And here's a bit more complex example for shaping upload with tc u32 hashing filters and IFB. As in download example, we want to share 100mbit connection. Internet access is connected to the router on eth0 and lan in on eth1. We do ingress shaping of upload traffic on ifb0 after ingress eth1 traffic is redirected to the device. ---------------------complete script------------------------------ tc qdisc add dev ifb0 root handle 1: htb default 1 tc class add dev ifb0 parent 1: classid 1:1 htb rate 100Mbit tc filter add dev ifb0 parent 1:1 prio 11 handle 2: protocol ip \ u32 divisor 256 tc filter add dev ifb0 protocol ip parent 1:1 prio 11 u32 match \ ip dst 0.0.0.0/0 hashkey mask 0x000000ff at 12 link 2: tc class add dev ifb0 parent 1:1 classid 1:400 htb rate 5mbit tc qdisc add dev ifb0 parent 1:400 handle 400: sfq perturb 1 tc filter add dev ifb0 protocol ip prio 11 u32 ht 2:46: match ip \ src 10.5.0.70 flowid 1:400 tc class add dev ifb0 parent 1:1 classid 1:401 htb rate 5mbit tc qdisc add dev ifb0 parent 1:401 handle 401: sfq perturb 1 tc filter add dev ifb0 protocol ip prio 11 u32 ht 2:a: match ip \ src 10.5.0.10 flowid 1:401 tc qdisc add dev eth1 ingress tc filter add dev eth1 protocol ip parent ffff: prio 4 u32 match \ ip dst 0.0.0.0/0 flowid :1 action mirred egress redirect dev ifb0 --------------------------------------------------------------------- Now lets go line by line. >tc qdisc add dev eth1 root handle 1: htb default 1 >tc class add dev eth1 parent 1: classid 1:1 htb rate 100Mbit >tc filter add dev eth1 parent 1:1 prio 11 handle 2: protocol ip \ >u32 divisor 256 analogous to download example >tc filter add dev eth1 protocol ip parent 1:1 prio 11 u32 match \ >ip dst 0.0.0.0/0 hashkey mask 0x000000ff at 12 link 2: "at 12" instead of 16, because we want to hash on source ip address >tc class add dev eth1 parent 1:1 classid 1:400 htb rate 5mbit >tc qdisc add dev eth1 parent 1:400 handle 400: sfq perturb 1 analogous to download example >tc filter add dev eth1 protocol ip prio 11 u32 ht 2:46: match ip \ >src 10.5.0.70 flowid 1:400 compared to download shaping, dst is changed to src >tc class add dev ifb0 parent 1:1 classid 1:401 htb rate 5mbit >tc qdisc add dev ifb0 parent 1:401 handle 401: sfq perturb 1 >tc filter add dev ifb0 protocol ip prio 11 u32 ht 2:a: match ip \ >src 10.5.0.10 flowid 1:401 analogous to previous client >tc qdisc add dev eth1 ingress add ingress qdisc to eth1 interface >tc filter add dev eth1 protocol ip parent ffff: prio 4 u32 match \ >ip dst 0.0.0.0/0 flowid :1 action mirred egress redirect dev ifb0 redirect any ip traffic from ingress qdisc on device eth1 to ifb0; note! redirection to ifb doesn't interfere with routing/firewalling/nat; Best regards, Marek Kierdelewicz -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
