Re: Most general filter rule?

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

> Post your script and maybe we can help.

Ok thank you - a script says more than thousand words I guess - but I only kept the essential parts:

# here we go:
tc qdisc add dev eth2 root handle 1: htb default 1000
tc class add dev eth2 parent 1: classid 1:100 htb rate 10400kbit ceil 10400kbit
tc class add dev eth2 parent 1:100 classid 1:1000 htb rate 128kbit ceil 10400kbit prio 3 quantum 2000
tc class add dev eth2 parent 1:100 classid 1:2000 htb rate 512kbit ceil 10400kbit prio 1 quantum 20000

tc class add dev eth2 parent 1:100 classid 1:1021 htb rate 10kbit ceil 512kbit prio 3 quantum 2000
tc class add dev eth2 parent 1:100 classid 1:1022 htb rate 10kbit ceil 512kbit prio 3 quantum 2000
tc class add dev eth2 parent 1:100 classid 1:1023 htb rate 10kbit ceil 512kbit prio 3 quantum 2000
...
# this goes on for a couple of hundred classes
...
# test class which I am trying to give all the traffic not belonging to other classes
tc class add dev eth2 parent 1:100 classid 1:5000 htb rate 10kbit ceil 256kbit prio 3 quantum 2000

# now the filters:
tc filter add dev eth2 pref 1 protocol ip parent 1: u32 match ip dst aaa.bbb.ccc.ddd/32 flowid 1:2000
tc filter add dev eth2 pref 1 protocol ip parent 1: u32 match ip src aaa.bbb.ccc.ddd/32 flowid 0:

tc filter add dev eth2 pref 100 protocol ip parent 1: u32 match ip dst aaa.bbb.ccc.ddd/32 flowid 1:1021
tc filter add dev eth2 pref 100 protocol ip parent 1: u32 match ip dst aaa.bbb.ccc.ddd/32 flowid 1:1022
tc filter add dev eth2 pref 100 protocol ip parent 1: u32 match ip dst aaa.bbb.ccc.ddd/32 flowid 1:1023
...
# this goes on for all the classes
...
# now my test filter which should prevent all other traffic going to default
tc filter add dev eth2 pref 200 protocol all parent 1: u32 match ip dst 0.0.0.0/0 flowid 1:5000

-----------------------------

With "tc -d -s class show dev eth2" I see traffic flowing through the classes nicely but I see
just about 20bps in 1:5000 and about 30000bps in default (1:1000).

Anybody can tell me why?
What kind of traffic doesn't get matched by "dst 0.0.0.0/0" and "protocol all"?

And yes - these are all public IPs.

thanks!

Andreas
_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux