[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: does tc filter delete work?




A while back someone posted the following message. I am having the same
exact dilemma, so I am interested in the solution. Does anyone have one?

On Mon, 27 Dec 1999, David MacKenzie wrote:

> I'm trying to set up shared web hosting systems using TC to assign a
> certain amount of bandwidth to each user.  Each user has their own IP
> address, all on eth0 (fast ethernet).  When a user changes their
> service level (buys more or less bandwidth) or cancels their service,
> I need to replace or delete the filters and class for their IP
> address.  Those operations don't seem to work.
> 
> I'm using ds version 6 (7-JUL-1999) and iproute 990630 (the redhat 6.1 RPM)
> with kernel 2.2.13 on a redhat 6.0 intel SMP system.
> 
> Adding CBQ and u32 filters works fine as long as there was no
> filtering already installed on eth0.  But "tc filter replace"
> doesn't replace the existing filter; it just adds another one.
> And I can find no way to delete only a subset of the filters on eth0;
> every "tc filter del" command I try deletes either none of the filters
> or all of them.  I can't find a way to specify precisely enough the
> filters that I want to delete.  If I delete all of the filters, I can
> delete the class I want without affecting the other classes.  But then
> I have to recreate all of the filters for the other users, who
> shouldn't be affected.
> 
> Does anybody have either of these operations working?
> 
> Below is the script I'm using to try to get this working.  At the end
> are commented out commands I tried for removing just the filters for
> one IP address.  One annoyance with tc is that the input syntax for
> directives like "match" is different from the output syntax in "show".
> That makes it even harder to try to come up with the right set of
> keywords to match particular filters.
> 
> I don't understand all of the keywords in the u32 directives.  u32
> seems to be the worst documented part of the system.  I couldn't find
> anything substantive on it in any of the papers and presentations or
> HOWTOs as I hunted around the web, just one example of using it with
> a cryptic comment or two.
> 
> #! /bin/sh
> 
> if=eth0
> 
> ##################################################
> #Addresses to be aliased.
> #
> addrs="212.208.212.11 212.208.212.12 212.208.212.13 212.208.212.14"
> # Corresponding rate limits.
> rates="256Kbit 2Mbit 3Mbit 4Mbit"
> 
> # Kludge: remove any rate limiting stuff on this interface.
> # Otherwise the filters pile up.
> #tc qdisc \
> #    del \
> #    dev $if \
> #    root >/dev/null 2>&1
> 
> ##################################################
> # Attach a device queue discipline to the interface.
> # tc qdisc add cbq help
> #
> # Attach CBQ (class-based queueing) to $if.
> # Also defines the root class 1:.
> #
> # bandwidth -- the real bandwidth of the $if device.
> # avpkt -- the average packet size that you suspect will be seen.
> #  Safe to leave at 1000 for Ethernet with MTU of 1514 bytes.
> # mpu -- minimum packet size in bytes.  Use 64 for Ethernet.
> # cell -- number of bytes between boundaries in the packets that are
> #  transmitted.  It is used to index into a table that maintains the
> #  packet transmission times for various packet sizes.  Normally 8.
> #
> # The help message and code for tc don't mention allot in this context.
> tc qdisc \
>     replace \
>     dev $if \
>     root \
>     handle 1: \
>     cbq \
> 	bandwidth 100Mbit \
> 	avpkt 1000 \
> 	mpu 64 \
> 	cell 8
> 
> ##################################################
> # Define classes.
> # tc class add cbq help
> #
> # bandwidth -- maximum bandwidth that is available to the queuing
> #  discipline owned by this class.
> # rate -- bandwidth that is allocated to this class.
> # allot -- the MTU of the device; used by the link sharing scheduler.
> # avpkt -- average number of bytes in a packet belonging to this class.
> # bounded -- the class cannot borrow unused bandwidth from its parent.
> # isolated -- cannot share (lend) its bandwidth to other classes.
> # prio -- the priority assigned, 0 being the highest and 7 the lowest.
> #  If there is a priority collision, then the product of weight and allot is
> #  used to resolve who gets more "wire time".
> # weight -- Relative priority allotment.  Should be rate/10, or leave at 1.
> # ewma - exponentially weighted moving average of idle period.
> #  A low pass filter which smoothes out bursty behavior when making
> #  estimates, by maintaining history via a moving sampling window.
> #
> # Create a root class for the queue discipline.
> tc class \
>     replace \
>     dev $if \
>     parent 1:0 \
>     classid 1:1 \
>     cbq \
> 	bandwidth 100Mbit \
> 	rate 100Mbit \
> 	maxburst 21 \
> 	allot 1514 \
> 	avpkt 1000 \
> 	prio 5 \
> 	cell 8 \
> 	weight 1
> 
> ##################################################
> # Attach a filter to the root class.
> # Create a hash table for classification of the packets.
> #
> # The message in "tc filter help" incorrectly says
> # "classid" where it means "parent".
> #
> # Define the filter to be attached to $if.
> # Create it with a hash table of 256 slots with ID 1:.
> #
> # To delete all filters:
> # tc filter del dev $if protocol ip pref 5
> tc filter \
>     replace \
>     dev $if \
>     parent 1:0 \
>     protocol ip \
>     prio 5 \
>     handle 1: \
>     u32 \
> 	divisor 256
> 
> # A lookup hash table, for non-fragmented frames.
> # Use the protocol as the hash key.
> #
> tc filter \
>     replace \
>     dev $if \
>     parent 1:0 \
>     prio 5 \
>     handle ::1 \
>     u32 \
> 	ht 800:: \
> 	match ip nofrag \
> 	offset mask 0x0F00 shift 6 \
> 	hashkey mask 0x00ff0000 at 8 \
> 	link 1:
> 
> ##################################################
> # Use the ip utility to add IP aliases.
> #
> for addr in $addrs; do
>     ip addr add $addr dev $if
> done
> 
> ##################################################
> # Define a class and set up the attached queue.
> #
> id=2
> for rate in $rates; do
>     tc class \
>     replace \
>     dev $if \
>     parent 1:1 \
>     classid 1:$id \
>     cbq \
> 	bandwidth 100Mbit \
> 	rate $rate \
> 	maxburst 21 \
> 	allot 1514 \
> 	avpkt 1000 \
> 	prio 5 \
> 	bounded \
> 	cell 8 \
> 	weight 1
>     id=$(($id + 1))
> done
> 
> ##################################################
> # Define the criteria for mapping incoming packets to classes.
> # tc filter add u32 help
> #
> # Add to the 6th slot of the hash table a
> # rule to select each virtual address, direct it
> # to class 1:1, etc.
> #
> # FIXME This adds a new filter every time, and they keep piling up.
> # The workaround is the "tc qdisc del" above.
> id=2
> for addr in $addrs; do
>     tc filter \
> 	replace \
> 	dev $if \
> 	parent 1:0 \
> 	prio 5 \
> 	u32 \
> 	    ht 1:6: \
> 	    match ip src $addr \
> 	    classid 1:$id
>     id=$(($id + 1))
> done
> 
> ##################################################
> # Look at all that we created:
> #
> echo "---- qdisc parameters ----------"
> tc qdisc show dev $if
> echo "---- class parameters ----------"
> tc class show dev $if
> echo "---- filter parameters ----------"
> tc filter show dev $if
> 
> echo "---- specific class parameters ----------"
> tc class show parent 1:1 dev eth0
> echo "---- specific filter parameters ----------"
> tc filter show dev eth0 parent 1: pref 5 proto ip
> 
> # Try to delete the second address and its rate limiters.
> ip addr del 212.208.212.12 dev eth0 
> 
> # tc class del dev eth0 classid 1:3
> # RTNETLINK answers: Device or resource busy
> # But works once the filters are deleted.
> 
> # tc filter del dev eth0 pref 5 proto ip parent 1: u32 match d4d0d40c/ffffffff at 12
> # Illegal "match"
> # Bad: the show syntax should be reusable in del.
> 
> # tc filter del dev eth0 pref 5 proto ip parent 1: u32 ht 1
> # Illegal "ht"
> # Bad: the show syntax should be reusable in del.
> 
> # tc filter del dev eth0 pref 5 proto ip parent 1: u32 hashkey ht 1:6
> # Deletes all of the filters on eth0 (expected).
> 
> # tc filter del dev eth0 pref 5 proto ip parent 1: u32 match ip src 212.208.212.12
> # Deletes all of the filters on eth0! (Shouldn't.)
> 
> 

-----------------------------------------------------------------------
Armando L. Caro Jr.                                  acaro@cis.udel.edu
University of Delaware                   http://www.cis.udel.edu/~acaro       
-----------------------------------------------------------------------