From mboxrd@z Thu Jan 1 00:00:00 1970 From: Edwin Whitelaw Date: Tue, 11 Apr 2006 14:24:16 +0000 Subject: [LARTC] Htb queueing problem Message-Id: <443BBC10.20105@nrvunwired.net> List-Id: References: <44043A85.6080302@gmail.com> In-Reply-To: <44043A85.6080302@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset="windows-1252" Content-Transfer-Encoding: quoted-printable To: lartc@vger.kernel.org A note to confirm that "-m physdev --physdev-is-bridged" in the iptables=20 command does enable iptables to work in a bridged environment. I was=20 fighting the same problem and this indeed solved it. Below is my test script running on a two NIC Debian 3.1 266MHz bridge. =20 Before adding the physdev flag, only the "tc filter" commands worked but=20 now the iptables commands also correctly classify the packets both with=20 the MARK and CLASSIFY approaches. Note that the tc classes were setup=20 to give clear indication of which class was affecting the flow. Edwin ---------test tc script---------- #!/bin/bash RATE=8000 #if [ x$1 =3D 'xstop' ]; then if [ tc ]; then echo "Deleting qdisc for eth1" tc qdisc del dev eth1 root fi tc qdisc add dev eth1 root handle 1:0 htb default 90 tc class add dev eth1 parent 1:0 classid 1:1 htb rate ${RATE}kbit ceil=20 ${RATE}kbit tc class add dev eth1 parent 1:1 classid 1:10 htb rate 3000kbit ceil=20 3000kbit tc class add dev eth1 parent 1:1 classid 1:20 htb rate 1500kbit ceil=20 1500kbit tc class add dev eth1 parent 1:1 classid 1:30 htb rate 1000kbit ceil=20 1000kbit tc class add dev eth1 parent 1:1 classid 1:50 htb rate 500kbit ceil 500kbit tc class add dev eth1 parent 1:1 classid 1:90 htb rate 256kbit ceil 256kbit tc qdisc add dev eth1 parent 1:10 handle 10: sfq perturb 10 tc qdisc add dev eth1 parent 1:20 handle 20: sfq perturb 10 tc qdisc add dev eth1 parent 1:30 handle 30: sfq perturb 10 tc qdisc add dev eth1 parent 1:50 handle 50: sfq perturb 10 tc qdisc add dev eth1 parent 1:90 handle 90: sfq perturb 10 #tc filter add dev eth1 parent 1:0 protocol ip u32 match ip sport 80=20 0xffff classid 1:10 #tc filter add dev eth1 parent 1:0 protocol ip u32 match ip sport 22=20 0xffff classid 1:20 #tc filter add dev eth1 parent 1:0 protocol ip u32 match ip sport 25=20 0xffff classid 1:50 #tc filter add dev eth1 parent 1:0 protocol ip u32 match ip sport 110=20 0xffff classid 1:50 iptables -F -t mangle #out #iptables -t mangle -A POSTROUTING -m physdev --physdev-is-bridged -p=20 tcp --sport 80 -j MARK --set-mark 2 #iptables -t mangle -A FORWARD -o eth1 -p tcp --sport 22 -j MARK=20 --set-mark 1 #iptables -t mangle -A FORWARD -o eth1 -p tcp --sport 25 -j MARK=20 --set-mark 1 #iptables -t mangle -A FORWARD -o eth1 -p tcp --sport 110 -j MARK=20 --set-mark 1 # iptables -t mangle -A POSTROUTING -m physdev --physdev-is-bridged -p tcp=20 --sport 80 -j CLASSIFY --set-class 1:50 iptables -t mangle -A POSTROUTING -m physdev --physdev-is-bridged -p tcp=20 --sport 139 -j CLASSIFY --set-class 1:10 iptables -t mangle -A POSTROUTING -m physdev --physdev-is-bridged -p tcp=20 --sport 22 -j CLASSIFY --set-class 1:10 iptables -t mangle -A POSTROUTING -m physdev --physdev-is-bridged -p tcp=20 --sport 25 -j CLASSIFY --set-class 1:10 iptables -t mangle -A POSTROUTING -m physdev --physdev-is-bridged -p tcp=20 --sport 110 -j CLASSIFY --set-class 1:10 #tc filter add dev eth1 parent 1:0 protocol ip handle 1 fw classid 1:10 #tc filter add dev eth1 parent 1:0 protocol ip handle 2 fw classid 1:20 #tc filter add dev eth1 parent 1:0 protocol ip handle 3 fw classid 1:30 #tc filter add dev eth1 parent 1:0 protocol ip handle 5 fw classid 1:50 #tc filter add dev eth1 parent 1:0 protocol ip handle 9 fw classid 1:90 --=20 <=3D+=3D+=3D+=3D+=3D+=3D+=3D+=3D+=3D+=3D+=3D+=3D+=3D+=3D+=3D> Edwin Whitelaw, P.E. New River Valley Unwired, LLC 2200 Lonesome Dove Dr Christiansburg, VA 24073 540-239-0318 _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc