Andy Furniss <[EMAIL PROTECTED]> wrote:
I only skimmed through - the lack of CRs make it a bit difficult to read.
One thing to note is that unlike htb, prio 1 is the top prio for filters
- and you use prio 0 for the metro so this filter won't see traffic that
has already been fclassified by the prio 1 tos filter.
Also when using tos be aware that some apps set it - so there could be
other traffic than that set by the iptables rules.
Andy.
I pasted the script from kwrite to Mozilla suite composer. I don't
know why there are no CRs. :(
I know that applications set the tos field (and I hope programmers
know if they are supposed to set it or not, and that they don't
cheat). I rely on this.
I will correct the prio error. My question still remains: is it
possible to use tos AND fwmark in the same rule (and the effect be an
AND - like in iptables, not an OR)?
My script:
#!/bin/bash
tc=/sbin/tc
u=kbit;U=Mbit
RATE=256
metro=1
for dev in ` echo eth0 eth1 `; do
$tc qdisc del dev $dev root &>/dev/null
$tc qdisc add dev $dev root handle 1: htb default FF
# class default - non-priorized traffic
$tc class add dev $dev parent 1: classid 1:1 \
htb rate $RATE$u ceil $[$RATE-16]$u
$tc class add dev $dev parent 1:1 classid 1:FF \
htb rate 1$u ceil $[$RATE-16]$u prio 1
$tc qdisc add dev $dev parent 1:FF handle FF: sfq perturb 10
# priorized traffic - Internet (TOS = Minimize-Delay)
$tc class add dev $dev parent 1:1 classid 1:2\
htb rate $[$RATE-16]$u ceil $[$RATE-16]$u burst 16k prio 0
$tc filter add dev $dev parent 1: protocol ip prio 1\
u32 match ip tos 0x10 0xff flowid 1:2
$tc qdisc add dev $dev parent 1:2 handle 2: sfq perturb 10
# metropolitan (MARK = 1)
$tc class add dev $dev parent 1: classid 1:3 htb rate 100$U ceil 99$U
$tc class add dev $dev parent 1:3 classid 1:FE htb rate 99$U ceil 99$U
$tc qdisc add dev $dev parent 1:FE handle FE: sfq perturb 10
$tc filter add dev $dev parent 1: protocol ip prio 0\
handle $metro fw flowid 1:FE
done
EOF
The output of iptables-save (mangle PREROUTING):
-A PREROUTING -p tcp -m tcp --sport 21:22 -j TOS --set-tos 0x10
-A PREROUTING -p tcp -m tcp --dport 21:22 -j TOS --set-tos 0x10
-A PREROUTING -p tcp -m tcp --sport 80 -j TS --set-tos 0x10
-A PREROUTING -p tcp -m tcp --dport 80 -j TOS --set-tos 0x10
-A PREROUTING -p tcp -m tcp --dport 443 -j TOS --set-tos 0x10
-A PREROUTING -p tcp -m tcp --sport 443 -j TOS --set-tos 0x10
-A PREROUTING -p tcp -m tcp --sport 5050 -j TOS --set-tos 0x10
-A PREROUTING -p tcp -m tcp --dport 5050 -j TOS --set-tos 0x10
-A PREROUTING -p tcp -m tcp --dport 6667:7000 -j TOS --set-tos 0x10
-A PREROUTING -p tcp -m tcp --sport 6667:7000 -j TOS --set-tos 0x10
-A PREROUTING -p tcp -m tcp --tcp-flags SYN ACK -j TOS --set-tos 0x10
-A PREROUTING -s 82.77.124.128/255.255.255.224\
-d 82.77.124.128/255.255.255.224 -j MARK --set-mark 0x1
-A PREROUTING -s 82.77.124.128/255.255.255.224 -d 193.226.0.0/255.255.0.0\
-j MARK --set-mark 0x1
-A PREROUTING -s 193.226.0.0/255.255.0.0 -d 82.77.124.128/255.255.255.224\
-j MARK --set-mark 0x1
-A PREROUTING -s 192.129.0.0/255.255.0.0 -d 82.77.124.128/255.255.255.224\
-j MARK --set-mark 0x1
-A PREROUTING -s 82.77.124.128/255.255.255.224 -d 192.129.0.0/255.255.0.0\
-j MARK --set-mark 0x1
Thank you!
Sorin.
P.S. I changed my registered e-mail address and I think I cannot post
from the old one, from which I received the message I now reply.
Please BCC my new address. Thank you!
_______________________________________________
LARTC mailing list
[email protected]
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
