You can't add multiple instances of ingress qdisc it classless but possible add some filters tc qdisc add dev eth0 handle ffff:fff1 ingress tc filter add dev eth0 parent ffff:fff1 protocol ip prio 50 u32 match ip src 192.168.1.2/32 \ police rate 100kbit burst 10k drop flowid :1 tc filter add dev eth0 parent ffff:fff1 protocol ip prio 50 u32 match ip src 192.168.1.3/32 \ police rate 150kbit burst 10k drop flowid :1 tc filter add dev eth0 parent ffff:fff1 protocol ip prio 50 handle 1 fw police rate 200kbit \ burst 18k drop flowid :1 iptables -t mangle -A PREROUTING -i eth0 -s 192.168.1.4 -j MARK --set-mark 1 You may also limit all traffic from 192.168.1.2 to 800kbit and ssh to 200 kbit for example tc qdisc add dev eth0 handle ffff:fff1 ingress tc filter add dev eth0 parent ffff:fff1 protocol ip prio 50 u32 match ip dport 22 0xffff \ police rate 200kbit burst 20k drop flowid :1 tc filter add dev eth0 parent ffff:fff1 protocol ip prio 50 u32 match ip src 192.168.1.2/32 \ police rate 800kbit burst 80k drop flowid :1 Note add limit for ssh before all limit for more complexity conf you may use IMQ device see http://luxik.cdi.cz/~patrick/imq/ example with htb: limit all traffic to 100kbps and then sharing 20kbps for ssh and 80 for ftp modprobe imq numdevs=1 tc qdisc add dev imq0 root handle 1: htb default 1 tc class add dev imq0 parent 1: classid 1:1 htb rate 100kbps ceil 100kbps tc class add dev imq0 parent 1: classid 1:10 htb rate 20kbps ceil 100kbps tc class add dev imq0 parent 1: classid 1:11 htb rate 80kbps ceil 100kbps tc filter add dev imq0 parent 1:0 protocol ip prio 2 handle 1 fw classid 1:11 tc filter add dev imq0 parent 1:0 protocol ip prio 2 handle 2 fw classid 1:10 tc qdisc add dev imq0 parent 1:10 handle 30: sfq tc qdisc add dev imq0 parent 1:11 handle 40: sfq iptables -t mangle -A PREROUTING -i eth0 -s 192.168.1.2/32 -j IMQ iptables -t mangle -A PREROUTING -i eth0 -s 192.168.1.2/32 --dport 20 -j MARK --set-mark 1 iptables -t mangle -A PREROUTING -i eth0 -s 192.168.1.2/32 --dport 22 -j MARK --set-mark 2 ip link set imq0 up 31.05.2002 18:43:25, Mr SERBAN Rares <serban_rares@yahoo.com> wrote: >Hi Alexey, > >I read the paper of Werner Almesberger. I didn' t >understand if there are multiple instances of ingress >queueing discipline. Can you be more specific? > >Also I want to do marking operation in ingress >interface. How do I do? > >Thank you, > >R. > >--- Alexey Talikov <alexey_talikov@texlab.com.uz> >wrote: >> tc qdisc add dev $DEV handle ffff:fff1 ingress >> or >> tc qdisc add dev $DEV handle ffff: ingress >> tc filter add dev $DEV parent ffff:fff1 protocol ip >> .... >> or >> tc filter add dev $DEV parent ffff: protocol ip .... >> >> for details see Linux Network Traffic Control - >> Implementation Overview >> Werner Almesberger February 4, 2001 >> >> 31.05.2002 15:16:45, Mr SERBAN Rares >> <serban_rares@yahoo.com> wrote: >> >> >Hi, >> > >> >I have one router with 4 interfaces: >> > >> > Input1 >> > / >> > out - R - Input2 >> > \ >> > Input3 >> > >> >The flows sense is: Input1 -> output; Input2->out; >> >Input3->out; >> > >> >I want to do classification, shaping and marking in >> >each In* interface and some queueing management in >> out >> >interface. >> >For In* interfaces I tried to use the following >> >script: >> > >> >#!/bin/sh >> >DEV1="dev eth3" >> ># In1 >> >DEV2="dev eth2" >> ># In2 >> >DEV3="dev eth4" >> ># In3 >> >DEV4="dev eth1" >> ># out >> > >> >tc qdisc del $DEV1 ingress >> >tc qdisc del $DEV2 ingress >> >tc qdisc del $DEV3 ingress >> >tc qdisc del $DEV4 root >> > >> ># initialisation part >> >tc qdisc add $DEV1 ingress >> >tc qdisc add $DEV2 ingress >> >tc qdisc add $DEV3 ingress >> >tc qdisc add $DEV4 root handle 1:0 cbq bandwidth >> >10Mbit avpkt 1500 cell 8 >> > >> ># for interface In1 (here is DEV1) >> > >> ># shaping + classification >> >tc filter add $DEV1 parent ffff:0 protocol ip prio >> 1 >> >u32 match ip dst 192.168.3.6 match ip dport 6970 >> >0xffff police rate 500Kbit burst 30K drop flowid >> 1:1 >> >tc filter add $DEV1 parent ffff:0 protocol ip prio >> 1 >> >u32 match ip src 192.168.9.17 match ip dport 5050 >> >0xffff police rate 500Kbit burst 6K drop classid >> 1:2 >> >tc filter add $DEV1 parent ffff:0 protocol ip prio >> 1 >> >u32 match ip src 192.168.9.17 match ip sport 80 >> 0xffff >> >police rate 300Kbit burst 6K drop classid 1:3 >> > >> ># marking with tos field >> ># Somebody has an I ideea how it should be done? >> > >> >#for interface In2 (here is DEV2) >> >................. >> > >> >#for interface In3 (here is DEV3) >> >................. >> > >> >#for interface out (here is DEV4) >> >tc class add $DEV4 parent 1:0 classid 1:1 cbq >> >bandwidth 10Mbit rate 250Kbit avpkt 1500 allot 1514 >> >mpu 64 prio >> >tc qdisc add $DEV4 parent 1:1 tbf rate 1Mbit burst >> >20kbit limit 20kb >> > >> >tc class add $DEV4 parent 1:0 classid 1:2 cbq >> >bandwidth 10Mbit rate 300Kbit avpkt 1500 allot 1514 >> >mpu 64 prio 2 >> >tc qdisc add $DEV4 parent 1:2 gred setup DPs 1 >> default >> >1 grio >> >tc qdisc change $DEV4 parent 1:2 gred limit 10KB >> min >> >2KB max 6KB avpkt 1500 burst 4 bandwidth 10Mbit DP >> 1 >> >probability 0.02 prio 2 >> > >> >tc class add $DEV4 parent 1:0 classid 1:3 cbq >> >bandwidth 10Mbit rate 700Kbit avpkt 1500 allot 1514 >> >mpu 64 prio 2 >> >tc qdisc add $DEV4 parent 1:3 gred setup DPs 1 >> default >> >1 grio >> >tc qdisc change $DEV4 parent 1:3 gred limit 10KB >> min >> >2KB max 6KB avpkt 1500 burst 4 bandwidth 10Mbit DP >> 1 >> >probability 0.02 prio 2 >> > >> >So, when I start the script and provision the In >> >interface with ingress task the system is frozen! >> Why? >> >Can anybody explain me? >> >Also, I don't have any ideea how to mark the >> packets >> >at the ingress. I tried to use dsmark queueing >> >discipline but I can't use it at the ingress. Have >> you >> >another >> >ideea? >> > >> >Thank you, >> > >> >R. >> > >> >__________________________________________________ >> >Do You Yahoo!? >> >Yahoo! - Official partner of 2002 FIFA World Cup >> >http://fifaworldcup.yahoo.com >> >_______________________________________________ >> >LARTC mailing list / LARTC@mailman.ds9a.nl >> >http://mailman.ds9a.nl/mailman/listinfo/lartc >> HOWTO: http://lartc.org/ >> > >> >> ----------------------------------- >> mailto:alexey_talikov@texlab.com.uz >> BR >> Alexey Talikov >> FORTEK >> ----------------------------------- >> >> > > >__________________________________________________ >Do You Yahoo!? >Yahoo! - Official partner of 2002 FIFA World Cup >http://fifaworldcup.yahoo.com > ----------------------------------- mailto:alexey_talikov@texlab.com.uz BR Alexey Talikov FORTEK ----------------------------------- _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
