6
votes
Accepted
Unwanted defragmentation of forwarded ipv4 packets
Whenever conntrack is in use, mainly for:
stateful firewalling (-m conntrack ...)
NAT (-t nat ...)
An additional hidden facility gets loaded, provided by the kernel modules nf_defrag_ipv4 and ...
- 39.5k
6
votes
Accepted
Adding qdisc under the mq top-level qdisc
The kernel's default reserved handle 0: can't be referenced correctly (as major value 0: ). You have first to (re)install the qdisc root mq, using a valid handle (ie: not 0:):
# tc qdisc add dev eth2 ...
- 39.5k
6
votes
Accepted
Tc qdisc delay not seen in tcpdump recording
According to the Packet flow in Netfilter and General Networking schematic, tcpdump captures (AF_PACKET) after egress (qdisc). So it's normal you don't see the delay in tcpdump: the delay was already ...
- 39.5k
6
votes
Accepted
How can I use `tc` with diffrent parameters on few virtual interfaces?
Can tc be used with virtual network interfaces
Yes.
(like eth0:0, eth0:1)?
No.
Those aren't virtual network interfaces. They're aliases for network interfaces. There's a huge difference.
It's an ...
- 52.1k
5
votes
Accepted
How can I permanently associate tc qdisc commands with a particular interface?
openvpn has an option called --up cmd which runs cmd whenever the VPN connection is first established, and an --up-restart option which tells openvpn to also run the --up command when a connection is ...
- 84.2k
5
votes
Accepted
queueing in linux-htb
I am going to answer my own question since I have done some source code reading and research work myself. If I had not done some research work myself, the answers by frostschutz and sourcejedi would ...
- 103
3
votes
How does a htb qdesc tree handle bandwidth overallocation?
The general recommendation with HTB is to make sure that "the sum of the rates of the child class is equal or smaller than the rate of the parent".
If the child classes allow higher rates, ...
- 52.1k
3
votes
Accepted
Error when trying to corrupt packets in linux terminal (netem)
The initial default qdisc set by the kernel with special handle 0: can't be modified nor referenced. It can only be overridden by a new qdisc. Using change references the existing root qdisc, but as ...
- 39.5k
3
votes
Accepted
How to delay traffic and limit bandwidth at the same time with tc (Traffic Control)?
Perhaps the netem emulator :
tc qdisc add dev eth0 root netem delay 800ms rate 1mbit
- 2,873
3
votes
Accepted
For veth pair, ping does not recognize interface name and tc qdisc netem does not work
I answer my own question below.
The simplest circumvention (my approach): putting one of the veth pair to another network namespace. Let's call it test.
$ sudo ip netns add test
$ sudo ip link add ...
- 346
3
votes
Accepted
Mirror to Multiple Ports Using TC?
A tc action can have a control operator appended to alter further handling of packets:
CONTROL
The CONTROL indicates how tc should proceed after executing the action. Any of the following are ...
- 39.5k
3
votes
queueing in linux-htb
Disclaimer: Those are a lot of questions and I haven't used HTB in like a decade? So I can't answer with confidence. But since you got zero replies so far, maybe this is still of some help.
Are ...
- 52.1k
3
votes
TC (Traffic Control) to control bandwidth
IMHO, the reason for the old rule still being in place is that the iptables rule that causes "the magic" is still there, as you have a line that adds it and no line to remove it. Check your iptables ...
- 373
3
votes
Drop all packets sent to localhost and particular port
The problem of
firewall-cmd --add-rich-rule='rule family="ipv4" port port=1884 protocol=tcp drop log \
level="warning" prefix="DROP" limit value="1/s"' --...
- 94.6k
2
votes
Get list of qdiscs and filters that are supported by tc tool
You can see the list of kernel modules (Net Schedulers) compiled in you kernel with:
grep '^CONFIG_NET_SCH_' /boot/config-$(uname -r)
- 21
2
votes
Rate limiting with tc on vlans
The order of parameters is important. From the man page:
tc [ OPTIONS ] filter [ add | change | replace | delete | get ] dev DEV
[ parent qdisc-id | root ] [ handle filter-id ] protocol protocol ...
- 52.1k
2
votes
Delay some localhost traffic
tc qdisc can control any ip and ports traffic:
sudo tc qdisc add dev lo root handle 1: prio bands 4
sudo tc qdisc add dev lo parent 1:4 handle 40: netem delay 200ms
sudo tc filter add dev lo parent 1:...
- 21
2
votes
tc qdisc not delete filter
the ingress handle is reserved (with value ffff:) and separate from the root handle, so it has to be deleted separately (likewise, it was added separately from the root handle). To delete it (and as a ...
- 39.5k
2
votes
Accepted
Example command to set same DSCP value in the IP header for return packets within the same TCP connection
iptables -t mangle -A PREROUTING -m dscp --dscp-class AF12 -j CONNMARK --set-xmark 12
iptables -t mangle -A POSTROUTING -m connmark --mark 12 -j DSCP --set-dscp-class AF12
(not 100% dynamic as the ...
- 140
2
votes
Accepted
can I use multiple qdiscs per device?
There is no actual problem to solve in OP's question, so I'll provide a very simple example that uses network namespaces
set up communications
ip -n test1 link add up type veth peer netns test2
ip -n ...
- 39.5k
2
votes
Accepted
Why does tc-netem on loopback also affects other interfaces?
No it doesn't affect other interfaces. But the routing involved makes that any access from the server to itself stays local and uses the lo (loopback) interface whatever interface the IP address was ...
- 39.5k
2
votes
How to deterministically vary the delay in programs like netem?
While netem doesn't allow you to set a time varying latency directly, tc responds quickly to changes (in the order of 100ms or lower).
Knowing this, you can just write a program to change the latency ...
- 23
2
votes
Accepted
How to police ingress (input) packets belonging to a cgroup with iptables and tc?
As per @A.B comments:
The mark you set in mangle/INPUT has no effect on tc, because tc ingress happens waaaay before. Check: en.wikipedia.org/wiki/Netfilter#/media/ ...
To save the mark for the ...
- 63
2
votes
Traffic shaping ineffective on tun device
I just would like to let you know that I noticed the same issue but independently of you, in my case it was the bad performance of TUN applications like VPNs. With my colleague I wrote a scientific ...
2
votes
Drop all packets sent to localhost and particular port
I'm puzzled why you've ended up going down a rabbit hole with tc. The usual approach would be to use the firewall to block traffic to the specified port and protocol. Here I've gone straight to ...
- 128k
1
vote
Accepted
wondershaper bandwdith limit per ip
wondershaper works on interfaces only, not on different systems using the router. It is a simple tool, and your requirement is too complex for what it offers.
You either have to configure that ...
- 94.6k
1
vote
Accepted
Can TC rules persist beyond a reboot? Where?
Consolidating comments into an answer
Based on comments from @dirkt and @berndbausch, it seems like the bottomline is:
There is no tc-specific way of persisting rules that are put in place using tc. ...
- 133
1
vote
Accepted
Forcefully enable fq_pie
It appears net.core.default_qdisc affects an interface driver when it's loaded. If the kernel module was loaded before net.core.default_qdisc was changed, then it won't affect it afterward. Some ...
- 39.5k
1
vote
Accepted
Installing wondershaper on Debian 10
Installing from current source:
# apt-get purge wondershaper
# cd
# mkdir wondershaper
# git clone https://github.com/magnific0/wondershaper.git
# cd wondershaper
# make install
# vi /etc/systemd/...
1
vote
How many qdiscs can I create with tc?
I know this is late, but I ran into the same issue and I solved it by using htb and tc classes.
Try this:
tc qdisc add dev eth0 root handle 1: htb
tc class add dev eth0 parent 1: classid 1:1 htb ...
- 11
Only top scored, non community-wiki answers of a minimum length are eligible