On 09/12/2012 03:35 PM, Mr Dash Four wrote:
> Damn! How is traffic prioritised then? By setting the dmax values?
Once you have read this article:
http://www.shorewall.net/traffic_shaping.htm#HFSC
and the article linked from it:
http://linux-ip.net/articles/hfsc.en/
then you will know everything about HFSC as I do (although there is some
of my analysis available at
> If priority is indeed not supported (and can't be supported!) for
> hfsc, then the right course of action would be to issue an error
> when something (anything!) is specified in the PRIORITY column, not
> simply ignore it, otherwise there will be others like me asking why
> is this value not honoured.
The PRIORITY value is still used for generating the priority of the
Shorewall-generated filters that classify traffic by MARK and by the
tcp-ack and tos options. It just isn't used for by the queuing
discipline. So I prefer to handle this via a documentation change. I
have made the PRIORITY optional for HFSC classes and allowed an explicit
prority to be specified for MARK and the two options.
>
> As far as hfsc goes, If I can't prioritise traffic I may have to
> change the discipline used. I used hsfc primarily because of the
> ability to specify dmax values. Apart from HTB (which I am not very
> keen on) and HSFC, is there another discipline I could use for
> traffic shaping? CBQ?
You can use CBQ but Shorewall has no support for it. So you would need
to script the rules in /etc/shorewall/tcscript and set TC_ENABLED=Yes in
shorewall.conf.
>
> Another question - you use "tc filter" for ifbX type devices, but not
> for others. Why?
'tc filter' is the only way to classify ifbX traffic. So the
documentation stresses that application.
> Can you not use hfsc for definition of classes and
> then create separate "tc filter" statements when you can define
> priorities.
Sure.
> The man pages inform me that "tc filter" statements are
> "consulted" before a class is used, so, potentially, even if a
> priority is not defined (or can't be defined) in hfsc classes, that
> could be done in "tc filter" statements. Would that work?
That will determine the order in which the filters are evaluation.
>
> One other thing I spotted in the meantime: in the firewall_tc file I
> attached yesterday, the "quantum" variable defined in those 2
> functions is not used anywhere, so you might consider removing it
> altogether.
I'll put that on my todo list; 'quantum' is used for HTB...
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel
