Driver for the intermediate queue device
Jiri
Fojtasek jiri.fojtasek(somewhere at)hlohovec.net, Last update: 30.3.
2004
30.03
2004 - New
version 1.1 :
Fixed bug with spinlock in
dev_queue_xmit(), Addet experimental support for ingress queue (just
only IPV4), Addet some comments to the sources, Fixed example in README
+
new example for ingress, The kernel patch for 2.4.25 was broken (oops)
29.03 2004 - About me and a word about
my IMQ implementation:
Using GNU/Linux is part of my job.
Sometimes i need to change or include something special in to linux
kernel, so the Linux kernel hacking being also a part of my job.
Because i doing it also for fun, i setup this little page to show my
first public project for GNU/Linux. Over the Internet exist some
implementations to have common traffic controler over multiple network
interfaces (IMQ), but all have some issues regarding stability and
functionality. So i decide joinn together all good ideas i found, and
even more :) ... Read below.
Contens:
INTRODUCTION:
This is the intermediate queue device
for GNU/Linux. Original version of this driver was writen by Martin
Devera and Patrick McHardy. This is new implementation that use devices
EOS event. Current version contain original netfilter support
writen by Patrick McHardy. Here is also ability to have multiple imq
devices. Supported are both ingress and egress queue.
INSTALATION -
KERNEL PATCH:
Current version support only 2.4.25
kernel(TODO). To apply the patch copy the imq-2.4.25-1.1.diff file in
to the root of your kernel source tree and run:
patch -p1 << imq-2.4.25-1.1.diff
This will install kernel driver and netfilter kernel space support.
Then configure, rebuild and install new kernel.
INSTALATION -
NETFILTER USERSPACE:
Current version not support
patch-o-matic(TODO). Simply copy contens of the extensions folder in
to <iptables-userspace>/extensions folder (eg
/usr/src/iptables-1.2.9/extensions) and rebuild the
iptables.
TODO:
- netfilter "nosync" option, do not use
device EOS
- netfilter "reset" option to clear imq flags
- netfilter "match module" to check imq flags
- netfilter patch-o-mantic support
- support for kernel 2.6.x (i using only 2.4.x series)
- code and documentation cleanup, english are not my "native" languages
CHANGELOG:
1.0
- Initial version. Its rewrite of imq device by Martin Devera
and Patrick McHardy. This version can
queue only egress trafics
and have support for device EOS.
Netfilter implementation and driver
skeleton is unchanged from Patric
McHardy version of IMQ.
1.1 - Fixed bug with spinlock
in dev_queue_xmit()
Addet experimental support for ingress
queue (just only IPV4)
Addet some comments in to source
Fixed example in README + new example
for ingress
The kernel patch for 2.4.25 was broken
(oops)
EXAMPLE1:
This example show network interface
independet traffic controller. Its complette example to show imq device
usage for a router that have five network interfaces and
ethernet bridge with ebtables patch. Trafics controler is used to
manage upload and download
bandwidth.
We have assigned more public IP address from ISP with 1Mbit for
download and 1Mbit for upload. "Customers" will have assigned private
(NATed) and public network
address.
We have those NIC's assigned for:
eth0 - Internet from ISP
eth1 - "Customers" with public IP's
wlan0 - "Customers" with public IP's (WiFi)
eth2 - "Customers" with private IP's
wlan1 - "Customers" with private IP's (WiFi)
Public IP's range will be 195.66.77.0/24 and private IP's range
10.0.0.0/16. The example not show
the firewall and wireless interfaces setup.
The example script with comment:
#!/bin/sh
# Example script to show IMQ driver usage
# Author : Jiri Fojtasek <jiri.fojtasek(at)hlohovec.net>
http://hyperfighter.sk/qos
# Version: 1.0
#NIC's and bridge br0 connected to ISP
brctl addbr br0
brctl addif br0 eth0
brctl addif br0 eth1
brctl addif br0 wlan0
ifconfig eth0 0.0.0.0 up
ifconfig eth1 0.0.0.0 up
ifconfig wlan0 0.0.0.0 up
ifconfig br0 195.66.77.1 netmask 255.255.255.0
route add default gw 195.66.77.99
#NIC's for private network
ifconfig eth2 10.0.1.1 netmask 255.255.255.0
ifconfig wlan1 10.0.2.1 netmask 255.255.255.0
#Setup IMQ devices (numdevs parameter specifies number of imq devices
will be loaded)
modprobe imq numdevs=2
ifconfig imq0 up
ifconfig imq1 up
#Setup the NAT
iptables -t nat -A POSTROUTING -s 10.0.0.0/16 -o br0 -j SNAT --to
195.66.77.1
#Setup traffic controler for imq0 (download)
tc qdisc del dev imq0 root
tc qdisc add dev imq0 root handle 1 htb default 99
tc class add dev imq0 parent 1: classid 1:10 htb rate 1Mbit
#Customer 1 with rate 64 Kbit
tc class add dev imq0 parent 1:10 classid 1:1000 htb rate 64Kbit
ceil 64Kbit
tc qdisc add dev imq0 parent 1:1000 handle 1000 sfq
tc filter add dev imq0 parent 1:0 protocol ip prio 200 handle
1000 fw classid 1:1000
#Customer 2 with rate 128 Kbit
tc class add dev imq0 parent 1:10 classid 1:1010 htb rate
128Kbit ceil 128Kbit
tc qdisc add dev imq0 parent 1:1010 handle 1010 sfq
tc filter add dev imq0 parent 1:0 protocol ip prio 200 handle
1010 fw classid 1:1010
#Customer 3 with rate 256 Kbit
tc class add dev imq0 parent 1:10 classid 1:1020 htb rate
256Kbit ceil 256Kbit
tc qdisc add dev imq0 parent 1:1020 handle 1020 sfq
tc filter add dev imq0 parent 1:0 protocol ip prio 200 handle
1020 fw classid 1:1020
#Default class with rate 32 Kbit
tc class add dev imq0 parent 1:10 classid 1:99 htb rate 32Kbit
ceil 32Kbit
#Setup traffic controler for imq1 (upload)
tc qdisc del imq1 root
tc qdisc add dev imq1 root handle 1 htb default 98
tc class add dev imq1 parent 1: classid 1:20 htb rate 1Mbit
#Customer 1 with rate 64 Kbit
tc class add dev imq1 parent 1:20 classid 1:2000 htb rate 64Kbit
ceil 64Kbit
tc qdisc add dev imq1 parent 1:2000 handle 2000 sfq
tc filter add dev imq1 parent 1:0 protocol ip prio 200 handle
2000 fw classid 1:2000
#Customer 2 with rate 128 Kbit
tc class add dev imq1 parent 1:20 classid 1:2010 htb rate
128Kbit ceil 128Kbit
tc qdisc add dev imq1 parent 1:2010 handle 2010 sfq
tc filter add dev imq1 parent 1:0 protocol ip prio 200 handle
2010 fw classid 1:2010
#Customer 3 with rate 256 Kbit
tc class add dev imq1 parent 1:20 classid 1:2020 htb rate
256Kbit ceil 256Kbit
tc qdisc add dev imq1 parent 1:2020 handle 2020 sfq
tc filter add dev imq1 parent 1:0 protocol ip prio 200 handle
2020 fw classid 1:2020
#Default class with 32 Kbit
tc class add dev imq1 parent 1:20 classid 1:99 htb rate 32Kbit
ceil 32Kbit
#Setup nfmark for each Customer
#Customer 1 with public IP 195.66.77.2
#Download
iptables -t mangle -A POSTROUTING -d 195.66.77.2 -j MARK
--set-mark 1000
#Upload
iptables -t mangle -A POSTROUTING -s 195.66.77.2 -j MARK
--set-mark 2000
#Customer 2 with private IP 10.0.1.2
#Download
iptables -t mangle -A POSTROUTING -d 10.0.1.2 -j MARK
--set-mark 1010
#Upload
iptables -t mangle -A POSTROUTING -s 10.0.1.2 -j MARK
--set-mark 2010
#Customer 3 with private IP 10.0.2.2
#Download
iptables -t mangle -A POSTROUTING -d 10.0.2.2 -j MARK
--set-mark 1020
#Upload
iptables -t mangle -A POSTROUTING -s 10.0.2.2 -j MARK
--set-mark 2020
#And finnaly direct traffic to right IMQ device :)
#Download
iptables -t mangle -A POSTROUTING -d
10.0.0.0/16 -j IMQ --todev 0
iptables -t mangle -A POSTROUTING -d 195.66.77.0/24 -j IMQ
--todev 0
#Upload
iptables -t mangle -A POSTROUTING -s
10.0.0.0/16 -j IMQ --todev 1
iptables -t mangle -A POSTROUTING -s 195.66.77.0/24 -j IMQ
--todev 1
EXAMPLE2:
Simply example to limit speed of
incoming e-mails to 64Kbit:
#!/bin/sh
modprobe imq
ifconfig imq0 up
tc qdisc del dev imq0 root
tc qdisc add dev imq0 handle 1: root htb default 1
tc class add dev imq0 parent 1: classid 1:1 htb rate 64kbit
tc qdisc add dev imq0 parent 1:1 handle 2 sfq
iptables -t mangle -A PREROUTING -i eth0 -p TCP --dport 25 -j IMQ
LINKS:
Copyright (C)2004 Jiri Fojtasek