Hi, ok, first to all, I've changed my email address to get mails from this list. Before the change I was m.dages@xxxxxxxx Ok, now. I've wrote a small shell script to setup my tc config. It should give you a small overview how I handle different conditions with the u32 filter. In my setup I give all traffic that comes directly from the router and destined to a machine of my lan the full bandwidth. Other traffic for specific destination ip's is limited to 128kbit. This works because the filter for traffic from the router to the lan have a higher prio of 15 (smaller value) as the other filters. Greetings, Organix 'Markus' #!/bin/bash TC=/sbin/tc DEVICE=eth0 LAN_BW=100Mbit LAN_WEIGHT=10Mbit SHAPE1_BW=128Kbit SHAPE1_WEIGHT=13Kbit SHAPE1_ID=128 DST_IP="192.168.100.7/32 192.168.100.5/32 192.168.100.34/32" LAN_NET=192.168.100.0/24 ROUTER_IP=192.168.100.250/32 # Setup the root qdiscipline echo "setup root qdisc on $DEVICE" $TC qdisc add dev $DEVICE root handle 100: cbq bandwidth $LAN_BW avpkt 1000 # Generate the root class echo "generate root class 100:1" $TC class add dev $DEVICE parent 100:0 classid 100:1 cbq bandwidth $LAN_BW rate $LAN_BW allot 1514 weight $LAN_WEIGHT prio 8 maxburst 20 avpkt 1000 # Generate a class for 128Kbit echo "generate class 100:$SHAPE1_ID" $TC class add dev $DEVICE parent 100:1 classid 100:$SHAPE1_ID cbq bandwidth $LAN_BW rate $SHAPE1_BW allot 1513 weight $SHAPE1_WEIGHT prio 5 maxburst 20 avpkt 1000 bounded # Setup the queues echo "setup queue for 100:$SHAPE1_ID" $TC qdisc add dev $DEVICE parent 100:$SHAPE1_ID sfq quantum 1514b perturb 15 # Setup the filter echo "setup filter for traffic that comes from this host to lan - PRIO 15" $TC filter add dev $DEVICE parent 100:0 protocol ip prio 15 u32 match ip src $ROUTER_IP match ip dst $LAN_NET flowid 100:1 for dstip in $DST_IP do echo "setup filter for traffic to $dstip - PRIO 30" $TC filter add dev $DEVICE parent 100:0 protocol ip prio 30 u32 match ip dst $dstip flowid 100:$SHAPE1_ID done On 22 May 2001 11:27:24 +1000, Manfred Bartz wrote: > m.dages@xxxxxxx writes: > > > wningtung.leung wrote: > > > > The solution I propose (haven't tested it though): > > > > > > Don't use firewall marks, but use the u32 filter instead. > > > > > > Look at the source and target IP and redirect the pakket to the > > > correct class. > > > > > > (source != router && dest = low_prio_host) -> slow_class > > > (source != router && dest = hi_prio_host) -> no_limit > > > (source == router) -> no_limit > > > > > > This is only an idea for the downstream, I haven't been thinking > > > about limitimg the upstream. > > > ... looking also at the source ip with the u32 filter works very > > well. > > I would like to do just that, but I can't figure out how to specify > multiple conditions for u32 filtering. Could you give an example? > > Currently I have specified filters like: > > tc filter add dev eth2 parent 2:0 protocol ip prio 20 u32 \ > match ip dst 192.168.2.12 flowid 2:212 > > Also, I assume lower ``prio'' values mean the rule takes preference > over rules with higher values? > > -- > Manfred > > > _______________________________________________ > LARTC mailing list / LARTC@xxxxxxxxxxxxxxx > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/
