I have set this up using the information in http://lartc.org/howto/lartc.adv-filter.hashing.html and it works perfectly.How you design your rules depends on how you want to filter, so it is a bit difficult to supply you with a better example. Do you wish to filter per IP address? If so, I can help you: # add htb as root queueing discipline for device. This is done once tc qdisc add dev eth0 root handle 1: htb # add a class with a 100Mbit rate. This is a 'transit' class, it does # not do any shaping, you will see down below why we need it. tc class add dev eth0 parent 1: classid 1:2 htb rate 100MBit ceil 100MBit burst 0Kbit # I create a hash table with 256 slots, call it 2: and attach it to 1:2 # which is my 'transit' class above tc filter add dev eth0 parent 1:2 handle 2: protocol ip u32 divisor 256 # Classify packets matching 192.168.4.0/24 using the last byte of the # IP address as index into the hash tc filter add dev eth0 protocol ip parent 1: u32 match ip src 192.168.4.0/24 hashkey mask 0x000000ff at 12 link 2: # The bit below happens for each distinct traffic class. Multiple IP # addresses can map into the same end class, but you can have one class # per IP address. In the example, 192.168.4.100 gets sent to a class # that shapes it down to 64Kbit. The class has it's own htb qdisc, but # The experts may know better here # add class for network 192.168.4.100/32 tc class add dev eth0 parent 1:2 classid 1:3 htb rate 64Kbit ceil 64Kbit burst 0Kbit # Filters to allocate packets for 192.168.4.100/32 # Now this is the trickier bit. I only map one IP into class 1:3, and # here is where. I attach a filter to hash table 2 slot 0x64 to map to # class 1:3. NOTE: 64 is hex, means 100 decimal which matches IP .100 tc filter add dev eth0 protocol ip parent 1:2 u32 ht 2:64: match ip src 192.168.4.100 flowid 1:3 # you can repeat the last statement 254 times for the different IPs in # the class C. Example: IP 1 tc filter add dev eth0 protocol ip parent 1:2 u32 ht 2:1 match ip src 192.168.4.1 flowid 1:3 This is not perfect, and the average number of evaluations is n/2 + 1 where n is the number of class C networks. So on 4000 addresses you are looking at 16/2 + 1 = approx 9 evaluations vs n/2 = 2000 on your current setup (4000 = 16 class C) Gideon On Wed, 2003-05-14 at 01:17, Matias BjÃrling wrote: > Hey > > A wise man said to me that Hashing filters was my solution to rock the > world, and making my life alot easier. When applying 4000 rules, the system > had to check them all for match. But with hassing it would only require 1-2 > checks. > > Even though when i had read the lartc on the subject i was no less that a > question mark. > > If anyone have played with it, and have a working, logic configuration and > can tell me how it works and why i would be greatly grateful. > > Regards > > Matias BjÃrling
