tc on bridge port
5,164
I figured it out- I had to specify a 'protocol' in the filter. I could find much documentation on this- all the examples I could find specified the protocol as 'ip' but since this a switch, I thought I'd try 'all' and it worked!
tc qdisc add dev eth0 root handle 1:0 htb default 2
tc class add dev eth0 parent 1:0 classid 1:1 htb rate 1mbit ceil 1mbit
tc class add dev eth0 parent 1:0 classid 1:2 htb rate 5mbit ceil 5mbit
tc filter add dev eth0 parent 1:0 handle protocol all 5 fw flowid 1:1
Related videos on Youtube
Author by
tMC
im not a programmer, i just stumbled into a job that requires i do programming
Updated on September 18, 2022Comments
-
tMC over 1 year
I have a 4 port bridge:
root@Linux-Switch:~# brctl show bridge name bridge id STP enabled interfaces br0 8000.000024cd2cb0 no eth0 eth1 eth2 eth3
My goal is to limit the upload speed of the eth2 interface. (eth0 is the uplink interface to the upstream switch). I've been trying to do this via tc and iptables.
# tried in both the filter table and mangle table iptables -A FORWARD -t mangle -m physdev --physdev-in eth2 -j MARK --set-mark 5 tc qdisc add dev eth0 root handle 1:0 htb default 2 tc class add dev eth0 parent 1:0 classid 1:1 htb rate 1mbit ceil 1mbit tc class add dev eth0 parent 1:0 classid 1:2 htb rate 5mbit ceil 5mbit tc filter add dev eth0 parent 1:0 handle 5 fw flowid 1:1
I can see that the
iptables
rule is matching-root@Linux-Switch:~# iptables -vL -t mangle ... Chain FORWARD (policy ACCEPT 107K packets, 96M bytes) pkts bytes target prot opt in out source destination 38269 11M MARK all -- any any anywhere anywhere PHYSDEV match --physdev-in eth2 MARK set 0x5 ... root@Linux-Switch:~#
But the tc config is not reading the fw mark; all traffic in port eth2 is being limited to the 5Mb default, not the 1Mb I'm attempting to configure.
root@Linux-Switch:~# tc -s class show dev eth0 class htb 1:1 root prio 0 rate 1000Kbit ceil 1000Kbit burst 100Kb cburst 100Kb Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) rate 0bit 0pps backlog 0b 0p requeues 0 lended: 0 borrowed: 0 giants: 0 tokens: 200000 ctokens: 200000 class htb 1:2 root prio 0 rate 5000Kbit ceil 5000Kbit burst 100Kb cburst 100Kb Sent 11465766 bytes 39161 pkt (dropped 0, overlimits 0 requeues 0) rate 6744bit 3pps backlog 0b 0p requeues 0 lended: 39161 borrowed: 0 giants: 0 tokens: 2454400 ctokens: 2454400 root@Linux-Switch:~#
What am I doing wrong?
-
Admin about 11 yearsDoes it match if you add it on
br0
instead? Also specify the filter explicitely as 0x5 instead of just 5 at the command line (for both tc and iptables).
-