tc rules block traffic from some hosts at network

Posted by user139430 on Server Fault See other posts from Server Fault or by user139430
Published on 2012-10-03T07:01:10Z Indexed on 2012/10/03 9:39 UTC
Read the original article Hit count: 251

Filed under:
|

I have a problem I can not solve.

The script, which sets the rules for traffic shaping is blocking the traffic from some hosts.If I remove all the rules, then it works. I can not understand why? Here is my script...

#!/bin/sh

cmdTC=/sbin/tc

rateLANDl="60mbit"
ceilLANDl="60mbit"
rateLANUl="40mbit"
ceilLANUl="40mbit"
quantLAN="1514"

# Nowaday bandwidth limit set to 100mbit.
# We devide it with 60mbit download and 40mbit upload bandthes.

rateHiDl="30mbit"
ceilHiDl="60mbit"
rateHiUl="20mbit"
ceilHiUl="40mbit"
quantHi="1514"

rateLoDl="30mbit"
ceilLoDl="60mbit"
rateLoUl="20mbit"
ceilLoUl="40mbit"
quantLo="1514"

devNIF=eth0
devFIF=ifb0

modprobe ifb
ip link set $devFIF up 2>/dev/null

#exit 0

################################################################################################
# Remove discuiplines from network and fake interfaces
################################################################################################
$cmdTC qdisc del dev $devNIF root 2>/dev/null
$cmdTC qdisc del dev $devFIF root 2>/dev/null
$cmdTC qdisc del dev $devNIF ingress 2>/dev/null

if [ "$1" = "down" ]; then
exit 0
fi

################################################################################################
# Create discuiplines for network interface
################################################################################################
$cmdTC qdisc add dev $devNIF root handle 1:0 htb default 12

# Create classes for network interface
$cmdTC class add dev $devNIF parent 1:0 classid 1:1 htb rate ${rateLANDl} ceil ${ceilLANDl} quantum ${quantLAN}
$cmdTC class add dev $devNIF parent 1:1 classid 1:11 htb rate ${rateHiDl} ceil ${ceilHiDl} quantum ${quantHi}
$cmdTC class add dev $devNIF parent 1:1 classid 1:12 htb rate ${rateLoDl} ceil ${ceilLoDl} quantum ${quantLo}

$cmdTC qdisc add dev $devNIF parent 1:11 handle 111: sfq perturb 10
$cmdTC qdisc add dev $devNIF parent 1:12 handle 112: sfq perturb 10

# Create filters for network interface
$cmdTC filter add dev $devNIF protocol all parent 1:0 u32 match ip dst 10.252.2.0/24 flowid 1:11
$cmdTC filter add dev $devNIF protocol all parent 111: handle 111 flow hash keys dst divisor 1024 baseclass 1:11

$cmdTC filter add dev $devNIF protocol all parent 112: handle 112 flow hash keys dst divisor 1024 baseclass 1:12

################################################################################################
# Create discuiplines for fake interface
################################################################################################
$cmdTC qdisc add dev $devFIF root handle 1:0 htb default 12

# Create classes for network interface
$cmdTC class add dev $devFIF parent 1:0 classid 1:1 htb rate ${rateLANUl} ceil ${ceilLANUl} quantum ${quantLAN}
$cmdTC class add dev $devFIF parent 1:1 classid 1:11 htb rate ${rateHiUl} ceil ${ceilHiUl} quantum ${quantHi}
$cmdTC class add dev $devFIF parent 1:1 classid 1:12 htb rate ${rateLoUl} ceil ${ceilLoUl} quantum ${quantLo}

$cmdTC qdisc add dev $devFIF parent 1:11 handle 111: sfq perturb 10
$cmdTC qdisc add dev $devFIF parent 1:12 handle 112: sfq perturb 10

# Create filters for network interface
$cmdTC filter add dev $devFIF protocol all parent 1:0 u32 match ip src 10.252.2.0/24 flowid 1:11
$cmdTC filter add dev $devFIF protocol all parent 111: handle 111 flow hash keys src divisor 1024 baseclass 1:11

$cmdTC filter add dev $devFIF protocol all parent 112: handle 112 flow hash keys src divisor 1024 baseclass 1:12

################################################################################################
# Create redirect discuiplines from network to fake interface
################################################################################################
$cmdTC qdisc add dev $devNIF handle ffff:0 ingress
$cmdTC filter add dev $devNIF parent ffff:0 protocol all u32 match u32 0 0 action mirred egress redirect dev $devFIF

Here is my /etc/modules:

loop
ifb
ppp_mppe
nf_conntrack_pptp
nt_conntrack_proto_gre
nf_nat_pptp
nf_nat_proto_gre

The system is Linux wall 2.6.32-5-amd64 #1 SMP Sun Sep 23 10:07:46 UTC 2012 x86_64 GNU/Linux

© Server Fault or respective owner

Related posts about linux

Related posts about tc