lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1324012627.2562.26.camel@edumazet-laptop>
Date:	Fri, 16 Dec 2011 06:17:07 +0100
From:	Eric Dumazet <eric.dumazet@...il.com>
To:	"John A. Sullivan III" <jsullivan@...nsourcedevel.com>
Cc:	netdev@...r.kernel.org
Subject: Re: tc filter show not displaying anything

Le jeudi 15 décembre 2011 à 23:48 -0500, John A. Sullivan III a écrit :
> Hello, all.  I'm starting to feel really stupid and showing my newbidity
> to tc.  I do a:
> tc filter show dev eth1
> and nothing is displayed but I suspect the filter is there because if I
> try to add it again, the kernel complains with:
> RTNETLINK answers: File exists
> We have an error talking to the kernel
> 
> Here is what I have put together so far (disregard the silly ports - it
> is just for netcat testing):
> 
> tc qdisc add dev eth1 root handle 1: hfsc default 20
> tc class add dev eth1 parent 1: classid 1:1 hfsc sc rate 1490kbit ul rate 1490kbit
> tc class add dev eth1 parent 1:1 classid 1:20 hfsc rt rate 800kbit ls rate 200kbit
> tc qdisc add dev eth1 parent 1:20 handle 1201 sfq perturb 10
> tc class add dev eth1 parent 1:1 classid 1:10 hfsc rt umax 16000kbit dmax 13ms rate 400kbit ls rate 1000kbit
> tc qdisc add dev eth1 parent 1:10 handle 1101 sfq perturb 10
> iptables -t mangle -A POSTROUTING  -p 6 --syn --dport 443 -j CONNMARK --set-mark 0x10
> iptables -t mangle -A POSTROUTING  -p 6 -j CONNMARK --restore-mark
> 
> I then did:
> 
> root@...tswitch01:~# tc filter add dev eth1 parent 1:1 protocol ip prio 1 handle 0x10 fw flowid 1:10
> root@...tswitch01:~# tc filter show dev eth1
> root@...tswitch01:~# tc filter show parent 1:1
> 
> What simple, practical thing did I mangle? Thanks - John

Minor point (since John already replied) :  "sfq perturb 10" means you
risk out or order packets perturbation every 10 seconds. This can really
hurt TCP sessions.

Maybe we should "fix" this problem for good in SFQ.



--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ