From:
<mdo...@ch...> - 2005-02-21 08:45:30
|
Sigh -- I shouldn't read code before I've had my morning coffee. The code IS correct and generates physdev matches for bridge ports. firewall:2344 *) verify_interface $source || fatal_error "Unknown interface $source in rule \"$rule\"" r="$(match_source_dev) $source " ;; -Tom --------------------------------------------------------------------- Hi again :) The problem is still there, i tried to modify my tcstart script and tcrules files to make it work but everytime i restart shorewall, after a little while the machine hangs on... :( Here is my tcstart script: #!/bin/bash # # DEV1=eth1 #salida a red interna DEV0=eth0 #salida a internet # Note that this is significantly lower than the capacity of 1500. # Because of this, you may not want to bother limiting inbound traffic # until a better implementation such as TCP window manipulation can be used. # # End Configuration Options # if [ "$1" = "status" ] then echo "Enlace descendente" echo "[qdisc]" tc -s qdisc show dev $DEV1 echo "[class]" tc -s class show dev $DEV1 echo "[filter]" tc -s filter show dev $DEV1 echo "Enlace ascendente" echo "[qdisc]" tc -s qdisc show dev $DEV0 echo "[class]" tc -s class show dev $DEV0 echo "[filter]" tc -s filter show dev $DEV0 exit fi # Reset everything to a known state (cleared) tc qdisc del dev $DEV0 root 2> /dev/null > /dev/null tc qdisc del dev $DEV1 root 2> /dev/null > /dev/null if [ "$1" = "stop" ] then echo "Shaping removed on $DEV1." echo "Shaping removed on $DEV0." exit fi ########################################################### # # Inbound Shaping (limits total bandwidth to 900Kbps) # Este es el enlace descendente, desde internet hacia la red interna de Cherrytel # set queue size to give latency of about 2 seconds on low-prio packets # ip link set dev $DEV1 qlen 30 # changes mtu on the outbound device. Lowering the mtu will result # in lower latency but will also cause slightly lower throughput due # to IP and TCP protocol overhead. # ip link set dev $DEV1 mtu 1000 # add HTB root qdisc tc qdisc add dev $DEV1 root handle 1: htb default 37 # add main rate limit classes tc class add dev $DEV1 parent 1: classid 1:1 htb rate 900kbit # add leaf classes - We grant each class at LEAST it's "fair share" of bandwidth. # this way no class will ever be starved by another class. Each # class is also permitted to consume all of the available bandwidth # if no other classes are in use. tc class add dev $DEV1 parent 1:1 classid 1:20 htb rate 64kbit ceil 900kbit tc class add dev $DEV1 parent 1:1 classid 1:21 htb rate 64kbit ceil 900kbit tc class add dev $DEV1 parent 1:1 classid 1:22 htb rate 64kbit ceil 900kbit tc class add dev $DEV1 parent 1:1 classid 1:37 htb rate 676kbit ceil 900kbit #por defecto tc class add dev $DEV1 parent 1:1 classid 1:23 htb rate 32kbit ceil 32kbit #prueba, maq WiFi # attach qdisc to leaf classes - here we at SFQ to each priority class. SFQ insures that # within each class connections will be treated (almost) fairly. tc qdisc add dev $DEV1 parent 1:20 handle 20: sfq perturb 10 tc qdisc add dev $DEV1 parent 1:21 handle 21: sfq perturb 10 tc qdisc add dev $DEV1 parent 1:22 handle 22: sfq perturb 10 tc qdisc add dev $DEV1 parent 1:37 handle 37: sfq perturb 10 tc qdisc add dev $DEV1 parent 1:23 handle 23: sfq perturb 10 tc filter add dev $DEV1 protocol ip parent 1:0 prio 0 handle 20 fw classid 1:20 tc filter add dev $DEV1 protocol ip parent 1:0 prio 0 handle 21 fw classid 1:21 tc filter add dev $DEV1 protocol ip parent 1:0 prio 0 handle 22 fw classid 1:22 tc filter add dev $DEV1 protocol ip parent 1:0 prio 0 handle 23 fw classid 1:23 tc filter add dev $DEV1 protocol ip parent 1:0 prio 0 handle 37 fw classid 1:37 # Done with inbound shaping # #################################################### echo "Control del enlace descendente activado." #Si solo se desea controlar el enlace descendente, quitar el comentario de la siguiente instruccion exit #exit ########################################################### # # Outbound Shaping (limits total bandwidth to 900Kbps) # Este es el enlace ascendente, desde la red interna de Cherrytel a internet # set queue size to give latency of about 2 seconds on low-prio packets # ip link set dev $DEV0 qlen 30 # changes mtu on the outbound device. Lowering the mtu will result # in lower latency but will also cause slightly lower throughput due # to IP and TCP protocol overhead. # ip link set dev $DEV0 mtu 1000 # add HTB root qdisc tc qdisc add dev $DEV0 root handle 2: htb default 87 # add main rate limit classes tc class add dev $DEV0 parent 2: classid 2:1 htb rate 900kbit # add leaf classes - We grant each class at LEAST it's "fair share" of bandwidth. # this way no class will ever be starved by another class. Each # class is also permitted to consume all of the available bandwidth # if no other classes are in use. tc class add dev $DEV0 parent 2:1 classid 2:70 htb rate 64kbit ceil 900kbit tc class add dev $DEV0 parent 2:1 classid 2:71 htb rate 64kbit ceil 900kbit tc class add dev $DEV0 parent 2:1 classid 2:72 htb rate 64kbit ceil 900kbit tc class add dev $DEV0 parent 2:1 classid 2:87 htb rate 676kbit ceil 900kbit #por defecto tc class add dev $DEV0 parent 2:1 classid 2:73 htb rate 32kbit ceil 32kbit #prueba # attach qdisc to leaf classes - here we at SFQ to each priority class. SFQ insures that # within each class connections will be treated (almost) fairly. tc qdisc add dev $DEV0 parent 2:70 handle 70: sfq perturb 10 tc qdisc add dev $DEV0 parent 2:71 handle 71: sfq perturb 10 tc qdisc add dev $DEV0 parent 2:72 handle 72: sfq perturb 10 tc qdisc add dev $DEV0 parent 2:87 handle 87: sfq perturb 10 tc qdisc add dev $DEV0 parent 2:73 handle 73: sfq perturb 10 tc filter add dev $DEV0 protocol ip parent 2:0 prio 0 handle 70 fw classid 2:70 tc filter add dev $DEV0 protocol ip parent 2:0 prio 0 handle 71 fw classid 2:71 tc filter add dev $DEV0 protocol ip parent 2:0 prio 0 handle 72 fw classid 2:72 tc filter add dev $DEV0 protocol ip parent 2:0 prio 0 handle 73 fw classid 2:73 tc filter add dev $DEV0 protocol ip parent 2:0 prio 0 handle 87 fw classid 2:87 # Done with outbound shaping # #################################################### echo "Control del enlace ascendente activado." exit And the tcrules file contains the following: ############################################################################## #MARK SOURCE DEST PROTO PORT(S) CLIENT USER 20 0.0.0.0/0 213.9.139.30,213.9.139.31,213.9.139.32 all 21 0.0.0.0/0 213.9.139.22,213.9.139.71 all 22 0.0.0.0/0 213.9.139.25 all 23 0.0.0.0/0 213.9.139.24 all 70 213.9.139.30,213.9.139.31,213.9.139.32 0.0.0.0/0 all 71 213.9.139.22,213.9.139.71 0.0.0.0/0 all 72 213.9.139.25 0.0.0.0/0 all 73 213.9.139.24 0.0.0.0/0 all #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE Please, tell me if I'm doing something wrong. Thank you for your great support. UN CORDIAL SALUDO Miguel Ángel Domínguez Durán. Departamento Técnico. Cherrytel Comunicaciones, S.L. mdo...@ch... http://www.cherrytel.com/ Tlf. 902 115 673 Fax 952218170 |