Re: Rules OK (?), no filtering...

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

karcinox@xxxxxxxxxxxxxxxx wrote: 
Hi

I have defined a single HTB qdisc on eth0 with one root class 1:1 further subdivided as below, nothing complicated.


                   1: (root qdisc)
                    |
                    |
                   1:1 (root class)
                   /\
                 /    \
               /        \
             /            \
           /                \
        1:10                  \               }
       / | \                 1:20             }
     /   |   \                 / \            }  <------  subclasses
   /     |     \             /     \          }
1:100  1:200  1:300       1:201  1:202        }
  |      |      |           |      |
  |      |      |           |      |
 101:   102:   103:        201:   202:           <------  sqf qdiscs



I have a filtering rule on 1: directing everything from/to IP_address.xx.yy.zz to class 1:20.
There is a filtering rule on (subclass) 1:20

From the filter stats it looks like you have everything on 1:0 some should have parent 1:20

directing everything to/from ports 25, 80, 110, 119 to (subclass) 1:201. 
n
Also, there are further filtering rules on 1:10 towards 1:200 and 1:300, based on src ip addresses.
That's it for filtering rules.
In my definition for htb 1: I included "default 10"

I have enclosed the details (but not the script that generated this configuration) at the end. 

Seeing that would be easier.

As you can see, even though the qdiscs and classes are properly defined with (seemingly) proper filters, there is traffic only on subclass 1:201, sqf 201: and on htb 1:, rootclass 1:1. None on the other branches... 

But a capture of the traffic confirms that there is indeed activity on those other branches.

I have assumed (wrongly?) that defining two filter rules on 1:10 would send all unmatched traffic on the third branch (same assumption for the filter on 1: and on 1:20). When I tried the following (as mentioned in the documentation):

tc filter add dev eth0 protocol ip parent 1:10 prio 2 flowid 1:100

tc filter add dev eth0 protocol ip parent 1:10 prio 3 u32 match u32 0 0 flowid 1:100 should do it make the other 2 on 1:10 prio 1 and 2 to be sure (though it will probably be OK with all at same prio if they get installed in the right order)


on the line following my two filter definitions, hoping to send "packets not matched so far" to 1:100, tc complained: "unknown filter "flowid" hence opion "1:100" is unparsable"...

Can one define filtering rules on classes as well as on qdiscs? 

yes

Does the target have to be a qdisc or can it also be a class?

can be a class.


 What about default behaviour?

not sure about htb default I only ever set it to a leaf - remember arp will go there if you shape eth unless you filter it elsewhere.


Andy.
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux