From mboxrd@z Thu Jan 1 00:00:00 1970 From: =?koi8-r?B?58HX0snMz9cg6cfP0tg=?= Date: Mon, 30 Nov 2015 15:49:06 +0000 Subject: Re: Problem with cls_flow nfct-* keys Message-Id: <2128941448898546@web25h.yandex.ru> List-Id: References: <3419281448878074@web15j.yandex.ru> In-Reply-To: <3419281448878074@web15j.yandex.ru> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org > I am not sure if this should work or not. In all examples this worked, But I can't test it on old kenels - I use 3.10. > If there is no/low incoming traffic to this box then you could shape on > egress. Unfortunately this is not an option. The single case, where IFB could be a problem, and you can't shape on egress interface is when you have traffic to/from router. There is IPSec tunnels from WAN interface, and I need to share bandwidth dynamically between regular internet traffic and IPSec. > Generally I would avoid redirecting protocol all then restricting htb > default - you may end up dropping arp. I have dedicated class for ARP.