* [LARTC] filter ingress policy based on nfmark
@ 2005-06-01 8:56 Martin Vassilev
2005-06-01 21:31 ` Andy Furniss
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Martin Vassilev @ 2005-06-01 8:56 UTC (permalink / raw)
To: lartc
Hi all.
Since I move on to 2.6 kernel , filter ingress policy based on nfmark won´t
work.
Sorry for my english.
Simple example:
iptables -t mangle -I PREROUTING -j MARK --set-mark 1
${QDISC_ADD} handle ffff: ingress
${FILTER_ADD} parent ffff: protocol ip prio 100 handle 1 fw \
police rate 128Kbit burst 10k drop flowid 2:11
# tc -s -d qdisc ls dev eth0
qdisc ingress ffff: ----------------
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
# iptables -t mangle -L -n -v
pkts bytes target prot opt in out source destination
1362 293K MARK all -- * * 0.0.0.0/0 0.0.0.0/0
MARK set 0x1
No problems at 2.4 kernel.
--
Best Regards,
Martin Vassilev
NetSurf.net Ltd.
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: [LARTC] filter ingress policy based on nfmark 2005-06-01 8:56 [LARTC] filter ingress policy based on nfmark Martin Vassilev @ 2005-06-01 21:31 ` Andy Furniss 2005-06-02 9:25 ` Martin Vassilev 2005-06-02 9:48 ` Andy Furniss 2 siblings, 0 replies; 4+ messages in thread From: Andy Furniss @ 2005-06-01 21:31 UTC (permalink / raw) To: lartc Martin Vassilev wrote: > Hi all. > Since I move on to 2.6 kernel , filter ingress policy based on nfmark won´t > work. > Sorry for my english. > > Simple example: > > iptables -t mangle -I PREROUTING -j MARK --set-mark 1 > > ${QDISC_ADD} handle ffff: ingress > ${FILTER_ADD} parent ffff: protocol ip prio 100 handle 1 fw \ > police rate 128Kbit burst 10k drop flowid 2:11 > > # tc -s -d qdisc ls dev eth0 > qdisc ingress ffff: ---------------- > Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) > rate 0bit 0pps backlog 0b 0p requeues 0 > > # iptables -t mangle -L -n -v > pkts bytes target prot opt in out source destination > 1362 293K MARK all -- * * 0.0.0.0/0 0.0.0.0/0 > MARK set 0x1 > > No problems at 2.4 kernel. > On 2.6 whether policer sees marks or not depends on your kernel config. If you don't select classifier actions then you get the 2.4 behavior. Andy. _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [LARTC] filter ingress policy based on nfmark 2005-06-01 8:56 [LARTC] filter ingress policy based on nfmark Martin Vassilev 2005-06-01 21:31 ` Andy Furniss @ 2005-06-02 9:25 ` Martin Vassilev 2005-06-02 9:48 ` Andy Furniss 2 siblings, 0 replies; 4+ messages in thread From: Martin Vassilev @ 2005-06-02 9:25 UTC (permalink / raw) To: lartc On Thursday 02 June 2005 00:31, you wrote: > > On 2.6 whether policer sees marks or not depends on your kernel config. > > If you don't select classifier actions then you get the 2.4 behavior. > > Andy. Many thanks. -- Best Regards, Martin Vassilev NetSurf.net Ltd. _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [LARTC] filter ingress policy based on nfmark 2005-06-01 8:56 [LARTC] filter ingress policy based on nfmark Martin Vassilev 2005-06-01 21:31 ` Andy Furniss 2005-06-02 9:25 ` Martin Vassilev @ 2005-06-02 9:48 ` Andy Furniss 2 siblings, 0 replies; 4+ messages in thread From: Andy Furniss @ 2005-06-02 9:48 UTC (permalink / raw) To: lartc Martin Vassilev wrote: > On Thursday 02 June 2005 00:31, you wrote: > > >>On 2.6 whether policer sees marks or not depends on your kernel config. >> >>If you don't select classifier actions then you get the 2.4 behavior. >> >>Andy. > > > Many thanks. > Oops it's called packet action in the menu not classifier actions its CONFIG_NET_CLS_ACT which when deselected should allow you to select traffic policing rather than policing actions. Andy. _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2005-06-02 9:48 UTC | newest] Thread overview: 4+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2005-06-01 8:56 [LARTC] filter ingress policy based on nfmark Martin Vassilev 2005-06-01 21:31 ` Andy Furniss 2005-06-02 9:25 ` Martin Vassilev 2005-06-02 9:48 ` Andy Furniss
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.