Problem with ingress policing on bridged device

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I'm having trouble getting ingress policing to work on a bridged device.
The bridge contains several interfaces: peth0, vif0.0, vif[1-7]0.1,
vif[25].1 .  (This is under xen, in case the vif's didn't give that
away, so peth0 is renamed eth0.)

The tc rules I have are:

tc qdisc del dev peth0 root
tc qdisc del dev peth0 ingress handle ffff:

tc qdisc add dev peth0 root handle 1: htb default 1
tc class add dev peth0 parent 1: classid 1:1 htb rate 1mbit ceil 1mbit mtu 100000 burst 3000 cburst 3000

tc qdisc add dev peth0 ingress handle ffff:
tc filter add dev peth0 parent ffff: protocol ip prio 10 u32 match ip protocol 6 0xff police rate 1mbit buffer 3k drop flowid ffff:

The egress filter has such a large mtu to deal with "giants."
Otherwise it seems like these rules should work without a problem.
However, when I do tc -s qdisc show dev peth0  I get 0 bytes of the
ingress qdisc:

qdisc htb 1: r2q 10 default 1 direct_packets_stat 0
 Sent 33055549 bytes 232260 pkt (dropped 0, overlimits 3661 requeues 0)
 rate 0bit 0pps backlog 0b 0p requeues 0
qdisc ingress ffff: ----------------
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 rate 0bit 0pps backlog 0b 0p requeues 0

Furthermore, when I run tc filter ls dev peth0 root , the ref value on
the police rule changes each time I run the command:

filter parent ffff: protocol ip pref 10 u32
filter parent ffff: protocol ip pref 10 u32 fh 800: ht divisor 1
filter parent ffff: protocol ip pref 10 u32 fh 800::800 order 2048 key
ht 800 bkt 0 flowid ffff:
  match 00060000/00ff0000 at 8
 police 0xf rate 1000Kbit burst 3Kb mtu 2Kb action drop
ref -561105860 bind 4

...
ref -952640528 bind 4

...
ref -540461920 bind 4

Any help would be appreciated.

--
Steve
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux