i am using Debian and am trying to limit the upload-bandwidth on an ip basis.
The configuration is the following:
#!/bin/bash
tc=/sbin/tc
$tc qdisc del dev eth0 root 2> /dev/null > /dev/null
$tc qdisc del dev eth0 ingress 2> /dev/null > /dev/null
$tc qdisc del dev tun0 root 2> /dev/null > /dev/null
$tc qdisc del dev tun0 ingress 2> /dev/null > /dev/null
$tc qdisc add dev eth0 root handle 1: htb default 30
$tc class add dev eth0 parent 1: classid 1:1 htb rate 5.0mbit burst 6k
$tc class add dev eth0 parent 1:1 classid 1:10 htb rate 2.0mbit ceil 4.5mbit burst 2k prio 1
$tc class add dev eth0 parent 1:1 classid 1:20 htb rate 2.0mbit ceil 4.5mbit burst 3k prio 2
$tc class add dev eth0 parent 1:1 classid 1:30 htb rate 0.5mbit burst 1k prio 3
$tc qdisc add dev eth0 parent 1:10 handle 10: sfq perturb 10
$tc qdisc add dev eth0 parent 1:20 handle 20: sfq perturb 10
$tc qdisc add dev eth0 parent 1:30 handle 30: sfq perturb 10
$tc filter add dev eth0 parent 1: protocol ip prio 1 u32 match ip src 192.168.1.1 flowid 1:10
$tc filter add dev eth0 parent 1: protocol ip prio 1 u32 match ip src 192.168.1.2 flowid 1:20
$tc filter add dev eth0 parent 1: protocol ip prio 1 u32 match ip src 192.168.1.4 flowid 1:30
The "setup" seems to be fine:
filter parent 1: protocol ip pref 1 u32 chain 0
filter parent 1: protocol ip pref 1 u32 chain 0 fh 800: ht divisor 1
filter parent 1: protocol ip pref 1 u32 chain 0 fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:10 not_in_hw
match c0a80101/ffffffff at 12
filter parent 1: protocol ip pref 1 u32 chain 0 fh 800::801 order 2049 key ht 800 bkt 0 flowid 1:20 not_in_hw
match c0a80102/ffffffff at 12
filter parent 1: protocol ip pref 1 u32 chain 0 fh 800::802 order 2050 key ht 800 bkt 0 flowid 1:30 not_in_hw
match c0a80104/ffffffff at 12
But I end up having all clients being in 1:30 despite the filter:
+---(1:1) htb rate 5Mbit ceil 5Mbit burst 6Kb cburst 1600b
| Sent 18121225 bytes 29841 pkt (dropped 0, overlimits 1926 requeues 0)
| backlog 0b 0p requeues 0
|
+---(1:10) htb prio 1 rate 2Mbit ceil 4500Kbit burst 2Kb cburst 1599b
| Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
| backlog 0b 0p requeues 0
|
+---(1:20) htb prio 2 rate 2Mbit ceil 4500Kbit burst 3Kb cburst 1599b
| Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
| backlog 0b 0p requeues 0
|
+---(1:30) htb prio 3 rate 500Kbit ceil 500Kbit burst 1Kb cburst 1600b
Sent 18121225 bytes 29841 pkt (dropped 23532, overlimits 27820 requeues 0)
backlog 244086b 117p requeues 0
What am I doing wrong?
UPDATE
I was able to apply the filtering rules by using iptables:
$tc filter add dev eth0 parent 1: protocol ip handle 2 fw flowid 1:20
$ipt -t mangle -A FORWARD -i eth1 -o eth0 -s 192.168.1.2 -j MARK --set-mark 2
It results in the traffic from 192.168.1.2 being put into 1:20:
+---(1:1) htb rate 5Mbit ceil 5Mbit burst 6Kb cburst 1600b
| Sent 34671556 bytes 40595 pkt (dropped 0, overlimits 8591 requeues 0)
| backlog 0b 0p requeues 0
|
+---(1:10) htb prio 1 rate 2Mbit ceil 4500Kbit burst 2Kb cburst 1599b
| Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
| backlog 0b 0p requeues 0
|
+---(1:20) htb prio 2 rate 2Mbit ceil 3500Kbit burst 3Kb cburst 1599b
| Sent 26070590 bytes 17443 pkt (dropped 0, overlimits 10466 requeues 0)
| backlog 0b 0p requeues 0
|
+---(1:30) htb prio 3 rate 500Kbit ceil 500Kbit burst 1Kb cburst 1600b
Sent 8600966 bytes 23152 pkt (dropped 0, overlimits 23146 requeues 0)
backlog 57060b 70p requeues 0
As of now it seems that the u32 filter does not work.