Dear All
I am trying a very simple set up: (a bit long message follows)
#Flush previous definitions
$TC qdisc del dev $VVNET root >&/dev/null
$TC qdisc del dev $INTERNET root >&/dev/null
$IPT -t mangle -D PREROUTING -i $INTERNET -d 200.231.56.0/24 -j IMQ --todev 0
# Mothers off all disciplines
$TC qdisc add dev $VVNET root handle 1: htb default FFFF r2q 1
$TC qdisc add dev $INTERNET root handle 1: htb default FFFF r2q 1
#Master Class - outputs to local radio network and internet
$TC class add dev $VVNET parent 1: classid 1:1 htb rate 256Kbit ceil 256Kbit
$TC class add dev $INTERNET parent 1: classid 1:1 htb rate 256Kbit ceil 256Kbit
#Everything coming from internet to the clients goes thru IMQ
$IPT -t mangle -A PREROUTING -i $INTERNET -d 1.2.3.0/24 -j IMQ --todev 0
$IP link set imq0 up
#Ping classes
$TC class add dev $INTERNET parent 1:1 classid 1:22 htb \
rate 100Kbit ceil 100Kbit
$TC class add dev $VVNET parent 1:1 classid 1:22 htb \
rate 100Kbit ceil 100Kbit
So far no news! Let try some filtering:
$TC filter add dev $VVNET protocol ip \
parent 1:0 prio 2 u32 \
match ip icmp_type 0 0xff flowid 1:22
$TC filter add dev $VVNET protocol ip \
parent 1:0 prio 2 u32 \
match ip icmp_type 8 0xff flowid 1:22
$TC filter add dev $INTERNET protocol ip \
parent 1:0 prio 2 u32 \
match ip icmp_type 0 0xff flowid 1:22
$TC filter add dev $INTERNET protocol ip \
parent 1:0 prio 2 u32 \
match ip icmp_type 8 0xff flowid 1:22
What do I mean!? Every single icmp (request or reply) goes thru
its own class.
But if I ping interface $INTERNET address (from outside)
'tc -s class show dev $INTERNET' counter for class 1:22 doesn't increment!
(pings do get replyed). There is sometimes something passing thru 1:22 but it
is certainly not icmp packets I am filtering.
For the records: default class 1:ffff counter is NOT incrementing as well.
What is wrong with my setup??
# tc filter ls dev eth3 ($INTERNET is eth3)
filter parent 1: protocol ip pref 2 u32
filter parent 1: protocol ip pref 2 u32 fh 800: ht divisor 1
filter parent 1: protocol ip pref 2 u32 fh 800::800 order 2048 key ht 800 \
bkt 0 flowid 1:22 match 00000000/ff000000 at 20
filter parent 1: protocol ip pref 2 u32 fh 800::801 order 2049 key ht 800 \
bkt 0 flowid 1:22 match 08000000/ff000000 at 20
(BTW this offset 'at 20' is it decimal or hex???
'tc add filter' put it there, not me.))
# tc -s class show dev eth3 |head -5 ; echo sleeping 5 seconds; \
sleep 5 ;tc -s class show dev eth3 |head -5
class htb 1:22 parent 1:1 prio 0 rate 100Kbit ceil 100Kbit\
burst 1727b cburst 1727b
Sent 44408169 bytes 58800 pkts (dropped 0, overlimits 0)
lended: 58800 borrowed: 0 giants: 0
tokens: 105984 ctokens: 105984
sleeping 5 seconds
class htb 1:22 parent 1:1 prio 0 rate 100Kbit ceil 100Kbit\
burst 1727b cburst 1727b
Sent 44408169 bytes 58800 pkts (dropped 0, overlimits 0)
lended: 58800 borrowed: 0 giants: 0
tokens: 105984 ctokens: 105984
#
Thanx for your time
Regards
--
Ethy H. Brito /"\
InterNexo Ltda. \ / CAMPANHA DA FITA ASCII - CONTRA MAIL HTML
+55 (12) 3941-6860 X ASCII RIBBON CAMPAIGN - AGAINST HTML MAIL
S.J.Campos - Brasil / \
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
