On Thu, 2010-12-23 at 13:30 +0100, GrÃgoire Leroy wrote: > > Try the following filters: > > > > tc filter add dev $INT parent 1:0 protocol ip prio 1 handle 1 fw flowid > > 1:10 tc filter add dev $INT parent 1:0 protocol ip prio 2 handle 55 fw > > flowid 1:20 > > > > > > and check your filters and classes with the following commands: > > > > # tc -s filter show dev eth0 > > # tc -s class show dev eth0 > > > > # tc -s filter show dev eth0 > filter parent 1: protocol ip pref 1 fw > filter parent 1: protocol ip pref 1 fw handle 0x1 classid 1:10 > filter parent 1: protocol ip pref 2 fw > filter parent 1: protocol ip pref 2 fw handle 0x37 classid 1:20 > > # tc -s class show dev eth0 > > class htb 1:1 root rate 100000Kbit ceil 100000Kbit burst 15337b cburst 1600b > Sent 908323001 bytes 680443 pkt (dropped 0, overlimits 0 requeues 0) > rate 2976bit 2pps backlog 0b 0p requeues 0 > lended: 38250 borrowed: 0 giants: 0 > tokens: 19047 ctokens: 1860 > > class htb 1:10 parent 1:1 prio 0 rate 63000bit ceil 1200Kbit burst 15Kb cburst > 1599b > Sent 2769846 bytes 41947 pkt (dropped 0, overlimits 0 requeues 0) > rate 8bit 0pps backlog 0b 0p requeues 0 > lended: 3697 borrowed: 38250 giants: 0 > tokens: -56194 ctokens: 144355 > > class htb 1:20 parent 1:1 prio 0 rate 63000bit ceil 63000bit burst 15Kb cburst > 1599b > Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) > rate 0bit 0pps backlog 0b 0p requeues 0 > lended: 0 borrowed: 0 giants: 0 > tokens: 30476187 ctokens: 3174593 > > class htb 1:30 parent 1:1 prio 0 rate 88000Kbit ceil 88000Kbit burst 15Kb > cburst 1584b > Sent 905553155 bytes 638496 pkt (dropped 0, overlimits 0 requeues 0) > rate 2968bit 2pps backlog 0b 0p requeues 0 > lended: 80486 borrowed: 0 giants: 0 > tokens: 21656 ctokens: 2109 > > > It seems there are packets which pass through the class 1:10. > However, I've dowloaded a 100Mo file, so it seems that most of packets pass > through the default class... > > The cause could be my design... > > I have a pc which downloads a file on a web server, through the proxy server. > They are all on the same network. The proxy server has only one network card > (eth0). > > They are linked by 100Mbit links. Squid mark packets from my pc and send them > to netfilter. > > Considering these informations, have I miss something in my tc configuration ? > Must I use iptables to mark incoming traffic from the web server ? I suspect that your packets are not being marked correctly. If some of the packets are going into the '10' class, but the majority are not, then for some reason the majority are not being captured. Please provide some more information on your setup (probably better to the thread on the Squid list), or maybe do some closer inspection of your packets MARK value using the LOG target. Andy -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html