| lh | 9ed821d | 2023-04-07 01:36:19 -0700 | [diff] [blame^] | 1 | #! /bin/sh -x |
| 2 | # |
| 3 | # sample script on using the ingress capabilities |
| 4 | # This script fwmark tags(IPchains) based on metering on the ingress |
| 5 | # interface the result is used for fast classification and re-marking |
| 6 | # on the egress interface |
| 7 | # This is an example of a color blind mode marker with no PIR configured |
| 8 | # based on draft-wahjak-mcm-00.txt (section 3.1) |
| 9 | # |
| 10 | #path to various utilities; |
| 11 | #change to reflect yours. |
| 12 | # |
| 13 | IPROUTE=/root/DS-6-beta/iproute2-990530-dsing |
| 14 | TC=$IPROUTE/tc/tc |
| 15 | IP=$IPROUTE/ip/ip |
| 16 | IPCHAINS=/root/DS-6-beta/ipchains-1.3.9/ipchains |
| 17 | INDEV=eth2 |
| 18 | EGDEV="dev eth1" |
| 19 | CIR1=1500kbit |
| 20 | CIR2=500kbit |
| 21 | |
| 22 | #The CBS is about 60 MTU sized packets |
| 23 | CBS1=90k |
| 24 | CBS2=90k |
| 25 | |
| 26 | meter1="police rate $CIR1 burst $CBS1 " |
| 27 | meter1a="police rate $CIR2 burst $CBS1 " |
| 28 | meter2="police rate $CIR1 burst $CBS2 " |
| 29 | meter2a="police rate $CIR2 burst $CBS2 " |
| 30 | meter3="police rate $CIR2 burst $CBS1 " |
| 31 | meter3a="police rate $CIR2 burst $CBS1 " |
| 32 | meter4="police rate $CIR2 burst $CBS2 " |
| 33 | meter5="police rate $CIR1 burst $CBS2 " |
| 34 | # |
| 35 | # tag the rest of incoming packets from subnet 10.2.0.0/24 to fw value 1 |
| 36 | # tag all incoming packets from any other subnet to fw tag 2 |
| 37 | ############################################################ |
| 38 | $IPCHAINS -A input -i $INDEV -s 0/0 -m 2 |
| 39 | $IPCHAINS -A input -i $INDEV -s 10.2.0.0/24 -m 1 |
| 40 | # |
| 41 | ############################################################ |
| 42 | # install the ingress qdisc on the ingress interface |
| 43 | $TC qdisc add dev $INDEV handle ffff: ingress |
| 44 | # |
| 45 | ############################################################ |
| 46 | |
| 47 | # All packets are marked with a tcindex value which is used on the egress |
| 48 | # tcindex 1 maps to AF41, 2->AF42, 3->AF43, 4->BE |
| 49 | # |
| 50 | ############################################################ |
| 51 | # |
| 52 | # anything with fw tag of 1 is passed on with a tcindex value 1 |
| 53 | #if it doesnt exceed its allocated rate (CIR/CBS) |
| 54 | # |
| 55 | $TC filter add dev $INDEV parent ffff: protocol ip prio 1 handle 1 fw \ |
| 56 | $meter1 \ |
| 57 | continue flowid 4:1 |
| 58 | $TC filter add dev $INDEV parent ffff: protocol ip prio 2 handle 1 fw \ |
| 59 | $meter1a \ |
| 60 | continue flowid 4:1 |
| 61 | # |
| 62 | # if it exceeds the above but not the extra rate/burst below, it gets a |
| 63 | #tcindex value of 2 |
| 64 | # |
| 65 | $TC filter add dev $INDEV parent ffff: protocol ip prio 3 handle 1 fw \ |
| 66 | $meter2 \ |
| 67 | continue flowid 4:2 |
| 68 | $TC filter add dev $INDEV parent ffff: protocol ip prio 4 handle 1 fw \ |
| 69 | $meter2a \ |
| 70 | continue flowid 4:2 |
| 71 | # |
| 72 | # if it exceeds the above but not the rule below, it gets a tcindex value |
| 73 | # of 3 |
| 74 | # |
| 75 | $TC filter add dev $INDEV parent ffff: protocol ip prio 5 handle 1 fw \ |
| 76 | $meter3 \ |
| 77 | continue flowid 4:3 |
| 78 | $TC filter add dev $INDEV parent ffff: protocol ip prio 6 handle 1 fw \ |
| 79 | $meter3a \ |
| 80 | drop flowid 4:3 |
| 81 | # |
| 82 | # Anything else (not from the subnet 10.2.0.24/24) gets discarded if it |
| 83 | # exceeds 1Mbps and by default goes to BE if it doesnt |
| 84 | # |
| 85 | $TC filter add dev $INDEV parent ffff: protocol ip prio 7 handle 2 fw \ |
| 86 | $meter5 \ |
| 87 | drop flowid 4:4 |
| 88 | |
| 89 | |
| 90 | ######################## Egress side ######################## |
| 91 | |
| 92 | |
| 93 | # attach a dsmarker |
| 94 | # |
| 95 | $TC qdisc add $EGDEV handle 1:0 root dsmark indices 64 |
| 96 | # |
| 97 | # values of the DSCP to change depending on the class |
| 98 | #note that the ECN bits are masked out |
| 99 | # |
| 100 | #AF41 (0x88 is 0x22 shifted to the right by two bits) |
| 101 | # |
| 102 | $TC class change $EGDEV classid 1:1 dsmark mask 0x3 \ |
| 103 | value 0x88 |
| 104 | #AF42 |
| 105 | $TC class change $EGDEV classid 1:2 dsmark mask 0x3 \ |
| 106 | value 0x90 |
| 107 | #AF43 |
| 108 | $TC class change $EGDEV classid 1:3 dsmark mask 0x3 \ |
| 109 | value 0x98 |
| 110 | #BE |
| 111 | $TC class change $EGDEV classid 1:4 dsmark mask 0x3 \ |
| 112 | value 0x0 |
| 113 | # |
| 114 | # |
| 115 | # The class mapping (using tcindex; could easily have |
| 116 | # replaced it with the fw classifier instead) |
| 117 | # |
| 118 | $TC filter add $EGDEV parent 1:0 protocol ip prio 1 \ |
| 119 | handle 1 tcindex classid 1:1 |
| 120 | $TC filter add $EGDEV parent 1:0 protocol ip prio 1 \ |
| 121 | handle 2 tcindex classid 1:2 |
| 122 | $TC filter add $EGDEV parent 1:0 protocol ip prio 1 \ |
| 123 | handle 3 tcindex classid 1:3 |
| 124 | $TC filter add $EGDEV parent 1:0 protocol ip prio 1 \ |
| 125 | handle 4 tcindex classid 1:4 |
| 126 | # |
| 127 | |
| 128 | # |
| 129 | echo "---- qdisc parameters Ingress ----------" |
| 130 | $TC qdisc ls dev $INDEV |
| 131 | echo "---- Class parameters Ingress ----------" |
| 132 | $TC class ls dev $INDEV |
| 133 | echo "---- filter parameters Ingress ----------" |
| 134 | $TC filter ls dev $INDEV parent ffff: |
| 135 | |
| 136 | echo "---- qdisc parameters Egress ----------" |
| 137 | $TC qdisc ls $EGDEV |
| 138 | echo "---- Class parameters Egress ----------" |
| 139 | $TC class ls $EGDEV |
| 140 | echo "---- filter parameters Egress ----------" |
| 141 | $TC filter ls $EGDEV parent 1:0 |
| 142 | # |
| 143 | #deleting the ingress qdisc |
| 144 | #$TC qdisc del $INDEV ingress |