From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andy Furniss Date: Fri, 25 Nov 2016 17:19:37 +0000 Subject: Re: How to classify a port range? Message-Id: <583872A9.9060501@gmail.com> List-Id: References: <2cc58282-00cf-0fb5-9583-3ebc86f7eedd@itlabs.bg> In-Reply-To: <2cc58282-00cf-0fb5-9583-3ebc86f7eedd@itlabs.bg> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org Yassen Damyanov wrote: > On 11/25/2016 1:29 AM, Andy Furniss wrote: >> I've never used ematch so don't know if this is correct or not, but - >> >> http://serverfault.com/questions/231880/how-to-match-port-range-using-u32-filter >> > > Thanks much, Andy. Would be great if this solves the problem, but it > doesn't seem to work, unfortunately: > > # tc qdisc add dev $DEV root handle 1:0 htb > # tc class add dev $DEV parent 1:0 classid 1:1 htb rate 2mbit > # tc filter add dev $DEV parent 1:0 protocol ip prio 1 basic match > "cmp(u16 at 0 layer transport gt 4000) and cmp(u16 at 0 layer transport > lt 6000)" flowid 1:1 > > After running an iperf client against another machine in the local net, > there's no shaping happening, and the 1:1 class is not visited: > > class htb 1:1 root prio 0 quantum 25000 rate 2000Kbit ceil 2000Kbit > linklayer ethernet burst 1600b/1 mpu 0b overhead 0b cburst 1600b/1 mpu > 0b overhead 0b level 0 > Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) > rate 0bit 0pps backlog 0b 0p requeues 0 > lended: 0 borrowed: 0 giants: 0 > tokens: 100000 ctokens: 100000 > > If I use a single port match: > # tc qdisc add dev $DEV root handle 1:0 htb > # tc class add dev $DEV parent 1:0 classid 1:1 htb rate 2mbit > # tc filter add dev $DEV parent 1:0 protocol ip prio 1 u32 match ip > dport 5001 0xffff flowid 1:1 dport would be u16 at 2 > > then the traffic is indeed limited to 1.9 Mbits/sec and the class stats > look different: > > class htb 1:1 root prio 0 quantum 25000 rate 2000Kbit ceil 2000Kbit > linklayer ethernet burst 1600b/1 mpu 0b overhead 0b cburst 1600b/1 mpu > 0b overhead 0b level 0 > Sent 1507824 bytes 1000 pkt (dropped 0, overlimits 0 requeues 0) > rate 0bit 0pps backlog 0b 0p requeues 0 > lended: 484 borrowed: 0 giants: 0 > tokens: -3139 ctokens: -3139 > > Does anyone know what might be wrong with that ematch use? > > -Y. > > > On 11/25/2016 1:29 AM, Andy Furniss wrote: >> Yassen Damyanov wrote: >>> Hello LARTC guys, >>> >>> I am working on an OSS Python wrapper library intended to help with >>> expressing a traffic control structure as a tree of Python objects. This >>> structure should later be able to represent itself as a series of tc >>> commands. (Your suggestions for getting this thing useful would be >>> invaluable.) >>> >>> I have questions, inevitably. Currently heaviest part seems to be the >>> issue of classifying a set of tcp or udp ports to get shaped under a >>> common rate limit. (I need to later simulate packet loss for flows on >>> these ports, but first things first.) >>> >>> Can you help me get on the right direction here? Using u32 seems >>> daunting for this particular case. Is there another way to do the match? >>> >>> I've read the relevant parts of the LARTC HowTo and couple more >>> documents but still cannot get it right. >>> >>> Any help would be much appreciated! >>> Thanks in advance, >>> Yassen D. >>> >> >> I've never used ematch so don't know if this is correct or not, but - >> >> http://serverfault.com/questions/231880/how-to-match-port-range-using-u32-filter >> > >