Ok, Andy - I have tested this and should all work.
Can you double check on your side before i push kernel patch to Dave? I
tested on ubuntu distro on an AMD athlon.
Attached tar.gz with necessary patches. I only bothered to do 2 out of 3
tests. The second one covers the third. iptables libraries at runtime:
1.3.1
cheers,
jamal
-- start details (collected while i was testing) -----------
patch to kernel 2.6.11.5:
1)stats fix - attached as p_kernel
patch to tc:
1) stats - in patch file p_tc
2) mirred structure - in patch file p_tc
3) iptables headers copied from iptables 1.3.1 - both files in
attachment
bantu:~# uname -a
Linux bantu.foo 2.6.11.5 #1 Mon Mar 21 23:23:51 EST 2005 i686 GNU/Linux
bantu:~#
bantu:~# tc -V
tc utility, iproute2-ss050314
bantu:~#
TEST1:
Check if ipt works on its own and stats are fixed.
tc qdisc del dev eth0 ingress
tc qdisc add dev eth0 ingress
tc filter add dev eth0 parent ffff: protocol ip prio 6 u32 \
match ip src 10.0.2.24/32 flowid 1:16 \
action ipt -j TOS --set-tos Maximize-Reliability
** machine 10.0.2.24/32 is directly connected (via switch) to eth0
tc -s filter ls dev eth0 parent ffff:
bantu:~# tc -s filter ls dev eth0 parent ffff:
filter protocol ip pref 6 u32
filter protocol ip pref 6 u32 fh 800: ht divisor 1
filter protocol ip pref 6 u32 fh 800::800 order 2048 key ht 800 bkt 0
flowid 1:16 (rule hit 0 success 0)
match 0a000218/ffffffff at 12 (success 0 )
action order 1: tablename: mangle hook: NF_IP_PRE_ROUTING
target TOS set Maximize-Reliability
index 5 ref 1 bind 1 installed 10 sec used 10 sec
Action statistics:
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
ke82:~# ping -c 2 10.0.2.24
PING 10.0.2.24 (10.0.2.24) 56(84) bytes of data.
64 bytes from 10.0.2.24: icmp_seq=1 ttl=64 time=36.1 ms
64 bytes from 10.0.2.24: icmp_seq=2 ttl=64 time=3.79 ms
--- 10.0.2.24 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1005ms
rtt min/avg/max/mdev = 3.798/19.960/36.122/16.162 ms
bantu:~#
bantu:~# tc -s filter ls dev eth0 parent ffff:
filter protocol ip pref 6 u32
filter protocol ip pref 6 u32 fh 800: ht divisor 1
filter protocol ip pref 6 u32 fh 800::800 order 2048 key ht 800 bkt 0
flowid 1:16 (rule hit 2 success 2)
match 0a000218/ffffffff at 12 (success 2 )
action order 1: tablename: mangle hook: NF_IP_PRE_ROUTING
target TOS set Maximize-Reliability
index 5 ref 1 bind 1 installed 109 sec used 36 sec
Action statistics:
Sent 168 bytes 2 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
TEST2:
- check if ipt followed by another action works.
- check if mirred works
tc qdisc del dev eth0 ingress
tc qdisc add dev eth0 ingress
tc filter add dev eth0 parent ffff: protocol ip prio 6 \
u32 match ip src 10.0.2.24/32 flowid 1:16 \
action ipt -j TOS --set-tos Maximize-Reliability \
action mirred egress redirect dev lo
--> Installs fine
ping Replies should never be seen since they are redirected to
loopback device; tcdump on dev lo should show them.Actually even
tcpdump on eth0 should see them - they just dont make it up the stack.
bantu:~# ping -c 2 10.0.2.24
PING 10.0.2.24 (10.0.2.24) 56(84) bytes of data.
--- 10.0.2.24 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1145ms
bantu:~#
bantu:~# tc -s filter ls dev eth0 parent ffff:
filter protocol ip pref 6 u32
filter protocol ip pref 6 u32 fh 800: ht divisor 1
filter protocol ip pref 6 u32 fh 800::800 order 2048 key ht 800 bkt 0
flowid 1:16 (rule hit 2 success 2)
match 0a000218/ffffffff at 12 (success 2 )
action order 1: tablename: mangle hook: NF_IP_PRE_ROUTING
target TOS set Maximize-Reliability
index 6 ref 1 bind 1 installed 128 sec used 123 sec
Action statistics:
Sent 168 bytes 2 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
action order 2: mirred (Egress Redirect to device lo) stolen
index 1 ref 1 bind 1 installed 128 sec used 123 sec
Action statistics:
Sent 168 bytes 2 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
iptmir.tgz
Description: GNU Zip compressed data
|