You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
88 lines
2.9 KiB
88 lines
2.9 KiB
#! /bin/sh -x
|
|
#
|
|
# sample script on using the ingress capabilities
|
|
# This script tags the fwmark on the ingress interface using IPchains
|
|
# the result is used first for policing on the Ingress interface then
|
|
# for fast classification and re-marking
|
|
# on the egress interface
|
|
#
|
|
#path to various utilities;
|
|
#change to reflect yours.
|
|
#
|
|
IPROUTE=/root/DS-6-beta/iproute2-990530-dsing
|
|
TC=$IPROUTE/tc/tc
|
|
IP=$IPROUTE/ip/ip
|
|
IPCHAINS=/root/DS-6-beta/ipchains-1.3.9/ipchains
|
|
INDEV=eth2
|
|
EGDEV="dev eth1"
|
|
#
|
|
# tag all incoming packets from host 10.2.0.24 to value 1
|
|
# tag all incoming packets from host 10.2.0.3 to value 2
|
|
# tag the rest of incoming packets from subnet 10.2.0.0/24 to value 3
|
|
#These values are used in the egress
|
|
############################################################
|
|
$IPCHAINS -A input -s 10.2.0.0/24 -m 3
|
|
$IPCHAINS -A input -i $INDEV -s 10.2.0.24 -m 1
|
|
$IPCHAINS -A input -i $INDEV -s 10.2.0.3 -m 2
|
|
############################################################
|
|
#
|
|
# install the ingress qdisc on the ingress interface
|
|
############################################################
|
|
$TC qdisc add dev $INDEV handle ffff: ingress
|
|
############################################################
|
|
|
|
#
|
|
# attach a fw classifier to the ingress which polices anything marked
|
|
# by ipchains to tag value 3 (The rest of the subnet packets -- not
|
|
# tag 1 or 2) to not go beyond 1.5Mbps
|
|
# Allow up to at least 60 packets to burst (assuming maximum packet
|
|
# size of # 1.5 KB) in the long run and upto about 6 packets in the
|
|
# shot run
|
|
|
|
############################################################
|
|
$TC filter add dev $INDEV parent ffff: protocol ip prio 50 handle 3 fw \
|
|
police rate 1500kbit burst 90k mtu 9k drop flowid :1
|
|
############################################################
|
|
|
|
######################## Egress side ########################
|
|
|
|
|
|
# attach a dsmarker
|
|
#
|
|
$TC qdisc add $EGDEV handle 1:0 root dsmark indices 64
|
|
#
|
|
# values of the DSCP to change depending on the class
|
|
#
|
|
$TC class change $EGDEV classid 1:1 dsmark mask 0x3 \
|
|
value 0xb8
|
|
$TC class change $EGDEV classid 1:2 dsmark mask 0x3 \
|
|
value 0x28
|
|
$TC class change $EGDEV classid 1:3 dsmark mask 0x3 \
|
|
value 0x48
|
|
#
|
|
#
|
|
# The class mapping
|
|
#
|
|
$TC filter add $EGDEV parent 1:0 protocol ip prio 4 handle 1 fw classid 1:1
|
|
$TC filter add $EGDEV parent 1:0 protocol ip prio 4 handle 2 fw classid 1:2
|
|
$TC filter add $EGDEV parent 1:0 protocol ip prio 4 handle 3 fw classid 1:3
|
|
#
|
|
|
|
#
|
|
echo "---- qdisc parameters Ingress ----------"
|
|
$TC qdisc ls dev $INDEV
|
|
echo "---- Class parameters Ingress ----------"
|
|
$TC class ls dev $INDEV
|
|
echo "---- filter parameters Ingress ----------"
|
|
$TC filter ls dev $INDEV parent ffff:
|
|
|
|
echo "---- qdisc parameters Egress ----------"
|
|
$TC qdisc ls $EGDEV
|
|
echo "---- Class parameters Egress ----------"
|
|
$TC class ls $EGDEV
|
|
echo "---- filter parameters Egress ----------"
|
|
$TC filter ls $EGDEV parent 1:0
|
|
#
|
|
#deleting the ingress qdisc
|
|
#$TC qdisc del $DEV ingress
|