OpenVZ Forum: Support » *SOLVED* How to disable raw sockets

Home » General » Support » *SOLVED* How to disable raw sockets

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

Re: How to disable raw sockets [message #3775 is a reply to message #3709]

Thu, 15 June 2006 13:28

Vasily Tarasov
Messages: 1345
Registered: January 2006

Senior Member

Finally I've got the reason... Smile

Hunk 1:

Quote:

DEV=eth0
tc qdisc del dev $DEV root
tc qdisc add dev $DEV root handle 1: cbq avpkt 1000 bandwidth 10mbit
tc class add dev $DEV parent 1: classid 1:1 cbq rate 512kbit allot 1500 prio 5 bounded isolated
tc filter add dev $DEV parent 1: protocol ip prio 16 u32 match ip src x.x.x.x flowid 1:1
tc qdisc add dev $DEV parent 1:1 sfq perturb 10

Hunk 2:

Quote:

DEV2=venet0
tc qdisc del dev $DEV2 root
tc qdisc add dev $DEV2 root handle 1: cbq avpkt 1000 bandwidth 10mbit
tc class add dev $DEV2 parent 1: classid 1:1 cbq rate 512kbit allot 1500 prio 5 bounded isolated
tc filter add dev $DEV2 parent 1: protocol ip prio 16 u32 match ip dst x.x.x.x flowid 1:1
tc qdisc add dev $DEV2 parent 1:1 sfq perturb 10

Note, that both hunks work at egress of VE0!

Here is why wget is limited by traffic and ddos-atack tools aren't:

wget downloads from some node to VPS, for VE0 it's egress, so hunk 1 or hunk 2 work.

But ddos-atack tools emit(!) traffic. Thus for VE0 it's ingress traffic. Consequently hunk2 doesn't catch it!

If you want to solve your problem you can use this hunk 3 in addition to hunk2, hunk1:

Quote:

DEV=venet0
tc filter add dev $DEV parent 1: protocol ip prio 20 u32 match u32 1 0x0000 police rate 2kbit buffer 10k drop flowid :1

Report message to a moderator

[Message index]

		SOLVED How to disable raw sockets By: eugeniopacheco on Sat, 10 June 2006 10:59
		Re: How to disable raw sockets By: Vasily Tarasov on Sun, 11 June 2006 10:22
		Re: How to disable raw sockets By: dev on Sun, 11 June 2006 11:25
		Re: How to disable raw sockets By: eugeniopacheco on Sun, 11 June 2006 21:59
		Re: How to disable raw sockets By: Vasily Tarasov on Thu, 15 June 2006 13:28
		Re: How to disable raw sockets By: eugeniopacheco on Thu, 15 June 2006 13:49
		Re: How to disable raw sockets By: Vasily Tarasov on Thu, 15 June 2006 14:19
		Re: How to disable raw sockets By: eugeniopacheco on Thu, 15 June 2006 15:18
		Re: How to disable raw sockets By: Vasily Tarasov on Fri, 16 June 2006 12:04
		Re: How to disable raw sockets By: Vasily Tarasov on Fri, 16 June 2006 13:04

Previous Topic:	SOLVED Time inside vps differs from the host machine
Next Topic:	SOLVED 2.6.16+026test014 compilation Error

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Mon Aug 12 01:24:36 GMT 2024

Total time taken to generate the page: 0.05086 seconds