Hello all, this is my first post here. Sorry for my english.
Gentoo LAN router, 2.4.26-hardened-r2
There are 2 WAN links, one LAN link. I am doing some iptables/routing/tc magic
in my scripts. What's interesting is marking packets traveling from all IP's
in LAN.
Interesting commands are:
-------------
for ip in `seq 50`;
do
$IPTABLES -t mangle -A FORWARD -o eth2 -d 10.0.1.$ip -j MARK
--set-mark 50${ip}1
$IPTABLES -t mangle -A FORWARD -i eth2 -s 10.0.1.$ip -j MARK
--set-mark 50${ip}2
done
-------------
So now I am able to make statistics per IP (lstat.sourceforge.net) and of
course - do some traffic shaping. i have used cbq.init and then i wrote this:
-------------
for ipek in `seq 50`; do
$TC class add dev eth2 parent 1: classid 1:10$ipek cbq bandwidth 100Mbit rate
${USERDOWNLOAD}Kbit weight `echo
${USERDOWNLOAD} / 10 | bc`Kbit prio 5 allot 1514 cell 8 maxburst 20 avpkt
1000 bounded
$TC qdisc add dev eth2 parent 1:10$ipek handle 10$ipek tbf rate
${USERDOWNLOAD}Kbit buffer 1Kb/8 limit 15Kb mt
u 1500
$TC filter add dev eth2 parent 1:0 protocol ip prio 200 handle 50${ipek}1 fw
classid 1:10${ipek}
done
-------------
everything works fine. users can download at rate max180Kbit or whatever rate
want. but one user, as I see on graph and iptraf with filter on his ip -
downloads at rates >180Kbit (he gets even >40 Kbytes/s !)
i have made some tests. his packets are marked correctly because graphs work
fine. my scripts are written correctly too because other hosts cannot exceed
180Kbit bandwith when dowloading. i have tested it on my computer.
but why one host downloads faster? i have shutted off my tc script and used
cbq.init with sth like this:
DEVICE=eth2,100Mbit,10Mbit
RATE=80Kbit
WEIGHT=8Kbit
MARK=5091
PEAK=80Kbit
#RULE=10.0.1.9
and it doesn't work.
packets are marked correctly:
azazel mfw # iptables -t mangle -L FORWARD -vnx | grep 10.0.1.8
299 110603 MARK all -- * eth2 0.0.0.0/0
10.0.1.8 MARK set 0x13d9
436 411375 MARK all -- eth2 * 10.0.1.8
0.0.0.0/0 MARK set 0x13da
cbq stats looks like this:
azazel mfw # cbq stats
### eth0: queueing disciplines
qdisc pfifo_fast 0: [Unknown qdisc, optlen=20]
Sent 1034932 bytes 3090 pkts (dropped 0, overlimits 0)
### eth1: queueing disciplines
qdisc pfifo_fast 0: [Unknown qdisc, optlen=20]
Sent 44005 bytes 335 pkts (dropped 0, overlimits 0)
### eth2: queueing disciplines
qdisc cbq 1: rate 100Mbit (bounded,isolated) prio no-transmit
Sent 2869896 bytes 3850 pkts (dropped 0, overlimits 0)
borrowed 0 overactions 0 avgidle 62 undertime 0
### eth2: traffic classes
class cbq 1:1001 parent 1: rate 80Kbit (bounded) prio 5
Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
borrowed 0 overactions 0 avgidle 2.26888e+06 undertime 0
class cbq 1: root rate 100Mbit (bounded,isolated) prio no-transmit
Sent 2872596 bytes 3862 pkts (dropped 0, overlimits 0)
borrowed 0 overactions 0 avgidle 54 undertime 0
### eth2: filtering rules
filter parent 1: protocol ip pref 200 fw
filter parent 1: protocol ip pref 200 fw handle 0x13e3 classid 1:1001
look at this!!
class cbq 1:1001 parent 1: rate 80Kbit (bounded) prio 5
Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
iptraf show rate 51.6 kbytes/sec ..
and now when i comment MARK and uncomment RULE=10.0.1.9 all works GREAT!
traffic to host is shaped and iptraf shows rate 10 kbytes/sec
so.. WTF ?! cbq works with MARK on other hosts... but not on this one. he uses
flashget or some p2p tool, iptraf shows about 300 connections and the numver
increases slowly.
now im am trying hardener-r5 kernel and then i will try htb.init with MARK,
maybe this will help. and i can recompile iproute2.
--
.: Jakub Głazik (zytek)
.: email:zytek@xxxxxxxxxxxxxxx
.: JID:zytek@xxxxxxxxxxxxxxxxxxxxxx
.: http://www.misiaj.sie.pl [obsolete]
_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
