Tag - Linux - Vincent in China

This whole afternoon I had the chance to fight with the Linux tc command (traffic control). With this wonderful tool I can easily restrict bandwidth for an user in the network, or also set up an efficient QoS (Quality of Service), favoring some important protocols such as SSH or the TCP Ack packet. over bulk data traffic for which latency and jitter are not important.

So my problem was about the tc filter, filters tell where a packet should be enqueued, in which class they have to be proceed, according to their source. Setting up the filter is easily done by a command like this one:

tc filter add dev eth0 parent 2:0 protocol ip prio 0 handle 20 fw flowid 2.20

Quick explanation, this filter is attached to the eth0 interface, and attached to the root qdisc 2:0 since htb filters (Hierarchical Token Bucket) must be attached directly ot the root class, not matter what. The prio 0 was the cause of my fight, because in my script I didn't need any special priority, so I let it at 0. The handle 20 fw means that the unique identifier of the filter is 20 and will catch the packets marqued in iptables with the value 20, and that those packets will be enqueued in the class 2:20.

If you want to delete dynamically a filter and a class of your interface, without reloading all the iptables/tc setting taking a certain time, the htb qdisc allow dynamic modifications, The only problem resides in the fact that a filter must be declared with a priority, a handle and a type if you want to remove it, else it'll be a lost filter attached ot your qdisc. After trying to remove it, I get some not really explicit messages from the tc command, and after browsing the lartc mailing list, and trying little configuration with tc on my side, I figured out that if the prio of a filter is 0 or 1 and that other filter got also got a prio of 0 or 1, you can't remove them, even if they have a handle and everything required. You need to put a prio of 2 or higher for example to all your filter and then you can delete them. It was a little tricky because in my case I don't need any filter to be prio on any other, else in most of the script using tc you'll see the prio changing.

PS: this article is still a stub that need to be completed about the none explained "things".

Vincent in China

Tag - Linux

About my internship (2)

Search

Categories

Tags

Subscribe