2

Iam new to tc and i find it mighty confusing, i was able to find and bit understand little command flow, to issue delay on specific IP, but i dont tink it works properly - delaying all traffic possible for this IP. I think i misunderstood/did not understand some of the parameters.

It sometimes definitely works, but i have my doubts since its not consistent, as if the traffic sometimes takes different priority which is not delayed mabye? Not sure

(how i know - sometime iam able to break app which sends query to server iam delaying traffic to, sometimes it just works as if nothing is delayed even when using like 50000ms)

This is what iam using:

tc qdisc add dev eth1 root handle 1: prio
tc filter add dev eth1 parent 1:0 protocol ip prio 1 u32 match ip src 1.1.1.1 flowid 1:3
tc qdisc add dev eth1 parent 1:1 handle 2: netem delay 20000ms
J B
  • 93
  • 9
  • now its working using flowid 2:1 in filter, but still not sure why, generally i found it difficult to find good explenation of parent and its values, flowid and such, the man page is very poor – J B Jun 13 '18 at 13:42

1 Answers1

1

You can only direct a filter to a class or root qdisc. So if you want to apply different qdisc on a IP source basis, you need more than one class. You will then have:

root qdisc <--> multiple classes <--> on qdisc in each class

Your filter will then direct traffic into on class, the leaf qdisc of that class will use netem. For example (it's a piece of one of my scripts, it does not exactly the same thing, this code is here to explain root and leafs):

# root qdisc
# Interface eth1, qdisc: htb, default leaf: 1000
tc qdisc add dev $LAN_IFACE root handle 1:0 htb default 1000 r2q 200

# root class
# Interface eth1, parent: 2:0, id: 2:11
tc class add dev $LAN_IFACE parent 1:0 classid 1:10 htb rate ${LOCAL_DL_USED}kbit ceil ${LOCAL_DL_USED}kbit quantum 100

# CLASS 1
tc class add dev $LAN_IFACE parent 1:10 classid 1:100 htb rate ${LOCAL_DL_INTERACTIVE}kbit ceil ${LOCAL_DL_INTERACTIVE}kbit burst 5k prio 0 linklayer ethernet quantum 1000
# QDISC of class 1
tc qdisc add dev $LAN_IFACE parent 1:100 handle 110: pfifo limit 1000
# FILTER to class 1
tc filter add dev $LAN_IFACE parent 1:0 protocol ip prio 0 handle 100 fw flowid 1:100

# CLASS 2
tc class add dev $LAN_IFACE parent 1:10 classid 1:200 htb rate ${LOCAL_DL_SSH}kbit ceil ${LOCAL_DL_SSH}kbit prio 1 linklayer ethernet quantum 1000
# QDISC of class 2
tc qdisc add dev $LAN_IFACE parent 1:200 handle 210: sfq perturb 10
# FILTER to class 2
tc filter add dev $LAN_IFACE parent 1:0 protocol ip prio 1 handle 200 fw flowid 1:200

You can take a look at Journey to the center of the linux kernel for detailed explanations.

setenforce 1
  • 1,200
  • 6
  • 10