tc-config-0.6 README -------------------- tc_config is set of scripts for linux 2.4+ traffic control configuration on RedHat systems and (hopefully) derivatives. (linux 2.2.X with ipchains is obsotete). Uses cbq qdisc as root one, and sfq qdisc at leafs. Includes snmp_pass utility for getting stats on traffic control via snmp. Write --- pass_persist .1.3.6.1.4.1.7088.6 /usr/lib/tc/snmp_pass --- into your snmpd.conf. Then you can get stats with snmpwalk -v 1 -C localhost enterprises.7088.6 MIBs are in mibs directory. for up2date MIBs look at http://slava.local.nsys.by/projects/mibs/ . ***NOTES*** From 0.6 tc_config uses iptables firewall, if you prefer to use old ipchains, make changes in /etc/sysconfig/tc_config and in marking scripts. I do not support ipchains version more, because of perfomance of snmp_pass with ipchains. ipchains store stats in /proc/net/ip_fw_chains and the only way I found to get them is to parse this pseudo-file. On my setup with 10 clients size of data in file is about 450Kb, and one pass for one snmp variable takes about 3 seconds and snmp daemon is not answering to other requests at that time. Getting stats from iptables is HUNDREDS times faster, so now I use iptables. You need to apply patches to iptables and kernel netfilter code in order to make mark addition and substraction work. (I need this feature because snmp_pass substracts values of iptables rules with --sub-mark from counters. Look at code in iptables.c for more info). Patches are in patches directory. Apply both patches, recompile kernel and iptables and install them. If you don't need this feature, simply make sure that there are no ${FW_MARK_SUB_CMD} and ${FW_MARK_ADD_CMD} in marking scripts. I think tc_config is not usable on linux masquaraders, because of 'fw' tc filter use. I see no way to implement sub-classes right now, because flowid is only u32 in tc. I see no how to pack ip address, flow directon and subclass id into 16 bits of MIN_ID. For now I use 5 bits to identify class 'C' network, 2 bits are for flow direction, and lowest 8 bits for host address. One highest bit is for sign. That means now we can shape only 32 class 'C' networks on one linux router. If you have any ideas on this, please let me know. REQUIREMENTS: ---------- Get libsplit from http://slava.local.nsys.by/projects/libsplit/ and install it somewhere in the ldconfig path. It is rpm-ready (may be built with rpm -tb). libsplit is needed by snmp_pass. INSTALL: ---------- Run 'rpm -tb tc-config-0.6.tar.gz' (rmpbuild on redhat 8+ systems). After package will be built, run 'rpm -Uvh /usr/src/redhat/RPMS/i386/tc-config-0.6-1.i386.rpm'. QUICKSTART: -------- Configure interfaces in /etc/sysconfig/interfaces/, f.e. if you have two ethernets on your router, create eth0 and eth1 files, fill needed vars (INTERFACE, MAJ_ID (unique) and BANDWIDTH). Then, correct /etc/sysconfig/tc-scripts/tc-mark-{to,from}-client scripts with rules you need. All these scripts use shell variables IPCHAIN_COMMAND (usually -A if called from tc_up and -D if called from tc_down), CHAIN (tc-to or tc-from), INTERFACE (interface on which packets arrive), ADDR (directly from RULES field in /etc/sysconfig/config/tc-cfg-) and TC_LEXEM (integer mark, used to mark packets). Look at examples, they have comments inside! :). These scripts are simple sh (bash) scripts, so you can add functionalify into them. /etc/sysconfig/tc-scripts/tc-mark-{to,from}-client-notc are similar to above scripts, except traffic marked in them will not be shaped by tc but counted by snmp_pass program. Don't ask me what they are for, I simply need this functionality in my setup :) . Thus, you may simply comment out all lines in these scripts or remove all content from them. Don't remove these files, or you'll get a couple of errors at startup. Then, find out all class C networks your clients may be in and specify prefixesfo them in /etc/sysconfig/tc-networks file (without last octet). F.e for 10.0.0.0/23 network specify 10.0.0 and 10.0.1 Next, create config for first test client in f.e. /etc/sysconfig/config/tc-cfg-test. Look below for variables it may contain and look at examples. OK, you almost won. Now type (as root) 'service tc start'. That's all! If you want tc policies to be activated on startup, type 'chkconfig --add tc; chkconfig tc on' in root shell. If you want to gather stats from your tc setup, put line --- pass_persist .1.3.6.1.4.1.7088.6 /usr/lib/tc/snmp_pass --- into your snmpd.conf and restart snmpd. Then you can get stats with snmpwalk -v 1 -C localhost enterprises.7088.6 MIBs are in mibs directory. For up2date MIBs look at http://slava.local.nsys.by/projects/mibs/ . CONFIGS: ---------- /etc/sysconfig/interfaces/ INTERFACE= - name of interface MAJ_ID=10 - value used by tc for all classes and qdiscs on that interface as MAJOR_ID BANDWIDTH=100Mbit - interface bandwidth FLOW="both" - flow directions through interface (receive, transmit or both, empty means "both") --------- /etc/sysconfig/config/tc-cfg- POLICY_NAME= - name of tc policy, any name :) CLIENT_SIDE_INT="eth0 eth1" - interfaces on client side (marking of from-client flows, shaping on to-client flows) CLIENT_SIDE_DEV="imq0" - pseudo-interfaces on client side (shaping on to-client flows), look Changelog. INTERNET_SIDE_INT="eth2 eth3" - interfaces on internet side (marking of to-client flows, tc on from-client flows) INTERNET_SIDE_DEV="imq1" - Same meaning as CLIENT_SIDE_DEV. FROM_CLIENT_RATE=9Kbit - you understood :) FROM_CLIENT_WEIGHT=1Kbit - ~ 1/10 of FROM_CLIENT_RATE TO_CLIENT_RATE=9Kbit - you understood again ;) TO_CLIENT_WEIGHT=1Kbit - ~ 1/10 of TO_CLIENT_RATE #OWN_MARK_SCRIPT_FROM=/etc/sysconfig/tc-scripts/config/test/from-script #OWN_MARK_SCRIPT_TO=/etc/sysconfig/tc-scripts/config/test/to-script - Custom marking scripts for this policy, if undefined, tc-mark-from-client and tc-mark-to-client are used #OWN_MARK_SCRIPT_FROM_NOTC=/etc/sysconfig/tc-scripts/config/test/from-script-notc #OWN_MARK_SCRIPT_TO_NOTC=/etc/sysconfig/tc-scripts/config/test/to-script-notc - Custom marking scripts for traffic from not-shaped networks that should be counted. If undefined, tc-mark-from-client-notc and tc-mark-to-client-notc are used RULES="192.168.1.1/32 192.168.1.2/32_26:1024 192.168.1.3/32_!_25" - values, separated by spaces, are passed to marking script as $ADDR, after changing underscores to spaces. may contain any ipchains-iptables params ONBOOT="no" - yes or no, just like redhat's interface configuraton --------- /etc/sysconfig/tc-networks - List of networks of your company and your clients. Used by get-tc-flowid and snmp_pass utilities. --------- /etc/sysconfig/tc-config - Defines configuratin settings and variables for firewall commands (like FW_COMMAND, etc.) SCRIPTS: --------- /etc/sysconfig/tc-scripts/tc-up, /etc/sysconfig/tc-scripts/tc-down - Scripts for setting individual policy up or down. Usually called from /etc/rc.d/init.d/tc script, but both of them can be used for manual rule (de)activation. --------- /etc/rc.d/init.d/tc - Main script --------- /etc/sysconfig/tc-scripts/tc-mark-from-client, /etc/sysconfig/tc-scripts/tc-mark-to-client /etc/sysconfig/tc-scripts/tc-mark-from-client-notc, /etc/sysconfig/tc-scripts/tc-mark-to-client-notc - shell scripts, that define ipchains (iptables) rules. Look at example ones. Vladislav Bogdanov slava@nsys.by http://slava.local.nsys.by/projects/ If you like this piece of sofware, pls let me know. THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.