On Fri, 2007-02-09 at 20:52 +1100, tkb2766 wrote: > > -----Original Message----- > > From: lartc-bounces@xxxxxxxxxxxxxxx > > [mailto:lartc-bounces@xxxxxxxxxxxxxxx] On Behalf Of Andrew Beverley > > Sent: Friday, 9 February 2007 4:24 > > To: Anthony Kamau > > Cc: 'LARTC' > > Subject: RE: Problems with HTB. Help! > > > > Can you send your updated tc rules as well please? > > > > Andy > > > > Here's the htbinit script: > ************************************************************************ > #!/bin/bash > > # Whole purpose of this is to slow the P2P server down! > > ################################### > # Reset everything to known state # > ################################### > tc qdisc del dev eth1 root > > #################### > # Setup the links # > #################### > tc qdisc add dev eth1 parent root handle 2: htb default 13 > > ########################### > # Setup the root classes # > ########################### > tc class add dev eth1 parent 2: classid 2:1 htb rate 384kbit \ > ceil 384kbit > > ########################### > # Setup the child classes # > ########################### > tc class add dev eth1 parent 2:1 classid 2:10 htb rate 224kbit \ > ceil 384kbit prio 0 > tc class add dev eth1 parent 2:1 classid 2:11 htb rate 100kbit \ > ceil 100kbit prio 1 burst 1024k > tc class add dev eth1 parent 2:1 classid 2:12 htb rate 30kbit \ > ceil 30kbit prio 2 > tc class add dev eth1 parent 2:1 classid 2:13 htb rate 30kbit \ > ceil 30kbit prio 3 burst 1500 > > ##################### > # Setup the filters # > ##################### > # match acks the hard way, > # IP protocol 6, > # IP header length 0x5(32 bit words), > # IP Total length 0x34 (ACK + 12 bytes of TCP options) > # TCP ack set (bit 5, offset 33) > ACK="tc filter add dev eth1 protocol ip parent 2:0 prio 0 u32" > $ACK match ip protocol 6 0xff \ > match u8 0x05 0x0f at 0 \ > match u16 0x0000 0xffc0 at 2 \ > match u8 0x10 0xff at 33 \ > flowid 2:11 > U32="tc filter add dev eth1 protocol ip parent 2:0 u32" > $U32 match ip src 192.168.200.130 flowid 2:10 > $U32 match ip src 192.168.200.140 flowid 2:10 > $U32 match ip src 192.168.200.147 flowid 2:10 > P2P="tc filter add dev eth1 parent 2:0 prio 2 protocol ip" > #$P2P handle 1 fw flowid 2:12 > > #################################################### > # Setup the queue discipline for the child classes # > #################################################### > tc qdisc add dev eth1 parent 2:10 handle 10: sfq perturb 10 > tc qdisc add dev eth1 parent 2:11 handle 11: sfq perturb 10 > tc qdisc add dev eth1 parent 2:12 handle 12: sfq perturb 10 > ********************************************************************** > > And here is the rule in the firewall that is marking the parkets: > ************************************************************************ > $IPTABLES -t mangle -I FORWARD -s $P2PSRVR -i $LAN_IFACE -j MARK \ > --set-mark 1 > ************************************************************************ > > > Can you spot any issues with this? > > In the mean time, I'll try your classid method and if that works fine, then > so be it from now on. I see the problem. You're using a default of 13 so all unclassified traffic goes to classid 13. All traffic from and to 192.168.200.163 falls into this category, and is therefore limited to 30 kbit. I suggest changing your default to 10, removing the U32 rules to match all the other hosts, and using -j CLASSIFY --set-class 2:13 on your iptables rule (the current one based on MARK isn't used at the minute anyway because there is no tc filter for it). Hope this helps, Andy Beverley _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
