Index of /projects/tc_config
tc-config-0.6 README
--------------------
tc_config is set of scripts for linux 2.4+ traffic control
configuration on RedHat systems and (hopefully) derivatives.
(linux 2.2.X with ipchains is obsotete).
Uses cbq qdisc as root one, and sfq qdisc at leafs.
Includes snmp_pass utility for getting stats on traffic control via snmp.
Write
---
pass_persist .1.3.6.1.4.1.7088.6 /usr/lib/tc/snmp_pass
---
into your snmpd.conf.
Then you can get stats with
snmpwalk -v 1 -C <Your_community> localhost enterprises.7088.6
MIBs are in mibs directory.
for up2date MIBs look at http://slava.local.nsys.by/projects/mibs/ .
***NOTES***
From 0.6 tc_config uses iptables firewall, if you prefer to use old ipchains,
make changes in /etc/sysconfig/tc_config and in marking scripts.
I do not support ipchains version more, because of perfomance of snmp_pass with
ipchains. ipchains store stats in /proc/net/ip_fw_chains and the only way
I found to get them is to parse this pseudo-file. On my setup with 10 clients
size of data in file is about 450Kb, and one pass for one snmp variable takes
about 3 seconds and snmp daemon is not answering to other requests at that time.
Getting stats from iptables is HUNDREDS times faster, so now I use iptables.
You need to apply patches to iptables and kernel netfilter code in order to
make mark addition and substraction work. (I need this feature because
snmp_pass substracts values of iptables rules with --sub-mark from counters.
Look at code in iptables.c for more info).
Patches are in patches directory.
Apply both patches, recompile kernel and iptables and install them.
If you don't need this feature, simply make sure that there are no
${FW_MARK_SUB_CMD} and ${FW_MARK_ADD_CMD} in marking scripts.
I think tc_config is not usable on linux masquaraders, because of 'fw'
tc filter use.
I see no way to implement sub-classes right now, because flowid is only u32 in tc.
I see no how to pack ip address, flow directon and subclass id into 16 bits of MIN_ID.
For now I use 5 bits to identify class 'C' network, 2 bits are for flow direction,
and lowest 8 bits for host address. One highest bit is for sign.
That means now we can shape only 32 class 'C' networks on one linux router.
If you have any ideas on this, please let me know.
REQUIREMENTS:
----------
Get libsplit from http://slava.local.nsys.by/projects/libsplit/
and install it somewhere in the ldconfig path. It is rpm-ready (may be
built with rpm -tb).
libsplit is needed by snmp_pass.
INSTALL:
----------
Run 'rpm -tb tc-config-0.6.tar.gz' (rmpbuild on redhat 8+ systems). After
package will be built, run
'rpm -Uvh /usr/src/redhat/RPMS/i386/tc-config-0.6-1.i386.rpm'.
QUICKSTART:
--------
Configure interfaces in /etc/sysconfig/interfaces/, f.e. if you have two
ethernets on your router, create eth0 and eth1 files, fill needed vars
(INTERFACE, MAJ_ID (unique) and BANDWIDTH).
Then, correct /etc/sysconfig/tc-scripts/tc-mark-{to,from}-client scripts
with rules you need. All these scripts use shell variables IPCHAIN_COMMAND
(usually -A if called from tc_up and -D if called from tc_down), CHAIN
(tc-to or tc-from), INTERFACE (interface on which packets arrive), ADDR
(directly from RULES field in /etc/sysconfig/config/tc-cfg-<policy>) and
TC_LEXEM (integer mark, used to mark packets).
Look at examples, they have comments inside! :). These scripts are simple
sh (bash) scripts, so you can add functionalify into them.
/etc/sysconfig/tc-scripts/tc-mark-{to,from}-client-notc are similar to
above scripts, except traffic marked in them will not be shaped by tc but
counted by snmp_pass program.
Don't ask me what they are for, I simply need this functionality in my
setup :) . Thus, you may simply comment out all lines in these scripts or
remove all content from them. Don't remove these files, or you'll get a
couple of errors at startup.
Then, find out all class C networks your clients may be in and specify
prefixesfo them in /etc/sysconfig/tc-networks file (without last octet).
F.e for 10.0.0.0/23 network specify 10.0.0 and 10.0.1
Next, create config for first test client in f.e.
/etc/sysconfig/config/tc-cfg-test. Look below for variables it may contain
and look at examples.
OK, you almost won. Now type (as root) 'service tc start'. That's all!
If you want tc policies to be activated on startup, type
'chkconfig --add tc; chkconfig tc on' in root shell.
If you want to gather stats from your tc setup, put line
---
pass_persist .1.3.6.1.4.1.7088.6 /usr/lib/tc/snmp_pass
---
into your snmpd.conf and restart snmpd.
Then you can get stats with
snmpwalk -v 1 -C <Your_community> localhost enterprises.7088.6
MIBs are in mibs directory.
For up2date MIBs look at http://slava.local.nsys.by/projects/mibs/ .
CONFIGS:
----------
/etc/sysconfig/interfaces/<int>
INTERFACE=<int> - name of interface
MAJ_ID=10 - value used by tc for all classes and qdiscs on
that interface as MAJOR_ID
BANDWIDTH=100Mbit - interface bandwidth
FLOW="both" - flow directions through interface (receive,
transmit or both, empty means "both")
---------
/etc/sysconfig/config/tc-cfg-<policy>
POLICY_NAME=<policy> - name of tc policy, any name :)
CLIENT_SIDE_INT="eth0 eth1" - interfaces on client side (marking of
from-client flows, shaping on to-client
flows)
CLIENT_SIDE_DEV="imq0" - pseudo-interfaces on client side (shaping
on to-client flows), look Changelog.
INTERNET_SIDE_INT="eth2 eth3" - interfaces on internet side (marking
of to-client flows, tc on from-client
flows)
INTERNET_SIDE_DEV="imq1" - Same meaning as CLIENT_SIDE_DEV.
FROM_CLIENT_RATE=9Kbit - you understood :)
FROM_CLIENT_WEIGHT=1Kbit - ~ 1/10 of FROM_CLIENT_RATE
TO_CLIENT_RATE=9Kbit - you understood again ;)
TO_CLIENT_WEIGHT=1Kbit - ~ 1/10 of TO_CLIENT_RATE
#OWN_MARK_SCRIPT_FROM=/etc/sysconfig/tc-scripts/config/test/from-script
#OWN_MARK_SCRIPT_TO=/etc/sysconfig/tc-scripts/config/test/to-script
- Custom marking scripts for this policy,
if undefined, tc-mark-from-client
and tc-mark-to-client are used
#OWN_MARK_SCRIPT_FROM_NOTC=/etc/sysconfig/tc-scripts/config/test/from-script-notc
#OWN_MARK_SCRIPT_TO_NOTC=/etc/sysconfig/tc-scripts/config/test/to-script-notc
- Custom marking scripts for traffic from
not-shaped networks that should be counted.
If undefined, tc-mark-from-client-notc
and tc-mark-to-client-notc are used
RULES="192.168.1.1/32 192.168.1.2/32_26:1024 192.168.1.3/32_!_25"
- values, separated by spaces, are passed to
marking script as $ADDR, after changing
underscores to spaces.
may contain any ipchains-iptables params
ONBOOT="no" - yes or no, just like redhat's interface
configuraton
---------
/etc/sysconfig/tc-networks - List of networks of your company and your
clients. Used by get-tc-flowid and snmp_pass
utilities.
---------
/etc/sysconfig/tc-config - Defines configuratin settings and variables
for firewall commands (like FW_COMMAND, etc.)
SCRIPTS:
---------
/etc/sysconfig/tc-scripts/tc-up,
/etc/sysconfig/tc-scripts/tc-down - Scripts for setting individual policy up
or down. Usually called from
/etc/rc.d/init.d/tc script, but both of
them can be used for manual rule
(de)activation.
---------
/etc/rc.d/init.d/tc - Main script
---------
/etc/sysconfig/tc-scripts/tc-mark-from-client,
/etc/sysconfig/tc-scripts/tc-mark-to-client
/etc/sysconfig/tc-scripts/tc-mark-from-client-notc,
/etc/sysconfig/tc-scripts/tc-mark-to-client-notc
- shell scripts, that define ipchains
(iptables) rules. Look at example ones.
Vladislav Bogdanov
slava@nsys.by
http://slava.local.nsys.by/projects/
If you like this piece of sofware, pls let me know.
THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
![[ICO]](/icons/blank.gif){kind=icon}
![[DIR]](/icons/back.gif){kind=icon}
![[ ]](/icons/unknown.gif){kind=icon}
![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/folder.gif){kind=icon}
![[ ]](/icons/compressed.gif){kind=icon}