iproute2-2.6.23 (20071016) breaks IN-BANDWIDTH traffic shaping, according to manpage: tc filter [ add | change | replace ] dev DEV [ parent qdisc-id | root ] protocol protocol prio priority filtertype [ filtertype specific parame- ters ] flowid flow-id tc should be able to handle flowid, but on: filter add dev ${DEV} parent ffff: protocol ip prio 50 u32 match ip protocol 1 0xff \ police rate ${DOWNLINK}kbit burst $[${DOWNLINK}/10]kb drop flowid :1 you get: What is "flowid"? Illegal "police" What is "flowid"? Illegal "police" If you drop flowid as suggested here: http://www.shorewall.com.au/3.4/shorewall-3.4.7/errata/patches/Shorewall/patch-3.4.7-2.diff you get for my above example: ---- filter parameters Ingress ---------- filter protocol ip pref 50 u32 filter protocol ip pref 50 u32 fh 800: ht divisor 1 filter protocol ip pref 50 u32 fh 800::800 order 2048 key ht 800 bkt 0 terminal flowid ??? match 00010000/00ff0000 at 8 police 0x27 rate 16000Kbit burst 1600Kb mtu 2Kb action drop ref 1 bind 1 filter protocol ip pref 51 u32 filter protocol ip pref 51 u32 fh 801: ht divisor 1 filter protocol ip pref 51 u32 fh 801::800 order 2048 key ht 801 bkt 0 terminal flowid ??? match 00000000/00000000 at 12 police 0x28 rate 15744Kbit burst 1574Kb mtu 2Kb action drop ref 1 bind 1 ... so this package is broken?
Additional info: here is the ouput of the earlier iproute2 package: ---- filter parameters Ingress ---------- filter protocol ip pref 50 u32 filter protocol ip pref 50 u32 fh 800: ht divisor 1 filter protocol ip pref 50 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid :1 match 00010000/00ff0000 at 8 police 0x29 rate 16000Kbit burst 1600Kb mtu 2Kb action drop ref 1 bind 1 filter protocol ip pref 51 u32 filter protocol ip pref 51 u32 fh 801: ht divisor 1 filter protocol ip pref 51 u32 fh 801::800 order 2048 key ht 801 bkt 0 flowid :1 match 00000000/00000000 at 12 police 0x2a rate 15744Kbit burst 1574Kb mtu 2Kb action drop ref 1 bind 1 (output with sys-apps/iproute2-2.6.22.20070710)
may be this will be of any help: http://www.mail-archive.com/netdev@vger.kernel.org/msg27754.html
use iproute2-2.6.24.20080108