router ~ # dmesg -s 131072 [... crypto messages ...] ACPI: Power Button (FF) [PWRF] ACPI: Power Button (CM) [PWRB] ACPI: CPU0 (power states: C1[C1]) acpi_processor-0507 [06] processor_get_info : Error getting cpuindex for acpiid 0x2 ibm_acpi: ec object not found isapnp: Scanning for PnP cards... isapnp: No Plug & Play device found Real Time Clock Driver v1.12 Non-volatile memory driver v1.2 Linux agpgart interface v0.101 (c) Dave Jones agpgart: Detected an Intel 865 Chipset. agpgart: Detected 8060K stolen memory. agpgart: AGP aperture is 128M @ 0xf0000000 PNP: No PS/2 controller found. Probing ports directly. serio: i8042 AUX port at 0x60,0x64 irq 12 serio: i8042 KBD port at 0x60,0x64 irq 1 Serial: 8250/16550 driver $Revision: 1.90 $ 4 ports, IRQ sharing enabled io scheduler noop registered io scheduler anticipatory registered io scheduler deadline registered io scheduler cfq registered Floppy drive(s): fd0 is 1.44M FDC 0 is a post-1991 82077 PPP generic driver version 2.4.2 PPP Deflate Compression module registered PPP BSD Compression module registered NET: Registered protocol family 24 Uniform Multi-Platform E-IDE driver Revision: 7.00alpha2 ide: Assuming 33MHz system bus speed for PIO modes; override with idebus=xx ICH5: IDE controller at PCI slot 0000:00:1f.1 PCI: Enabling device 0000:00:1f.1 (0005 -> 0007) ACPI: PCI Interrupt 0000:00:1f.1[A] -> GSI 18 (level, low) -> IRQ 16 ICH5: chipset revision 2 ICH5: not 100% native mode: will probe irqs later ide0: BM-DMA at 0xfc00-0xfc07, BIOS settings: hda:DMA, hdb:pio ide1: BM-DMA at 0xfc08-0xfc0f, BIOS settings: hdc:pio, hdd:DMA Probing IDE interface ide0... hda: ST340014A, ATA DISK drive ide0 at 0x1f0-0x1f7,0x3f6 on irq 14 Probing IDE interface ide1... hdd: SAMSUNG CD-ROM SC-152A, ATAPI CD/DVD-ROM drive ide1 at 0x170-0x177,0x376 on irq 15 hda: max request size: 1024KiB hda: 78165360 sectors (40020 MB) w/2048KiB Cache, CHS=16383/255/63, UDMA(100) hda: cache flushes supported hda: hda1 hda2 hda3 hdd: ATAPI 52X CD-ROM drive, 128kB Cache, DMA Uniform CD-ROM driver Revision: 3.20 mice: PS/2 mouse device common for all mice I2O subsystem v1.288 i2o: max drivers = 8 i2c /dev entries driver u32 classifier OLD policer on NET: Registered protocol family 2 IP route cache hash table entries: 4096 (order: 2, 16384 bytes) TCP established hash table entries: 16384 (order: 5, 131072 bytes) TCP bind hash table entries: 16384 (order: 5, 131072 bytes) TCP: Hash tables configured (established 16384 bind 16384) TCP reno registered IPv4 over IPv4 tunneling driver GRE over IPv4 tunneling driver ip_conntrack version 2.3 (4025 buckets, 32200 max) - 236 bytes per conntrack ip_conntrack_pptp version 3.1 loaded ip_tables: (C) 2000-2002 Netfilter core team TCP bic registered Initializing IPsec netlink socket NET: Registered protocol family 1 NET: Registered protocol family 17 NET: Registered protocol family 15 Using IPI Shortcut mode ReiserFS: hda2: found reiserfs format "3.6" with standard journal ReiserFS: hda2: using ordered data mode ReiserFS: hda2: journal params: device hda2, size 8192, journal first block 18, max trans len 1024, max b atch 900, max commit age 30, max trans age 30 ReiserFS: hda2: checking transaction log (hda2) ReiserFS: hda2: Using r5 hash to sort names VFS: Mounted root (reiserfs filesystem) readonly. Freeing unused kernel memory: 212k freed Adding 497972k swap on /dev/hda1. Priority:-1 extents:1 across:497972k usbcore: registered new driver usbfs usbcore: registered new driver hub USB Universal Host Controller Interface driver v2.3 tg3.c:v3.42 (Oct 3, 2005) ACPI: PCI Interrupt 0000:01:09.0[A] -> GSI 17 (level, low) -> IRQ 17 eth0: Tigon3 [partno(284685-001) rev 0105 PHY(5701)] (PCI:33MHz:32-bit) 10/100/1000BaseT Ethernet 00:02:a 5:e7:47:ee eth0: RXcsums[1] LinkChgREG[0] MIirq[0] ASF[0] Split[0] WireSpeed[1] TSOcap[0] eth0: dma_rwctrl[76ff000f] ACPI: PCI Interrupt 0000:01:0b.0[A] -> GSI 22 (level, low) -> IRQ 18 eth1: Tigon3 [partno(284685-001) rev 0105 PHY(5701)] (PCI:33MHz:32-bit) 10/100/1000BaseT Ethernet 00:02:a 5:e7:47:f1 eth1: RXcsums[1] LinkChgREG[0] MIirq[0] ASF[0] Split[0] WireSpeed[1] TSOcap[0] eth1: dma_rwctrl[76ff000f] tg3: eth0: Link is up at 100 Mbps, full duplex. tg3: eth0: Flow control is off for TX and off for RX. process `named' is using obsolete setsockopt SO_BSDCOMPAT tg3: eth1: Link is up at 100 Mbps, full duplex. tg3: eth1: Flow control is on for TX and on for RX. net/ipv4/netfilter/ip_set_iphash.c: retry: rehashing of set zly_kod triggered: hashsize grows from 1024 t o 1536 router ~ # shot from top command (in low network ussage: 20000kbits/s 4500pps) top - 12:52:22 up 17 min, 1 user, load average: 0.10, 0.10, 0.03 Tasks: 48 total, 2 running, 46 sleeping, 0 stopped, 0 zombie Cpu(s): 0.0% us, 0.0% sy, 0.3% ni, 71.4% id, 0.0% wa, 1.3% hi, 26.9% si Mem: 502348k total, 93340k used, 409008k free, 21512k buffers Swap: 497972k total, 0k used, 497972k free, 38328k cached PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 131 root 15 0 0 0 0 S 0.3 0.0 0:00.01 pdflush 3311 root 16 1 10452 1040 880 S 0.3 0.2 0:02.84 gkrellmd 1 root 16 0 1568 592 504 S 0.0 0.1 0:00.57 init 2 root RT 0 0 0 0 S 0.0 0.0 0:00.00 migration/0 3 root 39 19 0 0 0 S 0.0 0.0 0:00.00 ksoftirqd/0 4 root RT 0 0 0 0 S 0.0 0.0 0:00.00 watchdog/0 5 root 10 -5 0 0 0 S 0.0 0.0 0:00.00 events/0 6 root 10 -5 0 0 0 S 0.0 0.0 0:00.01 khelper 7 root 10 -5 0 0 0 S 0.0 0.0 0:00.00 kthread 9 root 20 -5 0 0 0 S 0.0 0.0 0:00.00 kacpid 75 root 10 -5 0 0 0 S 0.0 0.0 0:00.00 kblockd/0 130 root 20 0 0 0 0 S 0.0 0.0 0:00.00 pdflush 133 root 12 -5 0 0 0 S 0.0 0.0 0:00.00 aio/0 132 root 25 0 0 0 0 S 0.0 0.0 0:00.00 kswapd0 134 root 12 -5 0 0 0 S 0.0 0.0 0:00.00 xfslogd/0 135 root 12 -5 0 0 0 S 0.0 0.0 0:00.00 xfsdatad/0 136 root 10 -5 0 0 0 S 0.0 0.0 0:00.00 xfsbufd 777 root 10 -5 0 0 0 S 0.0 0.0 0:00.00 kseriod 814 root 11 -5 0 0 0 S 0.0 0.0 0:00.00 exec-osm/0 823 root 10 -5 0 0 0 S 0.0 0.0 0:00.00 reiserfs/0 1450 root 12 -5 0 0 0 S 0.0 0.0 0:00.00 khubd 2549 named 20 2 30716 3312 2020 S 0.0 0.7 0:00.34 named 2782 root 15 0 1692 576 396 S 0.0 0.1 0:00.02 syslog-ng 2872 root 19 0 1636 352 280 S 0.0 0.1 0:00.00 atd 2933 root 16 0 4152 616 516 S 0.0 0.1 0:00.00 crond 3054 root 21 0 2000 712 600 S 0.0 0.1 0:00.00 xinetd 3117 root 16 0 13308 4476 2212 S 0.0 0.9 0:00.17 snmpd 3182 root 15 0 4968 1092 780 S 0.0 0.2 0:00.01 sshd 6113 root 18 0 1588 440 380 S 0.0 0.1 0:00.00 mingetty 6114 root 18 0 1592 444 380 S 0.0 0.1 0:00.00 mingetty 6116 root 18 0 1588 440 380 S 0.0 0.1 0:00.00 mingetty 6117 root 18 0 1588 440 380 S 0.0 0.1 0:00.00 mingetty 6118 root 18 0 1592 444 380 S 0.0 0.1 0:00.00 mingetty 6119 root 18 0 1588 440 380 S 0.0 0.1 0:00.00 mingetty 6120 root 18 0 1592 444 380 S 0.0 0.1 0:00.00 mingetty router ~ # uptime 12:52:55 up 17 min, 1 user, load average: 0.06, 0.08, 0.03 router ~ # uname -a Linux router 2.6.14 #6 SMP Fri Nov 4 10:20:47 CET 2005 i686 Intel(R)_Pentium(R)_4_CPU_2.40GHz unknown PLD Linux router ~ # cat /proc/interrupts CPU0 0: 271356 IO-APIC-edge timer 8: 2 IO-APIC-edge rtc 9: 0 IO-APIC-level acpi 14: 7810 IO-APIC-edge ide0 15: 14 IO-APIC-edge ide1 17: 2810829 IO-APIC-level eth0 18: 2841336 IO-APIC-level eth1 NMI: 0 LOC: 271312 ERR: 0 MIS: 0 router ~ # lsmod Module Size Used by ipt_CLASSIFY 2176 44 ipt_length 1792 4 ip_set_nethash 8324 11 ip_set_iphash 6916 14 ipt_set 2432 48 ipt_SET 2560 0 ip_set 18844 6 ip_set_nethash,ip_set_iphash,ipt_set,ipt_SET ipt_MARK 2432 1 ipt_TOS 2304 12 ipt_tos 1664 2 ip_nat_ftp 3072 0 ip_conntrack_irc 5488 0 ip_conntrack_ftp 6384 1 ip_nat_ftp iptable_nat 6788 1 ip_nat 15892 2 ip_nat_ftp,iptable_nat iptable_filter 2560 1 tg3 93572 0 w83627hf 22928 0 hwmon_vid 2304 1 w83627hf eeprom 5648 0 i2c_isa 3712 1 w83627hf i2c_i801 7820 0 uhci_hcd 30480 0 usbcore 92620 1 uhci_hcd router ~ # readprofile | sort -nr +2 | head -20 230061 show_regs 653,5824 4868 arch_pick_mmap_layout 23,4038 349 __call_usermodehelper 4,3625 397 wait_for_helper 2,7569 346 ____call_usermodehelper 2,4028 1140 ip_map_parse 2,3750 659 try_to_free_pages 1,6475 203 sctp_pkt_to_tuple 1,5859 275 pfkey_delete 1,4323 20 xfrm_policy_put_afinfo 1,2500 20 rpc_proc_unregister 1,2500 66 ah_destroy 1,0312 47 nmi 0,9592 78 udp_packet 0,6964 60 sys_modify_ldt 0,6897 306 setup_swap_extents 0,6169 58 change_pte_range 0,6042 28 biovec_free_pools 0,5833 164 xfrm_notify_sa_flush 0,5694 9 c_stop 0,5625 router ~ # readprofile | sort -gr | head -20 251236 total 0,0853 236416 show_regs 671,6364 32315 *unknown* 5005 arch_pick_mmap_layout 24,0625 1149 ip_map_parse 2,3937 678 try_to_free_pages 1,6950 412 wait_for_helper 2,8611 353 __call_usermodehelper 4,4125 353 ____call_usermodehelper 2,4514 317 setup_swap_extents 0,6391 285 pfkey_delete 1,4844 247 xfrm_notify_sa 0,2375 247 esp_output 0,2339 229 sys_swapoff 0,2982 210 sctp_pkt_to_tuple 1,6406 206 xfrm_bundle_ok 0,1480 165 xfrm_notify_sa_flush 0,5729 156 release_dev 0,0947 153 cdrom_decode_status 0,2035 140 xdr_xcode_array2 0,0941 router ~ # vmstat 1 procs -----------memory---------- ---swap-- -----io---- --system-- ----cpu---- r b swpd free buff cache si so bi bo in cs us sy id wa 1 0 0 409684 24504 38940 0 0 31 35 5512 205 1 23 75 1 0 0 0 409552 24504 38940 0 0 0 0 6260 141 1 30 69 0 0 0 0 409428 24596 38916 0 0 0 176 5859 90 0 24 76 0 0 0 0 409428 24596 38916 0 0 0 0 5535 34 0 24 76 0 0 0 0 409304 24596 38916 0 0 0 0 5677 35 0 20 80 0 0 0 0 409304 24596 38916 0 0 0 0 5966 34 0 26 74 0 0 0 0 409180 24596 38916 0 0 0 0 5761 123 1 27 72 0 0 0 0 409056 24680 38968 0 0 0 160 5840 82 0 23 77 0 0 0 0 409056 24680 38968 0 0 0 0 6260 35 0 32 68 0 0 0 0 408932 24680 38968 0 0 0 0 6004 42 0 24 76 0 0 0 0 408932 24680 38968 0 0 0 0 5952 25 0 24 76 0 0 0 0 408808 24680 38968 0 0 0 0 6043 135 0 24 76 0 0 0 0 408684 24764 38952 0 0 0 160 5827 92 1 24 75 0 0 0 0 408684 24764 38952 0 0 0 0 5652 47 0 18 82 0 0 0 0 408684 24764 38952 0 0 0 0 5783 34 0 24 76 0 0 0 0 408560 24764 38952 0 0 0 0 5680 46 0 20 80 0 0 0 0 408560 24764 38952 0 0 0 0 5919 119 0 24 76 0 firewall statistics after 20 minutes of system work: router ~ # tc qdisc show dev eth0 | wc -l 13 router ~ # tc qdisc show dev eth1 | wc -l 13 router ~ # tc class show dev eth1 | wc -l 13 router ~ # tc class show dev eth0 | wc -l 13 router ~ # tc filter show dev eth0 | wc -l 18 router ~ # tc filter show dev eth1 | wc -l 18 router ~ # iptables -L -n | wc -l 23 router ~ # iptables -L -t nat -n | wc -l 20 router ~ # iptables -L -t mangle -n | wc -l 85 router ~ # ipset -S | wc -l 638 router ~ # iptables -L -vx Chain INPUT (policy ACCEPT 10351 packets, 2057914 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 6051659 packets, 3098069260 bytes) pkts bytes target prot opt in out source destination 129 7704 DROP all -- any any anywhere anywhere set zly_kod dst 0 0 DROP all -- any any anywhere anywhere set zly_kod src 0 0 DROP udp -- any any anywhere anywhere udp dpt:4156 0 0 DROP udp -- any any anywhere anywhere udp dpt:unisql 0 0 DROP udp -- any any anywhere anywhere udp dpt:globe 0 0 DROP udp -- any any anywhere anywhere udp dpt:wizard 0 0 DROP udp -- any any anywhere anywhere udp dpt:ms-sql-m 0 0 DROP udp -- any any anywhere anywhere udp dpt:issd 0 0 DROP udp -- any any anywhere anywhere udp dpt:microsoft-ds 54 6696 DROP udp -- any any anywhere anywhere udp dpts:epmap:netbios-ssn 72 3872 DROP tcp -- any any anywhere anywhere tcp dpt:issd 1 48 DROP tcp -- any any anywhere anywhere tcp dpt:microsoft-ds 0 0 DROP tcp -- any any anywhere anywhere tcp dpts:epmap:netbios-ssn 0 0 ACCEPT all -- any any anywhere anywhere set apeki_dozwolone src,dst 270 21678 DROP all -- any any anywhere anywhere set apeki dst Chain OUTPUT (policy ACCEPT 9682 packets, 3657877 bytes) pkts bytes target prot opt in out source destination router ~ # iptables -L -t nat -vx Chain PREROUTING (policy ACCEPT 263453 packets, 18568311 bytes) pkts bytes target prot opt in out source destination 0 0 DROP udp -- any any anywhere anywhere udp dpt:4156 0 0 DROP udp -- any any anywhere anywhere udp dpt:unisql 0 0 DROP udp -- any any anywhere anywhere udp dpt:globe 0 0 DROP udp -- any any anywhere anywhere udp dpt:wizard 56 22624 DROP udp -- any any anywhere anywhere udp dpt:ms-sql-m 0 0 DROP udp -- any any anywhere anywhere udp dpt:issd 0 0 DROP udp -- any any anywhere anywhere udp dpt:microsoft-ds 84 6934 DROP udp -- any any anywhere anywhere udp dpts:epmap:netbios-ssn 0 0 DROP tcp -- any any anywhere anywhere tcp dpt:issd 3880 187468 DROP tcp -- any any anywhere anywhere tcp dpt:microsoft-ds 3025 151372 DROP tcp -- any any anywhere anywhere tcp dpts:epmap:netbios-ssn 366 21684 DNAT tcp -- any any anywhere anywhere tcp dpt:3679 to:82.160.43.1:203 Chain POSTROUTING (policy ACCEPT 264397 packets, 19672846 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 2848 packets, 1259850 bytes) pkts bytes target prot opt in out source destination router ~ # iptables -L -t mangle -vx Chain PREROUTING (policy ACCEPT 6159358 packets, 3148536045 bytes) pkts bytes target prot opt in out source destination 44452 4511755 TOS icmp -- any any anywhere anywhere TOS set Minimize-Delay 20 1325 TOS tcp -- any any anywhere anywhere tcp spt:telnet TOS set Minimize-Delay 2439 483729 TOS tcp -- any any anywhere anywhere tcp spt:ssh TOS set Minimize-Delay 1504 137556 TOS tcp -- any any anywhere anywhere tcp spt:ftp TOS set Minimize-Delay 4486 3688799 TOS tcp -- any any anywhere anywhere tcp spt:ftp-data TOS set Maximize-Throughput 27 1708 TOS tcp -- any any anywhere anywhere tcp dpt:telnet TOS set Minimize-Delay 3861 297497 TOS tcp -- any any anywhere anywhere tcp dpt:ssh TOS set Minimize-Delay 1625 83613 TOS tcp -- any any anywhere anywhere tcp dpt:ftp TOS set Minimize-Delay 3601 2585799 TOS tcp -- any any anywhere anywhere tcp dpt:ftp-data TOS set Maximize-Throughput 1140772 75068216 CHK_TOS all -- any any anywhere anywhere TOS match Minimize-Delay 4923406 2814842803 ACK_TOS tcp -- any any anywhere anywhere tcp flags:SYN,RST,ACK/ACK Chain INPUT (policy ACCEPT 10980 packets, 2200555 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 6196538 packets, 3160329709 bytes) pkts bytes target prot opt in out source destination 140343 78710738 CLASSIFY all -- any any anywhere anywhere set podsiec_lenartowicza src CLASSIFY set 2:10 136616 80327405 CLASSIFY all -- any any anywhere anywhere set podsiec_lenartowicza dst CLASSIFY set 1:10 410140 147099412 CLASSIFY all -- any any anywhere anywhere set ip_lenartowicza src CLASSIFY set 2:10 437081 293359359 CLASSIFY all -- any any anywhere anywhere set ip_lenartowicza dst CLASSIFY set 1:10 360 41194 CLASSIFY all -- any any anywhere anywhere set podsiec_biedrawiny src CLASSIFY set 2:20 1040 158694 CLASSIFY all -- any any anywhere anywhere set podsiec_biedrawiny dst CLASSIFY set 1:20 325035 94504650 CLASSIFY all -- any any anywhere anywhere set ip_biedrawiny src CLASSIFY set 2:20 332010 258236070 CLASSIFY all -- any any anywhere anywhere set ip_biedrawiny dst CLASSIFY set 1:20 75394 47272670 CLASSIFY all -- any any anywhere anywhere set podsiec_lesna src CLASSIFY set 2:30 80822 22563911 CLASSIFY all -- any any anywhere anywhere set podsiec_lesna dst CLASSIFY set 1:30 309711 103132542 CLASSIFY all -- any any anywhere anywhere set ip_lesna src CLASSIFY set 2:30 285062 185092792 CLASSIFY all -- any any anywhere anywhere set ip_lesna dst CLASSIFY set 1:30 39383 19726396 CLASSIFY all -- any any anywhere anywhere set podsiec_pkp src CLASSIFY set 2:40 47034 44384733 CLASSIFY all -- any any anywhere anywhere set podsiec_pkp dst CLASSIFY set 1:40 446506 180884921 CLASSIFY all -- any any anywhere anywhere set ip_pkp src CLASSIFY set 2:40 435026 262422363 CLASSIFY all -- any any anywhere anywhere set ip_pkp dst CLASSIFY set 1:40 134143 64221703 CLASSIFY all -- any any anywhere anywhere set podsiec_kosciol src CLASSIFY set 2:50 125094 52016610 CLASSIFY all -- any any anywhere anywhere set podsiec_kosciol dst CLASSIFY set 1:50 359636 115848829 CLASSIFY all -- any any anywhere anywhere set ip_kosciol src CLASSIFY set 2:50 339280 212453668 CLASSIFY all -- any any anywhere anywhere set ip_kosciol dst CLASSIFY set 1:50 0 0 CLASSIFY all -- any any anywhere anywhere set podsiec_gimnazjum src CLASSIFY set 2:60 0 0 CLASSIFY all -- any any anywhere anywhere set podsiec_gimnazjum dst CLASSIFY set 1:60 77898 16794598 CLASSIFY all -- any any anywhere anywhere set ip_gimnazjum src CLASSIFY set 2:60 86535 81766799 CLASSIFY all -- any any anywhere anywhere set ip_gimnazjum dst CLASSIFY set 1:60 39 2964 CLASSIFY all -- any any anywhere anywhere set podsiec_ilowo src CLASSIFY set 2:70 8 352 CLASSIFY all -- any any anywhere anywhere set podsiec_ilowo dst CLASSIFY set 1:70 440161 174854323 CLASSIFY all -- any any anywhere anywhere set ip_ilowo src CLASSIFY set 2:70 444249 281399548 CLASSIFY all -- any any anywhere anywhere set ip_ilowo dst CLASSIFY set 1:70 45144 17994906 CLASSIFY all -- any any anywhere anywhere set podsiec_plosnica src CLASSIFY set 2:80 40661 16780972 CLASSIFY all -- any any anywhere anywhere set podsiec_plosnica dst CLASSIFY set 1:80 175436 71072645 CLASSIFY all -- any any anywhere anywhere set ip_plosnica src CLASSIFY set 2:80 157164 90009619 CLASSIFY all -- any any anywhere anywhere set ip_plosnica dst CLASSIFY set 1:80 0 0 CLASSIFY all -- any any anywhere anywhere set podsiec_gralbet src CLASSIFY set 2:90 0 0 CLASSIFY all -- any any anywhere anywhere set podsiec_gralbet dst CLASSIFY set 1:90 37941 16671630 CLASSIFY all -- any any anywhere anywhere set ip_gralbet src CLASSIFY set 2:90 40295 34921233 CLASSIFY all -- any any anywhere anywhere set ip_gralbet dst CLASSIFY set 1:90 0 0 CLASSIFY all -- any any anywhere anywhere set podsiec_komin src CLASSIFY set 2:100 0 0 CLASSIFY all -- any any anywhere anywhere set podsiec_komin dst CLASSIFY set 1:100 20188 12281768 CLASSIFY all -- any any anywhere anywhere set ip_komin src CLASSIFY set 2:100 17479 4735179 CLASSIFY all -- any any anywhere anywhere set ip_komin dst CLASSIFY set 1:100 45920 29466598 CLASSIFY all -- any any anywhere anywhere set podsiec_telkomp src CLASSIFY set 2:110 43618 32320955 CLASSIFY all -- any any anywhere anywhere set podsiec_telkomp dst CLASSIFY set 1:110 0 0 CLASSIFY all -- any any anywhere anywhere set ip_telkomp src CLASSIFY set 2:110 0 0 CLASSIFY all -- any any anywhere anywhere set ip_telkomp dst CLASSIFY set 1:110 Chain OUTPUT (policy ACCEPT 10111 packets, 3737126 bytes) pkts bytes target prot opt in out source destination 10102 3736550 MARK all -- any any anywhere anywhere MARK set 0x1 10102 3736550 RETURN all -- any any anywhere anywhere Chain POSTROUTING (policy ACCEPT 6206709 packets, 3164079507 bytes) pkts bytes target prot opt in out source destination Chain ACK_TOS (1 references) pkts bytes target prot opt in out source destination 1956174 1036619071 RETURN all -- any any anywhere anywhere TOS match !Normal-Service 1619503 98275037 TOS tcp -- any any anywhere anywhere length 0:256 TOS set Minimize-Delay 1347997 1680017303 TOS tcp -- any any anywhere anywhere length 256:65535 TOS set Maximize-Throughput 2967232 1778223732 RETURN all -- any any anywhere anywhere Chain CHK_TOS (1 references) pkts bytes target prot opt in out source destination 1111833 64509752 RETURN tcp -- any any anywhere anywhere length 0:512 60 4592 RETURN udp -- any any anywhere anywhere length 0:1024 28879 10553872 TOS all -- any any anywhere anywhere TOS set Maximize-Throughput 28879 10553872 RETURN all -- any any anywhere anywhere router ~ # router ~ # tc -s class show dev eth0 class htb 2:110 parent 2:1 leaf 110: prio 3 rate 256000bit ceil 2000Kbit burst 1727b cburst 2599b Sent 38603792 bytes 55351 pkt (dropped 0, overlimits 0 requeues 0) rate 385928bit 56pps backlog 0b 0p requeues 0 lended: 35287 borrowed: 20064 giants: 0 tokens: 11520 ctokens: 10355 class htb 2:1 root rate 22500Kbit ceil 22500Kbit burst 12746b cburst 12746b Sent 1374374923 bytes 3446908 pkt (dropped 0, overlimits 0 requeues 0) rate 7888Kbit 2546pps backlog 0b 0p requeues 0 lended: 157453 borrowed: 0 giants: 0 tokens: 4550 ctokens: 4550 class htb 2:10 parent 2:1 leaf 10: prio 3 rate 3800Kbit ceil 10500Kbit burst 3499b cburst 6848b Sent 259265014 bytes 614943 pkt (dropped 0, overlimits 0 requeues 0) rate 1444Kbit 458pps backlog 0b 0p requeues 0 lended: 610676 borrowed: 4267 giants: 0 tokens: 6994 ctokens: 5149 class htb 2:100 parent 2:1 leaf 100: prio 3 rate 256000bit ceil 512000bit burst 1727b cburst 1855b Sent 13967619 bytes 22646 pkt (dropped 0, overlimits 0 requeues 0) rate 81104bit 19pps backlog 0b 0p requeues 0 lended: 22644 borrowed: 2 giants: 0 tokens: 2560 ctokens: 3328 class htb 2:2 parent 2:1 leaf 8001: prio 1 rate 1024Kbit ceil 12000Kbit burst 2111b cburst 7597b Sent 536788 bytes 4251 pkt (dropped 0, overlimits 0 requeues 0) rate 2608bit 2pps backlog 0b 0p requeues 0 lended: 4251 borrowed: 0 giants: 0 tokens: 15360 ctokens: 5056 class htb 2:20 parent 2:1 leaf 20: prio 3 rate 2900Kbit ceil 10500Kbit burst 3049b cburst 6848b Sent 109851036 bytes 361639 pkt (dropped 0, overlimits 0 requeues 0) rate 608536bit 250pps backlog 0b 0p requeues 0 lended: 361278 borrowed: 361 giants: 0 tokens: 8412 ctokens: 5289 class htb 2:30 parent 2:1 leaf 30: prio 3 rate 3700Kbit ceil 10500Kbit burst 3449b cburst 6848b Sent 174597725 bytes 432099 pkt (dropped 0, overlimits 0 requeues 0) rate 1063Kbit 319pps backlog 0b 0p requeues 0 lended: 431532 borrowed: 567 giants: 0 tokens: 7533 ctokens: 5308 class htb 2:40 parent 2:1 leaf 40: prio 3 rate 3700Kbit ceil 10500Kbit burst 3449b cburst 6848b Sent 228914828 bytes 541210 pkt (dropped 0, overlimits 0 requeues 0) rate 1246Kbit 402pps backlog 0b 0p requeues 0 lended: 536251 borrowed: 4959 giants: 0 tokens: 1725 ctokens: 3264 class htb 2:50 parent 2:1 leaf 50: prio 3 rate 3100Kbit ceil 10500Kbit burst 3149b cburst 6848b Sent 206377222 bytes 545337 pkt (dropped 0, overlimits 0 requeues 0) rate 1135Kbit 382pps backlog 0b 0p requeues 0 lended: 543575 borrowed: 1762 giants: 0 tokens: 4396 ctokens: 4187 class htb 2:60 parent 2:1 leaf 60: prio 3 rate 412000bit ceil 1524Kbit burst 1805b cburst 2361b Sent 20536541 bytes 89083 pkt (dropped 0, overlimits 0 requeues 0) rate 131896bit 71pps backlog 0b 0p requeues 0 lended: 88547 borrowed: 536 giants: 0 tokens: -13958 ctokens: 5193 class htb 2:70 parent 2:1 leaf 70: prio 3 rate 1300Kbit ceil 3000Kbit burst 2249b cburst 3099b Sent 199967888 bytes 486525 pkt (dropped 0, overlimits 0 requeues 0) rate 1071Kbit 318pps backlog 0b 0p requeues 0 lended: 430950 borrowed: 55575 giants: 0 tokens: 13524 ctokens: 8181 class htb 2:80 parent 2:1 leaf 80: prio 3 rate 520000bit ceil 2048Kbit burst 1859b cburst 2623b Sent 102618913 bytes 250902 pkt (dropped 0, overlimits 0 requeues 0) rate 616936bit 231pps backlog 0b 0p requeues 0 lended: 181624 borrowed: 69278 giants: 0 tokens: 28420 ctokens: 10273 class htb 2:90 parent 2:1 leaf 90: prio 3 rate 512000bit ceil 1024Kbit burst 1855b cburst 2111b Sent 19137154 bytes 42916 pkt (dropped 0, overlimits 0 requeues 0) rate 100376bit 30pps backlog 0b 0p requeues 0 lended: 42840 borrowed: 76 giants: 0 tokens: 3968 ctokens: 16128