I have 2 services, both operate over the same interface. Service A goal is keep high bandwidth while sending massive amount of data. Service B goal is low latency. Service B packets should **always** be in favor of Service's A packets. I need a TC structure to be able to : - Rate limit both service A & B - Give service B packets priority with 0% latency affect by service A packets. - Let each service utilize the whole line (or up to its limit) if the other service isn't transmitting. I tried about an htb structure where I have class htb classid x which may be rate/ceil limit and qdisc prio (say handle y:0) below as child (it shall auto create i.e. classes y:1, y:2 & y:3) and use filters by src ip to redirect packets to y:1 / y:2. However, it doesn't seem to work. Both class x and it's children traffic seem to be 0. (used tc -s class/qdisc/filter show dev dev to see) When watching the filters I can clearly see the "hits" so the data was supposed to get redirected correctly. Here are the commands I execute : tc qdisc add dev dev root handle 1: htb tc class add dev dev parent 1:0 classid 1:1 htb rate 10gbit ceil 10gbit # class x tc class add dev dev parent 1:1 classid 1:2 htb rate 10gbit ceil 10gbit # auto creates classes 21:1, 21:2 and 21:3 tc qdisc add dev dev parent 1:2 handle 21: prio # example for service b filter (latency driven) tc filter add dev dev parent 1:0 prio 2 u32 match ip src x.x.x.x/32 flowid 21:1 # example for service a filter tc filter add dev dev parent 1:0 prio 2 u32 match ip src x.x.x.x/32 flowid 21:2

I would like the IP header IP Precedence bits to be copied into 802.1Q PCP bits for outgoing traffic sourced from the host in question. Specifically for iperf3 and ping utilities. I have failed to set PCP bits for pings. OS Fedora release 38, "Server Edition", NetworkManager, eno2 ethernet eno2 eno2.814 vlan eno2.814

ip -d link show eno2
3: eno2:  mtu 1600 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether ac:16:2d:72:3f:fd brd ff:ff:ff:ff:ff:ff promiscuity 0  allmulti 0 minmtu 60 maxmtu 9000 addrgenmode none numtxqueues 5 numrxqueues 5 gso_max_size 65536 gso_max_segs 65535 tso_max_size 65536 tso_max_segs 65535 gro_max_size 65536 parentbus pci parentdev 0000:03:00.1
    altname enp3s0f1

ip -d link show eno2.814
10: eno2.814@eno2:  mtu 1600 qdisc pfifo state UP mode DEFAULT group default qlen 1000
    link/ether ac:16:2d:72:3f:fd brd ff:ff:ff:ff:ff:ff promiscuity 0  allmulti 0 minmtu 0 maxmtu 65535
    vlan protocol 802.1Q id 814
      ingress-qos-map { 1:1 2:2 3:3 4:4 5:5 6:6 7:7 }
      egress-qos-map { 1:1 2:2 3:3 4:4 5:5 6:6 7:7 } addrgenmode none numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535 tso_max_size 65536 tso_max_segs 65535 gro_max_size 65536

cat /proc/net/vlan/eno2.814
eno2.814  VID: 814       REORDER_HDR: 0  dev->priv_flags: 81021
         total frames received          294
          total bytes received        21846
      Broadcast/Multicast Rcvd            0

      total frames transmitted          271
       total bytes transmitted        23846
    Device: eno2
INGRESS priority mappings: 0:0  1:1  2:2  3:3  4:4  5:5  6:6 7:7
EGRESS priority mappings: 0:0 1:1 2:2 3:3 4:4 5:5 6:6 7:7

Ping command to send 8 requests:

for pcp in 0x00 0x20 0x40 0x60 0x80 0xA0 0xC0 0xE0; do ping 192.168.22.3 -w2 -c1 -Q $pcp ; done

Sent packets are captured on outgoing interface with "tshark -i eno2 -f 'icmp and dst host 192.168.22.3' -V". grep for L2 and L3 CoS fields in headres shows intended DSCP values there but '000' PCP "Priority" values:

000. .... .... .... = Priority: Best Effort (default) (0)
        0000 00.. = Differentiated Services Codepoint: Default (0)
    000. .... .... .... = Priority: Best Effort (default) (0)
        0010 00.. = Differentiated Services Codepoint: Class Selector 1 (8)
    000. .... .... .... = Priority: Best Effort (default) (0)
        0100 00.. = Differentiated Services Codepoint: Class Selector 2 (16)
    000. .... .... .... = Priority: Best Effort (default) (0)
        0110 00.. = Differentiated Services Codepoint: Class Selector 3 (24)
    000. .... .... .... = Priority: Best Effort (default) (0)
        1000 00.. = Differentiated Services Codepoint: Class Selector 4 (32)
    000. .... .... .... = Priority: Best Effort (default) (0)
        1010 00.. = Differentiated Services Codepoint: Class Selector 5 (40)
    000. .... .... .... = Priority: Best Effort (default) (0)
        1100 00.. = Differentiated Services Codepoint: Class Selector 6 (48)
    000. .... .... .... = Priority: Best Effort (default) (0)
        1110 00.. = Differentiated Services Codepoint: Class Selector 7 (56)

What I've tried that haven't helped: swithing off reorder_hdr ip link set eno2.814 type vlan reorder_hdr off Setting vlan egress-qos-map to map kernel values(wich IMHO should be already set equal to IP precedence values of the ping utility) to PCP: ip link set eno2.814 type vlan egress-qos-map 0:0 1:1 2:2 3:3 4:4 5:5 6:6 7:7 Setting outgoing interface qdisc. I've created eno2.814 on eno2 with nmtui and no qdisc was set by default. So I've thought it could be the problem and tried to set the queues and qdisc(s) manually ip link set eno2 numtxqueues 8 numrxqueues 8 tc qdisc add dev eno2.814 root handle 1: mq -- RTNETLINK answers: Operation not supported tc qdisc add dev eno2.814 root handle 1: mqprio -- Error: Specified qdisc kind is unknown. tc qdisc add dev eno2.814 root handle 1: multiq -- Error: Specified qdisc kind is unknown. tc qdisc delete dev eno2.814 root tc qdisc add dev eno2.814 root handle 1: pfifo_fast sudo systemctl restart NetworkManager does not seem to help either. What I don't get: I assume that ping -Q set kernel SO_PRIORITY for a packet. Does it? Can vlan and parent qdiscs difference have any influence? Why "/proc/net/vlan/eno2.814" EGRESS priority mappings shows mapping 0:0 but "ip -d link show eno2.814 egress-qos-map" does not? Do I need to get into hw queus presented to kernel or I need just one hw or some default queues if I just want packet marking, not specific queue handling? What is wrong with my config?

#### Problem I've searched internet like anything but couldn't find much about limiting upload. The solutions given are not limiting IP basis like this one but LAN as a whole. +-----+ +--------+ | S | | User A |---+ W | +--------+ | I | +--------+ | T | +--------+ +----------+ | User B |---+ C +-----| Router |--------| Internet | +--------+ | H | +--------+ +----------+ .... ... / ... +--------+ | H | | User N |---+ U | +--------+ | B | +-----+ - UserA:172.16.10.2 - UserB:172.16.10.3 - RouterPrivate:172.16.0.1 - UserC:172.16.10.4 I want to limit only upload of 172.16.10.3 & 172.16.10.4 using tc htb and iptables #### What I've already tried I altered the script as per my requirement.

IF_INET=external

# upload bandwidth limit for interface
BW_MAX=2000

# upload bandwidth limit for 172.16.16.11
BW_CLIENT=900


# first, clear previous settings
tc qdisc del dev ${IF_INET} root

# top-level htb queue discipline; send unclassified data into class 1:10
tc qdisc add dev ${IF_INET} root handle 1: htb default 10

# parent class (wrap everything in this class to allow bandwidth borrowing)
tc class add dev externel parent 1: classid 1:1 htb \
  rate ${BW_MAX}kbit ceil ${BW_MAX}kbit

# two child classes
#

# the default child class
tc class add dev ${IF_INET} parent 1:1 \
  classid 1:10 htb rate $((${BW_MAX} - ${BW_CLIENT}))kbit ceil ${BW_MAX}kbit

# the child class for traffic from 172.16.16.11
tc class add dev ${IF_INET} parent 1:1 \
  classid 1:20 htb rate ${BW_CLIENT}kbit ceil ${BW_MAX}kbit

# classify traffic
tc filter add dev ${IF_INET} parent 1:0 protocol ip prio 1 u32 \
  match ip src 172.16.16.11/32 flowid 1:20

but this will *not* work for limiting upload. So what's the solution?

I have a camera that creates RTSP traffic. I connected it to a Linux PC via Ethernet, configured the network and access. But when I tried to apply QoS rules, the tc statistics showed that too few bytes were sent. After some research, I found that HTTP, SSH and RTSP (connection) traffic from the camera was displayed correctly in the statistics. However, tc seems to work differently with RTP traffic. Video in VLC was playing, nft and tcpdump showed traffic. I tried using Debian 12, Ubuntu 24.04, Manjaro - it still didn't work. Imitating RTP with FFMPEG also did not bring success. This seems really weird and I didn't know what could cause the problem or what else to try.

These following two lines were in my dmesg:

[xx] wlan0: AP has invalid WMM params (AIFSN=0 for ACI 0), will use 2
[xx] wlan0: AP has invalid WMM params (missing AC 0), using defaults

Another one:

[xx] wlan0: AP has invalid WMM params (CWmin/max=0/0 for ACI 3), using defaults

I use DD-WRT to limit WAN bandwidth to one MAC address using DD-WRT's web interface. The key entry in the web interface (in "NAT/QoS" tab's "QOS" tab) is "MAC priority", which I normally set to 10000 "WAN Max Down kBits". I temporarily sometimes increase this value to 60000, but this is never needed permanently, so it seems wasteful to set this in the web interface (since it overwrites the NVRAM flash memory which has limited write cycles before wear-out). So, is there a way to temporarily increase this value with some command I could issue during a telnet session (and does not overwrite the NVRAM)? I have tried some wild guesses with the tc command, but been unsuccessful.

I'm trying to figure out if there are any chances to switch on/off U-APSD power save mode at my laptop. Currently I found a command to switch power save mode on/off: root@host # iw dev wlan3 set power_save on/off I suppose it just switches power save on/off without consideration of PSPoll/UAPSD power saving mode. So, I guess if AP supports UAPSD it will be used. But I need UAPSD (WMM) to be off. Also I saw a WMM is availabe for my card: root@host # iw dev wlan3 station dump Station 00:e1:6d:XX:XX:XX (on wlan3) inactive time: 148 ms rx bytes: 5983752 rx packets: 27939 tx bytes: 1075591 tx packets: 8168 tx retries: 632 tx failed: 0 signal: -58 dBm signal avg: -56 dBm tx bitrate: 130.0 MBit/s MCS 15 authorized: yes authenticated: yes preamble: long WMM/WME: yes MFP: no TDLS peer: no So is there any possibility to switch WMM on/off? WiFi module: Intel 7260

I'm running Debian as a home router and server with DLNA, samba, and netatalk. I've set up wondershaper for the external interface (not the outdated debian package but obtained and built from https://github.com/magnific0/wondershaper.git) and have set it up in /etc/systemd/wondershaper.conf. However, I notice when copying large files to samba that web and interactive traffic is slow -- presumably because the internal network is busy. So: I guess I need to add wondershaper to the internal interface? Is this possible? The config file seems to support only one interface? Or is there a better way?

I am using IMQ and Iptables to control the packages outcome from my LAN using ESFQ, but it is not work at all. How I can control the upload of my LAN, I know that others systems like Mikrotik, has its own QoS similar to ESFQ and it can control the upload correctly. There are other alternative to simulate the ESFQ mechanism to control uploads?

I have a network topology: Server router1 router2 router3 edgeRouter "internet" All routers are linux based, and support iptables. The server sets traffic classes with iptables (--set class X:Y), and routers do some "routing" based on the class that is set. (Class depends on the originating application). The edge routers forwards the packets via our ISP to the internet, and recieves the return (reply) packets. The recieves replies ofcourse have no traffic class set. Is it possible to use an iptables rule on the edge router (mangle, or something simmilar), to track the return packets (NAT-style, packets from "ESTABLISHED" connections) and to mark the returning packets with the same traffic class as the originating packet? Enabling NAT on the edge router is not a problem. TLDR: How to use iptables to classify ingress packets with the same class as egress for the same connection.

**Context:** I'm doing some self-guided studying on TCP Window shaping. The scenario I'm trying to control for are clients which will be pulling down large amounts of data in addition to their normal workload. I can't really use tc since I'm on the receiving end on most of the data so packet classifying/scheduling/shaping is a moot point. trickle doesn't work like how I would want it to (added abstraction layer and there are multiple types of programs that just won't work with it). I was also unable to find a way to do this using iptables even though several modules looked like they were close to what I was wanting to achieve. **Question:** I'm looking at the man page for the ip route add command which has options for controlling the TCP window size. The relevant options are: window NUMBER the maximal window for TCP to advertise to these destinations, measured in bytes. It limits maximal data bursts that our TCP peers are allowed to send to us. cwnd NUMBER (2.3.15+ only) the clamp for congestion window. It is ignored if the lock flag is not used. initcwnd NUMBER the maximum initial congestion window (cwnd) size in MSS of a TCP connection. initrwnd NUMBER (2.6.33+ only) the initial receive window size for connections to this destination. Actual window size is this value multiplied by the MSS of the connection. The default value is zero, meaning to use Slow Start value. My questions are: 1. Why is there an option for explicitly setting the clamp on the congestion window (i.e cwnd) but not on the receive window (such as rwnd)? 2. Is the idea that I will set window (whose description reads like it affects congestion and receive windows equally) if I want to control the receive window?

We are hosting an application on remote server. We need to test it with a limited network bandwidth (for users with bad Internet access). Can I limit my internet bandwidth? For instance: 128 KB per second. This question focuses on system-wide or container-wide solutions on Linux. See https://unix.stackexchange.com/questions/39384/limiting-a-specific-shells-internet-bandwidth-usage for process- or session-specific solutions.

In my small, private, network I have a device (IP address 192.168.0.240) which I want to have a "guaranteed" section of the pipe. To that end, I've been following this Server Fault article to shape the *egress* on a my interface. I've done, on interface **ifb0**, the same things I've done on **eth1** as discussed in this article. The egress traffic on **eth1** is working as expected (tc -s class show dev eth1 verifies this). However, when I look at the stats on the class for ifb0, there are no bytes or packets moving through it. # tc -s class show dev ifb0 class htb 1:1 root rate 950000Kbit ceil 950000Kbit burst 120293b cburst 120293b Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) rate 0bit 0pps backlog 0b 0p requeues 0 lended: 0 borrowed: 0 giants: 0 tokens: 1013 ctokens: 1013 class htb 1:10 parent 1:1 prio 1 rate 10000Kbit ceil 25000Kbit burst 2850b cburst 4725b Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) rate 0bit 0pps backlog 0b 0p requeues 0 lended: 0 borrowed: 0 giants: 0 tokens: 2280 ctokens: 1512 class htb 1:20 parent 1:1 leaf 8003: prio 2 rate 900000Kbit ceil 950000Kbit burst 114075b cburst 120293b Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) rate 0bit 0pps backlog 0b 0p requeues 0 lended: 0 borrowed: 0 giants: 0 tokens: 1014 ctokens: 1013 The rules are set thusly: echo Changing MTU of ingress interface to that of eth1 eth1Mtu=$(cat /sys/class/net/eth1/mtu) echo ${eth1Mtu} > /sys/class/net/ifb0/mtu # This little bit of redirection magic is taken from https://serverfault.com/a/386791 echo Adding ingress qdisc to the eth1 interface tc qdisc add dev eth1 handle ffff: ingress tc filter add dev eth1 parent ffff: protocol ip u32 match u32 0 0 action mirred egress redirect dev ifb0 echo Adding egress logic to the pseudo interface tc qdisc add dev ifb0 root handle 1: htb default 20 tc class add dev ifb0 parent 1: classid 1:1 htb rate 950mbit tc class add dev ifb0 parent 1:1 classid 1:10 htb rate 10mbit ceil 25mbit prio 1 tc class add dev ifb0 parent 1:1 classid 1:20 htb rate 900mbit ceil 950mbit prio 2 tc qdisc add dev ifb0 parent 1:20 sfq tc filter add dev ifb0 parent 1: protocol ip prio 1 u32 match ip src 192.168.0.240/32 flowid 1:10 What am I doing incorrectly in this that the traffic isn't being routed through the pseudo, mirrored, interface? --- **EDIT** A respondent tried these rules and was showing traffic routed as I'd expected. This made me think that I should have included: this is being done on Red Hat EL 5 (CentOS 5: kernel 2.6.18-348.18.1.el5). It's terribly, terribly old I know. I cannot change the OS though.

Is there a way to get the bandwidth, delay, jitter collision, error rate and loss rate of a certain link through the interface on a local machine? let's say my machine is connected to a network via two interfaces, one wireless and the other ethernet. I want to compare the quality of these two links through these measurements. Is there any way to get these measurements in the Linux kernel? (v. 3.5.0)

I have seen connmark or ctinfo could work for this but couldn't find a simple effective command to make it work (Not familiar within this area). The command can be applied to the TCP termination node or any linux node as intermediary router.

Depending on how it was compiled and on its version number, tc tool does not always handle the same list of queueing disciplines, filters, policing actions and so on. I am looking for a way to get a list of those different elements. I tried tc -V of course, which displays the version but nothing about the supported algorithms. Likewise, tc help or tc qdisc help or tc qdisc add help does not print an exhaustive list of the queueing disciplines I can use. I had a look at /etc/iproute2/ directory which seems to contain some data related to ip tool, but I did not find anything about traffic control. I could probably get most of the list from the manual pages or from source code, but that would not tell me what will be enabled after compiling. Furthermore I intend to process those lists and would really like to get them either from command line if possible, or from a system file that would be more reliable / parsable than a man page. Would anyone know how I could get the list of algorithms supported by my tc version, or whether it is possible at all to obtain it?

Traffic from eth0 arriving from gateway should be sent to ifb0 for ingress shaphing. Here some relevant outputs and commands ip route default via 192.168.0.1 dev eth0 metric 200 realm 1 What principally works (but also redirecting local traffic, which should not be shaped) sudo tc filter add dev eth0 parent ffff: protocol ip u32 match u32 0 0 action mirred egress redirect dev ifb0 So basically setup is working. Now I try with sudo tc filter add dev eth0 parent ffff: protocol ip route from 1 action mirred egress redirect dev ifb0 But this isn't working. Traffic isn't routed to ifb0. Whats the correct syntax to route all traffic from gateway to ifb0. On creating this rule I was refering to https://www.tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.adv-filter.route.html Thanks for help.

I'm trying to prioritize traffic over the Linux-based software bridge in my network. When I generate traffic locally (on the machine hosting the bridge), the traffic is correctly prioritized. However, the "remote" traffic (from other nodes passing through the bridge) is not prioritized (same bandwidth distribution to all senders). Maybe someone knows why? Bridge is set up as follows for the I350 network adapter (Linux 5.1.8-1-MANJARO #1 SMP PREEMPT Sun Jun 9 20:44:14 UTC 2019 x86_64 GNU/Linux): brctl addbr br0 ip link set dev enp1s0f0 promisc on ip link set dev enp1s0f1 promisc on ip link set dev enp1s0f2 promisc on ip link set dev enp1s0f3 promisc on brctl addif br0 enp1s0f0 brctl addif br0 enp1s0f1 brctl addif br0 enp1s0f2 brctl addif br0 enp1s0f3 ip link set dev br0 up tc qdisc del dev enp1s0f0 root tc qdisc add dev enp1s0f0 root prio tc qdisc del dev enp1s0f1 root tc qdisc add dev enp1s0f1 root prio tc qdisc del dev enp1s0f2 root tc qdisc add dev enp1s0f2 root prio tc qdisc del dev enp1s0f3 root tc qdisc add dev enp1s0f3 root prio ip addr add 192.168.1.1/24 dev br0 UDP traffic is generated with iperf3 and by setting the TOS field appropriately e.g. Low-Prio Sender: iperf3 -c 192.168.1.140 -u -b 100m -S 0x2 -p 5201 -t 30 Hi-Prio Sender : iperf3 -c 192.168.1.140 -u -b 100m -S 0x0 -p 5202 -t 30 Prio map is left with default settings: priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1

I am trying to prioritize TCP traffic using ToS field in IP header. I am saturating the interface(ethernet) by sending 1GB data through iperf with ToS field set to 0x10 (Minimize-Delay). I then start another TCP client with default ToS (0). Expectation : My TCP client should not send data till iperf completes sending its data. Result: The data from my client is sent even tough iperf is sending packets with higher priority. I also tried to create the same scenario by creating 2 separate clients and allocating 0x10 and 0x08 ToS to respective clients using iptables. I used : iptables -A PREROUTING -t mangle -p tcp --sport 5000 -j TOS --set-tos Minimize-Delay I am still not able to prioritize one client over other. Altough I can see the packets marked with ToS in wireshark. I am using Ubuntu (14.04) with iptables version 1.4.21

I'm using iptables mangle to mark traffic with different DSCP values. I'd like to confirm the order in which overlapping rules will be applied. I assumed that the logic would be the same as with iptables generally: the first matching rule in the chain would be applied. But in fact it seems to be the reverse. For example with the following rules: Chain OUTPUT (policy ACCEPT) target prot opt source destination DSCP icmp -- anywhere anywhere DSCP set 0x14 DSCP all -- anywhere anywhere DSCP set 0x0f I assumed that ICMP packets would be marked with 0x14, but they are in fact marked with 0x0f. Can I trust this always to be the case? That the last matching rule in the chain will be applied instead of the last one? I could not find documentation about this anywhere.