On this page you can find my version of IMQ driver and tc tutorial, the reason I decided to continue its development is because I need it for my
network traffic management.
TC tutorial is here
By some reason any attempts to touch locally generated packets will crash the
kernel, this is what i needed to fix.
Since old version was too much messed up I decide to redo it completely.
but stability did not change a lot, except it takes much longer to crash.
Moving hooks from POSTROUTING to OUTPUT, increased stability and now it
takes even longer to crash.
also crashes usually occur in other places now, not in usual tcp_retransmit_skb,
but in netfilter itself
So I decided disable local traffic shaping and declare this driver stable. (
it works for me,
but it still needs more testing, and if it will crash for you, then please tell
me and give as much information as you can,
basically I need crash location, and what modules are loaded)
Since now IMQ have nothing to do with how real net devices work,
It is not good to use Ingress and Egress definitions.
better is to use Input, Forward and Output, because it is more like netfilter
module.
When loaded it will hook on these chains and reject, delay or accept traffic
according to tc rules you set.
For now Output is disabled, but you can uncomment it if you want to try.
Because of high demand for kernel 2.6 compatibility I ported this
driver to kernel 2.6.
Now all kernels are supported. This driver should work with any kernel past
2.4.22,
This imq version don't require to patch anything and don't take nf_queue
handler so you can use that module (to queue packets to userspace)
if you need to compile it for 2.4 kernel - type
make
If for kernel 2.6 - type
make 2.6
You can find complete "stable" version source here. If you
would like to look into the latest c code then it is here imq.c
(symlink to my development version)
Look into README for some more info
WARNING:
1. this driver requires kernel 2.4.21 and later to compile without patching,
older kernel need small patch, but I recommend upgrade into something newer.
2. IPTABLES must be compiled into kernel, or else imq will not load.
3. You must use gcc compiler 3.2 or later, 2.8 will not work.
Usage notes:
You can manage all traffic that passes netfilter's input and forward chains, NO
locally generated traffic.
Usually this is ok, since you can use real interfaces to shape again.
You can find how to compile and install in README
then you will need to apply some tc rules to imq interface.
do everything like you normally do with real interfaces,
--- Forward -----------------------------------------------------
ingress ---> |
|--------> egress
----
Input --local processes : : local processes -- output---
filters which used on imq device will always see the same ip addresses
as any other netfilter modules in Forward and Input.
Example:
your internet address is 22.54.66.89 your network computer have addresses
10.0.x.x
then if packet comes from internet filter will see destination address 10.0.0.30
and source 123.5.2.22
If it comes from 10.0.0.30 then source 10.0.0.30 and destination 123.5.2.22
All forward and input trafic will ALLWAYS pass this driver,
if you do not use any rules it will pass without any significant delay
to classify packets use iptables marking, or source-destination addresses
there is no other way to find is packet is forwarded or destination is local
so use MARK on mangle corresponding chains
Example:
giving priority to web trafic:
-------------------------------------------------
tc qdisc del dev imq root
tc qdisc add dev imq root handle 2 htb r2q 1
# Internet
tc class add dev imq parent 2: classid 2:6 htb rate 200kbit #
you must limit this to about 80-90% of your link speed
# High pr
tc class add dev imq parent 2:6 classid 2:8 htb rate 120Kbit ceil 200kbit prio 2
tc qdisc add dev imq parent 2:8 sfq
tc filter add dev imq parent 2:6 protocol ip pref 2 u32 match ip sport 80 0xffff
classid 2:8
tc filter add dev imq parent 2:6 protocol ip pref 4 u32 match ip sport 443
0xffff classid 2:8
#low priority
tc class add dev imq parent 2:6 classid 2:9 htb rate 10Kbit ceil 190kbit prio 3
tc qdisc add dev imq parent 2:9 sfq
tc filter add dev imq parent 2:6 protocol ip pref 40 u32 match ip sport 0 0x0000
classid 2:9
------------------------------------------------
For very advanced example look at init script, it uses ipt_connbytes module.
Do not forget that you can shape traffic once more on real device egress,
so use imq for prioritization and all per user traffic limiting leave to
corresponding devices.
If you have questions then my email is tpt@pupa.da.ru
For all questions about tc configuration post messages on my forum.