Friday, October 7, 2011

The u32 filter


The u32 filter

Overview

The u32 filter allows you to match on any bit field within a packet, so it is in some ways the most powerful filter provided by the Linux traffic control engine. It is also the most complex, and by far the hardest to use. To explain it I will start with a bit of a tutorial.

Read more »
Posted by at No comments:
Labels: ,

Thursday, October 6, 2011

U32 tips tricks

Chaining u32 example 

# Root rule, for Gigabit interface
tc class add dev ${IFACE} parent 1: classid 1:2 htb rate 950Mbit ceil 950Mbit quantum 1514

# For "other" mac addresses
tc class add dev ${IFACE} parent 1:2 classid 1:3 htb rate 680Mbit ceil 950Mbit quantum 1514
tc qdisc add dev ${IFACE} handle 3: parent 1:3 bfifo limit 3000000

# For "our" mac address
tc class add dev ${IFACE} parent 1:2 classid 1:10 htb rate 260Mbit ceil 260Mbit quantum 1514
tc qdisc add dev ${IFACE} handle 10: parent 1:10 bfifo limit 3000000

# High priority for specific MAC
tc class add dev ${IFACE} parent 1:10 classid 1:20 htb rate 200Mbit ceil 260Mbit quantum 1514
tc qdisc add dev ${IFACE} handle 20: parent 1:20 bfifo limit 3000000

#Create handle 1:

tc filter add dev ${IFACE} protocol ip pref 10 parent 1: u32
tc filter add dev ${IFACE} protocol ip pref 10 parent 1: handle 1: u32 divisor 1

# Filter all traffic to specific MAC to handle 1
tc filter add dev ${IFACE} protocol ip pref 10 parent 1: u32 ht 800:: match u16 0x0800 0xFFFF at -2 match u32 0x23af02ca 0xFFFFFFFF at -12 match u16 0x0004 0xFFFF at -14 link 1:

# Filter traffic of handle 1 (it means to specific MAC)
tc filter add dev ${IFACE} protocol ip pref 10 parent 1: u32 ht 1: match ip sport 22 0xff flowid 1:20
tc filter add dev ${IFACE} protocol ip pref 10 parent 1: u32 ht 1: match ip dport 22 0xff flowid 1:20
tc filter add dev ${IFACE} protocol ip pref 10 parent 1: u32 ht 1: match ip sport 53 0xff flowid 1:20
tc filter add dev ${IFACE} protocol ip pref 10 parent 1: u32 ht 1: match ip dport 53 0xff flowid 1:20
tc filter add dev ${IFACE} protocol ip pref 10 parent 1: u32 ht 1: match ip sport 80 0xff flowid 1:20

# Low priority class for specific MAC
tc class add dev ${IFACE} parent 1:10 classid 1:30 htb rate 60Mbit ceil 260Mbit quantum 1514
tc qdisc add dev ${IFACE} handle 30: parent 1:30 bfifo limit 300000
tc filter add dev ${IFACE} protocol ip pref 100 parent 1: u32 ht 1: match ip dst 0.0.0.0/0 flowid 1:30

#DEFAULT FOR ALL REMAINING
tc filter add dev ${IFACE} protocol ip pref 1000 parent 1: u32 match ip dst 0.0.0.0/0 flowid 1:3

Read more »
Posted by at No comments:
Labels: ,

traffic shaping with linux

Examples

This is by no means comprehensive. I may add to this when I get more of a chance. There are Wonder Shaper or the ADSL Bandwidth Management HOWTO. (though I feel that they are inadequate or employ the wrong strategies).

tc, qdiscs, classes, filters, oh my!

tc, the traffic control tool, is used to configure the Linux kernel to accomplish the shaping, scheduling, policing, and dropping of packets.
Each interface by default has a root qdisc. By default, it uses pfifo_fast algorhythm (in our case, it will be configured to use HTB). Think of the root qdisc as the main container that everything resides. Inside the root qdisc, we can classify various types of traffic into classes and attach them to the root handle. After the classes have been defined, filters are used to match and redirect the packets into the right classes.
Read more »
Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)