![首頁 Logo Keith ]p !!](/themes/mytheme/logo.png){kind=logo}
最後更新: 2024-08-27
前言
ingress 的限速叫 police (upload 叫 traffic shaping)
traffic rate by dropping exceeding packets (使用 ifm 做中介會有更多玩法)
實例
apt install -y iproute2
有兩款限速, 分別係以 byte 計算及以 packet 計算
-
rate(bits), burst(bytes)
-
pkt_rate, pkt_burst
Step 1: 加 ingress qdisc 到 NIC
# The ingress qdisc itself does not require any parameters.
# It differs from other qdiscs in that it does not occupy the root of a device.
tc qdisc add dev eth0 ingress
tc qdisc show dev eth0 ingress
qdisc ingress ffff: parent ffff:fff1 ----------------
Step 2: 限速
tc filter add dev eth0 parent ffff: u32 \
match ip protocol 17 0xff \
match ip dport 23456 0xfff \
police rate 1mbit burst 1m
tc filter show dev eth0 ingress
filter parent ffff: protocol all pref 49152 u32 chain 0
filter parent ffff: protocol all pref 49152 u32 chain 0 fh 800: ht divisor 1
filter parent ffff: protocol all pref 49152 u32 chain 0 fh 800::800 order 2048 key ht 800 bkt 0 terminal flowid ??? not_in_hw
match 00110000/00ff0000 at 8
match 00000ba0/00000fff at 20
police 0x1 rate 1Mbit burst 1Mb mtu 2Kb action reclassify overhead 0b
ref 1 bind 1End - Cleanup
# Delete qdisc & filter
tc qdisc del dev eth0 ingress
tc filter del dev eth0 ingress
Help
man tc-police
