0

I'm trying to change the default filtering for a SFQ to one based on source IP, where each IP goes to a class.

I know I can create a SFQ with more divisors with something like:

tc qdisc add ... sfq divisor 512

Then I want to send each src up to one different class using something like:

tc filter add ... flow map key src addend -192.168.0.0 divisor 256
tc filter add ... flow map key src addend -192.168.4.0 divisor 256

The problem, is that the first line will send 192.168.0.x traffic to class 1-256 but the second line will also send traffic from 192.168.4.0 to classes 1-256.

Is there anyway to set an offset? I've been checking bitwise operators, but I'm sure it can be achieved.

I know I could just use a hash like:

tc filter add ... flow hash keys src divisor 512

But, as the source IP address would be hashed, different src IPs could end in the same queue, instead of each one per queue.

This shaping will be installed in a high performance router (20gbps) with 5120 different src IPs, so I cannot really set up one queue per IP or setup plenty of filters, that's why I'm trying to find a more optimal way to do it.

Thanks!

Xavier Trilla
  • 1
  • 1

1 Answers1

0

I believe you maybe able to obtain the result you desire by using a filter and nfct-src to direct packets to queues based on source IP address. You can also add a filter mask to address your issue of more than 256 queues.

tc filter add dev $dev parent $class_index: handle 1 flow divisor 256 map key nfct-src and 0xff
Daniele Santi
  • 2,529
  • 1
  • 25
  • 22
Paul Bixel
  • 1
  • Yeah, but AFAIK it will use a src ip hash to place IPs in flows, there is no guarantee each IP will end in a specific flow. Meaning there could be several IPs which hash to the same queue. – Xavier Trilla Dec 13 '18 at 14:45