ?! We implemented something like this: dev "s0e0" { ingress { class (<>,set_color(GREEN)) if tcp_dport == PORT_HTTP; class (<>,set_color(YELLOW)) if tcp_dport == PORT_SMTP; class (<>,set_color(RED)) if 1; } } dev "s1e0" { egress { class (<>,set_dscp(0x12)) if color == GREEN; class (<>,set_dscp(0x23)) if color == YELLOW; class (<>,set_dscp(0x34)) if color == RED; drop if 1; /* not reached */ fifo; } } but you can't do this with tcng-tc. - Jacob ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] [tcng] the difference ?!
On Friday 28 February 2003 23:40, raptor wrote: > what is the difference between : > > police(), bucket(...) and SLB(..)/DLB() and friends ?! Can you be more specific? Stef -- [EMAIL PROTECTED] "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.oftc.net ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] [tcng] the difference ?!
what is the difference between : police(), bucket(...) and SLB(..)/DLB() and friends ?! thanx ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] [tcng] specifing interface in IF ?!
does anyone know how can I make class-path based on interface from which the packet comes ?! dev eth0 { class(<$c1>) if interface-eth0; egress { htb() { $c1 = class(rate 1mbps) { class(rate 100kbps, ceil 150kbps) if ip_dst == x.x.x.x; class(rate 50kbps, ceil 100kbps) if ip_dst == y.y.y.y; } } } } any idea ?! ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] [tcng] example
hi, i would like to use just one interface to shape/police traffic, lets have following config : users -[eth1]===[eth0]-- Internet what I think to do is : $m1 = SLB(cir 20kbps, cbs 10kB); dev eth1 { ingress{ class(<$i1>) if ip_dst = 192.168.0.5 && SLB_else_drop($m1); class(<$i2>) if ip_dst = 192.168.0.5 && SLB_else_drop($m1); drop if 1; } egress { class(<$c1>) if ip_dst = 192.168.0.5; class(<$c2>) if ip_dst = 192.168.0.6; .. drop if 1; htb() { $c1 = class(rate 20kbps, rq2 1) {sfq;}; $c2 = class(rate 100kbps, rq2 10) {sfq;}; } } } My main question is about INGRESS.. I see in the docs there is many other metering primitives and can't find which one is better to use.. From what I know it is not possible to shape traffic on ingress interface.. What about this instead of SLB: $m1 = bucket(rate 20kbps, burst 10kB); class(<$i1>) if ip_dst = 192.168.0.5 && conform $m1; what is the difference.. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/