I am trying to modify the Red Algorithm (http://en.wikipedia.org/wiki/Random_early_detection) for certain experiments.
After modifying the code, I loaded onto the kernel using the insmod command.
I verified the successful loading by using lsmod | grep red_new
However when I try to use the tc qdisc command it fails giving the following error:
tc qdisc add dev eth0 root red_new limit 100 min 80 max 90 avpkt 10 burst 10 probability 1 bandwidth 200 ecn
unknown qdisc "red_new" hence option "limit" is unparsable
What could be the possible reason ?
After running the ltrace command suggested by ymonad I get the following output:
strlen("red_new") = 7
strlen("red_new") = 7
strlen("red_new") = 7
strncpy(0x7fff6467ad10, "red_new", 15) = 0x7fff6467ad10
dlopen("./tc/q_red_new.so", 1) = 0x1abe030
dlsym(0x1abe030, "red_new_qdisc_util") = 0x7f62bdd240c0
memcpy(0x7fff6467ad48, "red_new\0", 8) = 0x7fff6467ad48
I ran the tc qdisc show to check if it was added but it hasn't.
tc qdisc show
qdisc mq 0: dev eth0 root
qdisc mq 0: dev eth1 root
qdisc mq 0: dev eth2 root
qdisc mq 0: dev eth3 root
According to the result of strace tc qdisc add dev eth0 root red_new, and source of tc command, it seems that tc is searching for $TC_LIB_DIR/q_red_new.so.
You have to create the module for your own. I would give you small instruction.
(1) Download source of iproute2 from following url, extract it, and cd to the folder.
https://wiki.linuxfoundation.org/networking/iproute2
(2) Copy q_red.c to q_red_new.c
$ cp tc/q_red.c tc/q_red_new.c
(3) Edit tc/q_red_new.c
Rename red_parse_opt, red_print_opt, red_print_xstats, to red_new_parse and so on.
Additionally you have to rename red_qdisk_util to req_new_qdisc_util and change the id and other members.
struct qdisc_util red_new_qdisc_util = {
.id = "red_new",
.parse_qopt = red_new_parse_opt,
.print_qopt = red_new_print_opt,
.print_xstats = red_new_print_xstats,
};
(4) Configure and build q_red_new.so
$ ./configure
$ make TCSO=q_red_new.so
now you see that ./tc/q_red_new.so is created
(5) Run tc command with TC_LIB_DIR environment.
$ TC_LIB_DIR='./tc' tc qdisc add dev eth0 root red_new
UPDATE: here's how to know that the tc command loaded the q_red_new.so correctly.
if dlopen returns zero then you failed to load./tc/q_red_new.so.
if dlsym returns zero then you failed to load red_new_qdisc_util inside the q_red_new.so.
# export TC_LIB_DIR='./tc'
# ltrace ./tc/tc qdisc add dev eth0 root red_new limit 100 min 80 max 90 avpkt 10 burst 10 probability 1 bandwidth 200 ecn 2>&1 | grep red_new
.. OMITTED ..
dlopen("./tc/q_red_new.so", 1) = 0x12c1030
snprintf("red_new_qdisc_util", 256, "%s_qdisc_util", "red_new") = 18
dlsym(0x12c1030, "red_new_qdisc_util") = 0x7f1cf0d6cc40
.. OMITTED ..
Related
I would like to have your help on this:
I have a file of thousands of lines, I need to find a section of the file and delete some lines in place:
This is the section and the lines I would like to delete are marked:
interface Vlan824
description WRES_824
vrf forwarding V211
ip address 172.17.224.2 255.255.240.0 #### Delete this ####
ip helper-address xxxx
ip helper-address xxxy
no ip redirects
no ip proxy-arp
ip verify unicast source reachable-via rx 2699
standby delay minimum 0 reload 60
standby version 2
standby 0 ip 172.17.224.1 #### Delete this ####
standby 0 priority 110
standby 0 preempt delay minimum 300 reload 300
shutdown
standby 1 ipv6 FE80::1 #### Delete this ####
standby 1 ipv6 <IPV6-PREFIX-1>0E:824::1/64 #### Delete this ####
standby 1 priority 110
standby 1 preempt delay minimum 300 reload 300
ipv6 address FE80::2 link-local #### Delete this ####
ipv6 address <IPV6-PREFIX-1>0E:824::2/64 #### Delete this ####
ipv6 nd prefix <IPV6-PREFIX-1>0E:824::/64 no-advertise #### Delete this ####
ipv6 nd managed-config-flag
ipv6 nd other-config-flag
no ipv6 redirects
ipv6 dhcp relay destination xxx
ipv6 dhcp relay destination xxx
ipv6 verify unicast source reachable-via rx URPF
bfd interval 750 min_rx 750 multiplier 3
arp timeout 300
!
This sed would delete the mentioned lines (except the third one), but I need to do it JUST in that section.
sed -i '/224.1/d; /224.2/d; /224.3/d; /:224::/d; /:824::/d' FILE.txt
I would appreciate your help.
Fer
EDIT:
To clarify what I need, if I have this file:
aaa
bbb
hhh
eeb
ccc
!
aab I need to find this section ( from aab to ggc )
hhb and delete just the eeb line
eeb
ffb
ggc
!
aac
hhc
eeb
ffc
Combine your command into a single group, and address the group with the range you want to affect.
sed -i '/interface Vlan824/,/!/{/224.1/d;/224.2/d;/224.3/d;/:224::/d;/:824::/d;}' foo.txt
Supposing the section you want to edit is the Vlan824 one (ending with the ! character), and the pattern to match to delete lines are 224.1 and FE80
sed -n '/Vlan824/,//p;/^\!/q' your-file | grep -v '224.1\|FE80'
I am trying to simulate a 5% packet loss using the tc tool at server port 1234. Here are my steps -
sudo tc qdisc del dev eth0 root
sudo tc qdisc add dev eth0 root handle 1: prio
sudo tc filter add dev eth0 parent 1: protocol ip prio 1 u32 flowid 1:1 match ip dport 1234 0xffff
sudo tc qdisc add dev eth0 parent 1:1 handle 1: netem loss 5%
There are no errors during the above commands. But when I send any TCP traffic to that port, there is no packet loss observed.
What am I doing wrong in the above commands ?
Any help is appreciated.
See https://serverfault.com/a/841865/342799 for similar case.
Commands I have in my testing rig to drop 5.5% of packets:
# tc qdisc add dev eth0 root handle 1: prio priomap 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2
# tc qdisc add dev eth0 parent 1:1 handle 10: netem loss 5.5% 25%
# DST_IP=1.2.3.4/32
# tc filter add \
dev eth0 \
parent 1: \
protocol ip \
prio 1 \
u32 \
match ip dst $DST_IP \
flowid 1:1
To confirm, run:
# ping -f -c 1000 $DST_IP
before and after this setup.
Note: Almost all hosting providers start throttling your traffic if you do lot of flood pings.
I am clearing /etc/resolv.conf to disable network :
sudo mv /etc/resolv.conf /etc/resolv_backup.conf
sudo touch /etc/resolv.conf
Then to enable network:
sudo mv /etc/resolv_backup.conf /etc/resolv.conf
However the resource is busy and I cannot execute these commands.
I want to disable internet from within container and not using:
docker network disconnect [OPTIONS] NETWORK CONTAINER
which does this from server on which container is deployed.
I am using Alpine.
From inside of a container, you are typically forbidden from changing the state of the network:
$ docker run -it --rm alpine:latest /bin/sh
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
929: eth0#if930: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP
link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.3/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
/ # ip link set eth0 down
ip: ioctl 0x8914 failed: Operation not permitted
This is intentional, for security, to prevent applications from escaping the container sandbox. If you do not need security for your containers (and therefore something I recommend against doing), you can run your container with additional network capabilities:
$ docker run -it --rm --cap-add NET_ADMIN alpine:latest /bin/sh
/ # netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 172.17.0.1 0.0.0.0 UG 0 0 0 eth0
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
933: eth0#if934: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP
link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.3/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
/ # ip link set eth0 down
/ # ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
ping: sendto: Network unreachable
When you try to bring the network back up, you'll need to also setup the default route again to be able to connect to external networks:
/ # ip link set eth0 up
/ # ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
ping: sendto: Network unreachable
/ # netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
/ # route add default gw 172.17.0.1
/ # ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: seq=0 ttl=58 time=12.518 ms
64 bytes from 8.8.8.8: seq=1 ttl=58 time=11.481 ms
^C
--- 8.8.8.8 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 11.481/11.999/12.518 ms
First of all, clearing resolv.conf is not the proper way to disable network for your container. That just avoids name resolution, but you still can use IP connectivity.
To disable the network you should use the proper script depending if you are using systemd or sysV. Something similar to this should work (it depends on your distro):
# /etc/init.d/networking stop
# systemctl stop networking
Hope this helps! :-)
I send frames in packets from a client to a server on the server I want to shape my traffic.
I use this script to control the traffic. First down to 80 kbit after 10 seconds down to 40 kbit. (I know this is ridiculously low, I usually use bigger values)
#!/bin/bash
datenrate=80
datenrate2=40
echo "setting datarate to ${datenrate}"
touch started.info
sudo tc qdisc del dev ens3 root
sudo tc qdisc add dev ens3 handle 1: root htb default 11
sudo tc class add dev ens3 parent 1: classid 1:1 htb rate ${datenrate}kbit
sudo tc class add dev ens3 parent 1:1 classid 1:11 htb rate ${datenrate}kbit
echo "worked"
MSECONDS=$(($(date +%s%N)/1000000))
STOPTIME=0
while :
do
STOPTIME=$((($(date +%s%N)/1000000) - $MSECONDS))
if [ $STOPTIME -ge 10000 ]
then
sudo tc qdisc del dev ens3 root
sudo tc qdisc add dev ens3 handle 1: root htb default 11
sudo tc class add dev ens3 parent 1: classid 1:1 htb rate ${datenrate2}kbit
sudo tc class add dev ens3 parent 1:1 classid 1:11 htb rate ${datenrate2}kbit
touch calledthrottle.info
break
fi
done
echo "10 sec over - setting up a datarate drop to ${datenrate2} kbit"
while :
do
STOPTIME=$((($(date +%s%N)/1000000) - $MSECONDS))
if [ $STOPTIME -ge 20000 ]
then
sudo tc qdisc del dev ens3 root
echo "set to normal"
break
fi
done
touch ended.info
On my client I generate a logfile which I plot with GNUPlot and I both calculate the avg uploadspeed on server and on the client. In this case 2740 kbit/s. Am I not using the tc tool correctly?
Image of my results generated with GNUPlot:
Upload speed
tc qdisc show dev ens3
gives me
qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
which Im not able to delete with
sudo tc qdisc del dev ens3 root
Would be kind if someone could point me in the right direction and could explain why there is such a high upload rate, why there are frames coming through with a far higher throughput then shaped. Thank you.
Updated as adviced
Ok upload rate 80 kbit in tc gives me around 80*8 = 640 KiloBit/s. Still does not explain the fluctuation of the packet income
I have bunch of ipv6 neigh entries which are failed:
6000::2828:2802 dev eth2 lladdr 00:1f:a0:02:0e:b2 STALE
7000::1e1e:1e01 dev eth1 FAILED
8000::1e1e:1e01 dev eth1 FAILED
4000::1414:149e dev eth2 lladdr 00:03:00:04:00:09 PERMANENT
5000::1e1e:1e01 dev eth1 FAILED
3000::a0a:a3a dev eth1 lladdr 00:03:00:03:00:09 PERMANENT
Now, When I use flush to remove these entries, it says nothing to flush. Do you guys know how to flush or remove these entries, If I delete the entry, it goes in the failed state. Can I change the time for these values, so it automatically gets removed in say 10 seconds.
They should completely disappear when you do something like
ip -6 neigh del 3000::a0a:a3a dev eth1
But much more important: those addresses are bogons. They should never be in use anywhere... Seeing them in your neighbor discovery tables means that your system thinks they are on-link, and that should not be the case.
I suggest you look at your network configuration first. Your interfaces might have the wrong prefixes of prefix-lengths configured...
Yes you can have them removed in 10 secs or whatever.
$ sysctl net.ipv6.neigh.default
...
net.ipv6.neigh.default.gc_interval = 30
net.ipv6.neigh.default.gc_stale_time = 60
...
gc_interval is seconds after which the clean-up kicks in to remove stale entries.
gc_stale_time is seconds after which the entries are marked to be stale.
You can set both these values to 10. You can override these values exclusively for eth1 under net.ipv6.neigh.eth1.
$ sysctl -w net.ipv6.neigh.eth1.gc_interval=10
$ sysctl -w net.ipv6.neigh.eth1.gc_stale_time=10