tc rules block traffic from some hosts at network
Posted
by
user139430
on Server Fault
See other posts from Server Fault
or by user139430
Published on 2012-10-03T07:01:10Z
Indexed on
2012/10/03
9:39 UTC
Read the original article
Hit count: 253
I have a problem I can not solve.
The script, which sets the rules for traffic shaping is blocking the traffic from some hosts.If I remove all the rules, then it works. I can not understand why? Here is my script...
#!/bin/sh
cmdTC=/sbin/tc
rateLANDl="60mbit"
ceilLANDl="60mbit"
rateLANUl="40mbit"
ceilLANUl="40mbit"
quantLAN="1514"
# Nowaday bandwidth limit set to 100mbit.
# We devide it with 60mbit download and 40mbit upload bandthes.
rateHiDl="30mbit"
ceilHiDl="60mbit"
rateHiUl="20mbit"
ceilHiUl="40mbit"
quantHi="1514"
rateLoDl="30mbit"
ceilLoDl="60mbit"
rateLoUl="20mbit"
ceilLoUl="40mbit"
quantLo="1514"
devNIF=eth0
devFIF=ifb0
modprobe ifb
ip link set $devFIF up 2>/dev/null
#exit 0
################################################################################################
# Remove discuiplines from network and fake interfaces
################################################################################################
$cmdTC qdisc del dev $devNIF root 2>/dev/null
$cmdTC qdisc del dev $devFIF root 2>/dev/null
$cmdTC qdisc del dev $devNIF ingress 2>/dev/null
if [ "$1" = "down" ]; then
exit 0
fi
################################################################################################
# Create discuiplines for network interface
################################################################################################
$cmdTC qdisc add dev $devNIF root handle 1:0 htb default 12
# Create classes for network interface
$cmdTC class add dev $devNIF parent 1:0 classid 1:1 htb rate ${rateLANDl} ceil ${ceilLANDl} quantum ${quantLAN}
$cmdTC class add dev $devNIF parent 1:1 classid 1:11 htb rate ${rateHiDl} ceil ${ceilHiDl} quantum ${quantHi}
$cmdTC class add dev $devNIF parent 1:1 classid 1:12 htb rate ${rateLoDl} ceil ${ceilLoDl} quantum ${quantLo}
$cmdTC qdisc add dev $devNIF parent 1:11 handle 111: sfq perturb 10
$cmdTC qdisc add dev $devNIF parent 1:12 handle 112: sfq perturb 10
# Create filters for network interface
$cmdTC filter add dev $devNIF protocol all parent 1:0 u32 match ip dst 10.252.2.0/24 flowid 1:11
$cmdTC filter add dev $devNIF protocol all parent 111: handle 111 flow hash keys dst divisor 1024 baseclass 1:11
$cmdTC filter add dev $devNIF protocol all parent 112: handle 112 flow hash keys dst divisor 1024 baseclass 1:12
################################################################################################
# Create discuiplines for fake interface
################################################################################################
$cmdTC qdisc add dev $devFIF root handle 1:0 htb default 12
# Create classes for network interface
$cmdTC class add dev $devFIF parent 1:0 classid 1:1 htb rate ${rateLANUl} ceil ${ceilLANUl} quantum ${quantLAN}
$cmdTC class add dev $devFIF parent 1:1 classid 1:11 htb rate ${rateHiUl} ceil ${ceilHiUl} quantum ${quantHi}
$cmdTC class add dev $devFIF parent 1:1 classid 1:12 htb rate ${rateLoUl} ceil ${ceilLoUl} quantum ${quantLo}
$cmdTC qdisc add dev $devFIF parent 1:11 handle 111: sfq perturb 10
$cmdTC qdisc add dev $devFIF parent 1:12 handle 112: sfq perturb 10
# Create filters for network interface
$cmdTC filter add dev $devFIF protocol all parent 1:0 u32 match ip src 10.252.2.0/24 flowid 1:11
$cmdTC filter add dev $devFIF protocol all parent 111: handle 111 flow hash keys src divisor 1024 baseclass 1:11
$cmdTC filter add dev $devFIF protocol all parent 112: handle 112 flow hash keys src divisor 1024 baseclass 1:12
################################################################################################
# Create redirect discuiplines from network to fake interface
################################################################################################
$cmdTC qdisc add dev $devNIF handle ffff:0 ingress
$cmdTC filter add dev $devNIF parent ffff:0 protocol all u32 match u32 0 0 action mirred egress redirect dev $devFIF
Here is my /etc/modules:
loop
ifb
ppp_mppe
nf_conntrack_pptp
nt_conntrack_proto_gre
nf_nat_pptp
nf_nat_proto_gre
The system is Linux wall 2.6.32-5-amd64 #1 SMP Sun Sep 23 10:07:46 UTC 2012 x86_64 GNU/Linux
© Server Fault or respective owner