cooperation between connection tracking and traffic shaping

cooperation between connection tracking and traffic shaping

[Yakov Lerner]

To the sip conntrack module, I added the code that creates
the corresponding QoS rule (via netlink) when conntrack detects
the port of the voice traffic (qos/tc by itself could not shape
dynamically by conntrack ports ..., and I wanted traffic
shaping on voice traffic by conntrack-recognized ports).

It worked. But I think it was ugly because:

     (1) I want qos-to-conntrack cooperation for more protocols
with dynamic ports ... can I have it/do it without hacking every
conntrack module ?

    (2) maybe there is a much easier way to achieve this
qos-to-conntrack cooperation [than hacking conntrack modules] ?

Thanks
Yakov

Re: cooperation between connection tracking and traffic shaping

[Filip Sneppe]

Hi Yakov,

On 11/1/06, Yakov Lerner <iler.ml@gmail.com> wrote:
> It worked. But I think it was ugly because:
>
>      (1) I want qos-to-conntrack cooperation for more protocols
> with dynamic ports ... can I have it/do it without hacking every
> conntrack module ?
>
>     (2) maybe there is a much easier way to achieve this
> qos-to-conntrack cooperation [than hacking conntrack modules] ?
>
Yes, the general way to do this, is to use the MARK target from
netfilter to mark the packets you want to QoS and then use the fwmark
from within your tc rules.

That works without hacking any code. Note that the fwmarks can also
be used between netfilter and the advanced routing framework in the
Linux kernel (ip route, ip rule, etc.)

Best regards,
Filip

Re: cooperation between connection tracking and traffic shaping

[Eric Leblond]

[-- Attachment #1: Type: text/plain, Size: 918 bytes --]

Hi,

Le mercredi 01 novembre 2006 à 11:21 +0100, Filip Sneppe a écrit :
> Hi Yakov,
> 
> On 11/1/06, Yakov Lerner <iler.ml@gmail.com> wrote:
> > It worked. But I think it was ugly because:
> >     (2) maybe there is a much easier way to achieve this
> > qos-to-conntrack cooperation [than hacking conntrack modules] ?
> >
> Yes, the general way to do this, is to use the MARK target from
> netfilter to mark the packets you want to QoS and then use the fwmark
> from within your tc rules.
> 
> That works without hacking any code. Note that the fwmarks can also
> be used between netfilter and the advanced routing framework in the
> Linux kernel (ip route, ip rule, etc.)

Yes, but you have to use CONNMARK on top of that to be able to put the
mark on all packets of a connections. It also works with RELATED
packets. This will be useful with SIP ...

BR,
-- 
Eric Leblond <eric@inl.fr>
INL

[-- Attachment #2: Ceci est une partie de message numériquement signée --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: cooperation between connection tracking and traffic shaping

[Yakov Lerner]

On 11/1/06, Eric Leblond <eric@inl.fr> wrote:
> Hi,
>
> Le mercredi 01 novembre 2006 à 11:21 +0100, Filip Sneppe a écrit :
> > Hi Yakov,
> >
> > On 11/1/06, Yakov Lerner <iler.ml@gmail.com> wrote:
> > > It worked. But I think it was ugly because:
> > >     (2) maybe there is a much easier way to achieve this
> > > qos-to-conntrack cooperation [than hacking conntrack modules] ?
> > >
> > Yes, the general way to do this, is to use the MARK target from
> > netfilter to mark the packets you want to QoS and then use the fwmark
> > from within your tc rules.
> >
> > That works without hacking any code. Note that the fwmarks can also
> > be used between netfilter and the advanced routing framework in the
> > Linux kernel (ip route, ip rule, etc.)
>
> Yes, but you have to use CONNMARK on top of that

And what's the solution for 2.4 ?

> to be able to put the
> mark on all packets of a connections. It also works with RELATED
> packets. This will be useful with SIP ...

Yakov