RE: Problems with HTB. Help!

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

> > 
> > Can you send your modified rules then that you say still 'did 
> > not work'?
> 
> Below is how I now have it:
> =====================================================================
> #!/bin/bash
> 
> #  Whole purpose of this is to slow the P2P server down!
> 
> ###################################
> # Reset everything to known state #
> ###################################
> tc qdisc del dev eth0 root
> tc qdisc del dev eth1 root
> 
> ####################
> # Setup the links  #
> ####################
> tc qdisc add dev eth0 parent root handle 1: htb default 10
> tc qdisc add dev eth1 parent root handle 2: htb default 10
> 
> ###########################
> # Setup the root classes  #
> ###########################
> tc class add dev eth1 parent 2: classid 2:1 htb rate 384kbit ceil 384kbit
> 
> ###########################
> # Setup the child classes #
> ###########################
> tc class add dev eth0 parent 1:1 classid 1:10 htb rate  10mbit ceil  10mbit
> prio 0
> tc class add dev eth1 parent 2:1 classid 2:10 htb rate 224kbit ceil 384kbit
> prio 0
> tc class add dev eth1 parent 2:1 classid 2:11 htb rate 100kbit ceil 100kbit
> prio 1
> tc class add dev eth1 parent 2:1 classid 2:12 htb rate  60kbit ceil  60kbit
> prio 2
> 
> #####################
> # Setup the filters #
> #####################
> # match acks the hard way,
> # IP protocol 6,
> # IP header length 0x5(32 bit words),
> # IP Total length 0x34 (ACK + 12 bytes of TCP options)
> # TCP ack set (bit 5, offset 33)
> ACK="tc filter add dev eth1 protocol ip parent 2:0 prio 1 u32"
> $ACK match ip protocol 6 0xff \
>   match u8 0x05 0x0f at 0 \
>   match u16 0x0000 0xffc0 at 2 \
>   match u8 0x10 0xff at 33 \
>   flowid 2:11
> U32="tc filter add dev eth1 protocol ip parent 2:0 prio 1 u32"
> $U32 match ip src 192.168.200.163 match ip sport 6881 0xffff flowid 2:12

I couldn't get this line to work either - maybe someone else can help as
I've never used u32 myself.

However, replacing it with:

iptables -t mangle -A FORWARD -o eth1 --source 10.0.14.250 -p tcp \
	--sport 6881 -j CLASSIFY --set-class 2:12

seems to do the trick.

You'll need to change tcp to udp if it's UDP that you want to match
rather than TCP.


_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux