Hello.
I have router running Debian 5.0 Lenny x86_64 with kernel 2.6.26
Fow now, I use ESFQ patch to fairly share bandwith acress all network hosts (common SFQ depend on tcp connection number).
I'd like to use to external classifier for SFQ which was added some time ago to get rid of foreign patches in distro kernel.
Here is example of my shaper (using patched for ESFQ iproute)
Code:
/opt/sbin/tc qdisc del dev eth2 root
/opt/sbin/tc qdisc add dev eth2 root handle 1 htb default 50 r2q 10
/opt/sbin/tc class add dev eth2 parent 1: classid 1:2 htb rate 100Mbit
#Some bandwidth for SSH
/opt/sbin/tc class add dev eth2 parent 1:2 classid 1:20 htb rate 200Kbit ceil 100Mbit prio 10
/opt/sbin/tc qdisc add dev eth2 parent 1:20 handle 20 esfq perturb 10 hash dst
/opt/sbin/tc filter add dev eth2 parent 1:0 protocol ip prio 100 u32 match ip sport 22 0xffff classid 1:20
#Internet access.
/opt/sbin/tc class add dev eth2 parent 1:2 classid 1:30 htb rate 1800Kbit ceil 2Mbit prio 30
/opt/sbin/tc qdisc add dev eth2 parent 1:30 handle 30 esfq perturb 10 hash dst
/opt/sbin/tc filter add dev eth2 parent 1:0 protocol ip prio 200 handle 30 fw classid 1:30
#Local provider's resources available @ADSL speed
/opt/sbin/tc class add dev eth2 parent 1:2 classid 1:40 htb rate 6Mbit ceil 8Mbit prio 40
/opt/sbin/tc qdisc add dev eth2 parent 1:40 handle 40 esfq perturb 10 hash dst
/opt/sbin/tc filter add dev eth2 parent 1:0 protocol ip prio 200 handle 15 fw classid 1:40
#Traffic from DMZ, locally generated and so on...
/opt/sbin/tc class add dev eth2 parent 1:2 classid 1:50 htb rate 85Mbit ceil 100Mbit prio 50
/opt/sbin/tc qdisc add dev eth2 parent 1:50 handle 50 esfq perturb 10 hash dst
Similar (I hope) code using new classifier (using common system iproute)
Code:
/sbin/tc qdisc del dev eth2 root
/sbin/tc qdisc add dev eth2 root handle 1 htb default 50 r2q 10
/sbin/tc class add dev eth2 parent 1: classid 1:2 htb rate 100Mbit
/sbin/tc class add dev eth2 parent 1:2 classid 1:20 htb rate 200Kbit ceil 100Mbit prio 10
/sbin/tc qdisc add dev eth2 parent 1:20 handle 20 sfq
/sbin/tc filter add dev eth2 parent 1:0 protocol ip prio 100 u32 match ip sport 22 0xffff classid 1:20
/sbin/tc filter add dev eth2 parent 20: protocol ip handle 20 flow hash keys nfct-dst divisor 1024
/sbin/tc class add dev eth2 parent 1:2 classid 1:30 htb rate 1800Kbit ceil 2Mbit prio 30
/sbin/tc qdisc add dev eth2 parent 1:30 handle 30: sfq
/sbin/tc filter add dev eth2 parent 1:0 protocol ip prio 200 handle 30 fw classid 1:30
/sbin/tc filter add dev eth2 parent 30: protocol ip handle 30 flow hash keys nfct-dst divisor 1024
/sbin/tc class add dev eth2 parent 1:2 classid 1:40 htb rate 6Mbit ceil 8Mbit prio 40
/sbin/tc qdisc add dev eth2 parent 1:40 handle 40: sfq
/sbin/tc filter add dev eth2 parent 1:0 protocol ip prio 200 handle 15 fw classid 1:40
/sbin/tc filter add dev eth2 parent 40: protocol ip handle 40 flow hash keys nfct-dst divisor 1024
/sbin/tc class add dev eth2 parent 1:2 classid 1:50 htb rate 85Mbit ceil 100Mbit prio 50
/sbin/tc qdisc add dev eth2 parent 1:50 handle 50: sfq
/sbin/tc filter add dev eth2 parent 50: protocol ip handle 50 flow hash keys nfct-dst divisor 1024
So code in both cases should works same, but last example stop processing packets (I even unable ping box via eth2's IP) unless I remove shaper or reboot box.
Could someone point me on my mistake - how to replace ESFQ using filter with 'flow hash key dst' ?
