Problem with fw filters

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi all,

I am trying to priorityse outgoing traffic basing on UID of the sender.
Script follows:

# First mark packets with their respective priority

iptables -t mangle -F OUTPUT

iptables -t mangle -A OUTPUT -m owner --uid-owner root -j MARK
--set-mark 1
iptables -t mangle -A OUTPUT -m owner --uid-owner aigarius -j MARK
--set-mark 2
iptables -t mangle -A OUTPUT -m owner --uid-owner bind -j MARK
--set-mark 3
iptables -t mangle -A OUTPUT -m owner --uid-owner proxy -j MARK
--set-mark 4
iptables -t mangle -A OUTPUT -m owner --uid-owner nobody -j MARK
--set-mark 5
iptables -t mangle -A OUTPUT -m owner --uid-owner www-data -j MARK
--set-mark 6
iptables -t mangle -A OUTPUT -m owner --uid-owner ftp -j MARK --set-mark
7
iptables -t mangle -A OUTPUT -m owner --uid-owner ivarix -j MARK
--set-mark 8
iptables -t mangle -A OUTPUT -m owner --uid-owner blacky -j MARK
--set-mark 9
iptables -t mangle -A OUTPUT -j MARK --set-mark 666

# now make outgoing traffic classes
# clean existing qdiscs, hide errors
/home/aigarius/bin/tc qdisc del dev eth0 root    2> /dev/null >
/dev/null

/home/aigarius/bin/tc qdisc add dev eth0 root handle 1: htb
/home/aigarius/bin/tc class add dev eth0 parent 1: classid 1:1 htb rate
100mbit burst 64k
/home/aigarius/bin/tc class add dev eth0 parent 1:1 classid 1:10 htb
rate 100mbit burst 64k prio 1
/home/aigarius/bin/tc class add dev eth0 parent 1:1 classid 1:20 htb
rate 100mbit burst 64k prio 2
/home/aigarius/bin/tc class add dev eth0 parent 1:1 classid 1:30 htb
rate 100mbit burst 64k prio 3
/home/aigarius/bin/tc class add dev eth0 parent 1:1 classid 1:40 htb
rate 100mbit burst 64k prio 4
/home/aigarius/bin/tc class add dev eth0 parent 1:1 classid 1:50 htb
rate 100mbit burst 64k prio 5
/home/aigarius/bin/tc class add dev eth0 parent 1:1 classid 1:60 htb
rate 100mbit burst 64k prio 6
/home/aigarius/bin/tc class add dev eth0 parent 1:1 classid 1:70 htb
rate 100mbit burst 64k prio 7
/home/aigarius/bin/tc class add dev eth0 parent 1:1 classid 1:80 htb
rate 100mbit burst 64k prio 8
/home/aigarius/bin/tc class add dev eth0 parent 1:1 classid 1:90 htb
rate 100mbit burst 64k prio 9
/home/aigarius/bin/tc class add dev eth0 parent 1:1 classid 1:666 htb
rate 10mbit burst 64k prio 20
# all get Stochastic Fairness:
/home/aigarius/bin/tc qdisc add dev eth0 parent 1:10 handle 10: sfq
perturb 10
/home/aigarius/bin/tc qdisc add dev eth0 parent 1:20 handle 20: sfq
perturb 10
/home/aigarius/bin/tc qdisc add dev eth0 parent 1:30 handle 30: sfq
perturb 10
/home/aigarius/bin/tc qdisc add dev eth0 parent 1:40 handle 40: sfq
perturb 10
/home/aigarius/bin/tc qdisc add dev eth0 parent 1:50 handle 50: sfq
perturb 10
/home/aigarius/bin/tc qdisc add dev eth0 parent 1:60 handle 60: sfq
perturb 10
/home/aigarius/bin/tc qdisc add dev eth0 parent 1:70 handle 70: sfq
perturb 10
/home/aigarius/bin/tc qdisc add dev eth0 parent 1:80 handle 80: sfq
perturb 10
/home/aigarius/bin/tc qdisc add dev eth0 parent 1:90 handle 90: sfq
perturb 10
/home/aigarius/bin/tc qdisc add dev eth0 parent 1:666 handle 666: sfq
perturb 10
# Filter traffic into classes
/home/aigarius/bin/tc filter add dev eth0 parent 1:0 protocol ip prio 10
handle 1 fw flowid 1:10
/home/aigarius/bin/tc filter add dev eth0 parent 1:0 protocol ip prio 10
handle 2 fw flowid 1:20
/home/aigarius/bin/tc filter add dev eth0 parent 1:0 protocol ip prio 10
handle 3 fw flowid 1:30
/home/aigarius/bin/tc filter add dev eth0 parent 1:0 protocol ip prio 10
handle 4 fw flowid 1:40
/home/aigarius/bin/tc filter add dev eth0 parent 1:0 protocol ip prio 10
handle 5 fw flowid 1:50
/home/aigarius/bin/tc filter add dev eth0 parent 1:0 protocol ip prio 10
handle 6 fw flowid 1:60
/home/aigarius/bin/tc filter add dev eth0 parent 1:0 protocol ip prio 10
handle 7 fw flowid 1:70
/home/aigarius/bin/tc filter add dev eth0 parent 1:0 protocol ip prio 10
handle 8 fw flowid 1:80
/home/aigarius/bin/tc filter add dev eth0 parent 1:0 protocol ip prio 10
handle 9 fw flowid 1:90
/home/aigarius/bin/tc filter add dev eth0 parent 1:0 protocol ip prio 10
handle 666 fw flowid 1:666
                       
--- END OF SCRIPT ---

Problem:
no shaping is done

# tc -s qdisc show
qdisc sfq 666: dev eth0 quantum 1514b limit 128p flows 128/1024 perturb
10sec 
 Sent 679086470 bytes 985634 pkts (dropped 0, overlimits 0) 

 qdisc sfq 90: dev eth0 quantum 1514b limit 128p flows 128/1024 perturb
10sec 
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0) 

 qdisc sfq 80: dev eth0 quantum 1514b limit 128p flows 128/1024 perturb
10sec 
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0) 

 qdisc sfq 70: dev eth0 quantum 1514b limit 128p flows 128/1024 perturb
10sec 
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0) 

 qdisc sfq 60: dev eth0 quantum 1514b limit 128p flows 128/1024 perturb
10sec 
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0) 

 qdisc sfq 50: dev eth0 quantum 1514b limit 128p flows 128/1024 perturb
10sec 
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0) 

 qdisc sfq 40: dev eth0 quantum 1514b limit 128p flows 128/1024 perturb
10sec 
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0) 

 qdisc sfq 30: dev eth0 quantum 1514b limit 128p flows 128/1024 perturb
10sec 
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0) 

 qdisc sfq 20: dev eth0 quantum 1514b limit 128p flows 128/1024 perturb
10sec 
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0) 

 qdisc sfq 10: dev eth0 quantum 1514b limit 128p flows 128/1024 perturb
10sec 
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0) 

 qdisc htb 1: dev eth0 r2q 10 default 0 direct_packets_stat 778 ver 3.6
 Sent 679175569 bytes 986412 pkts (dropped 0, overlimits 9647) 

#iptables -v -t mangle -L OUTPUT
Chain OUTPUT (policy ACCEPT 25M packets, 16G bytes)
 pkts bytes target     prot opt in     out     source              
destination         
 6782  802K MARK       all  --  any    any     anywhere            
anywhere           OWNER UID match root MARK set 0x1 
 7439  393K MARK       all  --  any    any     anywhere            
anywhere           OWNER UID match aigarius MARK set 0x2 
 7878 2018K MARK       all  --  any    any     anywhere            
anywhere           OWNER UID match bind MARK set 0x3 
65687   49M MARK       all  --  any    any     anywhere            
anywhere           OWNER UID match proxy MARK set 0x4 
 752K  524M MARK       all  --  any    any     anywhere            
anywhere           OWNER UID match nobody MARK set 0x5 
24388   35M MARK       all  --  any    any     anywhere            
anywhere           OWNER UID match www-data MARK set 0x6 
44401   62M MARK       all  --  any    any     anywhere            
anywhere           OWNER UID match ftp MARK set 0x7 
    7   600 MARK       all  --  any    any     anywhere            
anywhere           OWNER UID match ivarix MARK set 0x8 
    0     0 MARK       all  --  any    any     anywhere            
anywhere           OWNER UID match blacky MARK set 0x9 
1019K  680M MARK       all  --  any    any     anywhere            
anywhere           MARK set 0x29a 

As I see there is no shaping done -- the filters do not work.
I also do routing based on firewall key -> it doesn't work either, but
nothing shows any errors.

Please help. Thanks.

PS. I am using kernel 2.4.19 patched with htb3 and gr-security patch and
htb3 precompiled tc on Debian unstable system. 


-- 
Best regards,
    Aigars Mahinovs        mailto:aigarius@debian.org
 #--------------------------------------------------#
 |     .''`.                                        |
 |    : :' :           Debian GNU/Linux             |
 |    `. `'         http://www.debian.org           |
 |      `-                                          |
 #--------------------------------------------------#

Attachment: pgp00029.pgp
Description: PGP signature

[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux