3 # sample script on using the ingress capabilities
4 # This script fwmark tags(IPchains) based on metering on the ingress
5 # interface the result is used for fast classification and re-marking
6 # on the egress interface
7 # This is an example of a color blind mode marker with no PIR configured
8 # based on draft-wahjak-mcm-00.txt (section 3.1)
10 #path to various utilities;
11 #change to reflect yours.
13 IPROUTE
=/root
/DS-6-beta
/iproute2-990530-dsing
16 IPCHAINS
=/root
/DS-6-beta
/ipchains-1.3
.9/ipchains
22 #The CBS is about 60 MTU sized packets
26 meter1
="police rate $CIR1 burst $CBS1 "
27 meter2
="police rate $CIR1 burst $CBS2 "
28 meter3
="police rate $CIR2 burst $CBS1 "
29 meter4
="police rate $CIR2 burst $CBS2 "
30 meter5
="police rate $CIR2 burst $CBS2 "
32 # tag the rest of incoming packets from subnet 10.2.0.0/24 to fw value 1
33 # tag all incoming packets from any other subnet to fw tag 2
34 ############################################################
35 $IPCHAINS -A input
-i $INDEV -s 0/0 -m 2
36 $IPCHAINS -A input
-i $INDEV -s 10.2.0.0/24 -m 1
38 ############################################################
39 # install the ingress qdisc on the ingress interface
40 $TC qdisc add dev
$INDEV handle ffff
: ingress
42 ############################################################
44 # All packets are marked with a tcindex value which is used on the egress
45 # tcindex 1 maps to AF41, 2->AF42, 3->AF43, 4->BE
47 ############################################################
49 # anything with fw tag of 1 is passed on with a tcindex value 1
50 #if it doesnt exceed its allocated rate (CIR/CBS)
52 $TC filter add dev
$INDEV parent ffff
: protocol ip prio
4 handle
1 fw \
56 # if it exceeds the above but not the extra rate/burst below, it gets a
59 $TC filter add dev
$INDEV parent ffff
: protocol ip prio
5 handle
1 fw \
63 # if it exceeds the above but not the rule below, it gets a tcindex value
66 $TC filter add dev
$INDEV parent ffff
: protocol ip prio
6 handle
1 fw \
70 # Anything else (not from the subnet 10.2.0.24/24) gets discarded if it
71 # exceeds 1Mbps and by default goes to BE if it doesnt
73 $TC filter add dev
$INDEV parent ffff
: protocol ip prio
6 handle
2 fw \
78 ######################## Egress side ########################
83 $TC qdisc add
$EGDEV handle
1:0 root dsmark indices
64
85 # values of the DSCP to change depending on the class
86 #note that the ECN bits are masked out
88 #AF41 (0x88 is 0x22 shifted to the right by two bits)
90 $TC class change
$EGDEV classid
1:1 dsmark mask
0x3 \
93 $TC class change
$EGDEV classid
1:2 dsmark mask
0x3 \
96 $TC class change
$EGDEV classid
1:3 dsmark mask
0x3 \
99 $TC class change
$EGDEV classid
1:4 dsmark mask
0x3 \
103 # The class mapping (using tcindex; could easily have
104 # replaced it with the fw classifier instead)
106 $TC filter add
$EGDEV parent
1:0 protocol ip prio
1 \
107 handle
1 tcindex classid
1:1
108 $TC filter add
$EGDEV parent
1:0 protocol ip prio
1 \
109 handle
2 tcindex classid
1:2
110 $TC filter add
$EGDEV parent
1:0 protocol ip prio
1 \
111 handle
3 tcindex classid
1:3
112 $TC filter add
$EGDEV parent
1:0 protocol ip prio
1 \
113 handle
4 tcindex classid
1:4
117 echo "---- qdisc parameters Ingress ----------"
118 $TC qdisc
ls dev
$INDEV
119 echo "---- Class parameters Ingress ----------"
120 $TC class
ls dev
$INDEV
121 echo "---- filter parameters Ingress ----------"
122 $TC filter
ls dev
$INDEV parent ffff
:
124 echo "---- qdisc parameters Egress ----------"
126 echo "---- Class parameters Egress ----------"
128 echo "---- filter parameters Egress ----------"
129 $TC filter
ls $EGDEV parent
1:0
131 #deleting the ingress qdisc
132 #$TC qdisc del $INDEV ingress