[bwm-tools-tech] nfmark or user problem? - replace user?
Brought to you by:
nkukard
Menu
▾
▴
[bwm-tools-tech] nfmark or user problem? - replace user?
|
From: go0ogl3 <go...@gm...> - 2005-06-14 22:30:41
|
Hello list,
I am trying to use the nfmark feature to "help" use my 256kbit
bandwith wisely. I came up with a setup like this:
The iptables part:
---cut here---
IPT=3D`which iptables`
mark=3D"-j MARK --set-mark"
mf=3D"-t mangle -A FORWARD"
iptables -N bwmd
iptables -A bwmd -m mark ! --mark 0x0 -j QUEUE
iptables -A bwmd -j ACCEPT
echo " DNS"
$IPT $mf -p udp -s $lan --dport 53 $mark 105
$IPT $mf -p tcp -s $lan --dport 53 $mark 105
$IPT $mf -p udp -d $lan --sport 53 $mark 205
$IPT $mf -p tcp -d $lan --sport 53 $mark 205
echo " ICMP"
$IPT $mf -p icmp -s $lan $mark 115
$IPT $mf -p icmp -d $lan $mark 215
..............
---and here---
The download part of my firewall.xml file is:
---cut here---
# trafic shape DOWNLOAD
<flow name=3D"Main_in" max-rate=3D"30720" burst-rate=3D"30720"
queue-len=3D"30" queue-size=3D"30720" stats-len=3D"5" report-timeout=3D"60"=
>
<flow name=3D"Normal_in" max-rate=3D"30720" burst-rate=3D"30720=
"
queue-len=3D"30" queue-size=3D"30720" stats-len=3D"5" report-timeout=3D"60"=
>
<flow name=3D"DNS_in" max-rate=3D"3072" burst-rate=3D"30720=
"
queue-len=3D"1" queue-size=3D"1" stats-len=3D"5" report-timeout=3D"60">
<queue prio=3D"5" nfmark=3D"105">
DNS_in;
</queue>
</flow>
<flow name=3D"ICMP_in" max-rate=3D"3072"
burst-rate=3D"30720" queue-len=3D"15" queue-size=3D"960" stats-len=3D"5"
report-timeout=3D"60">
<queue prio=3D"15" nfmark=3D"115">
ICMP_in;
</queue>
</flow>
<flow name=3D"HTTP_in" max-rate=3D"30720"
burst-rate=3D"30720" queue-len=3D"10" queue-size=3D"10240" stats-len=3D"5"
report-timeout=3D"60">
<queue prio=3D"20" nfmark=3D"120">
HTTP_in;
</queue>
</flow>
</flow>
<flow name=3D"Bulk_in" max-rate=3D"30720" burst-rate=3D"30720"
queue-len=3D"90" queue-size=3D"92120" stats-len=3D"5" report-timeout=3D"60"=
>
<flow name=3D"Other_in" max-rate=3D"15360"
burst-rate=3D"30720" queue-len=3D"60" queue-size=3D"61440" stats-len=3D"5"
report-timeout=3D"60">
<queue prio=3D"50" nfmark=3D"150">
Other_in;
</queue>
</flow>
<flow name=3D"P2P_in" max-rate=3D"15360"
burst-rate=3D"30720" queue-len=3D"90" queue-size=3D"92120" stats-len=3D"5"
report-timeout=3D"60">
<queue prio=3D"90" nfmark=3D"190">
P2P_in;
</queue>
</flow>
</flow>
</flow>
# ---end--- trafic shape DOWNLOAD
---and here---
The Problem (tested with icmp-ping type 8 packets):
- the packets get marked, then they reach the QUEUE target, I can see
the packets in the "Main_in" flow using bwm_monitor, but they are not
"classified" in the "ICMP_in" flow. Any other packet types (like http,
p2p, etc) are getting in the "Main" flow but they are not classified
in the coresponding flow according to the nfmark.
In the bwm_tools manual is something like: "nfmark=3D"..." -
Mandatory/Optional parameter to specify the NFMARK of the traffic that
applies to this flow. This must be used at the deepest level of flow
embedding to match traffic. Each nfmark value MUST be unique! " but
there is an example here:
"http://bwm-tools.pr.linuxrulz.org/doc/Integration.html#index-nfmark-55"
I am using the bwm-tools 0.2.1, kernel 2.6.11.11, iptables v1.2.11
Where is the mistake?
P.S.:=20
- I'm not very sure of the 'correct' usage of "queue-len" and
"queue-size" (in my config are --testing-- values)
- I'm not very sure if bwm-tools "understands" what I want to
accomplish with my hierarhical setup (I want dns, icmp and http
traffic to have priority and to be interactive-like and p2p and other
traffic to have last priority even if it will have a huge delay)
- I'm willing to write some sort of a manual (in about 2 weeks I hope
I'll have more free time) with examples if I will be able to fully
understand the "inner game" of bwm-tools
- Please excuse my english and my long email but i'm sleepy now...=20
go0ogl3
|
