Re: Can't get tc to limit network traffic

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I don't know whether the iptable filter works in this circumstance, we
filter by ip address, more like this:

/sbin/tc filter add dev ifb0 parent 1:0 protocol ip prio 100 u32 match
ip src 172.20.0.0/20 classid 1:200

You need to use "tc -s filter show dev ifb0" to see if there is
traffic going through any of the rules, and you can then try to debug
that rule.
There have been several mentions about problems with iptables marks
not being seen by tc, except this depends on the kernel.

Oh, also note that ifb's ideas of what is source and destination are
the opposite of br0, so you might try both ways to begin. Once you see
traffic flowing in the filters, you can adjust your speed accordingly.

On Mon, Sep 15, 2014 at 1:09 AM, Teresa e Junior
<teresaejunior@xxxxxxxxx> wrote:
> On Mon, 15 Sep 2014 00:18:43 -0400, Mike Schmidt wrote:
>>
>> Basically, you cannot control inbound traffic with tc, except through
>> policing, which is what the wondershaper rule does. Policing does not
>> shape traffic, it simply drops the excess, which is why it is so
>> unreliable.  That is why the throttling works when only you set the
>> src to 192.168.0.5. The solution is to use an intermediate device,
>> like ifb, or imq, depending on the distribution you are running.  A
>> typical example is here:
>> http://www.linuxfoundation.org/collaborate/workgroups/networking/ifb
>
>
> Thank you so much for your answer, Mike!
>
> I had a look at the link you gave to me, and after wrestling against
> some errors, I came up with this:
>
> #!/bin/sh
>
> tc qdisc del dev ifb0  root
> tc qdisc del dev wlan0 ingress
>
> modprobe ifb
>
> tc qdisc  add dev ifb0 root handle 1: prio
> tc qdisc  add dev ifb0 parent 1:1 handle 10: sfq
> tc qdisc  add dev ifb0 parent 1:2 handle 20: tbf rate 20kbit \
>   buffer 1600 limit 3000
> tc qdisc  add dev ifb0 parent 1:3 handle 30: sfq
> tc filter add dev ifb0 protocol ip pref 1 parent 1: handle 1 fw classid 1:1
> tc filter add dev ifb0 protocol ip pref 2 parent 1: handle 2 fw classid 1:2
>
> ifconfig ifb0 up
>
> tc qdisc  add dev wlan0 ingress
> tc filter add dev wlan0 parent ffff: protocol ip prio 10 u32 \
>   match u32 0 0 flowid 1:1       \
>   action xt -j MARK --set-mark 1 \
>   action mirred egress redirect dev ifb0
>
> I'm using xt instead of ipt because ipt gives me the error "bad action
> type ipt" and, as mentioned in Debian bug #710450, ipt is just a symlink
> to xt:
> $ readlink /usr/lib/tc/m_ipt.so
> m_xt.so
>
> The problem with this approach is that it doesn't work, actually, but
> probably because I'm doing something wrong. I suppose download and
> upload would have to be limited to 20kbit, right? When I run the above
> script, the speeds are not limited at all. I get only:
>
> tablename: mangle hook: NF_IP_PRE_ROUTING
>         target:  MARK set 0x1 index 0



-- 
Mike SCHMIDT
CTO
Intello Technologies Inc.
mike.schmidt@xxxxxxxxxxx
Canada: 1-888-404-6261 x320
USA: 1-888-404-6268 x320
Mobile: 514-409-6898
www.intello.com
--
To unsubscribe from this list: send the line "unsubscribe lartc" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux