]>
Commit | Line | Data |
---|---|---|
1 | #! /bin/sh -x | |
2 | # | |
3 | # sample script on using the ingress capabilities | |
4 | # This script fwmark tags(IPchains) based on metering on the ingress | |
5 | # interface the result is used for fast classification and re-marking | |
6 | # on the egress interface | |
7 | # This is an example of a color blind mode marker with no PIR configured | |
8 | # based on draft-wahjak-mcm-00.txt (section 3.1) | |
9 | # | |
10 | #path to various utilities; | |
11 | #change to reflect yours. | |
12 | # | |
13 | IPROUTE=/root/DS-6-beta/iproute2-990530-dsing | |
14 | TC=$IPROUTE/tc/tc | |
15 | IP=$IPROUTE/ip/ip | |
16 | IPCHAINS=/root/DS-6-beta/ipchains-1.3.9/ipchains | |
17 | INDEV=eth2 | |
18 | EGDEV="dev eth1" | |
19 | CIR1=1500kbit | |
20 | CIR2=500kbit | |
21 | ||
22 | #The CBS is about 60 MTU sized packets | |
23 | CBS1=90k | |
24 | CBS2=90k | |
25 | ||
26 | meter1="police rate $CIR1 burst $CBS1 " | |
27 | meter1a="police rate $CIR2 burst $CBS1 " | |
28 | meter2="police rate $CIR1 burst $CBS2 " | |
29 | meter2a="police rate $CIR2 burst $CBS2 " | |
30 | meter3="police rate $CIR2 burst $CBS1 " | |
31 | meter3a="police rate $CIR2 burst $CBS1 " | |
32 | meter4="police rate $CIR2 burst $CBS2 " | |
33 | meter5="police rate $CIR1 burst $CBS2 " | |
34 | # | |
35 | # tag the rest of incoming packets from subnet 10.2.0.0/24 to fw value 1 | |
36 | # tag all incoming packets from any other subnet to fw tag 2 | |
37 | ############################################################ | |
38 | $IPCHAINS -A input -i $INDEV -s 0/0 -m 2 | |
39 | $IPCHAINS -A input -i $INDEV -s 10.2.0.0/24 -m 1 | |
40 | # | |
41 | ############################################################ | |
42 | # install the ingress qdisc on the ingress interface | |
43 | $TC qdisc add dev $INDEV handle ffff: ingress | |
44 | # | |
45 | ############################################################ | |
46 | ||
47 | # All packets are marked with a tcindex value which is used on the egress | |
48 | # tcindex 1 maps to AF41, 2->AF42, 3->AF43, 4->BE | |
49 | # | |
50 | ############################################################ | |
51 | # | |
52 | # anything with fw tag of 1 is passed on with a tcindex value 1 | |
53 | #if it doesnt exceed its allocated rate (CIR/CBS) | |
54 | # | |
55 | $TC filter add dev $INDEV parent ffff: protocol ip prio 1 handle 1 fw \ | |
56 | $meter1 \ | |
57 | continue flowid 4:1 | |
58 | $TC filter add dev $INDEV parent ffff: protocol ip prio 2 handle 1 fw \ | |
59 | $meter1a \ | |
60 | continue flowid 4:1 | |
61 | # | |
62 | # if it exceeds the above but not the extra rate/burst below, it gets a | |
63 | #tcindex value of 2 | |
64 | # | |
65 | $TC filter add dev $INDEV parent ffff: protocol ip prio 3 handle 1 fw \ | |
66 | $meter2 \ | |
67 | continue flowid 4:2 | |
68 | $TC filter add dev $INDEV parent ffff: protocol ip prio 4 handle 1 fw \ | |
69 | $meter2a \ | |
70 | continue flowid 4:2 | |
71 | # | |
72 | # if it exceeds the above but not the rule below, it gets a tcindex value | |
73 | # of 3 | |
74 | # | |
75 | $TC filter add dev $INDEV parent ffff: protocol ip prio 5 handle 1 fw \ | |
76 | $meter3 \ | |
77 | continue flowid 4:3 | |
78 | $TC filter add dev $INDEV parent ffff: protocol ip prio 6 handle 1 fw \ | |
79 | $meter3a \ | |
80 | drop flowid 4:3 | |
81 | # | |
82 | # Anything else (not from the subnet 10.2.0.24/24) gets discarded if it | |
83 | # exceeds 1Mbps and by default goes to BE if it doesnt | |
84 | # | |
85 | $TC filter add dev $INDEV parent ffff: protocol ip prio 7 handle 2 fw \ | |
86 | $meter5 \ | |
87 | drop flowid 4:4 | |
88 | ||
89 | ||
90 | ######################## Egress side ######################## | |
91 | ||
92 | ||
93 | # attach a dsmarker | |
94 | # | |
95 | $TC qdisc add $EGDEV handle 1:0 root dsmark indices 64 | |
96 | # | |
97 | # values of the DSCP to change depending on the class | |
98 | #note that the ECN bits are masked out | |
99 | # | |
100 | #AF41 (0x88 is 0x22 shifted to the right by two bits) | |
101 | # | |
102 | $TC class change $EGDEV classid 1:1 dsmark mask 0x3 \ | |
103 | value 0x88 | |
104 | #AF42 | |
105 | $TC class change $EGDEV classid 1:2 dsmark mask 0x3 \ | |
106 | value 0x90 | |
107 | #AF43 | |
108 | $TC class change $EGDEV classid 1:3 dsmark mask 0x3 \ | |
109 | value 0x98 | |
110 | #BE | |
111 | $TC class change $EGDEV classid 1:4 dsmark mask 0x3 \ | |
112 | value 0x0 | |
113 | # | |
114 | # | |
115 | # The class mapping (using tcindex; could easily have | |
116 | # replaced it with the fw classifier instead) | |
117 | # | |
118 | $TC filter add $EGDEV parent 1:0 protocol ip prio 1 \ | |
119 | handle 1 tcindex classid 1:1 | |
120 | $TC filter add $EGDEV parent 1:0 protocol ip prio 1 \ | |
121 | handle 2 tcindex classid 1:2 | |
122 | $TC filter add $EGDEV parent 1:0 protocol ip prio 1 \ | |
123 | handle 3 tcindex classid 1:3 | |
124 | $TC filter add $EGDEV parent 1:0 protocol ip prio 1 \ | |
125 | handle 4 tcindex classid 1:4 | |
126 | # | |
127 | ||
128 | # | |
129 | echo "---- qdisc parameters Ingress ----------" | |
130 | $TC qdisc ls dev $INDEV | |
131 | echo "---- Class parameters Ingress ----------" | |
132 | $TC class ls dev $INDEV | |
133 | echo "---- filter parameters Ingress ----------" | |
134 | $TC filter ls dev $INDEV parent ffff: | |
135 | ||
136 | echo "---- qdisc parameters Egress ----------" | |
137 | $TC qdisc ls $EGDEV | |
138 | echo "---- Class parameters Egress ----------" | |
139 | $TC class ls $EGDEV | |
140 | echo "---- filter parameters Egress ----------" | |
141 | $TC filter ls $EGDEV parent 1:0 | |
142 | # | |
143 | #deleting the ingress qdisc | |
144 | #$TC qdisc del $INDEV ingress |