Skip to content

UsingIMQ

Jump to bottom
imq edited this page Jun 9, 2012 · 5 revisions

Loading kernel module

Note: If you compiled IMQ driver into the kernel (opposed to as a loadable module), you can skip this section. You should load the IMQ driver with this command:

modprobe imq

If you need more devices than you configured at compile time (eg. 8 such devices), you should use:

modprobe imq numdevs=8

Bringing IMQ device up

Now you have one or more IMQ devices. They're called imq0, imq1, imq2, ...

Before you can do anything useful with them, you must "bring them up":

ip link set imq0 up

ip link set imq1 up

ip link set imq2 up

Attaching a qdisc (possibly with classes and filters)

Now you can attach qdiscs (queueing disciplines) to the IMQ devices, as if they were ordinary network devices.

You must use egress qdiscs, even for ingress traffic. (Perhaps that's just why you use IMQ.:-)

We don't recommend CBQ as qdisc (it won't work well with IMQ, because of CBQ design issues), use HTB instead. (BTW, generally speaking, HTB is superior to CBQ.)

So, the usual commands (just the device is imq0, or so):

tc qdisc add dev imq0 root handle 1: htb default 11

Setting up rules for classifying packets

Everything is set up now, let's make certain packets enter the IMQ device:

For incoming packets:

iptables -t mangle -A PREROUTING [conditions] -j IMQ --todev 0 # these packets will enter imq0 iptables -t mangle -A PREROUTING [conditions] -j IMQ --todev 1 # these packets will enter imq1 iptables -t mangle -A PREROUTING [conditions] -j IMQ --todev 2 # these packets will enter imq2

For outgoing packets:

iptables -t mangle -A POSTROUTING [conditions] -j IMQ --todev 0 # these packets will enter imq0 iptables -t mangle -A POSTROUTING [conditions] -j IMQ --todev 1 # these packets will enter imq1 iptables -t mangle -A POSTROUTING [conditions] -j IMQ --todev 2 # these packets will enter imq2

As you may have noticed, you can use the "usual" iptables conditions (eg. incoming interface, outgoing interface, etc.) allowed in the mangle table's chains. IMQ is just an iptables target here.

Setting up rules for packets to enter IMQ

You can use iptables MARK target (valid only in the mangle table)to mark packets, then you can use these marks either in the iptables rules with IMQ target, or in the filters of the qdisc attached to the IMQ device (or both). But you can get away without using MARK. It's just useful, but not mandatory.

Clone this wiki locally