* [LARTC] Connmark question
@ 2005-12-05 13:29 Michael Collard
2005-12-06 14:08 ` Michael Collard
0 siblings, 1 reply; 2+ messages in thread
From: Michael Collard @ 2005-12-05 13:29 UTC (permalink / raw)
To: lartc
I am trying to get IPP2P working on my router. Thus far I can see
connections being marked (see below), but they don't seem to get saved
or something. When looking at /proc/net/ip_conntrack, nothing has
anything other than 0 for mark. The iptables commands for this are:
iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark
iptables -t mangle -A PREROUTING -m mark ! --mark 0 -j ACCEPT
iptables -t mangle -A PREROUTING -m ipp2p --bit --dc --edk -j MARK
--set-mark 3
iptables -t mangle -A PREROUTING -m mark --mark 3 -j CONNMARK
--save-mark
iptables -t mangle -A POSTROUTING -o ppp0 -m mark --mark 3 -j CLASSIFY
--set-class 1:50
This is pretty much a copy of one of the examples from the ipp2p web
site. When doing a iptables -t mangle -L -n -v -x, I get the following:
Chain PREROUTING (policy ACCEPT 7179 packets, 1787132 bytes)
pkts bytes target prot opt in out source
destination
799 161475 CONNMARK all -- * * 0.0.0.0/0
0.0.0.0/0 CONNMARK restore
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 MARK match !0x0
28 4372 MARK all -- * * 0.0.0.0/0
0.0.0.0/0 ipp2p v0.7.4 --edk --dc --bit MARK set 0x3
28 4372 CONNMARK all -- * * 0.0.0.0/0
0.0.0.0/0 MARK match 0x3 CONNMARK save
Chain INPUT (policy ACCEPT 3388 packets, 610487 bytes)
pkts bytes target prot opt in out source
destination
Chain FORWARD (policy ACCEPT 3789 packets, 1175165 bytes)
pkts bytes target prot opt in out source
destination
Chain OUTPUT (policy ACCEPT 2911 packets, 684078 bytes)
pkts bytes target prot opt in out source
destination
Chain POSTROUTING (policy ACCEPT 6757 packets, 1866938 bytes)
pkts bytes target prot opt in out source
destination
15 1752 CLASSIFY all -- * ppp0 0.0.0.0/0
0.0.0.0/0 MARK match 0x3 CLASSIFY set 1:50
So I can see the packets are getting marked, or at least I see them
being matched. Just don't know why the connection doesn't get shaped.
Here's the stats from tc.
class htb 1:50 parent 1:1 leaf 50: prio 5 rate 325000bit ceil 650000bit
burst 1639b cburst 1680b
Sent 1752 bytes 15 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
lended: 15 borrowed: 0 giants: 0
tokens: 38314 ctokens: 19674
I am using kernel 2.6.11-6 and ipp2p 7.4 with iptables 1.2.9
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [LARTC] Connmark question
2005-12-05 13:29 [LARTC] Connmark question Michael Collard
@ 2005-12-06 14:08 ` Michael Collard
0 siblings, 0 replies; 2+ messages in thread
From: Michael Collard @ 2005-12-06 14:08 UTC (permalink / raw)
To: lartc
For the benefit of everyone, this is a kernel bug. There is info on it
here: http://qa.mandriva.com/show_bug.cgi?id\x13845
On Mon, 2005-12-05 at 21:29 +0800, Michael Collard wrote:
> I am trying to get IPP2P working on my router. Thus far I can see
> connections being marked (see below), but they don't seem to get saved
> or something. When looking at /proc/net/ip_conntrack, nothing has
> anything other than 0 for mark. The iptables commands for this are:
>
> iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark
> iptables -t mangle -A PREROUTING -m mark ! --mark 0 -j ACCEPT
> iptables -t mangle -A PREROUTING -m ipp2p --bit --dc --edk -j MARK
> --set-mark 3
> iptables -t mangle -A PREROUTING -m mark --mark 3 -j CONNMARK
> --save-mark
> iptables -t mangle -A POSTROUTING -o ppp0 -m mark --mark 3 -j CLASSIFY
> --set-class 1:50
>
> This is pretty much a copy of one of the examples from the ipp2p web
> site. When doing a iptables -t mangle -L -n -v -x, I get the following:
>
>
> Chain PREROUTING (policy ACCEPT 7179 packets, 1787132 bytes)
> pkts bytes target prot opt in out source
> destination
> 799 161475 CONNMARK all -- * * 0.0.0.0/0
> 0.0.0.0/0 CONNMARK restore
> 0 0 ACCEPT all -- * * 0.0.0.0/0
> 0.0.0.0/0 MARK match !0x0
> 28 4372 MARK all -- * * 0.0.0.0/0
> 0.0.0.0/0 ipp2p v0.7.4 --edk --dc --bit MARK set 0x3
> 28 4372 CONNMARK all -- * * 0.0.0.0/0
> 0.0.0.0/0 MARK match 0x3 CONNMARK save
>
> Chain INPUT (policy ACCEPT 3388 packets, 610487 bytes)
> pkts bytes target prot opt in out source
> destination
>
> Chain FORWARD (policy ACCEPT 3789 packets, 1175165 bytes)
> pkts bytes target prot opt in out source
> destination
>
> Chain OUTPUT (policy ACCEPT 2911 packets, 684078 bytes)
> pkts bytes target prot opt in out source
> destination
>
> Chain POSTROUTING (policy ACCEPT 6757 packets, 1866938 bytes)
> pkts bytes target prot opt in out source
> destination
> 15 1752 CLASSIFY all -- * ppp0 0.0.0.0/0
> 0.0.0.0/0 MARK match 0x3 CLASSIFY set 1:50
>
> So I can see the packets are getting marked, or at least I see them
> being matched. Just don't know why the connection doesn't get shaped.
> Here's the stats from tc.
>
> class htb 1:50 parent 1:1 leaf 50: prio 5 rate 325000bit ceil 650000bit
> burst 1639b cburst 1680b
> Sent 1752 bytes 15 pkt (dropped 0, overlimits 0 requeues 0)
> rate 0bit 0pps backlog 0b 0p requeues 0
> lended: 15 borrowed: 0 giants: 0
> tokens: 38314 ctokens: 19674
>
> I am using kernel 2.6.11-6 and ipp2p 7.4 with iptables 1.2.9
> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2005-12-06 14:08 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-12-05 13:29 [LARTC] Connmark question Michael Collard
2005-12-06 14:08 ` Michael Collard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.