All of lore.kernel.org
 help / color / mirror / Atom feed
* tc filter show not displaying anything
@ 2011-12-16  4:48 John A. Sullivan III
  2011-12-16  5:00 ` John Fastabend
  2011-12-16  5:17 ` Eric Dumazet
  0 siblings, 2 replies; 7+ messages in thread
From: John A. Sullivan III @ 2011-12-16  4:48 UTC (permalink / raw)
  To: netdev

Hello, all.  I'm starting to feel really stupid and showing my newbidity
to tc.  I do a:
tc filter show dev eth1
and nothing is displayed but I suspect the filter is there because if I
try to add it again, the kernel complains with:
RTNETLINK answers: File exists
We have an error talking to the kernel

Here is what I have put together so far (disregard the silly ports - it
is just for netcat testing):

tc qdisc add dev eth1 root handle 1: hfsc default 20
tc class add dev eth1 parent 1: classid 1:1 hfsc sc rate 1490kbit ul rate 1490kbit
tc class add dev eth1 parent 1:1 classid 1:20 hfsc rt rate 800kbit ls rate 200kbit
tc qdisc add dev eth1 parent 1:20 handle 1201 sfq perturb 10
tc class add dev eth1 parent 1:1 classid 1:10 hfsc rt umax 16000kbit dmax 13ms rate 400kbit ls rate 1000kbit
tc qdisc add dev eth1 parent 1:10 handle 1101 sfq perturb 10
iptables -t mangle -A POSTROUTING  -p 6 --syn --dport 443 -j CONNMARK --set-mark 0x10
iptables -t mangle -A POSTROUTING  -p 6 -j CONNMARK --restore-mark

I then did:

root@testswitch01:~# tc filter add dev eth1 parent 1:1 protocol ip prio 1 handle 0x10 fw flowid 1:10
root@testswitch01:~# tc filter show dev eth1
root@testswitch01:~# tc filter show parent 1:1

What simple, practical thing did I mangle? Thanks - John

^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: tc filter show not displaying anything
  2011-12-16  4:48 tc filter show not displaying anything John A. Sullivan III
@ 2011-12-16  5:00 ` John Fastabend
  2011-12-16  5:33   ` John A. Sullivan III
  2011-12-16  5:17 ` Eric Dumazet
  1 sibling, 1 reply; 7+ messages in thread
From: John Fastabend @ 2011-12-16  5:00 UTC (permalink / raw)
  To: John A. Sullivan III; +Cc: netdev

On 12/15/2011 8:48 PM, John A. Sullivan III wrote:
> Hello, all.  I'm starting to feel really stupid and showing my newbidity
> to tc.  I do a:
> tc filter show dev eth1
> and nothing is displayed but I suspect the filter is there because if I
> try to add it again, the kernel complains with:
> RTNETLINK answers: File exists
> We have an error talking to the kernel
> 
> Here is what I have put together so far (disregard the silly ports - it
> is just for netcat testing):
> 
> tc qdisc add dev eth1 root handle 1: hfsc default 20
> tc class add dev eth1 parent 1: classid 1:1 hfsc sc rate 1490kbit ul rate 1490kbit
> tc class add dev eth1 parent 1:1 classid 1:20 hfsc rt rate 800kbit ls rate 200kbit
> tc qdisc add dev eth1 parent 1:20 handle 1201 sfq perturb 10
> tc class add dev eth1 parent 1:1 classid 1:10 hfsc rt umax 16000kbit dmax 13ms rate 400kbit ls rate 1000kbit
> tc qdisc add dev eth1 parent 1:10 handle 1101 sfq perturb 10
> iptables -t mangle -A POSTROUTING  -p 6 --syn --dport 443 -j CONNMARK --set-mark 0x10
> iptables -t mangle -A POSTROUTING  -p 6 -j CONNMARK --restore-mark
> 
> I then did:
> 
> root@testswitch01:~# tc filter add dev eth1 parent 1:1 protocol ip prio 1 handle 0x10 fw flowid 1:10
> root@testswitch01:~# tc filter show dev eth1
> root@testswitch01:~# tc filter show parent 1:1
> 
> What simple, practical thing did I mangle? Thanks - John
> 

#tc filter show dev eth1 parent 1:1

works here.

^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: tc filter show not displaying anything
  2011-12-16  4:48 tc filter show not displaying anything John A. Sullivan III
  2011-12-16  5:00 ` John Fastabend
@ 2011-12-16  5:17 ` Eric Dumazet
  2011-12-16  5:39   ` John A. Sullivan III
  1 sibling, 1 reply; 7+ messages in thread
From: Eric Dumazet @ 2011-12-16  5:17 UTC (permalink / raw)
  To: John A. Sullivan III; +Cc: netdev

Le jeudi 15 décembre 2011 à 23:48 -0500, John A. Sullivan III a écrit :
> Hello, all.  I'm starting to feel really stupid and showing my newbidity
> to tc.  I do a:
> tc filter show dev eth1
> and nothing is displayed but I suspect the filter is there because if I
> try to add it again, the kernel complains with:
> RTNETLINK answers: File exists
> We have an error talking to the kernel
> 
> Here is what I have put together so far (disregard the silly ports - it
> is just for netcat testing):
> 
> tc qdisc add dev eth1 root handle 1: hfsc default 20
> tc class add dev eth1 parent 1: classid 1:1 hfsc sc rate 1490kbit ul rate 1490kbit
> tc class add dev eth1 parent 1:1 classid 1:20 hfsc rt rate 800kbit ls rate 200kbit
> tc qdisc add dev eth1 parent 1:20 handle 1201 sfq perturb 10
> tc class add dev eth1 parent 1:1 classid 1:10 hfsc rt umax 16000kbit dmax 13ms rate 400kbit ls rate 1000kbit
> tc qdisc add dev eth1 parent 1:10 handle 1101 sfq perturb 10
> iptables -t mangle -A POSTROUTING  -p 6 --syn --dport 443 -j CONNMARK --set-mark 0x10
> iptables -t mangle -A POSTROUTING  -p 6 -j CONNMARK --restore-mark
> 
> I then did:
> 
> root@testswitch01:~# tc filter add dev eth1 parent 1:1 protocol ip prio 1 handle 0x10 fw flowid 1:10
> root@testswitch01:~# tc filter show dev eth1
> root@testswitch01:~# tc filter show parent 1:1
> 
> What simple, practical thing did I mangle? Thanks - John

Minor point (since John already replied) :  "sfq perturb 10" means you
risk out or order packets perturbation every 10 seconds. This can really
hurt TCP sessions.

Maybe we should "fix" this problem for good in SFQ.

^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: tc filter show not displaying anything
  2011-12-16  5:00 ` John Fastabend
@ 2011-12-16  5:33   ` John A. Sullivan III
  0 siblings, 0 replies; 7+ messages in thread
From: John A. Sullivan III @ 2011-12-16  5:33 UTC (permalink / raw)
  To: John Fastabend; +Cc: netdev

On Thu, 2011-12-15 at 21:00 -0800, John Fastabend wrote:
> On 12/15/2011 8:48 PM, John A. Sullivan III wrote:
> > Hello, all.  I'm starting to feel really stupid and showing my newbidity
> > to tc.  I do a:
> > tc filter show dev eth1
> > and nothing is displayed but I suspect the filter is there because if I
> > try to add it again, the kernel complains with:
> > RTNETLINK answers: File exists
> > We have an error talking to the kernel
> > 
> > Here is what I have put together so far (disregard the silly ports - it
> > is just for netcat testing):
> > 
> > tc qdisc add dev eth1 root handle 1: hfsc default 20
> > tc class add dev eth1 parent 1: classid 1:1 hfsc sc rate 1490kbit ul rate 1490kbit
> > tc class add dev eth1 parent 1:1 classid 1:20 hfsc rt rate 800kbit ls rate 200kbit
> > tc qdisc add dev eth1 parent 1:20 handle 1201 sfq perturb 10
> > tc class add dev eth1 parent 1:1 classid 1:10 hfsc rt umax 16000kbit dmax 13ms rate 400kbit ls rate 1000kbit
> > tc qdisc add dev eth1 parent 1:10 handle 1101 sfq perturb 10
> > iptables -t mangle -A POSTROUTING  -p 6 --syn --dport 443 -j CONNMARK --set-mark 0x10
> > iptables -t mangle -A POSTROUTING  -p 6 -j CONNMARK --restore-mark
> > 
> > I then did:
> > 
> > root@testswitch01:~# tc filter add dev eth1 parent 1:1 protocol ip prio 1 handle 0x10 fw flowid 1:10
> > root@testswitch01:~# tc filter show dev eth1
> > root@testswitch01:~# tc filter show parent 1:1
> > 
> > What simple, practical thing did I mangle? Thanks - John
> > 
> 
> #tc filter show dev eth1 parent 1:1
> 
> works here.
Argh!! Thanks - worked just fine - John

^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: tc filter show not displaying anything
  2011-12-16  5:17 ` Eric Dumazet
@ 2011-12-16  5:39   ` John A. Sullivan III
  2011-12-16  5:42     ` Eric Dumazet
  0 siblings, 1 reply; 7+ messages in thread
From: John A. Sullivan III @ 2011-12-16  5:39 UTC (permalink / raw)
  To: Eric Dumazet; +Cc: netdev

On Fri, 2011-12-16 at 06:17 +0100, Eric Dumazet wrote:
> Le jeudi 15 décembre 2011 à 23:48 -0500, John A. Sullivan III a écrit :
> > Hello, all.  I'm starting to feel really stupid and showing my newbidity
> > to tc.  I do a:
> > tc filter show dev eth1
> > and nothing is displayed but I suspect the filter is there because if I
> > try to add it again, the kernel complains with:
> > RTNETLINK answers: File exists
> > We have an error talking to the kernel
> > 
> > Here is what I have put together so far (disregard the silly ports - it
> > is just for netcat testing):
> > 
> > tc qdisc add dev eth1 root handle 1: hfsc default 20
> > tc class add dev eth1 parent 1: classid 1:1 hfsc sc rate 1490kbit ul rate 1490kbit
> > tc class add dev eth1 parent 1:1 classid 1:20 hfsc rt rate 800kbit ls rate 200kbit
> > tc qdisc add dev eth1 parent 1:20 handle 1201 sfq perturb 10
> > tc class add dev eth1 parent 1:1 classid 1:10 hfsc rt umax 16000kbit dmax 13ms rate 400kbit ls rate 1000kbit
> > tc qdisc add dev eth1 parent 1:10 handle 1101 sfq perturb 10
> > iptables -t mangle -A POSTROUTING  -p 6 --syn --dport 443 -j CONNMARK --set-mark 0x10
> > iptables -t mangle -A POSTROUTING  -p 6 -j CONNMARK --restore-mark
> > 
> > I then did:
> > 
> > root@testswitch01:~# tc filter add dev eth1 parent 1:1 protocol ip prio 1 handle 0x10 fw flowid 1:10
> > root@testswitch01:~# tc filter show dev eth1
> > root@testswitch01:~# tc filter show parent 1:1
> > 
> > What simple, practical thing did I mangle? Thanks - John
> 
> Minor point (since John already replied) :  "sfq perturb 10" means you
> risk out or order packets perturbation every 10 seconds. This can really
> hurt TCP sessions.
> 
> Maybe we should "fix" this problem for good in SFQ.
> 
> 
> 
Ouch! That was right out of the book so to speak.  Thanks for pointing
it out - now I see it is right in the man page.  Is best practice to not
perturb and live with the potentially unbalanced queues or just to set
it even higher? Thanks - John

^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: tc filter show not displaying anything
  2011-12-16  5:39   ` John A. Sullivan III
@ 2011-12-16  5:42     ` Eric Dumazet
  2011-12-16 19:06       ` John A. Sullivan III
  0 siblings, 1 reply; 7+ messages in thread
From: Eric Dumazet @ 2011-12-16  5:42 UTC (permalink / raw)
  To: John A. Sullivan III; +Cc: netdev

Le vendredi 16 décembre 2011 à 00:39 -0500, John A. Sullivan III a
écrit :

> Ouch! That was right out of the book so to speak.  Thanks for pointing
> it out - now I see it is right in the man page.  Is best practice to not
> perturb and live with the potentially unbalanced queues or just to set
> it even higher? Thanks - John
> 

I'll fix this today, because rehashing up to 128 packets is not that
expensive.

In the meantime, just use a higher timer (say 60 seconds), and if your
kernel is recent enough, use a higher 'divisor' value (default 1024, can
be up to 65536) to lower risk of hash collisions.

^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: tc filter show not displaying anything
  2011-12-16  5:42     ` Eric Dumazet
@ 2011-12-16 19:06       ` John A. Sullivan III
  0 siblings, 0 replies; 7+ messages in thread
From: John A. Sullivan III @ 2011-12-16 19:06 UTC (permalink / raw)
  To: Eric Dumazet; +Cc: netdev

On Fri, 2011-12-16 at 06:42 +0100, Eric Dumazet wrote:
> Le vendredi 16 décembre 2011 à 00:39 -0500, John A. Sullivan III a
> écrit :
> 
> > Ouch! That was right out of the book so to speak.  Thanks for pointing
> > it out - now I see it is right in the man page.  Is best practice to not
> > perturb and live with the potentially unbalanced queues or just to set
> > it even higher? Thanks - John
> > 
> 
> I'll fix this today, because rehashing up to 128 packets is not that
> expensive.
> 
> In the meantime, just use a higher timer (say 60 seconds), and if your
> kernel is recent enough, use a higher 'divisor' value (default 1024, can
> be up to 65536) to lower risk of hash collisions.
<snip>
Thanks.  Alas, no divisor parameter in Debian Squeeze:
sfq [ limit NUMBER ] [ perturb SECS ] [ quantum BYTES ]

^ permalink raw reply	[flat|nested] 7+ messages in thread
end of thread, other threads:[~2011-12-16 19:06 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-12-16  4:48 tc filter show not displaying anything John A. Sullivan III
2011-12-16  5:00 ` John Fastabend
2011-12-16  5:33   ` John A. Sullivan III
2011-12-16  5:17 ` Eric Dumazet
2011-12-16  5:39   ` John A. Sullivan III
2011-12-16  5:42     ` Eric Dumazet
2011-12-16 19:06       ` John A. Sullivan III

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.