On 11.09.20 12:08, Hannes Laimer wrote:
> Signed-off-by: Hannes Laimer <h.lai...@proxmox.com>
> ---
> src/PVE/Network.pm | 36 +++++++++++++++++++++---------------
> 1 file changed, 21 insertions(+), 15 deletions(-)
>
> diff --git a/src/PVE/Network.pm b/src/PVE/Network.pm
> index 12536c7..3e7a1c1 100644
> --- a/src/PVE/Network.pm
> +++ b/src/PVE/Network.pm
> @@ -82,7 +82,7 @@ our $ipv4_mask_hash_localnet = {
> };
>
> sub setup_tc_rate_limit {
> - my ($iface, $rate, $burst) = @_;
> + my ($iface, $outrate, $inrate, $burst) = @_;
>
> # these are allowed / expected to fail, e.g. when there is no previous
> rate limit to remove
> eval { run_command("/sbin/tc class del dev $iface parent 1: classid 1:1
> >/dev/null 2>&1"); };
> @@ -90,29 +90,35 @@ sub setup_tc_rate_limit {
> eval { run_command("/sbin/tc qdisc del dev $iface ingress >/dev/null
> 2>&1"); };
> eval { run_command("/sbin/tc qdisc del dev $iface root >/dev/null
> 2>&1"); };
>
> - return if !$rate;
> -
> # tbf does not work for unknown reason
> #$TC qdisc add dev $DEV root tbf rate $RATE latency 100ms burst $BURST
> # so we use htb instead
> - run_command("/sbin/tc qdisc add dev $iface root handle 1: htb default
> 1");
> - run_command("/sbin/tc class add dev $iface parent 1: classid 1:1 " .
> - "htb rate ${rate}bps burst ${burst}b");
> -
> - run_command("/sbin/tc qdisc add dev $iface handle ffff: ingress");
> - run_command("/sbin/tc filter add dev $iface parent ffff: " .
> - "prio 50 basic " .
> - "police rate ${rate}bps burst ${burst}b mtu 64kb " .
> - "drop");
> +
> + # inrate limits the egress of the tap device (=> inrate of the VM)
> + if($inrate) {
> + run_command("/sbin/tc qdisc add dev $iface root handle 1: htb default
> 1");
> + run_command("/sbin/tc class add dev $iface parent 1: classid 1:1 " .
> + "htb rate ${inrate}bps burst ${burst}b");
> + }
please transform run_command to array usage in a separate commit, that string
handling was always ugly and may break or result in command injection if it
gets called with a non-checked $iface (e.g., contains whitespaces or, well,
command injections).
> +
> + # outrate limits the ingress of the tap device (=> outrate of the VM)
> + if($outrate) {
> + run_command("/sbin/tc qdisc add dev $iface handle ffff: ingress");
> + run_command("/sbin/tc filter add dev $iface parent ffff: " .
> + "prio 50 basic " .
> + "police rate ${outrate}bps burst ${burst}b mtu 64kb " .
> + "drop")
> + }
> }
>
> sub tap_rate_limit {
> - my ($iface, $rate) = @_;
> + my ($iface, $outrate, $inrate) = @_;
please keep this backward compatible, i.e., if @_ only gets called with two
elements use it for both, $inrate and $outrate.
>
> - $rate = int($rate*1024*1024) if $rate;
> + $outrate = int($outrate*1024*1024) if $outrate;
> + $inrate = int($inrate*1024*1024) if $inrate;
> my $burst = 1024*1024;
>
> - setup_tc_rate_limit($iface, $rate, $burst);
> + setup_tc_rate_limit($iface, $outrate, $inrate, $burst);
> }
>
> sub read_bridge_mtu {
>
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
