Problem in installation

[imehrdad2012]

Hello,

I have successfully installed the ratelimit package. As you can see the following is after running the help command: ratelimit match options: --ratelimit-set Name of the ratelimit set to be used. DEFAULT will be used if none given. --ratelimit-mode Address match: src or dst. xt_ratelimit by: ABC

However, I am getting the following error after running "iptables --ratelimit-set name0 --ratelimit-mode src -j DROP". What can cause such error? "iptables v1.4.21: unknown option "--ratelimit-set"

[aabc]

Are you sure you have single version of iptables installed?

[imehrdad2012]

Yes. I am sure that I have a single version installed. This is because I was able to get your other package called "ipt-netflow" up and running without any problem on the same machine. I also checked the lib/xtables folder and the ratelimit module is there.

Thanks

[aabc]

You missed -m option, please follow usage examples from README.

[aabc]

Ah, I missed -m in README too... ;) But there's correct usage example in Makefile. Let me correct this.

Before I submit README fix: add -m ratelimit before ratelimit options.

[aabc]

Thanks for the report! I was wondering, why people report (you are not the first) this usage problem, thinking usage of -m is obvious and documented good enough.

[imehrdad2012]

Thanks for the response. It works now. I would like to perform rate limiting based on the Type of service field (TOS) in the IP header. Does the source code support this? Is there any easy way to extend it?

[aabc]

This is not implemented. But, I wonder how would you use it (especially in TBF case)? For example, it turned out that there is user A with two class of traffic. Are you planned to give her two separate bandwidths?

[imehrdad2012]

Yes. In fact, I would like to implement a bandwidth enforcement mechanism based on TOS bits. Do you have any idea what the best way is to extend your code?

Thanks!

[aabc]

I don't know what you want to implement and why it's useful. But codebase currently is simple enough to extend in any direction (hash table + CAR counters).

[imehrdad2012]

Thanks! There are many cases where the application type/name and rate control policy are highly coupled, particularly in cellular networks where there are hundreds of applications and operators might have different application-specific policies. In my use case, I would like to grant 1Mbps to packets with TOS field 12 and 2Mbps to packets with TOS field 14, while all packets are in the same TCP flow (i.e., all packets have the same source/destination IP/port). The current codebase assumes IP addresses are differentiators.

[aabc]

I have requests to support fwmark and priority from other users too.

I would like to grant 1Mbps to packets with TOS field 12 and 2Mbps to packets with TOS field 14, while all packets are in the same TCP flow

So, together they can consume 3Mbps? If yes, that would be simpler to implement (add AND mask and VALUE to compare, additional to IP address that we already have).

But, I fear, people will expect from QOS that there should by maximum bandwidth N, where traffic of different class have higher or lower priority. Like in CBQ. But to implement CBQ is harder in the context of the goals that ipt-ratelimit try to reach — pure policing with out queues to let it be used for many thousands rate-limits (clients).