All of lore.kernel.org
 help / color / mirror / Atom feed
* [LARTC] Luser seeks tc syntax clue
@ 2003-08-05 19:05 Richard Lamont
  2003-08-05 22:09 ` Steffen Moser
  2003-08-05 22:54 ` Richard Lamont
  0 siblings, 2 replies; 3+ messages in thread
From: Richard Lamont @ 2003-08-05 19:05 UTC (permalink / raw)
  To: lartc

I'm trying to set a box up that rate limits everything sent to the 
outside world, but not limit stuff to my own LAN, using tbf.

I don't really understand what I'm doing, and I could do with some
help to make this script work.

(Please don't bother referring me to the usual documentation. I've read
it. And please don't tell me that I want to do something completely
different. I don't!)

-----------------------------------8<----------------------------------
#!/bin/bash

DEV=eth0
LAN\x192.168.1.0/24
RATE 0kbit
LIMIT\x10000
BURST"000

# Clear out old settings
tc qdisc del dev $DEV root
tc qdisc del dev $DEV ingress

# Start loading new stuff
tc qdisc add dev $DEV root handle 1: prio

# Stuff addressed to LAN goes straight through
tc qdisc add dev $DEV parent 1:1 handle 10: prio

# Stuff addressed to big wide world gets shaped
tc qdisc add dev $DEV parent 1:2 handle 20: tbf limit $LIMIT burst $BURST rate $RATE

# Filter on LAN destination address
tc filter add dev $DEV parent 10: protocol ip u32 match ip src $LAN flowid 1:1

# Default filter for everything else
tc filter add dev $DEV parent 20: protocol ip flowid 1:2
-----------------------------------8<----------------------------------

When I run this script, it says:

RTNETLINK answers: No such file or directory
Unknown filter "flowid", hence option "1:2" is unparsable

Any help gratefully received. TIA.


-- 

Richard Lamont

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [LARTC] Luser seeks tc syntax clue
  2003-08-05 19:05 [LARTC] Luser seeks tc syntax clue Richard Lamont
@ 2003-08-05 22:09 ` Steffen Moser
  2003-08-05 22:54 ` Richard Lamont
  1 sibling, 0 replies; 3+ messages in thread
From: Steffen Moser @ 2003-08-05 22:09 UTC (permalink / raw)
  To: lartc

Hi!

* On Tue, Aug 05, 2003 at 08:05 PM (+0100), Richard Lamont wrote:

> I'm trying to set a box up that rate limits everything sent to the
> outside world, but not limit stuff to my own LAN, using tbf.

> I don't really understand what I'm doing, and I could do with some
> help to make this script work.

I am not an expert within "tc", so some other user most probably will
correct me...

> -----------------------------------8<----------------------------------
> #!/bin/bash
> 
> DEV=eth0
> LAN\x192.168.1.0/24
> RATE 0kbit
> LIMIT\x10000
> BURST"000
> 
> # Clear out old settings
> tc qdisc del dev $DEV root
> tc qdisc del dev $DEV ingress
> 
> # Start loading new stuff
> tc qdisc add dev $DEV root handle 1: prio

This creates the root qdisc (prio). It also creates implicitly three 
classes (1:1, 1:2 and 1:3) within this qdisc.

> # Stuff addressed to LAN goes straight through
> tc qdisc add dev $DEV parent 1:1 handle 10: prio

I think a simple classless qdisc would be enough here (e.g. "pfifo" or
"sfq"), I don't know why you need another classful qdisc.

> # Stuff addressed to big wide world gets shaped
> tc qdisc add dev $DEV parent 1:2 handle 20: tbf limit $LIMIT burst $BURST rate $RATE

Now, two (1:1 and 1:2) of the three implicitly created classes are filled 
with classless qdiscs.

> # Filter on LAN destination address
> tc filter add dev $DEV parent 10: protocol ip u32 match ip src $LAN flowid 1:1

The filter rule must be assigned as a child of the outer qdisc (1:).

Further, you should use "dst" instead of "src" as you want to filter
using the destination address given within the IP header.

I think, something like:

  tc filter add dev $DEV parent 1: protocol ip prio 10 u32 match ip dst $LAN flowid 1:1

should do it.

> # Default filter for everything else
> tc filter add dev $DEV parent 20: protocol ip flowid 1:2

Here, the same thing: the filter should be a child of "1:" and the
classifier (e.g. "u32") is not specified.

To match all kind of traffic I would suggest to set up something like 
this:

  tc filter add dev $DEV parent 1: protocol ip prio 15 u32 match ip dst 0.0.0.0/0 flowid 1:2

Using the priorities, the first filter rule (prio 10) is used at first,
so traffic which is going to $LAN will be put into class 1:1. If the
traffic was not put into class 1:1 (because it is not going to $LAN),
the second filter rule (prio 15) will be applied, and the traffic will 
be put into class 1:2, which contains the classless TBF (which uses 
the bandwidth limits).

> When I run this script, it says:
> 
> RTNETLINK answers: No such file or directory
> Unknown filter "flowid", hence option "1:2" is unparsable

The error message is probably produced because you didn't give a known
filter, like "u32", "fw", "tcindex", and so on.

> Any help gratefully received. TIA.

I hope that I could help you a little bit. As I stated above, I am quite
new to the traffic control matter.

Best Regards,
Steffen
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [LARTC] Luser seeks tc syntax clue
  2003-08-05 19:05 [LARTC] Luser seeks tc syntax clue Richard Lamont
  2003-08-05 22:09 ` Steffen Moser
@ 2003-08-05 22:54 ` Richard Lamont
  1 sibling, 0 replies; 3+ messages in thread
From: Richard Lamont @ 2003-08-05 22:54 UTC (permalink / raw)
  To: lartc

On Tuesday 05 August 2003 23:09, Steffen Moser wrote:

> I am not an expert within "tc", so some other user most probably will
> correct me...

Well, it works! That's expert enough for me.

Many, many thanks.

In case anyone else wants the corrected script, or wants to
suggest improvements, here it is:

-------------------------------8<------------------------------
#!/bin/bash
#
# Traffic shaping script

DEV=eth0
LAN\x192.168.1.0/24
RATE"0kbit
LIMIT\x10000
BURST"000

# Clear out old settings
tc qdisc del dev $DEV root
tc qdisc del dev $DEV ingress

# Create root qdisc
tc qdisc add dev $DEV root handle 1: prio

# Stuff addressed to LAN goes straight through
tc qdisc add dev $DEV parent 1:1 handle 10: pfifo

# Stuff addressed to big wide world gets shaped
tc qdisc add dev $DEV parent 1:2 handle 20: tbf limit $LIMIT burst $BURST rate $RATE

# Filter on LAN destination address
tc filter add dev $DEV parent 1: protocol ip prio 10 u32 match ip dst $LAN flowid 1:1

# Default filter for everything else
tc filter add dev $DEV parent 1: protocol ip prio 15 u32 match ip dst 0.0.0.0/0 flowid 1:2

-------------------------------8<------------------------------



-- 

Richard Lamont

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2003-08-05 22:54 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2003-08-05 19:05 [LARTC] Luser seeks tc syntax clue Richard Lamont
2003-08-05 22:09 ` Steffen Moser
2003-08-05 22:54 ` Richard Lamont

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.