After many hours of struggling, I've managed to get tc working on "standard" interfaces relatively well, but I just can't seem to get a syntax that works for vlan interfaces.
My end-goal is to selectively rate-limit the VLAN for certain traffic (e.g. HTTP/HTTPS), and as far as I can tell tc+iptables seems to be the recommended route ?
(If it makes any difference this is SuSE LEAP15, 4.12.14-lp150.12.16-default #1 SMP Tue Aug 14 17:51:27 UTC 2018 (28574e6) x86_64 x86_64 x86_64 GNU/Linux)
My current attempt looks something like this:
#!/bin/bash
tc qdisc add dev vlanXX root handle 1:0 htb default 10
tc class add dev vlanXX parent 1:0 classid 1:10 htb rate 1000mbit ceil 1000mbit prio 0
tc class add dev vlanXX parent 1:0 classid 1:20 htb rate 15mbit ceil 16mbit prio 0
iptables -A OUTPUT -t mangle -p tcp --dport 80 -j MARK --set-mark 20
iptables -A OUTPUT -t mangle -p tcp --dport 443 -j MARK --set-mark 20
tc filter add dev vlanXX parent 1:0 prio 0 protocol ip handle 20 fw flowid 1:20
But this gives a "What is "handle"?" message.
I found an alternative syntax that does install:
tc filter add dev em1 parent 1:0 prio 0 protocol ip handle 20 basic match "meta(vlan mask 0xfff eq 0xB2)" flowid 1:20
But that doesn't provide the fw functionality (so
that I can use iptables to set which ports the rate limit applies to
instead of rate limiting the entire interface)
For example :
sudo tc filter add dev em1 parent 1:0 prio 0 protocol ip handle 20 fw basic match "meta(vlan mask 0xfff eq 0xB2)" flowid 1:20
Yields "What is "basic"?"
Hopefully there are one or two tc gurus on this list who can help me out here ?
