Re: snooping htb default class

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Ethy H. Brito wrote:


Hi All

I've been struggling on this for a few days now and I think I still lack
the wisdom to do this. I ask you gurus to shed some light in this.

I created a hierarchy of HTB classes and "tc filter"ed the IP's to send
them to proper ones. So far so good.

The problem is I see large bursts (internet ->  inside) in default 128 Kbps
class. Normally it is around 10Kbps due to non classified ICMP packets and
the like.

The said I tried to snoop the default class. So I did

tc filter add dev eth0 parent 1: protocol ip prio 0xffff \
	u32 match ip src 0.0.0.0/0 flowid 1:defa \
	action mirred egress mirror dev $IFDEST

tc filter add dev ifb0 parent 1: protocol ip prio 0xffff \
	u32 match ip src 0.0.0.0/0 flowid 1:defa \
	action mirred egress mirror dev $IFDEST

tc filter add dev eth0 parent 1: protocol ipv6 prio 0xfffe \
	u32 match ip6 src ::0/0 flowid 1:defa \
	action mirred egress mirror dev $IFDEST

tc filter add dev ifb0 parent 1: protocol ipv6 prio 0xfffe \
	u32 match ip6 src ::0/0 flowid 1:defa \
	action mirred egress mirror dev $IFDEST

been IFDEST=dummy0

I calculate the Kbps in 'defa:' class like ("rate" stat shows 0bit!):
a=$(tc -s -d qdisc sh dev eth0|grep defa: -A 2| grep Sent|\
	cut -f 3 -d " "); \
sleep 10; \
b=$(tc -s -d qdisc sh dev eth0|grep defa: -A 2| grep  Sent |\
	 cut -f 3 -d " ");\
echo $[($b-$a)*8/10240]Kbps

I can see some bursts of 500~700Kbps about every 100 seconds!! Then it
slows to 10~15Kpbs again.

But when I "tcpdump -npi dummy0" I see only a few packets now and then!
Not the avalanche I would expect.

Why don't my filter rules grab ALL default htb class rule traffic and
send it to dummy0??


I've never played with tcpdump on dummy so can't comment on that.
htb default on eth will see all traffic not just ip/ipv6 which unless you filter arp elsewhere may bite you one day. 

Try using "protocol all" to see what's not being filtered.

--
To unsubscribe from this list: send the line "unsubscribe lartc" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux