1#! /bin/sh -x
2#
3# sample script on using the ingress capabilities
4# This script tags the fwmark on the ingress interface using IPchains
5# the result is used first for policing on the Ingress interface then
6# for fast classification and re-marking
7# on the egress interface
8#
9#path to various utilities;
10#change to reflect yours.
11#
12IPROUTE=/root/DS-6-beta/iproute2-990530-dsing
13TC=$IPROUTE/tc/tc
14IP=$IPROUTE/ip/ip
15IPCHAINS=/root/DS-6-beta/ipchains-1.3.9/ipchains
16INDEV=eth2
17EGDEV="dev eth1"
18#
19# tag all incoming packets from host 10.2.0.24 to value 1
20# tag all incoming packets from host 10.2.0.3 to value 2
21# tag the rest of incoming packets from subnet 10.2.0.0/24 to value 3
22#These values are used in the egress
23############################################################
24$IPCHAINS -A input -s 10.2.0.0/24 -m 3
25$IPCHAINS -A input -i $INDEV -s 10.2.0.24 -m 1
26$IPCHAINS -A input -i $INDEV -s 10.2.0.3 -m 2
27############################################################
28#
29# install the ingress qdisc on the ingress interface
30############################################################
31$TC qdisc add dev $INDEV handle ffff: ingress
32############################################################
33
34#
35# attach a fw classifier to the ingress which polices anything marked
36# by ipchains to tag value 3 (The rest of the subnet packets -- not
37# tag 1 or 2) to not go beyond 1.5Mbps
38# Allow up to at least 60 packets to burst (assuming maximum packet
39# size of # 1.5 KB) in the long run and upto about 6 packets in the
40# shot run
41
42############################################################
43$TC filter add dev $INDEV parent ffff: protocol ip prio 50 handle 3 fw \
44police rate 1500kbit burst 90k mtu 9k drop flowid :1
45############################################################
46
47######################## Egress side ########################
48
49
50# attach a dsmarker
51#
52$TC qdisc add $EGDEV handle 1:0 root dsmark indices 64
53#
54# values of the DSCP to change depending on the class
55#
56$TC class change $EGDEV classid 1:1 dsmark mask 0x3 \
57       value 0xb8
58$TC class change $EGDEV classid 1:2 dsmark mask 0x3 \
59       value 0x28
60$TC class change $EGDEV classid 1:3 dsmark mask 0x3 \
61       value 0x48
62#
63#
64# The class mapping
65#
66$TC filter add $EGDEV parent 1:0 protocol ip prio 4 handle 1 fw classid 1:1
67$TC filter add $EGDEV parent 1:0 protocol ip prio 4 handle 2 fw classid 1:2
68$TC filter add $EGDEV parent 1:0 protocol ip prio 4 handle 3 fw classid 1:3
69#
70
71#
72echo "---- qdisc parameters Ingress  ----------"
73$TC qdisc ls dev $INDEV
74echo "---- Class parameters Ingress  ----------"
75$TC class ls dev $INDEV
76echo "---- filter parameters Ingress ----------"
77$TC filter ls dev $INDEV parent ffff:
78
79echo "---- qdisc parameters Egress  ----------"
80$TC qdisc ls $EGDEV
81echo "---- Class parameters Egress  ----------"
82$TC class ls $EGDEV
83echo "---- filter parameters Egress ----------"
84$TC filter ls $EGDEV parent 1:0
85#
86#deleting the ingress qdisc
87#$TC qdisc del $DEV ingress
88