Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

[Solved] TC (IPRoute2) script not doing what it should
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Pulseammo
n00b
n00b


Joined: 03 Jun 2004
Posts: 25
PostPosted: Wed Oct 12, 2005 9:38 pm    Post subject: [Solved] TC (IPRoute2) script not doing what it should Reply with quote
Hello, I worte a script which is running on TC and it doesnt seem to be doing what it should be doing, can anyone help me with it?

The idea is that each of the PCs on my lan get their uplink separated into different categories and any bandwidth left over can be shared. It is important that the first two qdiscs get the priority over the third though.

The Problem: My filters dont seem to be working, every IP on my network just gets filtered into to the default qdisc.

Code:

# tc -s class show dev vlan1

class htb 1:1 root rate 190000bit ceil 190000bit burst 1836b cburst 1836b
 Sent 4670870 bytes 36668 pkts (dropped 0, overlimits 0)
 rate 26320bit 25pps
 lended: 0 borrowed: 0 giants: 0
 tokens: 58948 ctokens: 58948

class htb 1:10 parent 1:1 leaf 10: prio 1 rate 95000bit ceil 190000bit burst 1717b cburst 1836b
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
 lended: 0 borrowed: 0 giants: 0
 tokens: 118516 ctokens: 63362

class htb 1:20 parent 1:1 leaf 20: prio 2 rate 190000bit ceil 190000bit burst 1836b cburst 1836b
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
 lended: 0 borrowed: 0 giants: 0
 tokens: 63362 ctokens: 63362

class htb 1:30 parent 1:1 leaf 30: prio 3 rate 190000bit ceil 190000bit burst 1836b cburst 1836b
 Sent 4670870 bytes 36668 pkts (dropped 0, overlimits 0)
 rate 26312bit 25pps
 lended: 36668 borrowed: 0 giants: 0
 tokens: 58948 ctokens: 58948


My Script:

Code:

tc qdisc add dev vlan1 root handle 1: htb default 30
tc class add dev vlan1 parent 1: classid 1:1 htb rate 190kbit ceil 190kbit
tc class add dev vlan1 parent 1:1 classid 1:10 htb rate 95kbit ceil 190kbit prio 1
tc class add dev vlan1 parent 1:1 classid 1:20 htb rate 190kbit ceil 190kbit prio 2
tc class add dev vlan1 parent 1:1 classid 1:30 htb rate 190kbit ceil 190kbit prio 3

tc qdisc add dev vlan1 parent 1:10 handle 10: sfq perturb 10
tc qdisc add dev vlan1 parent 1:20 handle 20: sfq perturb 10
tc qdisc add dev vlan1 parent 1:30 handle 30: sfq perturb 10

tc filter add dev vlan1 parent 1: protocol ip u32 match ip src 192.168.1.2 flowid 1:30
tc filter add dev vlan1 parent 1: protocol ip u32 match ip src 192.168.1.3 flowid 1:20
tc filter add dev vlan1 parent 1: protocol ip u32 match ip src 192.168.1.4 flowid 1:10
tc filter add dev vlan1 parent 1: protocol ip u32 match ip src 192.168.1.5 flowid 1:10


I dont know if I've made a mistake in the script or if there is some other problem but if anyone could get my machines to filter into the correct places I'd be greatful

Thank you.

Last edited by Pulseammo on Thu Oct 13, 2005 8:00 pm; edited 1 time in total
Back to top
View user's profile Send private message
bigfunkymo
Apprentice
Apprentice


Joined: 23 Jan 2004
Posts: 237
PostPosted: Thu Oct 13, 2005 4:00 pm    Post subject: Reply with quote
Does any SNAT (aka masquerading) occour on your network? If your source addresses are being rewritten, then your filters aren't going to match.
_________________
[No package... Grabbing a set.]
Back to top
View user's profile Send private message
Pulseammo
n00b
n00b


Joined: 03 Jun 2004
Posts: 25
PostPosted: Thu Oct 13, 2005 4:53 pm    Post subject: Reply with quote
Thank you for your reply :)

Yes, the box is acting as a router to the internet for my lan.

In my IPTables I have a line:

Code:

iptabls -t nat -A POSTROUTING -o $WAN -j MASQUERADE


What you say makes sense actually, the packets would have had their source address changed as they are leaving the vlan1 (the $WAN interface) which is what Im trying to share out to each of my computers.

Is there some way to solve this then? I was thinking of shaping the uplink on the lanif but since I need to set the uplink max it would be saturating the lan uplink to 190kbits even with sharing across my different filters as it would "think" its only got 190 total to share.

Ill go and look for some tutorials on how to restructure all of this to work with masquerading but if anyone wants to post any tutorials or help id be gratefuly for that too :).

Thanks.

EDIT: Had an idea, Ill see if I can magle something onto the packet so that I can filter them in a different way.
Back to top
View user's profile Send private message
bigfunkymo
Apprentice
Apprentice


Joined: 23 Jan 2004
Posts: 237
PostPosted: Thu Oct 13, 2005 7:44 pm    Post subject: Reply with quote
Yes theres other ways to counter this problem. One comes to mind immediately. You can alter your filters to use the firewall MARK instead of source address and then have netfilter mark the packets before NAT occurs.

From the Linux Advanced Routing and Traffic Control HOWTO:
Quote:
You can mark packets with either ipchains or iptables and have that mark survive routing across interfaces. This is really useful to for example only shape traffic on eth1 that came in on eth0. Syntax:

# tc filter add dev eth1 protocol ip parent 1:0 prio 1 handle 6 fw flowid 1:1

Note that this is not a u32 match!

You can place a mark like this:

# iptables -A PREROUTING -t mangle -i eth0 -j MARK --set-mark 6

The number 6 is arbitrary.

If you don't want to understand the full tc filter syntax, just use iptables, and only learn to select on fwmark.
This is from the section on TC filters
_________________
[No package... Grabbing a set.]
Back to top
View user's profile Send private message
Pulseammo
n00b
n00b


Joined: 03 Jun 2004
Posts: 25
PostPosted: Thu Oct 13, 2005 8:00 pm    Post subject: Reply with quote
Thanks, I got there in the end and found that same site (it was the tutorial I was using originally along with the HTB site).

For anyone interested I've ended up with:

Code:

# Setup Classes
tc qdisc add dev vlan1 root handle 1: htb default 30
tc class add dev vlan1 parent 1: classid 1:1 htb rate 190kbit ceil 190kbit
tc class add dev vlan1 parent 1:1 classid 1:10 htb rate 95kbit ceil 190kbit
tc class add dev vlan1 parent 1:1 classid 1:20 htb rate 95kbit ceil 190kbit
tc class add dev vlan1 parent 1:1 classid 1:30 htb rate 10kbit ceil 190kbit

# Setup fairness and sharing
tc qdisc add dev vlan1 parent 1:10 handle 10: sfq perturb 10
tc qdisc add dev vlan1 parent 1:20 handle 20: sfq perturb 10
tc qdisc add dev vlan1 parent 1:30 handle 30: sfq perturb 10

# Setup filtering
tc filter add dev vlan1 parent 1: protocol ip handle 3 fw flowid 1:30
tc filter add dev vlan1 parent 1: protocol ip handle 2 fw flowid 1:20
tc filter add dev vlan1 parent 1: protocol ip handle 1 fw flowid 1:10

# QoS Mangling
iptables -t mangle -A FORWARD -i $LAN -s 192.168.1.2 -j MARK --set-mark 3
iptables -t mangle -A FORWARD -i $LAN -s 192.168.1.3 -j MARK --set-mark 2
iptables -t mangle -A FORWARD -i $LAN -s 192.168.1.4 -j MARK --set-mark 1
iptables -t mangle -A FORWARD -i $LAN -s 192.168.1.5 -j MARK --set-mark 1


And its now categorising my packets correctly, hopefully it should work when it gets some real load :)
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy