

对 egress 限速需用 HTB(Hierarchical Token Bucket):
# 出方向根 qdisc(HTB)
tc qdisc add dev p0 root handle 1: htb default 10
# 限速 class:上限 10Gbps
tc class add dev p0 parent 1: classid 1:10 htb \
rate 10gbit burst 100mb
# flower filter 将匹配流量引入该 class
tc filter add dev p0 parent 1: \
protocol ip priority 100 \
flower \
src_ip 10.0.0.0/24 \
flowid 1:10
# 对所有入方向 IP 流量限速 10Gbps
tc filter add dev p0 ingress protocol ip flower skip_sw dst_ip 10.0.0.0/24 ip_proto tcp action police rate 10gbit burst 1mb conform-exceed pipe/drop action gact pass
# 查看 filter,确认出现 in_hw 标志
tc -s -d filter show dev p0 ingress
# 示例输出:
filter protocol ip pref 49148 flower chain 0
filter protocol ip pref 49148 flower chain 0 handle 0x1
eth_type ipv4
ip_proto tcp
dst_ip 10.0.0.0/24
skip_sw
in_hw in_hw_count 1
action order 1: police 0x5 rate 10Gbit burst 1046250b mtu 2Kb action pipe/drop overhead 0b linklayer ethernet
ref 1 bind 1 installed 27 sec used 27 sec
Action statistics:
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
used_hw_stats delayed
action order 2: gact action pass
random type none pass val 0
index 3 ref 1 bind 1 installed 27 sec used 27 sec
Action statistics:
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
used_hw_stats delayed
# in_hw in_hw_count 1 ← 说明已卸载到硬件
# 查看 police action 统计(含硬件命中计数)
tc -s -d actions list action police
# 查看网卡硬件计数器
ethtool -S p0 | grep -i drop
# 删除 ingress qdisc(同时删除其下所有 filter)
tc qdisc del dev p0 ingress
https://geek-blogs.com/blog/linux-tc-qdisc/