From mboxrd@z Thu Jan 1 00:00:00 1970 From: Piotr Chytla Date: Sat, 08 Apr 2006 10:03:10 +0000 Subject: Re: [LARTC] u32 and iptables do not work together Message-Id: <20060408100310.GA30546@packetconsulting.pl> List-Id: References: <4436AEB8.1070300@cnett.com.br> In-Reply-To: <4436AEB8.1070300@cnett.com.br> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org On Fri, Apr 07, 2006 at 03:26:00PM -0300, Nataniel Klug wrote: > Hello all, > Hello > I am trying to make a filter into my QoS rules and I founded that > when I try to use filters u32 and with fwmark they do not work together. > This is the filter I use, just and example, for u32: > > $TC filter add dev $DL parent 1:0 protocol ip prio 1 u32 match ip sport > 22 0xffff flowid 1:10 > > This is working fine. Now if I try to mark a package that I want it > to go to the same class (1:10) it get an error: > > $IPT -t mangle -A PREROUTING -s 200.163.208.4 -j MARK --set-mark 10 > > Then I tryed to make the filter for this: > > $TC filter add dev $DL parent 1:0 protocol ip prio 1 handle 10 fw > classid 1:10 > In 2.4.x kernerls u32 and fwmark can't work together , you can only mark by u32 or fwmark . In 2.6.x kernela I think from 2.6.8 or something, you can use fwmark as u32 key In menuconfig check Networking/Networking support/Networking options/ and you have "Use nfmark as a key in U32 classifier". Example : tc filter add dev eth0 protocol ip parent 1:0 prio 5 u32 \ match mark 0x0090 0xffff \ match ip dst 4.4.4.4 \ flowid 1:90 /pch -- Dyslexia bug unpatched since 1977 ... exploit has been leaked to the underground. _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc