[LARTC] iptables CLASSIFY vs fwmark?

[LARTC] iptables CLASSIFY vs fwmark?

[Edwin Whitelaw]

Could someone comment on the benefits of using CLASSIFY vs fwmark (or 
vice versa) in iptables?

I'm getting ready to implement some basic tc for VoIP and most of the 
examples seem to use the (older?) fwmark syntax.  Should I convert these 
to CLASSIFY?  Can the two syntaxes be mixed?  Also with U32?

TIA,

Edwin

-- 
<=+=+=+=+=+=+=+=+=+=+=+=+=+=+=>
Edwin Whitelaw, P.E.
New River Valley Unwired, LLC
2200 Lonesome Dove Dr
Christiansburg, VA 24073
540-239-0318

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] iptables CLASSIFY vs fwmark?

[Denis Ovsienko]

> Could someone comment on the benefits of using CLASSIFY vs fwmark (or 
> vice versa) in iptables?
One benefit I see is that one avoids extra filters, this can be useful
with lots of classes.

-- 
    DO4-UANIC
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] iptables CLASSIFY vs fwmark?

[Edwin Whitelaw]

My observation also, but one example shows using fwmark in the 
PREROUTING chain while CLASSIFY can be used in POSTROUTING only 
(correct?).  My experience with tc at this point is limited but 
sometimes added flexibility is useful, even if it's a little more effort. 

Edwin

Denis Ovsienko wrote:
>> Could someone comment on the benefits of using CLASSIFY vs fwmark (or 
>> vice versa) in iptables?
>>     
> One benefit I see is that one avoids extra filters, this can be useful
> with lots of classes.
>
>   

-- 
<=+=+=+=+=+=+=+=+=+=+=+=+=+=+=>
Edwin Whitelaw, P.E.
New River Valley Unwired, LLC
2200 Lonesome Dove Dr
Christiansburg, VA 24073
540-239-0318

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

RE: [LARTC] iptables CLASSIFY vs fwmark?

[William Bohannan]

Using fwmark would mean that packets have to pass two filter systems. First
iptables, where the got marked and then the tc-filter ruleset where the mark
needs to be matched again. And this is something I want to avoid because
this means worse performance, so I was wondering if there is a possible way
to do time matching with classify instead of forward mark??  Anyone have a
patch for time matching so it can be used in the postrouting section?

Kind Regards

William

-----Original Message-----
From: lartc-bounces@mailman.ds9a.nl [mailto:lartc-bounces@mailman.ds9a.nl]
On Behalf Of Edwin Whitelaw
Sent: 06 May 2006 11:58
To: Denis Ovsienko
Cc: lartc@mailman.ds9a.nl
Subject: Re: [LARTC] iptables CLASSIFY vs fwmark?

My observation also, but one example shows using fwmark in the 
PREROUTING chain while CLASSIFY can be used in POSTROUTING only 
(correct?).  My experience with tc at this point is limited but 
sometimes added flexibility is useful, even if it's a little more effort. 

Edwin

Denis Ovsienko wrote:
>> Could someone comment on the benefits of using CLASSIFY vs fwmark (or 
>> vice versa) in iptables?
>>     
> One benefit I see is that one avoids extra filters, this can be useful
> with lots of classes.
>
>   

-- 
<=+=+=+=+=+=+=+=+=+=+=+=+=+=+=>
Edwin Whitelaw, P.E.
New River Valley Unwired, LLC
2200 Lonesome Dove Dr
Christiansburg, VA 24073
540-239-0318

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc