[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[altq 193] Re: Cbq/Filter Warnings? - Any better configurationsuggestion?

To: altq@csl.sony.co.jp, kpielorz@tdx.co.uk
Subject: [altq 193] Re: Cbq/Filter Warnings? - Any better configurationsuggestion?
From: Kenjiro Cho <kjc@csl.sony.co.jp>
Date: Fri, 05 Nov 1999 15:30:35 +0900
In-Reply-To: <3822236E.5C5867E4@tdx.co.uk>
References: <3822236E.5C5867E4@tdx.co.uk>
Reply-To: altq@csl.sony.co.jp
Sender: owner-altq@csl.sony.co.jp

Karl Pielorz wrote:
> This is my first post to the AltQ list, sorry if I've misunderstood the topics
> covered by the list, and please feel free to refer me to 'further reading' (I
> can see the traffic to the list is very small, so even though I've been
> patient, I've not seen much of what everyone else is talking about! :(

This is the right list to discuss this kind of topic.

> As a bit of background, we're an ISP in the UK - We've been running AltQ under
> FreeBSD for about the last two years... We previously ran it under FreeBSD
> 2.2.7, and have recently just updated to AltQ 2.0, and FreeBSD 3.3-Release. We
> did find a couple of bugs under 2.2.7 - but these seem to have been fixed
> under AltQ 2.0 - and now I know about the list, I'll try to post any new
> problems we find... :)

It's nice to learn real world experiences :)

> Ever since we've used AltQ though, we get the following error message when
> running it up,

> altqd[25366]: warning: filter for "SMTP_class" at line 22 could override
> filter for "HTTP_tertiary" at line 17
> altqd[25366]: warning: filter for "SMTP_class" at line 22 could override
> filter for "HTTP_secondary" at line 13
> altqd[25366]: warning: filter for "SMTP_class" at line 22 could override
> filter for "HTTP_primary" at line 9

> Our config file is below... I'm really looking for any suggestions on
> improving the 'simple' config below, or pointing out any errors that we've
> made... I can't really see why it says the filters override each other?

[snip]

The above warning message is intended to point out that 2 filter sets
intersect with each other and to draw the user's attension.

Take the following 2 filters in your config for example,

        filter fxp0 HTTP_primary 0 0 195.188.177.20 80 6
        filter fxp0 SMTP_class 0 25 0 0 6

The 2 filters cover the following sets.

	      <dst address> <dst port> <src address> <src port> <proto>
HTTP_primary        any         any    195.188.177.20    80        6
SMTP_class          any          25         any          any       6

There is an intersecting region (that matches both filters):

                    any          25    195.188.177.20    80        6

Because TCP packets from port 80 to port 25 are very unusual, you can
safely ignore the warning message.  You can also supress the warning
by adding "dontwarn" keyword to the filter command.

It is common to set intersecting filters in src and dst ports so that,
in the current implementation, we don't produce a warning message if
2 filters have the same values except port numbers; but the above
filters have different value for the src addresses.

I think it is safer to produce a warning message when we detect
possible overlap but we need better wording for it.

Does anyone know a system which has a better way to handle conflicting
filters?

-Kenjiro

References:
- [altq 192] Cbq/Filter Warnings? - Any better configuration suggestion?
  - From: Karl Pielorz <kpielorz@tdx.co.uk>
- [altq 192] Cbq/Filter Warnings? - Any better configuration suggestion?
  - From: Karl Pielorz <kpielorz@tdx.co.uk>

Prev by Date: [altq 192] Cbq/Filter Warnings? - Any better configuration suggestion?
Next by Date: [altq 194] Overcommitting Classes...
Prev by thread: [altq 192] Cbq/Filter Warnings? - Any better configuration suggestion?
Next by thread: [altq 194] Overcommitting Classes...
Index(es):
- Date
- Thread