From: Michael Collard <quadfour@iinet.net.au>
To: lartc@vger.kernel.org
Subject: [LARTC] Connmark question
Date: Mon, 05 Dec 2005 13:29:29 +0000 [thread overview]
Message-ID: <1133789369.5911.55.camel@localhost> (raw)
I am trying to get IPP2P working on my router. Thus far I can see
connections being marked (see below), but they don't seem to get saved
or something. When looking at /proc/net/ip_conntrack, nothing has
anything other than 0 for mark. The iptables commands for this are:
iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark
iptables -t mangle -A PREROUTING -m mark ! --mark 0 -j ACCEPT
iptables -t mangle -A PREROUTING -m ipp2p --bit --dc --edk -j MARK
--set-mark 3
iptables -t mangle -A PREROUTING -m mark --mark 3 -j CONNMARK
--save-mark
iptables -t mangle -A POSTROUTING -o ppp0 -m mark --mark 3 -j CLASSIFY
--set-class 1:50
This is pretty much a copy of one of the examples from the ipp2p web
site. When doing a iptables -t mangle -L -n -v -x, I get the following:
Chain PREROUTING (policy ACCEPT 7179 packets, 1787132 bytes)
pkts bytes target prot opt in out source
destination
799 161475 CONNMARK all -- * * 0.0.0.0/0
0.0.0.0/0 CONNMARK restore
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 MARK match !0x0
28 4372 MARK all -- * * 0.0.0.0/0
0.0.0.0/0 ipp2p v0.7.4 --edk --dc --bit MARK set 0x3
28 4372 CONNMARK all -- * * 0.0.0.0/0
0.0.0.0/0 MARK match 0x3 CONNMARK save
Chain INPUT (policy ACCEPT 3388 packets, 610487 bytes)
pkts bytes target prot opt in out source
destination
Chain FORWARD (policy ACCEPT 3789 packets, 1175165 bytes)
pkts bytes target prot opt in out source
destination
Chain OUTPUT (policy ACCEPT 2911 packets, 684078 bytes)
pkts bytes target prot opt in out source
destination
Chain POSTROUTING (policy ACCEPT 6757 packets, 1866938 bytes)
pkts bytes target prot opt in out source
destination
15 1752 CLASSIFY all -- * ppp0 0.0.0.0/0
0.0.0.0/0 MARK match 0x3 CLASSIFY set 1:50
So I can see the packets are getting marked, or at least I see them
being matched. Just don't know why the connection doesn't get shaped.
Here's the stats from tc.
class htb 1:50 parent 1:1 leaf 50: prio 5 rate 325000bit ceil 650000bit
burst 1639b cburst 1680b
Sent 1752 bytes 15 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
lended: 15 borrowed: 0 giants: 0
tokens: 38314 ctokens: 19674
I am using kernel 2.6.11-6 and ipp2p 7.4 with iptables 1.2.9
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
next reply other threads:[~2005-12-05 13:29 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-12-05 13:29 Michael Collard [this message]
2005-12-06 14:08 ` [LARTC] Connmark question Michael Collard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1133789369.5911.55.camel@localhost \
--to=quadfour@iinet.net.au \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.