From 7fe32de1ca13d9c34da493a719928d806b06b902 Mon Sep 17 00:00:00 2001 From: hk Date: Sat, 3 Feb 2018 01:31:05 +0100 Subject: [PATCH] Add post commands support To ease and centralize additional tc rules a default post-command file in /etc/tc-gen/post-commands has been introduced. The location may be overridden with -p. --- README.md | 4 +++- src/tc-gen | 54 ++++++++++++++++++++++++++++++++++++++++++------------ 2 files changed, 45 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index 465090b..5f00e3b 100644 --- a/README.md +++ b/README.md @@ -35,7 +35,9 @@ Remove configuration allow-auto bond0.12 iface bond0.12 inet dhcp up /usr/local/bin/tc-gen -i ${IFACE} -u 10 -d 100 -f ifb0 - up /sbin/tc filter add dev ${IFACE} parent ffff: protocol ip prio 1 u32 match ip protocol 17 0xff match ip dport 4500 0xffff action pass + + # Add additional rules to the post-commands file (location can be overridden by -p) + echo '${TC} filter add dev ${IF_NAME} parent ffff: protocol ip prio 1 u32 match ip protocol 17 0xff match ip dport 4500 0xffff action pass' >> /etc/tc-gen/post-commands # Example with egress shaping on gre-tunnel allow-auto gre2 diff --git a/src/tc-gen b/src/tc-gen index c488fab..8202fb5 100755 --- a/src/tc-gen +++ b/src/tc-gen @@ -32,8 +32,6 @@ OPTIONS Valid units for rates are k (kbit/s) and M (Mbit/s). If no unit are given with the rate Mbit/s is used. - -u UP_RATE - -d DOWN_RATE -f IFB_IF_NAME If ingress shaping should be used instead of policing define a valid ifb interface. Normally ifb0 and ifb1 are available if nothing is @@ -41,9 +39,11 @@ OPTIONS -b BURST_SIZE Only used when ingress policing is used. For ingress shaping this is ignored. - -c ":::,:::,..." + -c ":::,:::,..." Define extra leaf classes if you want to slice up and guarantee - bandwith between different kinds of traffic using fw marks on egress. + bandwith between different kinds of traffic, for exeample by using + fw marks on egress. If the fw mark matches the handle the traffic + will match. The default class has a priority of 4. If this is not set all the bandwith is given to the default class which is sufficient for most use cases. If ceil is not set it will default to UP_RATE. If prio is @@ -53,13 +53,37 @@ OPTIONS -c "107:50::,109:1400k:7M:2" The example above creates a leaf class which get all egress traffic - with fw mark 107, shaped to a rate of 50 mbit/s with no ceiling and + with handle 107, shaped to a rate of 50 mbit/s with no ceiling and priority, which means that it may use all the available bandwith if available in the root class and has the same priority as the default - class. The next leaf class has a fw mark of 109, a rate of 1400 kbit/s, + class. The next leaf class has a handle of 109, a rate of 1400 kbit/s, a ceil of 7 mbit/s and a priority of 2. - -C ":::,:::,..." - Same as -c but for ingress on IFB interface. + -C ":::,:::,..." + Same as -c but for ingress on IFB interface. Note that it is not + possible to use fw marks to assign traffic to IFB interface classes, + as it is not hooked into netfilter. Instead you need to use tc filter + rules, which you normally would add to the post-commands file. + + Example: + tc filter add dev ifb0 parent 1: protocol ip prio 20 \ + u32 \ + match ip protocol 6 0xff \ + match ip dport 22 0xffff \ + classid 1: + + The example above sends TCP port 22 traffic to the 1: class. + The filter priority is used to define filter processing order, and + must not be confused with the class priority, which defines the class' + relative priority to other classes when there is a need to prioritize + traffic. + -d DOWN_RATE + -p POST_COMMANDS_FILE + Override path to post commands file. By default tc-gen checks if + "/etc/tc-gen/post-commands" exists and if so, sources that file after + tc-gen have finished setting up its ordinary configuration. + Some nice to have environment variables available for that file are + TC, IF_NAME, IFB_IF_NAME, UP_RATE, DOWN_RATE and BURST_SIZE + -u UP_RATE -x Clear all traffic control config on interface. -V @@ -274,11 +298,11 @@ add_prio_classes () { for CLASS in ${CLASSES[@]}; do local CONFIG=( $(echo "${CLASS}" | tr ':' ' ') ) - local FWMARK=${CONFIG[0]} + local HANDLE=${CONFIG[0]} local CLASS_RATE=$(convert_rate ${CONFIG[1]}) local CEIL_RATE=${MAX_RATE} local PRIO=${DEFAULT_PRIO} - local CLASS_ID=${FWMARK} + local CLASS_ID=${HANDLE} [[ -n ${CONFIG[2]} ]] && CEIL_RATE=$(convert_rate ${CONFIG[2]}) [[ -n ${CONFIG[3]} ]] && PRIO=${CONFIG[3]} @@ -311,7 +335,7 @@ add_prio_classes () { $(get_fq_codel_quantum ${CEIL_RATE}) \ $(get_ecn ${CEIL_RATE} ${ECN_MINRATE}) - ${TC} filter add dev ${IF_NAME} parent 1: protocol all handle ${FWMARK} \ + ${TC} filter add dev ${IF_NAME} parent 1: protocol all handle ${HANDLE} \ fw classid 1:${CLASS_ID} done fi @@ -418,7 +442,7 @@ convert_rate () { } -while getopts ":i:u:d:b:f:q:c:C:xV" OPT; do +while getopts ":i:u:d:b:f:q:c:C:p:xV" OPT; do case ${OPT} in i) IF_NAME="${OPTARG}" @@ -441,6 +465,9 @@ while getopts ":i:u:d:b:f:q:c:C:xV" OPT; do C) IFB_CLASS_CONFIG="${OPTARG}" ;; + p) + POST_COMMANDS="${OPTARG}" + ;; x) CLEAR_CONFIG=1 ;; @@ -490,5 +517,8 @@ if [[ -n ${DOWN_RATE} ]]; then fi fi +# Execute post commands +[[ -n ${POST_COMMANDS} ]] || POST_COMMANDS="/etc/tc-gen/post-commands" +[[ -r ${POST_COMMANDS} ]] && . "${POST_COMMANDS}" trap - ERR INT TERM