mirror of
https://git.proxmox.com/git/mirror_iproute2
synced 2025-11-02 22:36:03 +00:00
35f2a7639d
Sample use case: ... add ingress qdisc sudo $TC qdisc add dev $ETH ingress ... if we exceed rate of 1kbps (burst of 90K), do an absolute jump of 2 actions sudo $TC actions add action police rate 1kbit burst 90k conform-exceed jump 2 / pipe sudo $TC -s actions ls action police action order 0: police 0x4 rate 1Kbit burst 23440b mtu 2Kb action jump 2/pipe overhead 0b ref 1 bind 0 installed 41 sec used 41 sec Action statistics: Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 ... lets add a couple of marks so we can use them to mark exceed/not exceed sudo $TC actions add action skbedit mark 11 ok index 11 sudo $TC actions add action skbedit mark 12 ok index 12 ... if we dont exceed our rate we get a mark of 11, else mark of 12 sudo $TC filter add dev $ETH parent ffff: protocol ip prio 8 u32 \ match ip dst 127.0.0.8/32 flowid 1:10 \ action police index 4 \ action skbedit index 11 \ action skbedit index 12 Ok, lets keep this thing a little busy.. sudo ping -f -c 10000 127.0.0.8 ... now lets see the filters.. sudo $TC -s filter ls dev $ETH parent ffff: protocol ip filter pref 8 u32 chain 0 filter pref 8 u32 chain 0 fh 800: ht divisor 1 filter pref 8 u32 chain 0 fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:10 not_in_hw (rule hit 20000 success 10000) match 7f000008/ffffffff at 16 (success 10000 ) action order 1: police 0x4 rate 1Kbit burst 23440b mtu 2Kb action jump 2/pipe overhead 0b ref 2 bind 1 installed 198 sec used 2 sec Action statistics: Sent 840000 bytes 10000 pkt (dropped 0, overlimits 9721 requeues 0) backlog 0b 0p requeues 0 action order 2: skbedit mark 11 pass index 11 ref 2 bind 1 installed 127 sec used 2 sec Action statistics: Sent 23436 bytes 279 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 action order 3: skbedit mark 12 pass index 12 ref 2 bind 1 installed 127 sec used 2 sec Action statistics: Sent 816564 bytes 9721 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 As can be seen 97.21% of the packets were marked as exceeding the allocated rate; you could do something clever with the skb mark after this. Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org> |
||
|---|---|---|
| .. | ||
| .gitignore | ||
| e_bpf.c | ||
| em_canid.c | ||
| em_cmp.c | ||
| em_ipset.c | ||
| em_meta.c | ||
| em_nbyte.c | ||
| em_u32.c | ||
| emp_ematch.l | ||
| emp_ematch.y | ||
| f_basic.c | ||
| f_bpf.c | ||
| f_cgroup.c | ||
| f_flow.c | ||
| f_flower.c | ||
| f_fw.c | ||
| f_matchall.c | ||
| f_route.c | ||
| f_rsvp.c | ||
| f_tcindex.c | ||
| f_u32.c | ||
| m_action.c | ||
| m_bpf.c | ||
| m_connmark.c | ||
| m_csum.c | ||
| m_ematch.c | ||
| m_ematch.h | ||
| m_estimator.c | ||
| m_gact.c | ||
| m_ife.c | ||
| m_ipt.c | ||
| m_mirred.c | ||
| m_nat.c | ||
| m_pedit.c | ||
| m_pedit.h | ||
| m_police.c | ||
| m_sample.c | ||
| m_simple.c | ||
| m_skbedit.c | ||
| m_skbmod.c | ||
| m_tunnel_key.c | ||
| m_vlan.c | ||
| m_xt_old.c | ||
| m_xt.c | ||
| Makefile | ||
| p_eth.c | ||
| p_icmp.c | ||
| p_ip6.c | ||
| p_ip.c | ||
| p_tcp.c | ||
| p_udp.c | ||
| q_atm.c | ||
| q_cbq.c | ||
| q_choke.c | ||
| q_clsact.c | ||
| q_codel.c | ||
| q_drr.c | ||
| q_dsmark.c | ||
| q_fifo.c | ||
| q_fq_codel.c | ||
| q_fq.c | ||
| q_gred.c | ||
| q_hfsc.c | ||
| q_hhf.c | ||
| q_htb.c | ||
| q_ingress.c | ||
| q_mqprio.c | ||
| q_multiq.c | ||
| q_netem.c | ||
| q_pie.c | ||
| q_prio.c | ||
| q_qfq.c | ||
| q_red.c | ||
| q_rr.c | ||
| q_sfb.c | ||
| q_sfq.c | ||
| q_tbf.c | ||
| README.last | ||
| static-syms.c | ||
| tc_cbq.c | ||
| tc_cbq.h | ||
| tc_class.c | ||
| tc_common.h | ||
| tc_core.c | ||
| tc_core.h | ||
| tc_estimator.c | ||
| tc_exec.c | ||
| tc_filter.c | ||
| tc_monitor.c | ||
| tc_qdisc.c | ||
| tc_red.c | ||
| tc_red.h | ||
| tc_stab.c | ||
| tc_util.c | ||
| tc_util.h | ||
| tc.c | ||
Kernel code and interface. -------------------------- * Compile time switches There is only one, but very important, compile time switch. It is not settable by "make config", but should be selected manually and after a bit of thinking in <include/net/pkt_sched.h> PSCHED_CLOCK_SOURCE can take three values: PSCHED_GETTIMEOFDAY PSCHED_JIFFIES PSCHED_CPU PSCHED_GETTIMEOFDAY Default setting is the most conservative PSCHED_GETTIMEOFDAY. It is very slow both because of weird slowness of do_gettimeofday() and because it forces code to use unnatural "timeval" format, where microseconds and seconds fields are separate. Besides that, it will misbehave, when delays exceed 2 seconds (f.e. very slow links or classes bounded to small slice of bandwidth) To resume: as only you will get it working, select correct clock source and forget about PSCHED_GETTIMEOFDAY forever. PSCHED_JIFFIES Clock is derived from jiffies. On architectures with HZ=100 granularity of this clock is not enough to make reasonable bindings to real time. However, taking into account Linux architecture problems, which force us to use artificial integrated clock in any case, this switch is not so bad for schduling even on high speed networks, though policing is not reliable. PSCHED_CPU It is available only for alpha and pentiums with correct CPU timestamp. It is the fastest way, use it when it is available, but remember: not all pentiums have this facility, and a lot of them have clock, broken by APM etc. etc.