tc
Tc is used to configure Traffic Control in the Linux kernel.
Traffic Control consists of the following:
SHAPING
When traffic is shaped, its rate of transmission is under
control. Shaping may be more than lowering the available
bandwidth - it is also used to smooth out bursts in
traffic for better network behaviour. Shaping occurs on
egress.
SCHEDULING
By scheduling the transmission of packets it is possible
to improve interactivity for traffic that needs it while
still guaranteeing bandwidth to bulk transfers. Reordering
is also called prioritizing, and happens only on egress.
POLICING
Whereas shaping deals with transmission of traffic,
policing pertains to traffic arriving. Policing thus
occurs on ingress.
DROPPING
Traffic exceeding a set bandwidth may also be dropped
forthwith, both on ingress and on egress.
Processing of traffic is controlled by three kinds of objects:
qdiscs, classes and filters.
QDISCS
qdisc is short for 'queueing discipline' and it is elementary to
understanding traffic control. Whenever the kernel needs to send
a packet to an interface, it is enqueued to the qdisc configured
for that interface. Immediately afterwards, the kernel tries to
get as many packets as possible from the qdisc, for giving them
to the network adaptor driver.
A simple QDISC is the 'pfifo' one, which does no processing at
all and is a pure First In, First Out queue. It does however
store traffic when the network interface can't handle it
momentarily.
CLASSES
Some qdiscs can contain classes, which contain further qdiscs -
traffic may then be enqueued in any of the inner qdiscs, which
are within the classes. When the kernel tries to dequeue a
packet from such a classful qdisc it can come from any of the
classes. A qdisc may for example prioritize certain kinds of
traffic by trying to dequeue from certain classes before others.
class包括further qdiscs
FILTERS
A filter is used by a classful qdisc to determine in which class
a packet will be enqueued. Whenever traffic arrives at a class
with subclasses, it needs to be classified. Various methods may
be employed to do so, one of these are the filters. All filters
attached to the class are called, until one of them returns with
a verdict. If no verdict was made, other criteria may be
available. This differs per qdisc.
THEORY OF OPERATION
Classes form a tree, where each class has a single parent. A
class may have multiple children. Some qdiscs allow for runtime
addition of classes (HTB) while others (PRIO) are created with a
static number of children.
Qdiscs which allow dynamic addition of classes can have zero or
more subclasses to which traffic may be enqueued.
Furthermore, each class contains a leaf qdisc which by default
has pfifo behaviour, although another qdisc can be attached in
place. This qdisc may again contain classes, but each class can
have only one leaf qdisc.
When a packet enters a classful qdisc it can be classified to one
of the classes within. Three criteria are available, although not
all qdiscs will use all three:
tc filters
If tc filters are attached to a class, they are consulted
first for relevant instructions. Filters can match on all
fields of a packet header, as well as on the firewall mark
applied by iptables.
Type of Service
Some qdiscs have built in rules for classifying packets
based on the TOS field.
skb->priority
Userspace programs can encode a class-id in the
'skb->priority' field using the SO_PRIORITY option.
Each node within the tree can have its own filters but higher
level filters may also point directly to lower classes.
If classification did not succeed, packets are enqueued to the
leaf qdisc attached to that class. Check qdisc specific manpages
for details, however.
NAMING
All qdiscs, classes and filters have IDs, which can either be
specified or be automatically assigned.
IDs consist of a major number and a minor number, separated by a
colon - major:minor. Both major and minor are hexadecimal
numbers and are limited to 16 bits. There are two special values:
root is signified by major and minor of all ones, and unspecified
is all zeros.
QDISCS A qdisc, which potentially can have children, gets
assigned a major number, called a 'handle', leaving the
minor number namespace available for classes. The handle
is expressed as '10:'. It is customary to explicitly
assign a handle to qdiscs expected to have children.
CLASSES
Classes residing under a qdisc share their qdisc major
number, but each have a separate minor number called a
'classid' that has no relation to their parent classes,
only to their parent qdisc. The same naming custom as for
qdiscs applies.
FILTERS
Filters have a three part ID, which is only needed when
using a hashed filter hierarchy.
TC COMMANDS
The following commands are available for qdiscs, classes and
filter:
add Add a qdisc, class or filter to a node. For all entities,
a parent must be passed, either by passing its ID or by
attaching directly to the root of a device. When creating
a qdisc or a filter, it can be named with the handle
parameter. A class is named with the classid parameter.
tc qdisc add dev ens4f0 ingress
tc filter add dev ens4f0 ingress pref 1 protocol ip flower action drop skip_sw
tc filter add dev geneve1 protocol ip parent ffff: flower enc_dst_ip 188.111.1.1 enc_src_ip 188.111.1.2 enc_key_id 1234 action drop skip_sw
tc -s filter show dev geneve1 ingress
tc filter del dev geneve1 ingress pref 1
tc filter del dev geneve1 parent ffff: protocol ip pref 49149
tc filter replace dev $1 ingress pref 9000 protocol all flower src_mac $3 action ok
下篇EAP