Penguin
Recent Changes
Note: You are viewing an old revision of this page. View the current version.

(This is some notes I'm jotting down while I'm working on this, I intend to come back and clean this up later)

ifup dummy0
tc filter add dev $DEV parent ffff: protocol ip <i>filter-rule</i> flowid 1:2 action mirred egress mirror dev dummy0
tcpdump -i dummy0
  • HTB: quantum of class XXXXYYYY is big. Consider r2q change. means class XXXX:YYYY has a massive quantum. quantum by default is the rate of the class, divided by "r2q". http://www.docum.org/docum.org/faq/cache/31.html
  • filter...protocol specifies which skb->protocol you're talking about, normally skb->protocol == ethertype. If you don't care you /must/ in some circumstances specify "protocol all". In some situations protocol ethertype works, in some situations it gives an invalid argument.
  • The default action of the sfq's internal classifier when a packet doesn't match, is to always put it in bucket 0. These users will get abysmal performance under any kind of load. The "flow" external classifier, when a packet doesn't match, is to drop it all together. These users get 100% packet loss, with or without load. At least the second one is an obvious problem during testing, the first one is often only discovered after users whine.
  • ifb (Intermediate Functional Block) is a replacement for IMQ. ifb is in the kernel. ref
  • We were getting errors having two rules at the same priority. I think having two u32 rules at the same priority tries to merge them into one hashtable, if this is not possible you get an "invalid argument". Consider using a unique priority/preference for one of the rules and see if that solves the issue.

To match PPPoE discovery ethertype:

$TC filter add dev $DEV \
        pref 10 parent $Q_ROOT: \
        protocol all \
        basic match "cmp(u16 at 12 layer 2 eq $ETH_P_PPPOED)" \
        flowid $Q_ROOT:$C_PPPoE
  • If you want things to be perfectly fair:
tc qdisc add dev $DEV \
        root handle 1: \
        sfq

tc filter add dev $DEV \
        pref 1 parent 1:1 handle 100 \
        protocol all \
        flow hash keys dst divisor 1024

This will be fair across all destination IP addresses. We have a set of patches to allow this across src/dst mac addresses.

  • The notation x:y, x is the qdisc number, y is the class number within the qdisc.

  • Some barely documented, but useful help commands:

    • sudo ./tc filter add dev eth1 basic match help
    • sudo ./tc filter add dev eth1 basic match 'cmp(help)'
    • sudo ./tc filter add dev eth1 basic match 'meta(help)'
    • sudo ./tc filter add dev eth1 basic match 'meta(list)'
    • sudo ./tc filter add dev eth1 basic match 'nbyte(help)'
    • sudo ./tc filter add dev eth1 basic match 'u32(help)'
    • sudo ./tc filter add dev eth1 u32 help
    • sudo ./tc filter add dev eth1 tcindex help
    • sudo ./tc filter add dev eth1 rsvp help
    • sudo ./tc filter add dev eth1 flow help
    • sudo ./tc filter add dev eth1 fw help
    • sudo ./tc filter add dev eth1 route help
    • sudo ./tc qdisc add dev eth1 atm help (might not be compiled in) [classful]
    • sudo ./tc qdisc add dev eth1 cbq help [classful]
    • sudo ./tc qdisc add dev eth1 dsmark help [classful]
    • sudo ./tc qdisc add dev eth1 bfifo help [classless]
    • sudo ./tc qdisc add dev eth1 pfifo help [classless]
    • pfifo_fast is a supported qdisc, but takes no options. [classless]
    • sudo ./tc qdisc add dev eth1 gred help [classless]
    • sudo ./tc qdisc add dev eth1 hfsc help [classful]
    • sudo ./tc qdisc add dev eth1 htb help (htb2 is an alias) [classful]
    • sudo ./tc qdisc add dev eth1 ingress help [classless]
    • sudo ./tc qdisc add dev eth1 netem help [classless]
    • sudo ./tc qdisc add dev eth1 prio help [classless]
    • sudo ./tc qdisc add dev eth1 red help [classless]
    • sudo ./tc qdisc add dev eth1 rr help [classless]
    • sudo ./tc qdisc add dev eth1 sfq help [classless]
    • sudo ./tc qdisc add dev eth1 tbf help [classless]
    • sudo ./tc action add action gact help
    • tc action ... ipt ... ?
    • sudo ./tc action add action mirred help
    • sudo ./tc action add action nat help
    • sudo ./tc action add action pedit help (pedit says it has an example, ... it doesn't. But the command does look particularly interesting)
    • sudo ./tc action add action police help