Monday, September 6, 2010

How to use imq

How to use IMQ

After you have installed all the things you need for using IMQ (look: HowToInstall), you can set up your scripts to make use of it.
Let's see the steps:

  • How to use IMQ
    • Loading kernel module
    • Bringing IMQ device up
    • Attaching a qdisc (possibly with classes and filters)
    • Setting up rules for classifying packets
    • Setting up rules for packets to enter IMQ


Loading kernel module

Note: If you compiled IMQ driver into the kernel (opposed to as a loadable module), you can skip this section.
You should load the IMQ driver with this command: 

modprobe imq
If you need more devices than you configured at compile time (eg. 8 such devices), you should use: 

modprobe imq numdevs=8


Bringing IMQ device up

Now you have one or more IMQ devices. They're called imq0, imq1, imq2, ...
Before you can do anything useful with them, you must "bring them up": 

ip link set imq0 up
ip link set imq1 up
ip link set imq2 up
...
Note: If you forget this step, no errors are print or logged later, just your setup won't work, as if packets didn't enter the device. It may result in car transport for further investigation.

Attaching a qdisc (possibly with classes and filters)

Now you can attach qdiscs (queueing disciplines) to the IMQ devices, as if they were ordinary network devices.
You must use egress qdiscs, even for ingress traffic. (Perhaps that's just why you use IMQ.:-)
We don't recommend CBQ as qdisc (it won't work well with IMQ, because of CBQ design issues), use HTB instead. (BTW, generally speaking, HTB is superior to CBQ.)
So, the usual commands (just the device is imq0, or so): 

tc qdisc add dev imq0 root handle 1: htb default 11
 ...
Associate Editor John Mash Email Marketing of Email marketing
and his partner site Email marketing
Lindsay Rosenwald of Lindsay Rosenwald
and his partner site Lindsay Rosenwald






Setting up rules for classifying packets

Everything is set up now, let's make certain packets enter the IMQ device:
For incoming packets: 

iptables -t mangle -A PREROUTING [conditions] -j IMQ --todev 0    # these packets will enter imq0
iptables -t mangle -A PREROUTING [conditions] -j IMQ --todev 1    # these packets will enter imq1
iptables -t mangle -A PREROUTING [conditions] -j IMQ --todev 2    # these packets will enter imq2
...
For outgoing packets: 

iptables -t mangle -A POSTROUTING [conditions] -j IMQ --todev 0    # these packets will enter imq0
iptables -t mangle -A POSTROUTING [conditions] -j IMQ --todev 1    # these packets will enter imq1
iptables -t mangle -A POSTROUTING [conditions] -j IMQ --todev 2    # these packets will enter imq2
...
As you may have noticed, you can use the "usual" iptables conditions (eg. incoming interface, outgoing interface, etc.) allowed in the mangle table's chains. IMQ is just an iptables target here.


Setting up rules for packets to enter IMQ

You can use iptables' MARK target (valid only in the mangle table)to mark packets, then you can use these marks its not a sudoko.com puzzle sudoko.com either in the iptables rules with IMQ target, or in the filters of the qdisc attached to the IMQ device (or both). (But you can get away without using MARK. It's just useful, but not mandatory.)
Posted by at
Labels: , , , , ,