Rules OK (?), no filtering...

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi

I have defined a single HTB qdisc on eth0 with one root class 1:1 further subdivided as below, nothing complicated.


                   1: (root qdisc)
                    |
                    |
                   1:1 (root class)
                   /\
                 /    \
               /        \
             /            \
           /                \
        1:10                  \               }
       / | \                 1:20             }
     /   |   \                 / \            }  <------  subclasses
   /     |     \             /     \          }
1:100  1:200  1:300       1:201  1:202        }
  |      |      |           |      |
  |      |      |           |      |
 101:   102:   103:        201:   202:           <------  sqf qdiscs



I have a filtering rule on 1: directing everything from/to IP_address.xx.yy.zz to class 1:20.
There is a filtering rule on (subclass) 1:20 directing everything to/from ports 25, 80, 110, 119 to (subclass) 1:201.
n
Also, there are further filtering rules on 1:10 towards 1:200 and 1:300, based on src ip addresses.
That's it for filtering rules.
In my definition for htb 1: I included "default 10"

I have enclosed the details (but not the script that generated this configuration) at the end. As you can see, even though the qdiscs and classes are properly defined with (seemingly) proper filters, there is traffic only on subclass 1:201, sqf 201: and on htb 1:, rootclass 1:1. None on the other branches...

But a capture of the traffic confirms that there is indeed activity on those other branches.

I have assumed (wrongly?) that defining two filter rules on 1:10 would send all unmatched traffic on the third branch (same assumption for the filter on 1: and on 1:20). When I tried the following (as mentioned in the documentation):

tc filter add dev eth0 protocol ip parent 1:10 prio 2 flowid 1:100

on the line following my two filter definitions, hoping to send "packets not matched so far" to 1:100, tc complained: "unknown filter "flowid" hence opion "1:100" is unparsable"...

Can one define filtering rules on classes as well as on qdiscs? Does the target have to be a qdisc or can it also be a class? What about default behaviour?

One last thing: I have defined my initial qdisc on eth0 as 1: with default 10. This should send any unfiltered stuff to 1:10, no matter the absence of a default filter. Could the absence of such a default filter on 1:10 prevent this classifying?

What am i missing?

TIA.

P.S. Please let me know if you need other info.

qdisc sfq 202: quantum 1514b limit 128p flows 128/1024 perturb 10sec 
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0) 

 qdisc sfq 201: quantum 1514b limit 128p flows 128/1024 perturb 10sec 
 Sent 38931081 bytes 37478 pkts (dropped 0, overlimits 0) 

 qdisc sfq 103: quantum 1514b limit 128p flows 128/1024 perturb 10sec 
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0) 

 qdisc sfq 102: quantum 1514b limit 128p flows 128/1024 perturb 10sec 
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0) 

 qdisc sfq 101: quantum 1514b limit 128p flows 128/1024 perturb 10sec 
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0) 

 qdisc htb 1: r2q 10 default 101 direct_packets_stat 566828 ver 3.16
 Sent 494717098 bytes 604311 pkts (dropped 0, overlimits 139598) 

 
filter parent 1: protocol ip pref 100 u32 
filter parent 1: protocol ip pref 100 u32 fh 804: ht divisor 1 
filter parent 1: protocol ip pref 100 u32 fh 804::800 order 2048 key ht 804 bkt 0 flowid 1:201 
  match 00160000/ffff0000 at 20
filter parent 1: protocol ip pref 100 u32 fh 804::801 order 2049 key ht 804 bkt 0 flowid 1:201 
  match 00170000/ffff0000 at 20
filter parent 1: protocol ip pref 100 u32 fh 804::802 order 2050 key ht 804 bkt 0 flowid 1:201 
  match 00190000/ffff0000 at 20
filter parent 1: protocol ip pref 100 u32 fh 804::803 order 2051 key ht 804 bkt 0 flowid 1:201 
  match 00500000/ffff0000 at 20
filter parent 1: protocol ip pref 100 u32 fh 804::804 order 2052 key ht 804 bkt 0 flowid 1:201 
  match 006e0000/ffff0000 at 20
filter parent 1: protocol ip pref 100 u32 fh 804::805 order 2053 key ht 804 bkt 0 flowid 1:201 
  match 00770000/ffff0000 at 20
filter parent 1: protocol ip pref 100 u32 fh 804::806 order 2054 key ht 804 bkt 0 flowid 1:201 
  match 01bb0000/ffff0000 at 20
filter parent 1: protocol ip pref 100 u32 fh 803: ht divisor 1 
filter parent 1: protocol ip pref 100 u32 fh 803::800 order 2048 key ht 803 bkt 0 flowid 1:201 
  match 00000016/0000ffff at 20
filter parent 1: protocol ip pref 100 u32 fh 803::801 order 2049 key ht 803 bkt 0 flowid 1:201 
  match 00000017/0000ffff at 20
filter parent 1: protocol ip pref 100 u32 fh 803::802 order 2050 key ht 803 bkt 0 flowid 1:201 
  match 00000019/0000ffff at 20
filter parent 1: protocol ip pref 100 u32 fh 803::803 order 2051 key ht 803 bkt 0 flowid 1:201 
  match 00000050/0000ffff at 20
filter parent 1: protocol ip pref 100 u32 fh 803::804 order 2052 key ht 803 bkt 0 flowid 1:201 
  match 0000006e/0000ffff at 20
filter parent 1: protocol ip pref 100 u32 fh 803::805 order 2053 key ht 803 bkt 0 flowid 1:201 
  match 00000077/0000ffff at 20
filter parent 1: protocol ip pref 100 u32 fh 803::806 order 2054 key ht 803 bkt 0 flowid 1:201 
  match 000001bb/0000ffff at 20
filter parent 1: protocol ip pref 100 u32 fh 802: ht divisor 1 
filter parent 1: protocol ip pref 100 u32 fh 802::800 order 2048 key ht 802 bkt 0 flowid 1:20 
  match cea29213/ffffffff at 16
filter parent 1: protocol ip pref 100 u32 fh 802::801 order 2049 key ht 802 bkt 0 flowid 1:20 
  match cea29213/ffffffff at 12
filter parent 1: protocol ip pref 100 u32 fh 801: ht divisor 1 
filter parent 1: protocol ip pref 100 u32 fh 801::800 order 2048 key ht 801 bkt 0 flowid 1:300 
  match cea29241/ffffffff at 16
filter parent 1: protocol ip pref 100 u32 fh 801::801 order 2049 key ht 801 bkt 0 flowid 1:300 
  match cea29241/ffffffff at 12
filter parent 1: protocol ip pref 100 u32 fh 801::802 order 2050 key ht 801 bkt 0 flowid 1:300 
  match cea29281/ffffffff at 16
filter parent 1: protocol ip pref 100 u32 fh 801::803 order 2051 key ht 801 bkt 0 flowid 1:300 
  match cea29281/ffffffff at 12
filter parent 1: protocol ip pref 100 u32 fh 801::804 order 2052 key ht 801 bkt 0 flowid 1:300 
  match 8ed9d1c1/ffffffff at 16
filter parent 1: protocol ip pref 100 u32 fh 801::805 order 2053 key ht 801 bkt 0 flowid 1:300 
  match 8ed9d1c1/ffffffff at 12
filter parent 1: protocol ip pref 100 u32 fh 800: ht divisor 1 
filter parent 1: protocol ip pref 100 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:200 
  match cea2921e/ffffffff at 12
filter parent 1: protocol ip pref 100 u32 fh 800::801 order 2049 key ht 800 bkt 0 flowid 1:200 
  match cea2921e/ffffffff at 16
filter parent 1: protocol ip pref 100 u32 fh 800::802 order 2050 key ht 800 bkt 0 flowid 1:200 
  match cea2921f/ffffffff at 12
filter parent 1: protocol ip pref 100 u32 fh 800::803 order 2051 key ht 800 bkt 0 flowid 1:200 
  match cea2921f/ffffffff at 16
filter parent 1: protocol ip pref 100 u32 fh 800::804 order 2052 key ht 800 bkt 0 flowid 1:200 
  match cea29217/ffffffff at 12
filter parent 1: protocol ip pref 100 u32 fh 800::805 order 2053 key ht 800 bkt 0 flowid 1:200 
  match cea29217/ffffffff at 16

class htb 1:202 parent 1:20 leaf 202: prio 7 quantum 1638 rate 128Kbit ceil 256Kbit burst 4Kb/8 mpu 0b cburst 1926b/8 mpu 0b level 0 
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0) 
 lended: 0 borrowed: 0 giants: 0
 tokens: 256000 ctokens: 60218

class htb 1:1 root rate 1581Kbit ceil 1581Kbit burst 4Kb/8 mpu 0b cburst 3622b/8 mpu 0b level 7 
 Sent 39370141 bytes 38002 pkts (dropped 0, overlimits 0) 
 rate 5928bps 7pps 
 lended: 0 borrowed: 0 giants: 0
 tokens: 13075 ctokens: 10682

class htb 1:10 parent 1:1 rate 1325Kbit ceil 1581Kbit burst 4Kb/8 mpu 0b cburst 3622b/8 mpu 0b level 6 
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0) 
 lended: 0 borrowed: 0 giants: 0
 tokens: 24729 ctokens: 18332

class htb 1:100 parent 1:10 leaf 101: prio 1 quantum 12044 rate 941Kbit ceil 1581Kbit burst 4Kb/8 mpu 0b cburst 3622b/8 mpu 0b level 0 
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0) 
 lended: 0 borrowed: 0 giants: 0
 tokens: 34822 ctokens: 18332

class htb 1:200 parent 1:10 leaf 102: prio 7 quantum 1638 rate 128Kbit ceil 128Kbit burst 4Kb/8 mpu 0b cburst 1762b/8 mpu 0b level 0 
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0) 
 lended: 0 borrowed: 0 giants: 0
 tokens: 256000 ctokens: 110186

class htb 1:20 parent 1:1 rate 256Kbit ceil 256Kbit burst 4Kb/8 mpu 0b cburst 1926b/8 mpu 0b level 6 
 Sent 39371655 bytes 38003 pkts (dropped 0, overlimits 0) 
 rate 5970bps 7pps 
 lended: 10145 borrowed: 0 giants: 0
 tokens: 41694 ctokens: -26088

class htb 1:300 parent 1:10 leaf 103: prio 7 quantum 3276 rate 256Kbit ceil 1581Kbit burst 4Kb/8 mpu 0b cburst 3622b/8 mpu 0b level 0 
 Sent 0 bytes 0 pkts (dropped 0, overlimits 0) 
 lended: 0 borrowed: 0 giants: 0
 tokens: 128000 ctokens: 18332

class htb 1:201 parent 1:20 leaf 201: prio 7 quantum 1638 rate 128Kbit ceil 256Kbit burst 4Kb/8 mpu 0b cburst 1926b/8 mpu 0b level 0 
 Sent 39365817 bytes 37998 pkts (dropped 0, overlimits 0) 
 rate 6135bps 7pps 
 lended: 27857 borrowed: 10141 giants: 0
 tokens: 75194 ctokens: -26088


_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux