s***@iotti.biz
2016-10-23 14:03:14 UTC
Hi all
I am experimenting with traffic shaping. I use 5.0.13.1 on CentOS 7 with
added xtables-addons. I have BASIC_FILTERS=Yes . Currently I am trying
trying per-ip traffic shaping. I understand that this should not be the most
wise thing to do, but being that today it seems that most
bandwidth-consuming applications go on ports 80 and 443 (at least in the
networks I administer) it is otherwise difficult to distinguish say, Windows
updates from regular www traffic.
I have the follow in tcdevices:
#NUMBER: IN-BANDWITH OUT-BANDWIDTH OPTIONS REDIRECTED
#INTERFACE INTERFACES
1:eth0 10mbit 10mbit
And the following in tcclasses:
##INTERFACE:CLASS MARK RATE: CEIL PRIORITY
OPTIONS
## DMAX:UMAX
1:101 - full/256 full 1
occurs=255
1:240 240 full/4 full 2
default
1:250 250 full/8 full*8/10 5
When I start shorewall, I get the following warning:
Compiling /etc/shorewallConWinUpdEIPDiv/tcclasses...
Use of uninitialized value in numeric eq (==) at
/usr/share/perl5/vendor_perl/Shorewall/Tc.pm line 830, <$currentfile> line
11.
Priority of the eth1 packet mark 240 filter is 532
Priority of the eth1 packet mark 250 filter is 1300
It seems not that much of a hassle, in fact rules compilation continues. But
I fixed it with:
--- Tc.pm.orig 2016-10-23 07:41:55.000000000 +0200
+++ Tc.pm 2016-10-23 15:46:38.282562876 +0200
@@ -827,7 +827,7 @@
fatal_error "Invalid 'occurs' ($val)"
unless defined $occurs && $occurs > 1 && $occurs <= 256;
fatal_error "Invalid 'occurs' ($val)"
if $occurs > $globals{TC_MAX};
fatal_error q(Duplicate 'occurs')
if $tcref->{occurs} > 1;
- fatal_error q(The 'occurs' option is not valid with
'default') if $devref->{default} == $classnumber;
+ fatal_error q(The 'occurs' option is not valid with
'default') if defined($devref->{default}) && $devref->{default} ==
$classnumber;
fatal_error q(The 'occurs' option is not valid with 'tos')
if @{$tcref->{tos}};
warning_message "MARK ($mark) is ignored on an occurring
class" if $mark ne '-';
I wander if this can be the right solution, or if other checks should be
performed to prevent the default class to overlap with "occurs" classes.
Thank you for your attention.
Luigi
I am experimenting with traffic shaping. I use 5.0.13.1 on CentOS 7 with
added xtables-addons. I have BASIC_FILTERS=Yes . Currently I am trying
trying per-ip traffic shaping. I understand that this should not be the most
wise thing to do, but being that today it seems that most
bandwidth-consuming applications go on ports 80 and 443 (at least in the
networks I administer) it is otherwise difficult to distinguish say, Windows
updates from regular www traffic.
I have the follow in tcdevices:
#NUMBER: IN-BANDWITH OUT-BANDWIDTH OPTIONS REDIRECTED
#INTERFACE INTERFACES
1:eth0 10mbit 10mbit
And the following in tcclasses:
##INTERFACE:CLASS MARK RATE: CEIL PRIORITY
OPTIONS
## DMAX:UMAX
1:101 - full/256 full 1
occurs=255
1:240 240 full/4 full 2
default
1:250 250 full/8 full*8/10 5
When I start shorewall, I get the following warning:
Compiling /etc/shorewallConWinUpdEIPDiv/tcclasses...
Use of uninitialized value in numeric eq (==) at
/usr/share/perl5/vendor_perl/Shorewall/Tc.pm line 830, <$currentfile> line
11.
Priority of the eth1 packet mark 240 filter is 532
Priority of the eth1 packet mark 250 filter is 1300
It seems not that much of a hassle, in fact rules compilation continues. But
I fixed it with:
--- Tc.pm.orig 2016-10-23 07:41:55.000000000 +0200
+++ Tc.pm 2016-10-23 15:46:38.282562876 +0200
@@ -827,7 +827,7 @@
fatal_error "Invalid 'occurs' ($val)"
unless defined $occurs && $occurs > 1 && $occurs <= 256;
fatal_error "Invalid 'occurs' ($val)"
if $occurs > $globals{TC_MAX};
fatal_error q(Duplicate 'occurs')
if $tcref->{occurs} > 1;
- fatal_error q(The 'occurs' option is not valid with
'default') if $devref->{default} == $classnumber;
+ fatal_error q(The 'occurs' option is not valid with
'default') if defined($devref->{default}) && $devref->{default} ==
$classnumber;
fatal_error q(The 'occurs' option is not valid with 'tos')
if @{$tcref->{tos}};
warning_message "MARK ($mark) is ignored on an occurring
class" if $mark ne '-';
I wander if this can be the right solution, or if other checks should be
performed to prevent the default class to overlap with "occurs" classes.
Thank you for your attention.
Luigi