Re: Ssh flow does not go into correct class. Help!

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Sorry, I did not make it clear. The machine I want to do traffic control is a server which run sshd. I think it should be --sport.
I also tried to use :
        iptables -t mangle -A PREROUTING -m tos --tos Minimize-Delay -j MARK --set-mark 20
the ssh traffice still goes into default 12.
 
following is the evidence:
bash#tc -s -d class show dev eth0

class htb 1:11 parent 1:1 leaf 111: prio 1 quantum 1000 rate 10Kbit ceil 10Kbit burst 1611b/8 mpu 0b cburst 1611b/8 mpu 0b level 0
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
 lended: 0 borrowed: 0 giants: 0
 tokens: 1031680 ctokens: 1031680
 
class htb 1:1 root rate 1000Kbit ceil 2000Kbit burst 2879b/8 mpu 0b cburst 4159b/8 mpu 0b level 7
 Sent 21163 bytes 149 pkts (dropped 0, overlimits 0)
 rate 5bps
 lended: 0 borrowed: 0 giants: 0
 tokens: 17818 ctokens: 13004
 
class htb 1:13 parent 1:1 leaf 113: prio 1 quantum 1280 rate 100Kbit ceil 100Kbit burst 1727b/8 mpu 0b cburst 1727b/8 mpu 0b level 0
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
 lended: 0 borrowed: 0 giants: 0
 tokens: 110592 ctokens: 110592
 
class htb 1:12 parent 1:1 leaf 112: prio 1 quantum 10240 rate 800Kbit ceil 1600Kbit burst 2623b/8 mpu 0b cburst 3647b/8 mpu 0b level 0
 Sent 21163 bytes 149 pkts (dropped 0, overlimits 0)
 rate 5bps
 lended: 149 borrowed: 0 giants: 0
 tokens: 20225 ctokens: 14208


Mika Hirvonen <hirvox@xxxxxxxxx> wrote:
On Wed, 26 Jan 2005 18:56:24 +0800 (CST), CcM wrote:
> I'm a new comer. I have problems using tc+htb. I run the following commands,
> and expect outgoing ssh flow goes into 1:11. But actually it goes into
> default 12. What's wrong?

> iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 22 -j MARK --set-mark
> 20
> iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 22 -j RETURN

These two lines should use --dport instead of --sport. The source port
is random.

AFAIR OpenSSH (and probably others) automatically mark their packets
with proper ToS flags, so you should considering using those instead
of port numbers. If you classify ssh traffic by port number only, SSH
file transfers (scp and sftp) end up in the same class as interactive
traffic.


--
Mika Hirvonen


Do You Yahoo!?
注册世界一流品质的雅虎免费电邮
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux