lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 16 Dec 2011 00:39:29 -0500
From:	"John A. Sullivan III" <jsullivan@...nsourcedevel.com>
To:	Eric Dumazet <eric.dumazet@...il.com>
Cc:	netdev@...r.kernel.org
Subject: Re: tc filter show not displaying anything

On Fri, 2011-12-16 at 06:17 +0100, Eric Dumazet wrote:
> Le jeudi 15 décembre 2011 à 23:48 -0500, John A. Sullivan III a écrit :
> > Hello, all.  I'm starting to feel really stupid and showing my newbidity
> > to tc.  I do a:
> > tc filter show dev eth1
> > and nothing is displayed but I suspect the filter is there because if I
> > try to add it again, the kernel complains with:
> > RTNETLINK answers: File exists
> > We have an error talking to the kernel
> > 
> > Here is what I have put together so far (disregard the silly ports - it
> > is just for netcat testing):
> > 
> > tc qdisc add dev eth1 root handle 1: hfsc default 20
> > tc class add dev eth1 parent 1: classid 1:1 hfsc sc rate 1490kbit ul rate 1490kbit
> > tc class add dev eth1 parent 1:1 classid 1:20 hfsc rt rate 800kbit ls rate 200kbit
> > tc qdisc add dev eth1 parent 1:20 handle 1201 sfq perturb 10
> > tc class add dev eth1 parent 1:1 classid 1:10 hfsc rt umax 16000kbit dmax 13ms rate 400kbit ls rate 1000kbit
> > tc qdisc add dev eth1 parent 1:10 handle 1101 sfq perturb 10
> > iptables -t mangle -A POSTROUTING  -p 6 --syn --dport 443 -j CONNMARK --set-mark 0x10
> > iptables -t mangle -A POSTROUTING  -p 6 -j CONNMARK --restore-mark
> > 
> > I then did:
> > 
> > root@...tswitch01:~# tc filter add dev eth1 parent 1:1 protocol ip prio 1 handle 0x10 fw flowid 1:10
> > root@...tswitch01:~# tc filter show dev eth1
> > root@...tswitch01:~# tc filter show parent 1:1
> > 
> > What simple, practical thing did I mangle? Thanks - John
> 
> Minor point (since John already replied) :  "sfq perturb 10" means you
> risk out or order packets perturbation every 10 seconds. This can really
> hurt TCP sessions.
> 
> Maybe we should "fix" this problem for good in SFQ.
> 
> 
> 
Ouch! That was right out of the book so to speak.  Thanks for pointing
it out - now I see it is right in the man page.  Is best practice to not
perturb and live with the potentially unbalanced queues or just to set
it even higher? Thanks - John

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ