TC 无法根据 iptables MARK 对数据包进行正确分类

2024-5-30 • tag-icon

我有一台机器 A，它通过 eth0 连接到互联网。另一方面，机器 B 通过网格连接到机器 A，并通过机器 A 连接到互联网。我试图降低来自机器 B 的流量的优先级。
现在，当两者争夺带宽时，只有机器 B 的上传速率会受到限制。我怀疑问题出在用于调整传入流量的 ifb0 过滤器上。
行：tc filter add dev ifb0 parent 1: prio 1 protocol ip handle 1 fw flowid 1:10似乎不起作用，所有数据包都经过默认流，而不是 1:10。我仔细检查了 iptables，它正确地标记了数据包。
这是我当前的脚本：

#!/bin/sh -x

# Bandwidth of home connection
MAX_BW=10 #in Mbits
MAX_BW_GUEST=10
MIN_GUEST_BW=1 #minimum guaranteed guest bandwidth in Mbits

# Interface facing the Internet
EXTDEV=eth0

# Clear old queuing disciplines (qdisc) on the interfaces and the MANGLE table
tc qdisc del dev $EXTDEV root    2> /dev/null > /dev/null
tc qdisc del dev ifb0 root       2> /dev/null > /dev/null
modprobe ifb
ip link set dev ifb0 down
ip link set dev ifb0 up
iptables -t mangle -F

# appending "stop" (without quotes) after the name of the script stops here.
if [ "$1" = "stop" ]
then
        echo "Traffic shaping stopped."
        exit
fi

#Marking packets that are forwarded
iptables -A FORWARD -t mangle -j MARK --set-mark 1

# Policing incoming traffic using ingress qdisc
tc qdisc add dev eth0 handle ffff: ingress
tc filter add dev eth0 parent ffff: protocol ip u32 match u32 0 0 action mirred egress redirect dev ifb0


# HTB classes on IFB and eth0 with rate limiting
tc qdisc add dev eth0 root handle 1: htb default 20
tc class add dev eth0 parent 1: classid 1:1 htb rate ${MAX_BW}Mbit burst 15k
tc qdisc add dev ifb0 root handle 1: htb default 20
tc class add dev ifb0 parent 1: classid 1:1 htb rate ${MAX_BW}Mbit burst 15k

tc class add dev eth0 parent 1:1 classid 1:10 htb prio 0 rate ${MIN_GUEST_BW}Mbit ceil ${MAX_BW_GUEST}Mbit #class 1:10 for guest
tc class add dev eth0 parent 1:1 classid 1:20 htb prio 2 rate ${MAX_BW}Mbit ceil ${MAX_BW}Mbit #class 1:20 for home owner
tc class add dev ifb0 parent 1:1 classid 1:10 htb prio 0 rate ${MIN_GUEST_BW}Mbit ceil ${MAX_BW_GUEST}Mbit #class 1:10 for guest
tc class add dev ifb0 parent 1:1 classid 1:20 htb prio 2 rate ${MAX_BW}Mbit ceil ${MAX_BW}Mbit #class 1:20 for home owner

tc qdisc add dev eth0 parent 1:10 handle 10: sfq perturb 10
tc qdisc add dev eth0 parent 1:20 handle 20: sfq perturb 10
tc qdisc add dev ifb0 parent 1:10 handle 10: sfq perturb 10
tc qdisc add dev ifb0 parent 1:20 handle 20: sfq perturb 10

# Packets marked with "1" on either eth0 or ifb0 flow through class 1:10, else class 1:20
tc filter add dev eth0 parent 1: prio 1 protocol ip handle 1 fw flowid 1:10
tc filter add dev ifb0 parent 1: prio 1 protocol ip handle 1 fw flowid 1:10

exit 0

相关内容