3 # sample script on using the ingress capabilities
4 # This script fwmark tags(IPchains) based on metering on the ingress
5 # interface the result is used for fast classification and re-marking
6 # on the egress interface
7 # This is an example of a color blind mode marker with no PIR configured
8 # based on draft-wahjak-mcm-00.txt (section 3.1)
10 #path to various utilities;
11 #change to reflect yours.
13 IPROUTE=/root/DS-6-beta/iproute2-990530-dsing
16 IPCHAINS=/root/DS-6-beta/ipchains-1.3.9/ipchains
22 #The CBS is about 60 MTU sized packets
26 meter1="police rate $CIR1 burst $CBS1 "
27 meter1a="police rate $CIR2 burst $CBS1 "
28 meter2="police rate $CIR1 burst $CBS2 "
29 meter2a="police rate $CIR2 burst $CBS2 "
30 meter3="police rate $CIR2 burst $CBS1 "
31 meter3a="police rate $CIR2 burst $CBS1 "
32 meter4="police rate $CIR2 burst $CBS2 "
33 meter5="police rate $CIR1 burst $CBS2 "
35 # tag the rest of incoming packets from subnet 10.2.0.0/24 to fw value 1
36 # tag all incoming packets from any other subnet to fw tag 2
37 ############################################################
38 $IPCHAINS -A input -i $INDEV -s 0/0 -m 2
39 $IPCHAINS -A input -i $INDEV -s 10.2.0.0/24 -m 1
41 ############################################################
42 # install the ingress qdisc on the ingress interface
43 $TC qdisc add dev $INDEV handle ffff: ingress
45 ############################################################
47 # All packets are marked with a tcindex value which is used on the egress
48 # tcindex 1 maps to AF41, 2->AF42, 3->AF43, 4->BE
50 ############################################################
52 # anything with fw tag of 1 is passed on with a tcindex value 1
53 #if it doesnt exceed its allocated rate (CIR/CBS)
55 $TC filter add dev $INDEV parent ffff: protocol ip prio 1 handle 1 fw \
58 $TC filter add dev $INDEV parent ffff: protocol ip prio 2 handle 1 fw \
62 # if it exceeds the above but not the extra rate/burst below, it gets a
65 $TC filter add dev $INDEV parent ffff: protocol ip prio 3 handle 1 fw \
68 $TC filter add dev $INDEV parent ffff: protocol ip prio 4 handle 1 fw \
72 # if it exceeds the above but not the rule below, it gets a tcindex value
75 $TC filter add dev $INDEV parent ffff: protocol ip prio 5 handle 1 fw \
78 $TC filter add dev $INDEV parent ffff: protocol ip prio 6 handle 1 fw \
82 # Anything else (not from the subnet 10.2.0.24/24) gets discarded if it
83 # exceeds 1Mbps and by default goes to BE if it doesnt
85 $TC filter add dev $INDEV parent ffff: protocol ip prio 7 handle 2 fw \
90 ######################## Egress side ########################
95 $TC qdisc add $EGDEV handle 1:0 root dsmark indices 64
97 # values of the DSCP to change depending on the class
98 #note that the ECN bits are masked out
100 #AF41 (0x88 is 0x22 shifted to the right by two bits)
102 $TC class change $EGDEV classid 1:1 dsmark mask 0x3 \
105 $TC class change $EGDEV classid 1:2 dsmark mask 0x3 \
108 $TC class change $EGDEV classid 1:3 dsmark mask 0x3 \
111 $TC class change $EGDEV classid 1:4 dsmark mask 0x3 \
115 # The class mapping (using tcindex; could easily have
116 # replaced it with the fw classifier instead)
118 $TC filter add $EGDEV parent 1:0 protocol ip prio 1 \
119 handle 1 tcindex classid 1:1
120 $TC filter add $EGDEV parent 1:0 protocol ip prio 1 \
121 handle 2 tcindex classid 1:2
122 $TC filter add $EGDEV parent 1:0 protocol ip prio 1 \
123 handle 3 tcindex classid 1:3
124 $TC filter add $EGDEV parent 1:0 protocol ip prio 1 \
125 handle 4 tcindex classid 1:4
129 echo "---- qdisc parameters Ingress ----------"
130 $TC qdisc ls dev $INDEV
131 echo "---- Class parameters Ingress ----------"
132 $TC class ls dev $INDEV
133 echo "---- filter parameters Ingress ----------"
134 $TC filter ls dev $INDEV parent ffff:
136 echo "---- qdisc parameters Egress ----------"
138 echo "---- Class parameters Egress ----------"
140 echo "---- filter parameters Egress ----------"
141 $TC filter ls $EGDEV parent 1:0
143 #deleting the ingress qdisc
144 #$TC qdisc del $INDEV ingress