* [LARTC] Luser seeks tc syntax clue
@ 2003-08-05 19:05 Richard Lamont
2003-08-05 22:09 ` Steffen Moser
2003-08-05 22:54 ` Richard Lamont
0 siblings, 2 replies; 3+ messages in thread
From: Richard Lamont @ 2003-08-05 19:05 UTC (permalink / raw)
To: lartc
I'm trying to set a box up that rate limits everything sent to the
outside world, but not limit stuff to my own LAN, using tbf.
I don't really understand what I'm doing, and I could do with some
help to make this script work.
(Please don't bother referring me to the usual documentation. I've read
it. And please don't tell me that I want to do something completely
different. I don't!)
-----------------------------------8<----------------------------------
#!/bin/bash
DEV=eth0
LAN\x192.168.1.0/24
RATE 0kbit
LIMIT\x10000
BURST"000
# Clear out old settings
tc qdisc del dev $DEV root
tc qdisc del dev $DEV ingress
# Start loading new stuff
tc qdisc add dev $DEV root handle 1: prio
# Stuff addressed to LAN goes straight through
tc qdisc add dev $DEV parent 1:1 handle 10: prio
# Stuff addressed to big wide world gets shaped
tc qdisc add dev $DEV parent 1:2 handle 20: tbf limit $LIMIT burst $BURST rate $RATE
# Filter on LAN destination address
tc filter add dev $DEV parent 10: protocol ip u32 match ip src $LAN flowid 1:1
# Default filter for everything else
tc filter add dev $DEV parent 20: protocol ip flowid 1:2
-----------------------------------8<----------------------------------
When I run this script, it says:
RTNETLINK answers: No such file or directory
Unknown filter "flowid", hence option "1:2" is unparsable
Any help gratefully received. TIA.
--
Richard Lamont
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [LARTC] Luser seeks tc syntax clue
2003-08-05 19:05 [LARTC] Luser seeks tc syntax clue Richard Lamont
@ 2003-08-05 22:09 ` Steffen Moser
2003-08-05 22:54 ` Richard Lamont
1 sibling, 0 replies; 3+ messages in thread
From: Steffen Moser @ 2003-08-05 22:09 UTC (permalink / raw)
To: lartc
Hi!
* On Tue, Aug 05, 2003 at 08:05 PM (+0100), Richard Lamont wrote:
> I'm trying to set a box up that rate limits everything sent to the
> outside world, but not limit stuff to my own LAN, using tbf.
> I don't really understand what I'm doing, and I could do with some
> help to make this script work.
I am not an expert within "tc", so some other user most probably will
correct me...
> -----------------------------------8<----------------------------------
> #!/bin/bash
>
> DEV=eth0
> LAN\x192.168.1.0/24
> RATE 0kbit
> LIMIT\x10000
> BURST"000
>
> # Clear out old settings
> tc qdisc del dev $DEV root
> tc qdisc del dev $DEV ingress
>
> # Start loading new stuff
> tc qdisc add dev $DEV root handle 1: prio
This creates the root qdisc (prio). It also creates implicitly three
classes (1:1, 1:2 and 1:3) within this qdisc.
> # Stuff addressed to LAN goes straight through
> tc qdisc add dev $DEV parent 1:1 handle 10: prio
I think a simple classless qdisc would be enough here (e.g. "pfifo" or
"sfq"), I don't know why you need another classful qdisc.
> # Stuff addressed to big wide world gets shaped
> tc qdisc add dev $DEV parent 1:2 handle 20: tbf limit $LIMIT burst $BURST rate $RATE
Now, two (1:1 and 1:2) of the three implicitly created classes are filled
with classless qdiscs.
> # Filter on LAN destination address
> tc filter add dev $DEV parent 10: protocol ip u32 match ip src $LAN flowid 1:1
The filter rule must be assigned as a child of the outer qdisc (1:).
Further, you should use "dst" instead of "src" as you want to filter
using the destination address given within the IP header.
I think, something like:
tc filter add dev $DEV parent 1: protocol ip prio 10 u32 match ip dst $LAN flowid 1:1
should do it.
> # Default filter for everything else
> tc filter add dev $DEV parent 20: protocol ip flowid 1:2
Here, the same thing: the filter should be a child of "1:" and the
classifier (e.g. "u32") is not specified.
To match all kind of traffic I would suggest to set up something like
this:
tc filter add dev $DEV parent 1: protocol ip prio 15 u32 match ip dst 0.0.0.0/0 flowid 1:2
Using the priorities, the first filter rule (prio 10) is used at first,
so traffic which is going to $LAN will be put into class 1:1. If the
traffic was not put into class 1:1 (because it is not going to $LAN),
the second filter rule (prio 15) will be applied, and the traffic will
be put into class 1:2, which contains the classless TBF (which uses
the bandwidth limits).
> When I run this script, it says:
>
> RTNETLINK answers: No such file or directory
> Unknown filter "flowid", hence option "1:2" is unparsable
The error message is probably produced because you didn't give a known
filter, like "u32", "fw", "tcindex", and so on.
> Any help gratefully received. TIA.
I hope that I could help you a little bit. As I stated above, I am quite
new to the traffic control matter.
Best Regards,
Steffen
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [LARTC] Luser seeks tc syntax clue
2003-08-05 19:05 [LARTC] Luser seeks tc syntax clue Richard Lamont
2003-08-05 22:09 ` Steffen Moser
@ 2003-08-05 22:54 ` Richard Lamont
1 sibling, 0 replies; 3+ messages in thread
From: Richard Lamont @ 2003-08-05 22:54 UTC (permalink / raw)
To: lartc
On Tuesday 05 August 2003 23:09, Steffen Moser wrote:
> I am not an expert within "tc", so some other user most probably will
> correct me...
Well, it works! That's expert enough for me.
Many, many thanks.
In case anyone else wants the corrected script, or wants to
suggest improvements, here it is:
-------------------------------8<------------------------------
#!/bin/bash
#
# Traffic shaping script
DEV=eth0
LAN\x192.168.1.0/24
RATE"0kbit
LIMIT\x10000
BURST"000
# Clear out old settings
tc qdisc del dev $DEV root
tc qdisc del dev $DEV ingress
# Create root qdisc
tc qdisc add dev $DEV root handle 1: prio
# Stuff addressed to LAN goes straight through
tc qdisc add dev $DEV parent 1:1 handle 10: pfifo
# Stuff addressed to big wide world gets shaped
tc qdisc add dev $DEV parent 1:2 handle 20: tbf limit $LIMIT burst $BURST rate $RATE
# Filter on LAN destination address
tc filter add dev $DEV parent 1: protocol ip prio 10 u32 match ip dst $LAN flowid 1:1
# Default filter for everything else
tc filter add dev $DEV parent 1: protocol ip prio 15 u32 match ip dst 0.0.0.0/0 flowid 1:2
-------------------------------8<------------------------------
--
Richard Lamont
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2003-08-05 22:54 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2003-08-05 19:05 [LARTC] Luser seeks tc syntax clue Richard Lamont
2003-08-05 22:09 ` Steffen Moser
2003-08-05 22:54 ` Richard Lamont
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.