[rlug] Re: HTB si mipclases

Alex Wed, 26 Jan 2005 12:15:36 -0800

On Mon, 24 Jan 2005 22:45:40 +0200, Alin Nastac <[EMAIL PROTECTED]> wrote:
> Alex wrote:
> 
> >>Daca un pachet nu e marcat de vreo regula MARK atunci inseamna ca
> >>atributul mark este 0. Logic, nu?
> >>Sau poti folosi pur si simplu "default EXTERN" la qdisc-ul root.
> >>
> >>
> >>
> >asta am incercat si eu de prima data dar primiesc raspunsul:
> >RTNETLINK answers: Invalid argument
> >(posibil sa nu fi facut eu ceva bine...din nou..  :(  )
> >
> >am folosit aceiasi sintaxa ca la filtrul pentru METRO. daca, comentez
> >filtrul pus la metro si la cel pus la EXTREN pun in loc de handle 0 ,
> >handle 1 merge in sensul ca nu mai primesc mesaj de eroare...i'm lost
> >again...
> >
> >
> >
> >
> Rezolvari posibile:
> - marchezi tot ce e diferit de mark 1 cu mark 2
> - pui "default EXTERN" in qdisc-ul default
> - adaugi un filter 32 "match ip dst 0/0 prio x" cu x > prio-ul de la
> filter-ul fw
> 
> 
> ---
> Detalii despre listele noastre de mail: http://www.lug.ro/
>


salut,
dupa 2 zile de incercari aproape non stop ma declar incompetent si
batut in cap ca tot n-am reusit sa clasific traficul de extern .... si
apelez la mila colistasilor

am incercat toate solutiile propuse de alin fara succes ( nu inteleg
de ce nici macar default pe extern nu a mers...ceva imi scapa
mereu...)
prima solutie propusa de Alin mi se pare ce-a mai comoda... eu am
incercat sa o implementez asa:
dupa regulile din firewall necesare pt mipclases am adaugat
iptables -t mangle -A PREROUTING -m mark --mark 0x1 -j RETURN
iptables -t mangle -A PREROUTING -m mark ! --mark 0x1 -j MARK --set-mark 0x2

scriptul htb la care am asjun e urmatorul:

#!/bin/sh
# metropolitanul este marcat cu 0x1 de mipclases
DEV=eth1
TC=/sbin/tc
U32="$TC filter add dev $DEV protocol ip parent 1:0 prio 1 u32"

echo "Del prev root"
$TC qdisc del dev $DEV root

echo "Add new root class - handle 1:"
      $TC qdisc add dev $DEV root handle 1: htb default 15

#asta e viteza maxima a interfetei spre LAN
echo "Add LAN band - classid 1:1, parent 1:"
      $TC class add dev $DEV parent 1: classid 1:1 htb rate 50Mbit
ceil 100Mbit burst 128k
#se aduaga clientii benzii de lan care sunt defapt toata reteaua...
echo "Add from 192.168.0.0/26 to LAN IP class band - classid 1:0x11, parent 1:1"
      $TC class add dev $DEV parent 1:1 classid 1:0x11 htb rate 50Mbit
ceil 100Mbit burst 128k
      $U32 match ip dst 192.168.0.0/26 match ip src 192.168.0.0/26 flowid 1:0x11
      $TC qdisc add dev $DEV parent 1:0x11 handle 0x11: pfifo

echo "Add Metropolitan band - classid 1:0x20, parent 1:1"
      $TC class add dev $DEV parent 1:1 classid 1:0x20 htb rate
256kbit ceil 512kbit burst 2k
      $TC filter add dev $DEV protocol ip parent 1:0 prio 0 handle 0x1
fw flowid 1:0x20
echo "Add EXTERN band - classid 1:0x12, parent 1:1"
      $TC class add dev $DEV parent 1:1 classid 1:0x12 htb rate
128kbit ceil 512kbit burst 2k prio 2
      $TC filter add dev $DEV protocol ip parent 1:0 prio 2 handle 0x2
fw flowid 1:0x12
      # $TC filter add dev $DEV protocol ip parent 1:1 prio 3 u32
match ip dst 0/0 flowid 1:0x12
      #$U32 match ip dst 0/0 flowid 1:0x12      

      #acum incep clientii metro...
echo "Add client 192.168.0.2 metro band - classid 1:31, parent 1:0x20"
      $TC class add dev $DEV parent 1:0x20 classid 1:0x31 htb rate
128kbit ceil 512kbit burst 2k prio 2
      $U32 match ip dst 192.168.0.2/32 flowid 1:0x31
      $TC qdisc add dev $DEV parent 1:0x31 handle 0x31: sfq perturb 10

# clientii pt extern
echo "Add client 192.168.0.2 extern band - classid 1:61, parent 1:0x21"
      $TC class add dev $DEV parent 1:0x12 classid 1:0x41 htb rate
120kbit ceil 120kbit burst 2k prio 1
      $U32 match ip dst 192.168.0.2/32 flowid 1:0x41
      $TC qdisc add dev $DEV parent 1:0x41 handle 0x41: sfq perturb 10


Banuiesc ca nu am facut marcare cu 0x2 cum trebuie...
iptables -L -t mangle -nvx imi arata printre altele :

61217 31005540 MARK       all  --  *      *       0.0.0.0/0           
0.0.0.0/0           MARK match !0x1 MARK set 0x2

si o multime de chainuri de genul:

Chain mark_horiz_src_194_106 (1 references)
    pkts      bytes target     prot opt in     out     source         
     destination
       0        0 MARK       all  --  *      *       194.106.204.0/23 
   0.0.0.0/0           MARK set 0x1
      32    29032 MARK       all  --  *      *       194.106.212.0/23 
   0.0.0.0/0           MARK set 0x1
       0        0 MARK       all  --  *      *       194.106.222.0/23 
   0.0.0.0/0           MARK set 0x1


Dac dau: tc -s -d class show dev eth1 se vede ca nic un pachet nu
trece prin 10x12 si implicit prin 1:0x41

Va rog frumos, fieva mila de mine cu cateva reguli de iptables/htb
salavatoare :)

Multumesc,
Alexban

--- 
Detalii despre listele noastre de mail: http://www.lug.ro/

[rlug] Re: HTB si mipclases

Raspunde prin e-mail lui