I've some problems using the u32 classifier in a CBQ tree,
i.e I'm able to filter with some rules like 'match ip dst ', 'match ip
dport' but I can't filter with rules like 'match tcp dst', or 'match
u8 0x10 0xff at nexthdr+2' in order to point directly to the tcp
destination port in the TCP fragment . It can be a problem I think
in case of IP packets with options.
I tried also the fw classifier with ipchains rules to do the same
thing and it seems to work when I mix with u32 rules,but only for CBQ leaves,
i.e in the following example I commented what does not work.
If anyone has experience in setting CBQ and classifiers rules, any
help is welcome.
#some cleanup
tc qdisc del root dev eth0
ipchains -F output
#qdisc root CBQ
tc qdisc add dev eth0 root handle 1: cbq bandwidth 10Mbit cell 8 avpkt
1500 mpu 64
tc class add dev eth0 parent 1:0 classid 1:1 cbq bandwidth 10Mbit rate
10Mbit allot 1514 cell 8 weight 1Mbit prio 8 maxburst 5 avpkt 1500 bounded
isolated
#256K w012
tc class add dev eth0 parent 1:1 classid 1:10 cbq bandwidth 10Mbit
rate 256Kbit allot 1514 cell 8 weight 26Kbit prio 5 maxburst 5 avpkt 1500
bounded isolated
#128K w013
tc class add dev eth0 parent 1:1 classid 1:20 cbq bandwidth 10Mbit
rate 128Kbit allot 1514 cell 8 weight 13Kbit prio 5 maxburst 5 avpkt 1500
bounded isolated
#qdisc w012 CBQ
tc qdisc add dev eth0 parent 1:10 handle 2: cbq bandwidth 256Kbit cell
8 avpkt 1500 mpu 64
#qdisc w013 CBQ
tc qdisc add dev eth0 parent 1:20 handle 3: cbq bandwidth 128Kbit cell
8 avpkt 1500 mpu 64
#256K w012
tc class add dev eth0 parent 2:0 classid 2:1 cbq bandwidth 256Kbit
rate 256Kbit allot 1514 cell 8 weight 26Kbit prio 2 maxburst 5 avpkt 1500
bounded isolated
#56K w012:6010
tc class add dev eth0 parent 2:1 classid 2:10 cbq bandwidth 256Kbit
rate 56Kbit allot 1514 cell 8 weight 6Kbit prio 5 maxburst 5 avpkt
1500 bounded isolated
#200K w012:6011
tc class add dev eth0 parent 2:1 classid 2:20 cbq bandwidth 256Kbit
rate 200Kbit allot 1514 cell 8 weight 20Kbit prio 5 maxburst 5 avpkt 1500
bounded isolated
#128K w013
tc class add dev eth0 parent 3:0 classid 3:1 cbq bandwidth 128Kbit
rate 128Kbit allot 1514 cell 8 weight 13Kbit prio 5 maxburst 5 avpkt 1500
bounded
#28K w013:6010
tc class add dev eth0 parent 3:1 classid 3:10 cbq bandwidth 128Kbit
rate 28Kbit allot 1514 cell 8 weight 3Kbit prio 5 maxburst 5 avpkt 1500
#100K w013:6011
tc class add dev eth0 parent 3:1 classid 3:20 cbq bandwidth 128Kbit
rate 100Kbit allot 1514 cell 8 weight 10Kbit prio 5 maxburst 5 avpkt 1500
tc filter add dev eth0 parent 1:0 protocol ip prio 100 u32 match ip
dst 192.0.0.151/32 flowid 1:10
tc filter add dev eth0 parent 1:0 protocol ip prio 100 u32 match ip
dst 192.0.0.152/32 flowid 1:20
#ipchains -A output -i eth0 -d 192.0.0.151/32 -m 10
#ipchains -A output -i eth0 -d 192.0.0.152/32 -m 11
ipchains -A output -p tcp -i eth0 -d 192.0.0.151/32 6010 -m 3
ipchains -A output -p tcp -i eth0 -d 192.0.0.151/32 6011 -m 4
ipchains -A output -p tcp -i eth0 -d 192.0.0.152/32 6010 -m 5
ipchains -A output -p tcp -i eth0 -d 192.0.0.152/32 6011 -m 6
#tc filter add dev eth0 protocol ip parent 1:1 prio 100 handle
10 fw classid 1:10
#tc filter add dev eth0 protocol ip parent 1:1 prio 100 handle
11 fw classid 1:20
tc filter add dev eth0 protocol ip parent 2:0 prio 1 handle 3 fw classid
2:10
tc filter add dev eth0 protocol ip parent 2:0 prio 1 handle 4 fw classid
2:20
tc filter add dev eth0 protocol ip parent 3:0 prio 1 handle 5 fw classid
3:10
tc filter add dev eth0 protocol ip parent 3:0 prio 1 handle 6 fw classid
3:20
-- Vincent EGAL Email : egal@ipanematech.com ipanema Technologies Tel: 33 (0)1 55 52 15 00
