Re: [LARTC] Screening packets within tc-classes

[Patrick McHardy <kaber@trash.net>]

Andreas Unterkircher wrote:
> Hello list,
> 
> I'm currently a bit planless so perhaps someone here could give me a point in
> the right direction.
> 
> History: I wrote a shaper web tool (http://shaper.netshadow.at) and now got
> several feature requests if it would be possible to graph "what's going on"
> (this mean per IP address, tcp/udp ports or protocols) in a specific chain. A
> chain represents a specific tc-class. Packets get into this chains via
> tc-filter or iptables MARK.
> 
> Currently I'm drawing graphs with data got from the dequeuing counters via tc
> -s class show dev ${IF}. Not the best way - I know - but it was enough till
> yet.
> 
> Now the question is - is it possible to get direct access to network packets
> that flow through a specifc tc-class?
> 
> I was thinking about iptables and dumping the MARK-value via libpcap. But I
> don't think that this will work because the pcap-filter is attached to the
> device itself before the iptables rules (like the restore-mark) are acting. So
> I guess libpcap will not see this.

No it won't, but its not able to use the netfilter mark anyway. One way
would be to use the ipt action combined with the ULOG target and send
packets to userspace that way.
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc