On 05/12, dE wrote: > Hello everyone! > > I was trying to do some traffic shaping to make http pages more responsive > while torrenting. So I decided to modify TOS value of packets to have an > affect on the default pfifo_fast qdisc. > > I've the following iptable rules -- > > #DNS request > iptables -t mangle -A OUTPUT -o eth1 -p udp -m multiport --dports 53 -j TOS > --set-tos 0x10 > > #DNS response > iptables -t mangle -A PREROUTING -i eth1 -p udp -m multiport --sports 53 -j > TOS --set-tos 0x10 > > #Incoming torrent connections > iptables -t mangle -A PREROUTING -i eth1 -p tcp -m multiport --dports 2000 > -j TOS --set-tos 0x2 > iptables -t mangle -A PREROUTING -i eth1 -p udp -m multiport --dports > 2000,1900,2001 -j TOS --set-tos 0x2 > > #Mail server > iptables -t mangle -A OUTPUT -o eth1 -p tcp -d imap.googlemail.com -m > multiport --dports 993 -j TOS --set-tos 0x10 > > #HTTP(S) > iptables -t mangle -A OUTPUT -o eth1 -p tcp -m multiport --dports 80,443 -j > TOS --set-tos 0x14 > #iptables -t mangle -A OUTPUT -o eth1 -p tcp -m multiport --dports 80,443 -j > TOS --set-tos 0x10 > iptables -t mangle -A PREROUTING -i eth1 -p tcp -m multiport --sport 80,443 > -j TOS --set-tos 0x14 > #iptables -t mangle -A PREROUTING -i eth1 -p tcp -m multiport --sport 80,443 > -j TOS --set-tos 0x10 There are several issues with your configuration. First, setting the (deprecated ToS) bits on incoming packets if you don't plan to forward these packets is senseless. Second, all *fifo* qdiscs are work-conserving, i.e. will dequeue packets at line speed. As the bandwidth of your local LAN is usually quite a bit higher than your internet uplink packets will still pile up at your DSL/cable/... modem. To actually prioritize services you need to own the queue by limiting your egress packet rate to slughtly lower than your modems rate. Be aware that most ISPs overcommit bandwidth in the order of 1:15-1:50 and your setup will still be ineffective if the shaped rate is higher than the modems rate. > But is there a difference between all TOS values which fall in a single > band? Nope. > I mean, does the behavior of pfifo_fast change if I change from 0x12 to > 0x16? Cause I thought the qdisc to be simple, and a different behavior for > all of the above TOS values means pfifo_fast does a lot more than just > placing packets in 3 different queues. Nope. > Another question -- how do you get these TOS values? They are derived from [0]. Again ToS bits are deprecated. > and what does -j TOS --set-tos <HEX/DEC> do? Does it modify the 4 bits > or the whole 8 bit TOS value in the header, or does something > completely different? Citing the manpage: "This module sets the Type of Service field in the IPv4 header (including the "precedence" bits) or the Priority field in the IPv6 header." It accesses the whole byte. Again ToS is deprecated. If you want to explicitely mark packet priorities in your network use DSCP (but don't forget admission control), otherwise just use iptables to match hosts/protocols directly to HTB/HFSC/DRR/... classes. Regards, Ben [0] https://tools.ietf.org/html/rfc1349
Attachment:
pgpuhcNFoIJ8e.pgp
Description: PGP signature
