On 2/4/07, Georgy Zhukov <zhukov@xxxxxxxxx> wrote:
On 2/4/07, Salatiel Filho <salatiel.filho@xxxxxxxxx> wrote: > On 2/4/07, Alexandru Dragoi <alex@xxxxxxxxxx> wrote: > > Salatiel Filho wrote: > > > Hi guys , i am starting to "play" with qos in linux. Well , i am > > > trying to setup an ingress filter but i do not know why it is not > > > working. > > > > > > tc add qdisc dev eth0 ingress > > > tc filter add dev eth0 parent ffff: protocol ip prio 1 handle 1 fw > > > police rate 160kbit burst 256kbit drop flowid :1 > > > > > > After that : > > > > > > iptables -A PREROUTING -t mangle --sport 80 -j MARK --set-mark 1 > > > > > > So , i think this should make all traffic from port 80 be filtered by > > > tc , does it ? > > > > > > But it is not working , i keep downloading at full speed from port 80. > > > > > > Any help ? > > > > > I think becasue the MARK-ing is done after the ingress. Better use u32 > > on ingress. > > > > I did not know that :D > Now i am gonna try to understand u32. Once I wanted to do something similar and worked ok with u32.
Well , according to : http://www.lartc.org/lartc.html#LARTC.ADV-QDISC.INGRESS It should work , see this : ############################################################ $iptables -A PREROUTING -i $INDEV -t mangle -p tcp --syn \ -j MARK --set-mark 1 ############################################################ # # install the ingress qdisc on the ingress interface ############################################################ $TC qdisc add dev $INDEV handle ffff: ingress ############################################################ # # # SYN packets are 40 bytes (320 bits) so three SYNs equals # 960 bits (approximately 1kbit); so we rate limit below # the incoming SYNs to 3/sec (not very useful really; but #serves to show the point - JHS ############################################################ $TC filter add dev $INDEV parent ffff: protocol ip prio 50 handle 1 fw \ police rate 1kbit burst 40 mtu 9k drop flowid :1 ############################################################
> 2 doubts : > > 1) Do tc filters work like iptables [ First match stops the chain ] ?
what about this first question
> 2) what exactly mean "rate 160kbit burst 256kbit" ? Rate 160 and > can go till 256 ? rate 160 and can go till 160 + 256 ? Rate 160 and can allow until 256. > -- > []'s > Salatiel > > "O maior prazer do inteligente é bancar o idiota > diante de um idiota que banca o inteligente". > _______________________________________________ > LARTC mailing list > LARTC@xxxxxxxxxxxxxxx > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc >
-- []'s Salatiel "O maior prazer do inteligente é bancar o idiota diante de um idiota que banca o inteligente". _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
