Index of /projects/tc_config/beta-docs
tc-config-0.7.26 README
--------------------
tc_config is set of scripts for linux 2.4+ traffic control
configuration on RedHat systems and (hopefully) derivatives.
Uses cbq qdisc as root one, and sfq qdisc at leafs.
Includes snmp_pass utility for getting stats on traffic control via snmp.
Write
---
pass_persist .1.3.6.1.4.1.7088.6 /usr/lib/tc/snmp_pass
---
into your snmpd.conf.
Then you can get stats with
snmpwalk -v 1 -C <Your_community> localhost enterprises.7088.6
MIBs are in mibs directory.
for up2date MIBs look at http://bubble.nsys.by/projects/mibs/ .
NEWS:
----------
Subclasses support is implemented now. Subclass 0 (zero) is the main class
for client, all other subclasses are its subclasses.
New tc plugin for pppd.
REQUIREMENTS:
----------
Get libsplit from http://bubble.nsys.by/projects/libsplit/
and install it somewhere in the ldconfig path. It is rpm-ready (may be
built with rpm -tb).
pppd plugin requires pppd headers to be installed. To use pppd plugin,
pppd should be patched with my patch. Best way to do it is to get my
pppd rpm (http://bubble.nsys.by/projects/pppd/), rebuild and install it.
Kernel and iptables must be patched to support IMQ.
INSTALL:
----------
Run 'rpmbuild -tb tc-config-0.7.x.tar.gz'. After package is built, run
'rpm -Uvh /usr/src/redhat/RPMS/i386/tc-config-0.7.x-1.i386.rpm'.
QUICKSTART:
--------
Choose how much subclasses for each client you need. Correct SUBCLASS_BITS
in /etc/sysconfig/tc-config to fit your needs. Don't forget, the greater value
of SUBCLASS_BITS, the less clients you may handle.
A little table to help to find right value:
SUBCLASS_BITS | NETWORK_BITS | Subclasses | Networks | Number of clients
------------------------------------------------------------------------
1 | 6 | 2 | 63 | 16128
2 | 5 | 4 | 31 | 7936
3 | 4 | 8 | 15 | 3840
4 | 3 | 16 | 7 | 1792
5 | 2 | 32 | 3 | 768
6 | 1 | 64 | 1 | 256
------------------------------------------------------------------------
Number of clients here is the "max. possible". It is possible in situation when
every client have only one IP address, and all IP adresses in all networks are
used. Note: this is only about the first address in the RULES field (main IP
address), additional addresses may be not listed in /etc/sysconfig/tc-networks.
Also, read about 'DYNAMIC CLIENTS' concept in README.dynamic file.
A little explanation, how flow id is counted. We have only 16 bits for this id.
This constraint grows from kernel traffic control logic. The only way I found
to fit IP address (32 bits long) into 16 bits is to count all 'Class C' networks
we deal with and assign them numbers (from 1, id 0 is reserved for custom flows
that do not fit into tc_config schema). Last octet of the IP address (8 bits,
also known as 'host address') remains as 8 bits in the flow id. Next, we need to
specify flow direction through the kernel (is it goes 'from' or 'to' the client).
It takes 1 more bit. So, we have only 7 bits for both network id and subclass
id. SUBCLASS_BITS specifies how these 7 bits are shared between them.
After right value for SUBCLASS_BITS is chosen, we need to configure parameters
of uplink interfaces in /etc/sysconfig/interfaces/. Specify
FLOW="receive" for them. Also, you need to configure two IMQ devices there
(f.e. imq0 and imq1). For imq devs specify FLOW="transmit". List all uplink
interfaces together with "imq1" in UPLINK_INTERFACES variable in
/etc/sysconfig/tc-config, and leave "imq0" as DEFAULT_CLIENT_SIDE_DEV.
Then, correct /etc/sysconfig/tc-scripts/main-classify-rules script for what you
need. This is the "main dispatcher", it throws packets into firewall tables
that correspond to subclasses. On start, tc_config creates two fw tables for
every subclass, one for from-client and one for to-client flows. Task of
main-classify-rules is to deliver every packet into the right table. Look at
example script provided with the distribution, it has couple of comments inside.
This script uses some variables set in /etc/sysconfig/tc-config and some
variables set in tc init script.
OK, last thing we need to do is to define parameters for our clients.
This task is done by /etc/sysconfig/tc-scripts/config/tc-cfg-* scripts.
Create config for first test client in f.e. /etc/sysconfig/config/tc-cfg-test.
Look below for variables it may contain and look at examples.
OK, you almost won. Now type (as root) 'service tc start'. That's all!
If you want tc policies to be activated on startup, type
'chkconfig --add tc; chkconfig tc on' in root shell.
If you want to gather stats from your tc setup, put line
---
pass_persist .1.3.6.1.4.1.7088.6 /usr/lib/tc/snmp_pass
---
into your snmpd.conf and restart snmpd.
Then you can get stats with
snmpwalk -v 1 -c <Your_community> localhost enterprises.7088.6
Note, that MIB for tc_config 0.7.x is different from the earlier one.
MIBs are in mibs directory.
For up2date MIBs look at http://bubble.nsys.by/projects/mibs/ .
CONFIG FILES:
----------
/etc/sysconfig/interfaces/<int>
INTERFACE=<int> - name of interface
MAJ_ID=10 - value used by tc for all classes and qdiscs on
that interface as MAJOR_ID
BANDWIDTH=100Mbit - interface bandwidth
FLOW="both" - flow directions through interface (receive,
transmit or both, empty means "both"). Set it to
"receive" for uplink interfaces and to "transmit" for
imq devices.
---------
/etc/sysconfig/config/tc-cfg-<policy>
POLICY_NAME=<policy> - name of tc policy, any name :)
TEMPLATE=<template> - use this template for client policy,
all template values can be overrided (but only
after template definition)
CLIENT_SIDE_DEV="imq0" - device, on which to-client tc classes
will be attached. Overrides DEFAULT_CLIENT_SIDE_DEV
on to-client flows), look Changelog.
RATE_FROM_CLIENT[x]=9Kbit - Rate of from_client flow in subclass x,
0 < x < numsubclasses
RATE_TO_CLIENT[x]=9Kbit - The same for to-client flow
OWN_MARK_SCRIPT=/etc/sysconfig/tc-scripts/config/test/mark-script
- Custom marking script for this policy,
if undefined, tc-mark-client-flows is used
RULES="192.168.1.1/32 192.168.1.2/32_26:1024 192.168.1.3/32_!_25"
- values, separated by spaces, are passed to
marking script as $ADDR, after changing
underscores to spaces.
may contain any ipchains-iptables params
ONBOOT="no" - yes or no, just like redhat's interface
configuraton
---------
/etc/sysconfig/templates/*
Templates have the same syntax as policies
---------
/etc/sysconfig/override/script-*
Use files in this directory to override marking script settings for dynamic
clients.
Name scripts as 'script-${POLICY_NAME}'.
Do not set any tc parameters except OWN_MARK_SCRIPT here, it is intended only
for special marking or firewall rules setup.
Call /etc/sysconfig/tc-scripts/tc-mark-client-flows from this script, as it
overrides defaults.
This is the quick hack and may be changed in future.
---------
/etc/sysconfig/tc-networks - List of networks of your company and your
clients. Used by get-tc-flowid and snmp_pass
utilities.
---------
/etc/sysconfig/tc-config - Defines configuratin settings and variables
for firewall commands (like FW_COMMAND, etc.)
SCRIPTS:
---------
/etc/sysconfig/tc-scripts/tc-up,
/etc/sysconfig/tc-scripts/tc-down - Scripts for setting individual policy up
or down. Usually called from
/etc/rc.d/init.d/tc script, but both of
them can be used for manual rule
(de)activation.
---------
/etc/rc.d/init.d/tc - Main script
---------
/etc/sysconfig/tc-scripts/main-classify-rules
- read above about it
---------
/etc/sysconfig/tc-scripts/tc-mark-client-flows
Vladislav Bogdanov
slava@nsys.by
http://bubble.nsys.by/projects/
If you like this piece of sofware, pls let me know.
THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
![[ICO]](/icons/blank.gif){kind=icon}
![[DIR]](/icons/back.gif){kind=icon}
![[ ]](/icons/unknown.gif){kind=icon}
![[TXT]](/icons/text.gif){kind=icon}