[LARTC] filters order - are they ordered?

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

 > >   So, in my current scenario it's optimal (as I think now)
 > >   to use both u32 and fw, but I wonder can I line-up my filters
 > >   in any order I wish?
 > The prio parameters the order the filters are checked.

So, I guess, I can set with "prio" and check "prefs" then?

Something is very strange for me ;-) - just take a look, please.

so.. (in more details, very sorry, if there is too much)

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D  MY "HTB INIT" SCRIPT  =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
#!/bin/bash
#
#

# addresses here, of course:
PARTNER=3D'blah_blah'

BIG_BOSS=3D'foo_foo'
FAT_ADMN=3D'moo_moo'

INTRANET=3D'192.168.100.0/24'
DMZ_NET=3D'bar_bar/29'

tc=3D/root/tc

tc_cadd=3D"$tc class add dev eth0"

default=3D20

# add root qdisc:
$tc qdisc add dev eth0 root handle 1: htb default $default

# root class (whole eth0):
$tc_cadd parent 1: classid 1:1 htb rate 100Mbit ceil 100Mbit

# local traffic (almost whole eth0):
$tc_cadd parent 1:1 classid 1:$default htb rate 100Mbit ceil 100Mbit

# ppp bandwidth:
$tc_cadd parent 1:1 classid 1:10 htb rate 128kbit ceil 128kbit burst 12k
prio 0

  # add for BIG_BOSS and FAT_ADMN:
  $tc_cadd parent 1:10 classid 1:100 htb rate 20kbit ceil 128kbit burst
2k prio 0

    # for one of them:
    $tc_cadd parent 1:100 classid 1:210 htb rate 10kbit ceil 128kbit
burst 2k prio 0
    $tc qdisc add dev eth0 parent 1:210 handle 21: sfq perturb 10

    # for second one:
    $tc_cadd parent 1:100 classid 1:220 htb rate 10kbit ceil 128kbit
burst 2k prio 0
    $tc qdisc add dev eth0 parent 1:220 handle 22: sfq perturb 10


  # add for localnet and proxy:
  $tc_cadd parent 1:10 classid 1:300 htb rate 34kbit ceil 120kbit burst
2k prio 8
  $tc qdisc add dev eth0 parent 1:300 handle 30: sfq perturb 10

  # add for traffic to mail & pop:
  $tc_cadd parent 1:10 classid 1:400 htb rate 10kbit ceil 120kbit burst
2k prio 8
  $tc qdisc add dev eth0 parent 1:400 handle 40: sfq perturb 10

  # add for traffic from $PARTNER:
  $tc_cadd parent 1:10 classid 1:500 htb rate 64kbit ceil 128kbit burst
12k prio 0
  $tc qdisc add dev eth0 parent 1:500 handle 50: sfq perturb 10


#############################
## filters:
#############################

tc_fadd=3D"$tc filter add dev eth0 protocol ip"

## from $PARTNER:
#
$tc_fadd parent 1:0 prio 0 u32 \
   match ip src $PARTNER match tcp src 80 0xffff flowid 1:500
$tc_fadd parent 1:0 prio 0 handle 8 fw flowid 1:500

## pass local traffic unshaped:
#
$tc_fadd parent 1:0 prio 1 u32 \
   match ip src $INTRANET match ip dst $INTRANET flowid 1:$default

$tc_fadd parent 1:0 prio 1 u32 \
   match ip src $DMZ_NET match ip dst $INTRANET flowid 1:$default

$tc_fadd parent 1:0 prio 1 u32 \
   match ip src $DMZ_NET match ip dst $DMZ_NET flowid 1:$default

$tc_fadd parent 1:0 prio 1 u32 \
   match ip src $INTRANET match ip dst $DMZ_NET flowid 1:$default

## admins:
#
$tc_fadd parent 1:0 prio 3 u32 \
    match ip dst $BIG_BOSS flowid 1:210

$tc_fadd parent 1:0 prio 3 u32 \
    match ip dst $FAT_ADMN flowid 1:220

## localnet masq'ed:
#

# one subnet:
$tc_fadd parent 1:0 prio 0 handle 4 fw flowid 1:300

# another one:
$tc_fadd parent 1:0 prio 0 handle 5 fw flowid 1:300

## from BAD to proxy server:
#
$tc_fadd parent 1:0 prio 0 handle 1 fw flowid 1:300

## from BAD to http & smtp & pop:
#
$tc_fadd parent 1:0 prio 0 handle 2 fw flowid 1:400
$tc_fadd parent 1:0 prio 0 handle 3 fw flowid 1:400

# END OF SCRIPT

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D  END OF MY "HTB INIT" SCRIPT  =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

And, please, take a look at my filters.
(I changed addresses there for clarity;)

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D  tc filter show dev eth0  =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

filter parent 1: protocol ip pref 1 u32=20
filter parent 1: protocol ip pref 1 u32 fh 802: ht divisor 1=20
filter parent 1: protocol ip pref 1 u32 fh 802::800 order 2048 key ht
802 bkt 0 flowid 1:210=20
  match $BIG_BOSS at 16
filter parent 1: protocol ip pref 1 u32 fh 802::801 order 2049 key ht
802 bkt 0 flowid 1:220=20
  match $FAT_ADMN at 16
filter parent 1: protocol ip pref 1 u32 fh 801: ht divisor 1=20
filter parent 1: protocol ip pref 1 u32 fh 801::800 order 2048 key ht
801 bkt 0 flowid 1:20=20
  match $INTRANET at 12
  match $INTRANET at 16
filter parent 1: protocol ip pref 1 u32 fh 801::801 order 2049 key ht
801 bkt 0 flowid 1:20=20
  match $DMZ_NET at 12
  match $INTRANET at 16
filter parent 1: protocol ip pref 1 u32 fh 801::802 order 2050 key ht
801 bkt 0 flowid 1:20=20
  match $DMZ_NET at 12
  match $DMZ_NET at 16
filter parent 1: protocol ip pref 1 u32 fh 801::803 order 2051 key ht
801 bkt 0 flowid 1:20=20
  match $INTRANET at 12
  match $DMZ_NET at 16
filter parent 1: protocol ip pref 1 u32 fh 800: ht divisor 1=20
filter parent 1: protocol ip pref 1 u32 fh 800::800 order 2048 key ht
800 bkt 0 flowid 1:500=20
  match $PARTNER at 12
  match 00500000/ffff0000 at nexthdr+0
filter parent 1: protocol ip pref 3 u32=20
filter parent 1: protocol ip pref 3 u32 fh 802: ht divisor 1=20
filter parent 1: protocol ip pref 3 u32 fh 802::800 order 2048 key ht
802 bkt 0 flowid 1:210=20
  match $BIG_BOSS at 16
filter parent 1: protocol ip pref 3 u32 fh 802::801 order 2049 key ht
802 bkt 0 flowid 1:220=20
  match $FAT_ADMN at 16
filter parent 1: protocol ip pref 3 u32 fh 801: ht divisor 1=20
filter parent 1: protocol ip pref 3 u32 fh 801::800 order 2048 key ht
801 bkt 0 flowid 1:20=20
  match $INTRANET at 12
  match $INTRANET at 16
filter parent 1: protocol ip pref 3 u32 fh 801::801 order 2049 key ht
801 bkt 0 flowid 1:20=20
  match $DMZ_NET at 12
  match $INTRANET at 16
filter parent 1: protocol ip pref 3 u32 fh 801::802 order 2050 key ht
801 bkt 0 flowid 1:20=20
  match $DMZ_NET at 12
  match $DMZ_NET at 16
filter parent 1: protocol ip pref 3 u32 fh 801::803 order 2051 key ht
801 bkt 0 flowid 1:20=20
  match $INTRANET at 12
  match $DMZ_NET at 16
filter parent 1: protocol ip pref 3 u32 fh 800: ht divisor 1=20
filter parent 1: protocol ip pref 3 u32 fh 800::800 order 2048 key ht
800 bkt 0 flowid 1:500=20
  match 3f4dd600/ffffff00 at 12
  match 00500000/ffff0000 at nexthdr+0
filter parent 1: protocol ip pref 49151 fw=20
filter parent 1: protocol ip pref 49151 fw handle 0x3 classid 1:400=20
filter parent 1: protocol ip pref 49151 fw=20
filter parent 1: protocol ip pref 49151 fw handle 0x2 classid 1:400=20
filter parent 1: protocol ip pref 49151 fw=20
filter parent 1: protocol ip pref 49151 fw handle 0x1 classid 1:300=20
filter parent 1: protocol ip pref 49151 fw=20
filter parent 1: protocol ip pref 49151 fw handle 0x5 classid 1:300=20
filter parent 1: protocol ip pref 49151 fw=20
filter parent 1: protocol ip pref 49151 fw handle 0x4 classid 1:300=20
filter parent 1: protocol ip pref 49151 fw=20
filter parent 1: protocol ip pref 49151 fw handle 0x8 classid 1:500=20
filter parent 1: protocol ip pref 49152 u32=20
filter parent 1: protocol ip pref 49152 u32 fh 802: ht divisor 1=20
filter parent 1: protocol ip pref 49152 u32 fh 802::800 order 2048 key
ht 802 bkt 0 flowid 1:210=20
  match $BIG_BOSS at 16
filter parent 1: protocol ip pref 49152 u32 fh 802::801 order 2049 key
ht 802 bkt 0 flowid 1:220=20
  match $FAT_ADMN at 16
filter parent 1: protocol ip pref 49152 u32 fh 801: ht divisor 1=20
filter parent 1: protocol ip pref 49152 u32 fh 801::800 order 2048 key
ht 801 bkt 0 flowid 1:20=20
  match $INTRANET at 12
  match $INTRANET at 16
filter parent 1: protocol ip pref 49152 u32 fh 801::801 order 2049 key
ht 801 bkt 0 flowid 1:20=20
  match $DMZ_NET at 12
  match $INTRANET at 16
filter parent 1: protocol ip pref 49152 u32 fh 801::802 order 2050 key
ht 801 bkt 0 flowid 1:20=20
  match $DMZ_NET at 12
  match $DMZ_NET at 16
filter parent 1: protocol ip pref 49152 u32 fh 801::803 order 2051 key
ht 801 bkt 0 flowid 1:20=20
  match $INTRANET at 12
  match $DMZ_NET at 16
filter parent 1: protocol ip pref 49152 u32 fh 800: ht divisor 1=20
filter parent 1: protocol ip pref 49152 u32 fh 800::800 order 2048 key
ht 800 bkt 0 flowid 1:500=20
  match $PARTNER at 12
  match 00500000/ffff0000 at nexthdr+0

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D  END OF "tc filter show dev eth0"  =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

So, I can see here my filters three times!
And their priorities slightly differs from specified.

I'm confused...

It works, except one thing. Filters order is not that I wish I had.

 >=20
 > Stef

Thanks a lot.

 >=20
 > --=20
 >=20
 > stef.coene@docum.org
 >  "Using Linux as bandwidth manager"
 >      http://www.docum.org/
 >      #lartc @ irc.openprojects.net

--=20
 _,-=3D._              /|_/|       Where curiosity comes into play --
 `-.}   `=3D._,.-=3D-._.,  @ @._,         always foxes are there.
    `._ _,-.   )      _,.-'
       `    G.m-"^m`m'        Dmytro O. Redchuk
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux