1aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger#! /bin/sh -x
2aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger#
3aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger# sample script on using the ingress capabilities
4aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger# This script fwmark tags(IPchains) based on metering on the ingress 
5aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger# interface the result is used for fast classification and re-marking
6aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger# on the egress interface
7aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger# This is an example of a color blind mode marker with no PIR configured
8aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger# based on draft-wahjak-mcm-00.txt (section 3.1)
9aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger#
10aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger#path to various utilities;
11aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger#change to reflect yours.
12aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger#
13aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerIPROUTE=/root/DS-6-beta/iproute2-990530-dsing
14aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerTC=$IPROUTE/tc/tc
15aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerIP=$IPROUTE/ip/ip
16aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerIPCHAINS=/root/DS-6-beta/ipchains-1.3.9/ipchains
17aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerINDEV=eth2
18aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerEGDEV="dev eth1"
19aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerCIR1=1500kbit
20aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerCIR2=1000kbit
21aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger
22aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger#The CBS is about 60 MTU sized packets
23aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerCBS1=90k
24aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerCBS2=90k
25aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger
26aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingermeter1="police rate $CIR1 burst $CBS1 "
27aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingermeter2="police rate $CIR1 burst $CBS2 "
28aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingermeter3="police rate $CIR2 burst $CBS1 "
29aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingermeter4="police rate $CIR2 burst $CBS2 "
30aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingermeter5="police rate $CIR2 burst $CBS2 "
31aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger#
32aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger# tag the rest of incoming packets from subnet 10.2.0.0/24 to fw value 1
33aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger# tag all incoming packets from any other subnet to fw tag 2
34aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger############################################################ 
35aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger$IPCHAINS -A input -i $INDEV -s 0/0 -m 2
36aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger$IPCHAINS -A input -i $INDEV -s 10.2.0.0/24 -m 1
37aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger#
38aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger############################################################ 
39aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger# install the ingress qdisc on the ingress interface
40aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger$TC qdisc add dev $INDEV handle ffff: ingress
41aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger#
42aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger############################################################ 
43aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger
44aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger# All packets are marked with a tcindex value which is used on the egress
45aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger# tcindex 1 maps to AF41, 2->AF42, 3->AF43, 4->BE
46aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger#
47aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger############################################################ 
48aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger# 
49aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger# anything with fw tag of 1 is passed on with a tcindex value 1
50aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger#if it doesnt exceed its allocated rate (CIR/CBS)
51aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger# 
52aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger$TC filter add dev $INDEV parent ffff: protocol ip prio 4 handle 1 fw \
53aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger$meter1 \
54aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingercontinue flowid 4:1
55aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger#
56aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger# if it exceeds the above but not the extra rate/burst below, it gets a 
57aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger#tcindex value  of 2
58aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger#
59aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger$TC filter add dev $INDEV parent ffff: protocol ip prio 5 handle 1 fw \
60aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger$meter2 \
61aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingercontinue flowid 4:2
62aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger#
63aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger# if it exceeds the above but not the rule below, it gets a tcindex value
64aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger# of 3
65aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger#
66aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger$TC filter add dev $INDEV parent ffff: protocol ip prio 6 handle 1 fw \
67aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger$meter3 \
68aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerdrop flowid 4:3
69aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger#
70aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger# Anything else (not from the subnet 10.2.0.24/24) gets discarded if it 
71aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger# exceeds 1Mbps and by default goes to BE if it doesnt
72aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger#
73aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger$TC filter add dev $INDEV parent ffff: protocol ip prio 6 handle 2 fw \
74aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger$meter5 \
75aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerdrop flowid 4:4
76aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger
77aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger
78aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger######################## Egress side ########################
79aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger
80aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger
81aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger# attach a dsmarker
82aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger#
83aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger$TC qdisc add $EGDEV handle 1:0 root dsmark indices 64
84aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger#
85aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger# values of the DSCP to change depending on the class
86aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger#note that the ECN bits are masked out
87aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger#
88aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger#AF41 (0x88 is 0x22 shifted to the right by two bits)
89aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger#
90aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger$TC class change $EGDEV classid 1:1 dsmark mask 0x3 \
91aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger       value 0x88
92aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger#AF42
93aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger$TC class change $EGDEV classid 1:2 dsmark mask 0x3 \
94aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger       value 0x90
95aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger#AF43
96aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger$TC class change $EGDEV classid 1:3 dsmark mask 0x3 \
97aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger       value 0x98
98aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger#BE
99aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger$TC class change $EGDEV classid 1:4 dsmark mask 0x3 \
100aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger       value 0x0
101aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger#
102aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger#
103aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger# The class mapping (using tcindex; could easily have
104aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger# replaced it with the fw classifier instead)
105aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger#
106aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger$TC filter add $EGDEV parent 1:0 protocol ip prio 1 \
107aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger          handle 1 tcindex classid 1:1
108aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger$TC filter add $EGDEV parent 1:0 protocol ip prio 1 \
109aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger          handle 2 tcindex  classid 1:2
110aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger$TC filter add $EGDEV parent 1:0 protocol ip prio 1 \
111aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger          handle 3 tcindex  classid 1:3
112aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger$TC filter add $EGDEV parent 1:0 protocol ip prio 1 \
113aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger          handle 4 tcindex  classid 1:4
114aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger#
115aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger
116aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger#
117aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerecho "---- qdisc parameters Ingress  ----------"
118aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger$TC qdisc ls dev $INDEV
119aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerecho "---- Class parameters Ingress  ----------"
120aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger$TC class ls dev $INDEV
121aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerecho "---- filter parameters Ingress ----------"
122aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger$TC filter ls dev $INDEV parent ffff:
123aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger
124aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerecho "---- qdisc parameters Egress  ----------"
125aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger$TC qdisc ls $EGDEV
126aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerecho "---- Class parameters Egress  ----------"
127aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger$TC class ls $EGDEV
128aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemmingerecho "---- filter parameters Egress ----------"
129aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger$TC filter ls $EGDEV parent 1:0
130aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger#
131aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger#deleting the ingress qdisc
132aba5acdfdb347d2c21fc67d613d83d4430ca3937osdl.org!shemminger#$TC qdisc del $INDEV ingress
133