Hi! * On Tue, Aug 05, 2003 at 08:05 PM (+0100), Richard Lamont wrote: > I'm trying to set a box up that rate limits everything sent to the > outside world, but not limit stuff to my own LAN, using tbf. > I don't really understand what I'm doing, and I could do with some > help to make this script work. I am not an expert within "tc", so some other user most probably will correct me... > -----------------------------------8<---------------------------------- > #!/bin/bash > > DEV=eth0 > LAN=192.168.1.0/24 > RATE=200kbit > LIMIT=10000 > BURST=22000 > > # Clear out old settings > tc qdisc del dev $DEV root > tc qdisc del dev $DEV ingress > > # Start loading new stuff > tc qdisc add dev $DEV root handle 1: prio This creates the root qdisc (prio). It also creates implicitly three classes (1:1, 1:2 and 1:3) within this qdisc. > # Stuff addressed to LAN goes straight through > tc qdisc add dev $DEV parent 1:1 handle 10: prio I think a simple classless qdisc would be enough here (e.g. "pfifo" or "sfq"), I don't know why you need another classful qdisc. > # Stuff addressed to big wide world gets shaped > tc qdisc add dev $DEV parent 1:2 handle 20: tbf limit $LIMIT burst $BURST rate $RATE Now, two (1:1 and 1:2) of the three implicitly created classes are filled with classless qdiscs. > # Filter on LAN destination address > tc filter add dev $DEV parent 10: protocol ip u32 match ip src $LAN flowid 1:1 The filter rule must be assigned as a child of the outer qdisc (1:). Further, you should use "dst" instead of "src" as you want to filter using the destination address given within the IP header. I think, something like: tc filter add dev $DEV parent 1: protocol ip prio 10 u32 match ip dst $LAN flowid 1:1 should do it. > # Default filter for everything else > tc filter add dev $DEV parent 20: protocol ip flowid 1:2 Here, the same thing: the filter should be a child of "1:" and the classifier (e.g. "u32") is not specified. To match all kind of traffic I would suggest to set up something like this: tc filter add dev $DEV parent 1: protocol ip prio 15 u32 match ip dst 0.0.0.0/0 flowid 1:2 Using the priorities, the first filter rule (prio 10) is used at first, so traffic which is going to $LAN will be put into class 1:1. If the traffic was not put into class 1:1 (because it is not going to $LAN), the second filter rule (prio 15) will be applied, and the traffic will be put into class 1:2, which contains the classless TBF (which uses the bandwidth limits). > When I run this script, it says: > > RTNETLINK answers: No such file or directory > Unknown filter "flowid", hence option "1:2" is unparsable The error message is probably produced because you didn't give a known filter, like "u32", "fw", "tcindex", and so on. > Any help gratefully received. TIA. I hope that I could help you a little bit. As I stated above, I am quite new to the traffic control matter. Best Regards, Steffen
