Usage
By default you have two imq devices (imq0 and imq1). These are
dummy interfaces, you can do nothing but attach qdiscs to them.
Only egress qdiscs can be used, the current ingress qdisc is just
another netfilter hooker. Since packets never get directed to an imq
device by the network stack itself no netfilter hooks will ever be called.
You can use imq for ingress traffic control, but only using egress qdiscs
(which makes more sense anyway since current ingress is very limited).
First you have to attach a qdisc to the imq device. The imq device
can be treated like any other network device. The fw classifier can be
used for filters. The packet length seen by the qdisc includes link layer
headers of the device the packet has entered/will be leaving through so
you can work with link speed when limiting traffic.
After attaching a qdisc to the device you have to specify which
packets should go through the imq device. An iptables target (`IMQ') is
provided for using all the packet-selecting power of iptables.
As soon as the interfaces reaches IFF_UP state selected packets will
be enqeued to the imq device. Immediately dequeue is tried and dequeued
packet (possibly reordered) gets reinjected into the network stack
(software pump).
If you are using IMQ as modules you can: modprobe imq and
then modprobe ipt_IMQ. To choose the number of IMQ devices
you should: modprobe imq numdevs=X.
Usage examples
/sbin/ip link set imq0 up
/sbin/tc qdisc add dev imq0 root handle 1: htb default 2
/sbin/tc class add dev imq0 parent 1: classid 1:1 htb rate 80000Kbit
/sbin/tc class add dev imq0 parent 1: classid 1:2 htb rate 80000Kbit
/sbin/tc class add dev imq0 parent 1:1 classid 1:10 htb rate 256kbit ceil 384kbit
/sbin/tc class add dev imq0 parent 1:1 classid 1:20 htb rate 512kbit ceil 648kbit
/sbin/tc filter add dev imq0 parent 1: protocol ip prio 1 u32 match ip dst aaa.aaa.aaa.aaa/bb match ip src ccc.ccc.ccc.ccc/dd flowid 1:10
/sbin/tc filter add dev imq0 parent 1: protocol ip prio 1 u32 match ip dst ddd.ddd.ddd.ddd/ee match ip src fff.fff.fff.fff/gg flowid 1:20
/usr/sbin/iptables -t mangle -A PREROUTING -i ppp0 -j IMQ --todev 0
/usr/sbin/iptables -t mangle -A PREROUTING -i ppp1 -j IMQ --todev 0
/sbin/ip link set imq1 up
/sbin/tc qdisc add dev imq1 root handle 2: htb default 2
/sbin/tc class add dev imq1 parent 2: classid 2:1 htb rate 80000Kbit
/sbin/tc class add dev imq1 parent 2: classid 2:2 htb rate 80000Kbit
/sbin/tc class add dev imq1 parent 2:1 classid 2:10 htb rate 256kbit ceil 384kbit
/sbin/tc class add dev imq1 parent 2:1 classid 2:20 htb rate 512kbit ceil 648kbit
/sbin/tc filter add dev imq1 parent 2: protocol ip prio 1 u32 match ip dst ccc.ccc.ccc.ccc/dd match ip src aaa.aaa.aaa.aaa/bb flowid 2:10
/sbin/tc filter add dev imq1 parent 2: protocol ip prio 1 u32 match ip dst fff.fff.fff.fff/gg match ip src ddd.ddd.ddd.ddd/ee flowid 2:20
/usr/sbin/iptables -t mangle -A POSTROUTING -o ppp0 -j IMQ --todev 1
/usr/sbin/iptables -t mangle -A POSTROUTING -o ppp1 -j IMQ --todev 1
|
