strange tc filter behavior

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi  All 

I am fighting this for 3 days and could not find any reason it is not working
the way I want to (or I the way think it should).

Internet output interface = eth2 (htb qdisc)
Internet input interface = imq0 (eth2 attached - htb qdisc)

main class	= imq0 1:1
sub1		= 1:ffff (default)
sub2		= 1:10	(src ports 1433/tcp or 1434/tcp or 81/tcp or 82/tcp)
sub3		= 1:11	(src and dst port 25/tcp )
sub4		= 1:12	(src and dst ports 80/tcp or 53/any or 443/tcp)
sub5		= 1:99  (packets less than 64 bytes)

main class	= eth2 2:1
sub1		= 2:ffff (default)
sub2		= 2:10	(src ports 1433/tcp or 1434/tcp or 81/tcp or 82/tcp)
sub3		= 2:11	(src and dst port 25/tcp )
sub4		= 2:12	(src and dst ports 80/tcp or 53/any or 443/tcp)
sub5		= 2:99  (packets less than 64 bytes)

I then created the script bellow. The problem is I can't 'see' any traffic
(Sent 0 bytes) on classes 1:11 1:12 on imq0. Classes 2:11 and 2:12 on eth2
has its counters increased and seems to make sence.

Any help will be greatly appreciated.

Thaks a lot.

#!/bin/sh

#
# Regras para HTB geradas em Thu Dec 22 11:16:01 2005
#
#
# htbgen version 0.0.1 - 2005/12/16
#

IP=/sbin/ip
TC=/sbin/tc

#
# Rules for input via eth2 (output via imq0)
#

$TC qdisc del dev imq0 root >&/dev/null

$TC qdisc add dev imq0 root handle 1: htb default ffff r2q 1


IPT=/usr/sbin/iptables
RMMOD=/sbin/rmmod
MODPROBE=/sbin/modprobe

$IPT -t mangle -F PREROUTING
$IP link set imq0 down

$IPT -t mangle -A PREROUTING -i eth2 -j IMQ --todev 0
$IP link set imq0 up

$TC class add dev imq0 parent 1: classid 1:1 htb prio 1 rate 500kbit ceil 500kbit

#
# default imq0
#
$TC class add dev imq0 parent 1:1 classid 1:ffff htb prio 7 rate 50kbit ceil 100kbit
$TC qdisc add dev imq0 parent 1:ffff handle ffff sfq perturb 10

#
# ADMASTER
#
$TC class add dev imq0 parent 1:1 classid 1:10 htb prio 2 rate 150kbit ceil 500kbit
$TC filter add dev imq0 protocol ip parent 1: prio 2 \
   u32  \
      match ip dport 1433 0xffff  \
      match u8 6 0xff at 9 \
   flowid 1:10
$TC filter add dev imq0 protocol ip parent 1: prio 2 \
   u32  \
      match ip dport 1434 0xffff  \
      match u8 6 0xff at 9 \
   flowid 1:10
$TC filter add dev imq0 protocol ip parent 1: prio 2 \
   u32  \
      match ip dport 81 0xffff  \
      match u8 6 0xff at 9 \
   flowid 1:10
$TC filter add dev imq0 protocol ip parent 1: prio 2 \
   u32  \
      match ip dport 82 0xffff  \
      match u8 6 0xff at 9 \
   flowid 1:10
$TC filter add dev imq0 protocol ip parent 1: prio 2 \
   u32  \
      match mark 0x1 0xffff \
   flowid 1:10

#
# SMTP
#
$TC class add dev imq0 parent 1:1 classid 1:11 htb prio 3 rate 125kbit ceil 500kbit
$TC filter add dev imq0 protocol ip parent 1: prio 3 \
   u32  \
      match ip dport 25 0xffff  \
      match u8 6 0xff at 9 \
   flowid 1:11
$TC filter add dev imq0 protocol ip parent 1: prio 3 \
   u32  \
      match ip sport 25 0xffff  \
      match u8 6 0xff at 9 \
   flowid 1:11

#
# Navegation & Co.
#
$TC class add dev imq0 parent 1:1 classid 1:12 htb prio 4 rate 125kbit ceil 500kbit
$TC filter add dev imq0 protocol ip parent 1: prio 4 \
   u32  \
      match ip dport 80 0xffff  \
      match u8 6 0xff at 9 \
   flowid 1:12
$TC filter add dev imq0 protocol ip parent 1: prio 4 \
   u32  \
      match ip sport 80 0xffff  \
      match u8 6 0xff at 9 \
   flowid 1:12
$TC filter add dev imq0 protocol ip parent 1: prio 4 \
   u32  \
      match ip dport 443 0xffff  \
      match u8 6 0xff at 9 \
   flowid 1:12
$TC filter add dev imq0 protocol ip parent 1: prio 4 \
   u32  \
      match ip sport 443 0xffff  \
      match u8 6 0xff at 9 \
   flowid 1:12
$TC filter add dev imq0 protocol ip parent 1: prio 4 \
   u32  \
      match ip dport 53 0xffff  \
      match u8 6 0xff at 9 \
   flowid 1:12
$TC filter add dev imq0 protocol ip parent 1: prio 4 \
   u32  \
      match ip dport 53 0xffff  \
      match u8 17 0xff at 9 \
   flowid 1:12

#
# Interactivity
#
$TC class add dev imq0 parent 1:1 classid 1:99 htb prio 1 rate 50kbit ceil 250kbit
$TC filter add dev imq0 protocol ip parent 1: prio 1 \
   u32  \
      match u16 0x0000 0xffc0 at 2  \
   flowid 1:99


#
# Rules for ouput via eth2
#

$TC qdisc del dev eth2 root >&/dev/null

$TC qdisc add dev eth2 root handle 2: htb default ffff r2q 1

$TC class add dev eth2 parent 2: classid 2:1 htb prio 1 rate 500kbit ceil 500kbit

#
# default eth2
#
$TC class add dev eth2 parent 2:1 classid 2:ffff htb prio 7 rate 50kbit ceil 100kbit
$TC qdisc add dev eth2 parent 2:ffff handle ffff sfq perturb 10

#
# ADMASTER
#
$TC class add dev eth2 parent 2:1 classid 2:10 htb prio 2 rate 40kbit ceil 500kbit
$TC filter add dev eth2 protocol ip parent 2: prio 2 \
   u32  \
      match ip sport 1433 0xffff  \
      match u8 6 0xff at 9 \
   flowid 2:10
$TC filter add dev eth2 protocol ip parent 2: prio 2 \
   u32  \
      match ip sport 1434 0xffff  \
      match u8 6 0xff at 9 \
   flowid 2:10
$TC filter add dev eth2 protocol ip parent 2: prio 2 \
   u32  \
      match ip sport 81 0xffff  \
      match u8 6 0xff at 9 \
   flowid 2:10
$TC filter add dev eth2 protocol ip parent 2: prio 2 \
   u32  \
      match ip sport 82 0xffff  \
      match u8 6 0xff at 9 \
   flowid 2:10

#
# SMTP
#
$TC class add dev eth2 parent 2:1 classid 2:11 htb prio 3 rate 75kbit ceil 500kbit
$TC filter add dev eth2 protocol ip parent 2: prio 3 \
   u32  \
      match ip sport 25 0xffff  \
      match u8 6 0xff at 9 \
   flowid 2:11
$TC filter add dev eth2 protocol ip parent 2: prio 3 \
   u32  \
      match ip dport 25 0xffff  \
      match u8 6 0xff at 9 \
   flowid 2:11

#
# Navegation & Co.
#
$TC class add dev eth2 parent 2:1 classid 2:12 htb prio 4 rate 250kbit ceil 500kbit
$TC filter add dev eth2 protocol ip parent 2: prio 4 \
   u32  \
      match ip sport 80 0xffff  \
      match u8 6 0xff at 9 \
   flowid 2:12
$TC filter add dev eth2 protocol ip parent 2: prio 4 \
   u32  \
      match ip dport 80 0xffff  \
      match u8 6 0xff at 9 \
   flowid 2:12
$TC filter add dev eth2 protocol ip parent 2: prio 4 \
   u32  \
      match ip sport 443 0xffff  \
      match u8 6 0xff at 9 \
   flowid 2:12
$TC filter add dev eth2 protocol ip parent 2: prio 4 \
   u32  \
      match ip dport 443 0xffff  \
      match u8 6 0xff at 9 \
   flowid 2:12
$TC filter add dev eth2 protocol ip parent 2: prio 4 \
   u32  \
      match ip dport 53 0xffff  \
   flowid 2:12

#
# Interactivity
#
$TC class add dev eth2 parent 2:1 classid 2:99 htb prio 1 rate 50kbit ceil 250kbit
$TC filter add dev eth2 protocol ip parent 2: prio 1 \
   u32  \
      match u16 0x0000 0xffc0 at 2  \
   flowid 2:99

-- 

Ethy H. Brito         /"\
InterNexo Ltda.       \ /  CAMPANHA DA FITA ASCII - CONTRA MAIL HTML
+55 (12) 3941-6860     X   ASCII RIBBON CAMPAIGN - AGAINST HTML MAIL
S.J.Campos - Brasil   / \ 
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux