htb使用心得

 

1. 设置filter中，flowid必须为leaf叶子class，否则不生效.（例如下面的设为 1:4,父节点class，则不会生效，会走默认的class,即default 3）

#tc filter add dev peth0 parent 1:0 protocol ip prio 6 u32  match ip src 10.241.32.17/32  flowid 1:3

2. 在下面的规则中，1:5没有生效，即ack,syn等没有走到1:5的class中，奇怪？ (发包过程中1:5的token并没有减少)

3. iptables -t mangle -L
target     prot opt source               destination        
MARK       tcp  --  anywhere             anywhere            tcp flags:SYN,RST,ACK/SYN MARK set 0x1
RETURN     tcp  --  anywhere             anywhere            tcp flags:SYN,RST,ACK/SYN
MARK       icmp --  anywhere             anywhere            MARK set 0x1
RETURN     icmp --  anywhere             anywhere        
 注： mangle规则是加上去的了

4. netstat -p --tcp来监测

   查看fitler： tc -s filter ls dev peth0

   查看qdisc:    tc qdisc ls dev peth0

 

5, 打patch :wget ftp://ftp.netfilter.org/pub/patch-o-matic-ng/snapshot/patch-o-matic-ng-20100218.tar.bz2

 

5. 设置htb的r2q： r2q=100 (default =10)

tc qdisc add dev peth0 root handle 1: htb r2q 100 default 3

 

6.加入ack,让Tcp的ack 走flowid 1:5:

# TCP ACK
tc filter add dev peth0 parent 1:0 protocol ip prio 1 u32 match ip protocol 6 0xff match u8 0x10 0xff at 33 match u16 0x0000 0xffc0 at 2 flowid 1:5
# ICMP
tc filter add dev peth0 parent 1:0 protocol ip prio 1 u32 match ip protocol 1 0xff flowid 1:5 

 

6. iptables -p tcp --tcp-flags SYN,FIN,ACK SYN表示匹配那些SYN标记被设置而FIN和ACK标记没有设置的包，注意各标记之间只有一个逗号而没有空格。

 

7. 注： htb的参数会影响htb是否生效，quantum ，原来测时，会平均带宽，但调到几十K来测起，htb生效，证明quantum,rate, burst的确影响了。

http://www.docum.org/docum.org/faq/cache/31.html

 

 

8.

简单显示指定设备(这里为imq1)的分类状况
tc class ls dev imq1|more

详细显示指定设备(这里为imq1)的分类状况
tc -s class ls dev imq1|more

class htb 2:3102 parent 2:2 prio 6 rate 480000bit ceil 2048Kbit burst 1659b cburst 1856b Sent 104421 bytes 783 pkt (dropped 0, overlimits 0 requeues 0) rate 2464bit 1pps backlog 0b 0p requeues 0 lended: 769 borrowed: 14 giants: 0 tokens: 26600 ctokens: 7001

例如，以上分类class htb 2:3102发送了783个数据包，数据流量为104421个字节，丢弃的包数目为0，超过速率限制的包数目为0。

显示过滤器的状况
tc -s filter ls dev imq1|more

 

 

 

tc qdisc del dev peth0 root 2>/dev/null

iptables -F -t mangle
iptables -X -t mangle
iptables -Z -t mangle

# special info

iptables -t mangle -A PREROUTING -m tos --tos Minimize-Delay -j MARK --set-mark 1

iptables -t mangle -A PREROUTING -m tos --tos Minimize-Delay -j RETURN

iptables -t mangle -A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-mark 1

iptables -t mangle -A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j RETURN

iptables -t mangle -A PREROUTING -p icmp -j MARK --set-mark 1

iptables -t mangle -A PREROUTING -p icmp -j RETURN

iptables -t mangle -A PREROUTING -p tcp -m length --length :128 -j MARK --set-mark 1

iptables -t mangle -A PREROUTING -p tcp -m length --length :128 -j RETURN

iptables -t mangle -A PREROUTING -p tcp -m tcp --dport 22 -j MARK --set-mark 1

iptables -t mangle -A PREROUTING -p tcp -m tcp --dport 22 -j RETURN

 

# default 3 指 其他不符合规则的走classid 1:3 中的 3 !!!!,在测试环境中带宽打满是11.2MBytes/sec

tc qdisc add dev peth0 root handle 1: htb default 3

tc class add dev peth0 parent 1:0 classid 1:1 htb rate 8mbps ceil 11mbps mtu 40000

# for usual users

tc class add dev peth0 parent 1:0 classid 1:3 htb rate 3mbps ceil 3mbps  mtu 40000

# for vip users

tc class add dev peth0 parent 1:1 classid 1:4 htb rate 8mbps ceil 8mbps  mtu 40000

tc class add dev peth0 parent 1:4 classid 1:6 htb rate 2mbps ceil 2mbps  mtu 40000

tc class add dev peth0 parent 1:4 classid 1:7 htb rate 4mbps ceil 4mbps  mtu 40000

# for SYN,ACK,TCP

tc class add dev peth0 parent 1:1 classid 1:5 htb rate 2mbps ceil 2mbps  mtu 40000

# qdiscs

tc qdisc add dev peth0 parent 1:3 handle 3: pfifo limit 1000

tc qdisc add dev peth0 parent 1:5 handle 5: pfifo limit 1000

tc qdisc add dev peth0 parent 1:6 handle 6: pfifo limit 1000

tc qdisc add dev peth0 parent 1:7 handle 7: pfifo limit 1000

 

tc filter add dev peth0 parent 1:0 protocol ip  prio 1 handle 1 fw flowid 1:5

# 35's bandwith is rate 4mbps ceil 4mbps
tc filter add dev peth0 parent 1:0 protocol ip prio 2 u32 match ip src 10.241.32.35/32 flowid 1:7

# 42's bandwith is rate 2mbps ceil 2mbps
tc filter add dev peth0 parent 1:0 protocol ip prio 3 u32 match ip src 10.241.32.42/32 flowid 1:6

#tc filter add dev peth0 parent 1:0 protocol ip prio 6 u32  match ip src 10.241.32.17/32  flowid 1:3

#tc filter add dev peth0 parent 1:0 protocol ip prio 7 u32  match ip src 10.241.32.128/32  flowid 1:3

 

#watch tc -s -d class show dev peth0

 

watch的格式：

******************************************************************************************

class htb 1:1 root rate 64000Kbit ceil 88000Kbit burst 72000b/256 mpu 0b overhead 0b cburst 83996b/256 mpu 0b overhead 0b level 7
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)           
 rate 0bit 0pps backlog 0b 0p requeues 0     
 lended: 0 borrowed: 0 giants: 0
 tokens: 9000 ctokens: 7636

class htb 1:3 root leaf 3: prio 0 quantum 200000 rate 24000Kbit ceil 24000Kbit burst 51999b/256 mpu 0b overhead 0b cburst 51999b/256
 mpu 0b overhead 0b level 0
 Sent 193206522 bytes 2794 pkt (dropped 0, overlimits 0 requeues 0)
 rate 9952bit 3pps backlog 0b 0p requeues 0    
 lended: 20521 borrowed: 0 giants: 0
 tokens: 17333 ctokens: 17333

class htb 1:4 parent 1:1 rate 64000Kbit ceil 64000Kbit burst 72000b/256 mpu 0b overhead 0b cburst 72000b/256 mpu 0b overhead 0b leve
l 6
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)           
 rate 0bit 0pps backlog 0b 0p requeues 0     
 lended: 0 borrowed: 0 giants: 0
 tokens: 9000 ctokens: 9000

class htb 1:5 parent 1:1 leaf 5: prio 0 quantum 100000 rate 8000Kbit ceil 8000Kbit burst 44000b/256 mpu 0b overhead 0b cburst 44000b
/256 mpu 0b overhead 0b level 0
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 rate 0bit 0pps backlog 0b 0p requeues 0
 lended: 0 borrowed: 0 giants: 0
 tokens: 44000 ctokens: 44000

class htb 1:6 parent 1:4 leaf 6: prio 0 quantum 200000 rate 16000Kbit ceil 16000Kbit burst 48000b/256 mpu 0b overhead 0b cburst 4800
0b/256 mpu 0b overhead 0b level 0
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 rate 0bit 0pps backlog 0b 0p requeues 0
 lended: 0 borrowed: 0 giants: 0
 tokens: 24000 ctokens: 24000

class htb 1:7 parent 1:4 leaf 7: prio 0 quantum 200000 rate 32000Kbit ceil 32000Kbit burst 56000b/256 mpu 0b overhead 0b cburst 5600
0b/256 mpu 0b overhead 0b level 0
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)          
 rate 0bit 0pps backlog 0b 0p requeues 0     
 lended: 0 borrowed: 0 giants: 0   
 tokens: 14000 ctokens: 14000

*******************************************************************************