All of lore.kernel.org
 help / color / mirror / Atom feed
* [LARTC] complex; ifb, masq et omnia
@ 2006-03-06 17:53 Krzysztof Matusik
  2006-03-08 12:30 ` Andy Furniss
  0 siblings, 1 reply; 2+ messages in thread
From: Krzysztof Matusik @ 2006-03-06 17:53 UTC (permalink / raw)
  To: lartc

Hi all.

I'm using Jamal's ifb virtual interface from new kernel. Redirecting incoming 
traffic from external interface like that:
# tc [blahbla] match u32 0 0 flowid 1:0 action mirred egress redirect dev ifb0
to ifb to shape it.

The problem is that I'm using MASQUERADE by netfilter also. That redirected 
traffic coming from internet gets to ifb _before_ DNAT is done. So I cannot 
filter or mark it in other way by ip dst address to differ between forwarded 
and incoming traffic to my node.

Goal is to find a solution how to let tc filter find the difference between 
forwarded and incoming traffic in that redirected traffic coming to ifb 
device so shaping/queueing could be done elegantly :-)
(well, infact this traffic goes off ifb device and then gets routed and masqed 
etc- by egress queue)

Anybody got any nice ideas?

Krzysztof
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: [LARTC] complex; ifb, masq et omnia
  2006-03-06 17:53 [LARTC] complex; ifb, masq et omnia Krzysztof Matusik
@ 2006-03-08 12:30 ` Andy Furniss
  0 siblings, 0 replies; 2+ messages in thread
From: Andy Furniss @ 2006-03-08 12:30 UTC (permalink / raw)
  To: lartc

Krzysztof Matusik wrote:
> Hi all.
> 
> I'm using Jamal's ifb virtual interface from new kernel. Redirecting incoming 
> traffic from external interface like that:
> # tc [blahbla] match u32 0 0 flowid 1:0 action mirred egress redirect dev ifb0
> to ifb to shape it.
> 
> The problem is that I'm using MASQUERADE by netfilter also. That redirected 
> traffic coming from internet gets to ifb _before_ DNAT is done. So I cannot 
> filter or mark it in other way by ip dst address to differ between forwarded 
> and incoming traffic to my node.
> 
> Goal is to find a solution how to let tc filter find the difference between 
> forwarded and incoming traffic in that redirected traffic coming to ifb 
> device so shaping/queueing could be done elegantly :-)
> (well, infact this traffic goes off ifb device and then gets routed and masqed 
> etc- by egress queue)
> 
> Anybody got any nice ideas?

You still need to use IMQ for this situation at this time.

There has been talk of making an ematch that can get netfilter state.

Andy.
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2006-03-08 12:30 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-03-06 17:53 [LARTC] complex; ifb, masq et omnia Krzysztof Matusik
2006-03-08 12:30 ` Andy Furniss

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.