Thanks Mike. Unfortunately, I can’t seem to add a filer at 1: probably because I’m using a classless qdisc there (tbf). I had tried it using HTB instead of TBF and I got the same result. This still doesn’t explain why I can successfully filter using an iptables fw mark at this same location (30:) By the way, there was a typo in my original email. This part: # Filter that doesn’t work. All traffic ends up in flow 30:3 $TC filter add dev $EXT parent 30: prio 1 u32 match ip dst 208.100.39.00/24 flowid 20:1 Should actually have been: # Filter that doesn’t work. All traffic ends up in flow 30:3 $TC filter add dev $EXT parent 30: prio 1 u32 match ip dst 208.100.39.00/24 flowid 30:1 Just be clear, this was a typo in my e-mail and not in my configuration. So this doesn’t change the fact that the u32 filter doesn’t seem to be matching as expected. It’s a simple enough to work around this using the fw mark. I just want to know why the u32 match isn’t working. Cheers! -Joe Rhodes On Jul 24, 2014, at 5:15 PM, Mike Schmidt <mike.schmidt@xxxxxxxxxxx> wrote: > I always put my filters on qdisc 1:, I've noticed that in some cases, > unless you have filters at the top level, nothing makes it to the > lower levels. I use IFB for devices and HFSC instead of tbf, so it > may be different for you. > >> On Thu, Jul 24, 2014 at 5:00 PM, Joe Rhodes <lists@xxxxxxxxxxxxx> wrote: >>> >>> I’ve got a CentOS 6.4 box (64bit) that’s acting as a router and firewall. >>> It has two ethernet interfaces, and it’s connected to a cable modem. I’m >>> attempting to do some bandwidth management. I’ve got: >>> >>> TBF with an upload rate limit of 4000kbit >>> a PRIO qdisc hanging off of that with 3 bands >>> an SFQ qdisc hanging off each of the bands of the PRIO qdisc >>> >>> The problem I’m running into is I cannot get outgoing packets to hit the >>> high priority queue using the u32 filter. I can seem to get it to work if I >>> use iptables to mark the packets and then filter based on the firewall mark. >>> >>> Setup commands look this this: >>> >>> $EXT is my external ethernet interface >>> $UPLD is 4000kbit >>> >>> $TC qdisc add dev $EXT root handle 1: tbf rate $UPLD burst 100k latency >>> 15ms mtu 100kb >>> $TC qdisc add dev $EXT parent 1: handle 30: prio priomap 2 2 2 2 2 2 2 2 1 >>> 1 1 1 1 1 1 0 >>> $TC qdisc add dev $EXT parent 30:1 handle 100: sfq perturb 10 >>> $TC qdisc add dev $EXT parent 30:2 handle 200: sfq perturb 10 >>> $TC qdisc add dev $EXT parent 30:3 handle 300: sfq perturb 10 >>> >>> # Filter that doesn’t work. All traffic ends up in flow 30:3 >>> $TC filter add dev $EXT parent 30: prio 1 u32 match ip dst >>> 208.100.39.00/24 flowid 20:1 >>> >>> # (That IP is my VoIP host that I want to which I want to prioritize >>> traffic.) >>> >>> >>> If I use the following: >>> >>> $TC filter add dev $EXT parent 30: prio 1 protocol ip handle 1 fw flowid >>> 30:1 >>> iptables -t mangle -A PREROUTING -d 208.100.39.00/24 -j MARK --set-mark >>> 0x1 >>> >>> Then traffic goes to flow 30:1 as I’d expect. >>> >>> I’ve got to be missing something pretty obvious, but I can’t figure out >>> what. Can anyone enlighten me? >>> >>> I’m also doing ingress shaping (using ifb) and that’s working fine using a >>> similar filter: >>> >>> $TC filter add dev ifb0 protocol ip parent 20: prio 1 u32 match ip src >>> 208.100.39.0/24 flowid 20:1 >>> >>> Incoming packets match the filter and get put into flowid 20:1. >>> >>> >>> Thanks! >>> -Joe Rhodes >>> > > -- > Mike SCHMIDT > CTO > Intello Technologies Inc. > mike.schmidt@xxxxxxxxxxx > Canada: 1-888-404-6261 x320 > USA: 1-888-404-6268 x320 > Mobile: 514-409-6898 > www.intello.com > -- > To unsubscribe from this list: send the line "unsubscribe lartc" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
