HFSC + IMQ - Kernel 3.1

Debian - HFSC + IMQ (Manchester - 25.12.2011)

Author: Rafal Rajs (ElessaR) (email: elessar1@poczta.wp.pl)

Introduction

Welcome everybody,

Recently I have updated my IMQ/HFSC based traffic shaping solution to the recent Debian testing distribution and Linux Kernel 3.1. I thought it will be a good idea to publish my findings, so it should be any help for anybody interested in the subject. In this small article I will focus mainly on the installation stage of the initial solution, as the configuration stage remained the same as in the original document.

Again I will using IMQ and HFSC.

Installation

First, we need to get proper patches:

1. Patch IMQ for kernel 3.1 solaris# wget http://www.linuximq.net/patchs/patch-imqmq-3.1.diff.bz2

2. Patch IMQ for IPTABLES 1.4.12 solaris# wget http://www.linuximq.net/patchs/iptables-1.4.12-IMQ-test4.diff

3. Kernel config from the debian kernel-image-3.1.0 http://ftp.uk.debian.org/debian/pool/main/l/linux-2.6/linux-image-3.1.0-1-486_3.1.5-1_i386.deb

Preparing KERNEL

solaris# cd /usr/src solaris# wget http://www.linuximq.net/patchs/patch-imqmq-3.1.diff.bz2 solaris# wget http://www.linuximq.net/patchs/iptables-1.4.12-IMQ-test4.diff solaris# bunzip2 patch-imqmq-3.1.diff.bz2 solaris# apt-get install linux-source solaris# tar -jxf linux-source-3.1.tar.bz2 solaris# rm linux solaris# ln -s linux-source-3.1 linux

Unpack the kernel image package into the temporary folder, so we can use its config: solaris# cd /usr/src solaris# dpkg -x linux-image-3.1.0-1-486_3.1.5-1_i386.deb ./bbb

Patch IMQ: solaris# cd linux solaris# patch -p1 < ../patch-imqmq-3.1.diff

Copy Debian package kernel config: solaris# cp ../bbb/boot/config-3.1.0-1-486 ./.config solaris# make menuconfig

Make sure, you have the following settings set: # Networking --> Networking options --> Network packet filtering framework (Netfilter) ---> Core Netfilter Configuration ---> IMQ target support (NEW) # Device Drivers ---> Network device support ---> IMQ (intermediate queueing device) support (NEW) # (2) Number of IMQ devices # IMQ behavior (PRE/POSTROUTING)(IMQ AB) below: Choosing this option will make IMQ hook like this: PREROUTING: After NAT POSTROUTING: Before NAT

Preparing IPTABLES

solaris# cd /usr/src solaris# apt-get source iptables solaris# cd iptables-1.4.12 solaris# dch -v dch -v 1.4.12-99.imq (add notes about the changes)

Make sure you have required packages installed: solaris# apt-get install autoconf automake libtool libnfnetlink-dev

Patch IMQ solaris# patch -p1 < ../iptables-1.4.12-IMQ-test4.diff

CONNLIMIT and IPP2P

There is no need to use patch-o-matic anymore. It has been replaced by the xtables-addons package. You can install it easily by executing the command: solaris# apt-get install xtables-addons-common

The package doesn't require patching iptables or kernel. It builds additional iptables functionality by creating kernel modules. That's why even a restart is not required after installation.

You will get the IPP2P module using this package. CONNLIMIT is already built-in in the current kernel.

Compiling KERNEL

In order to use make-kpkg tool from the kernel-package to build kernel image package, you need to modify the following file:
/usr/share/kernel-package/ruleset/targets/common.mk

Unfortunately, the current version is not fully compatible with newest kernels. Also you can choose alternative way of generating a kernel image package. You can find details here. After introducing the changes described in the following patch (you can use a text editor to introduce these changes as I did), you can proceed to build the kernel. --- kernel/ruleset/targets/common.mk-orig 2011-08-17 18:24:16.048922011 +0300 +++ kernel/ruleset/targets/common.mk 2011-08-17 20:08:26.623916939 +0300 @@ -323,8 +323,13 @@ ifeq ($(DEB_HOST_ARCH_OS), linux) endif endif ifneq ($(strip $(shell grep -E ^[^\#]*CONFIG_LGUEST $(CONFIG_FILE))),) + if [ -e Documentation/lguest ]; then \ $(MAKE) $(do_parallel) $(EXTRAV_ARG) $(FLAV_ARG) ARCH=$(KERNEL_ARCH) \ - $(CROSS_ARG) -C Documentation/lguest + $(CROSS_ARG) -C Documentation/lguest; \ + elif [ -e Documentation/virtual/lguest ]; then \ + $(MAKE) $(do_parallel) $(EXTRAV_ARG) $(FLAV_ARG) ARCH=$(KERNEL_ARCH) \ + $(CROSS_ARG) -C Documentation/virtual/lguest; \ + fi endif else ifeq ($(DEB_HOST_ARCH_OS), kfreebsd)

solaris# make-kpkg --append_to_version -686.imq.by.elessar --revision=01 debian solaris# dch (add notes about the changes) solaris# make-kpkg --initrd --append_to_version -686.imq.by.elessar --revision=01 kernel_image kernel_headers

Compiling IPTABLES

solaris# dpkg-buildpackage -us -uc -nc (We use [-nc] option in the building package command, in order to keep the IMQ modification in the source code)

Package Verification

In order to verify whether the IMQ module is present in your package, use the following command: solaris# dpkg -c iptables_1.4.12-99.imq_i386.deb | grep -i IMQ

End

It looks that the procedure got simpler. This is a good sign. I've performed basic tests to confirm that this updated installation works.

If you have any comments, let me know, please.

best regards
Rafal Rajs