Re: [LARTC] Problems with tc filter (getting packets into a CBQ)

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Here is a simple setup that I'm testing. The goal is the shape incoming
NNTP traffic. 

Here is the script:

tc qdisc del dev eth0 root 2>/dev/null
tc qdisc add dev eth0 root handle 1:0 cbq bandwidth 10Mbit \
	avpkt 1000 cell 8

tc class add dev eth0 parent 1:0 classid 1:100 cbq bandwidth 2Mbit \
	rate 130Kbit prio 3 allot 1514 cell 8 maxburst 20 avpkt 1000

tc filter add dev eth0 parent 1:0 protocol ip prio 1 handle 1 \
	fw classid 1:100

iptables -F -t mangle
iptables -A PREROUTING -i eth0 -t mangle -p tcp --sport 119 \
	-j MARK --set-mark 1

Here is the results of a simple test:

# iptables -t mangle -L -v -n
Chain PREROUTING (policy ACCEPT 220M packets, 107G bytes)
 pkts bytes target     prot opt in     out     source              
destination         
    0     0 MARK       tcp  --  eth0   *       0.0.0.0/0           
0.0.0.0/0          tcp spt:119 MARK set 0x1 

Chain OUTPUT (policy ACCEPT 165M packets, 59G bytes)
 pkts bytes target     prot opt in     out     source              
destination       

# telnet news.giganews.com 119
Trying 216.166.71.230...
Connected to news-central.giganews.com.
Escape character is '^]'.
200 News.GigaNews.Com (Typhoon v1.2.3)
quit
205 GoodBye
Connection closed by foreign host.

# iptables -t mangle -L -vn
Chain PREROUTING (policy ACCEPT 220M packets, 107G bytes)
 pkts bytes target     prot opt in     out     source              
destination         
    6   377 MARK       tcp  --  eth0   *       0.0.0.0/0           
0.0.0.0/0          tcp spt:119 MARK set 0x1 

Chain OUTPUT (policy ACCEPT 165M packets, 59G bytes)
 pkts bytes target     prot opt in     out     source              
destination         

# tc -s class show dev eth0
class cbq 1: root rate 10Mbit (bounded,isolated) prio no-transmit
 Sent 105328 bytes 1459 pkts (dropped 0, overlimits 0) 
  borrowed 0 overactions 0 avgidle 624 undertime 0
class cbq 1:100 parent 1: rate 130Kbit prio 3
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0) 
  borrowed 0 overactions 0 avgidle 1.30863e+06 undertime 0

# tc filter show dev eth0
filter parent 1: protocol ip pref 1 fw 
filter parent 1: protocol ip pref 1 fw handle 0x1 classid 1:100 

Still no packets being filtered into my CBQ, but the packets are clearly
being marked.

--
Edwin Chiu                                   | ICBM: 43.39N 79.23W
edwin@xxxxxxxxxxxxxx                         | PGP:  1024D/0x16B55226
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux