From: Radu Oprisan <radu@securesystems.ro>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] TC using vlan interface
Date: Fri, 23 Jun 2006 00:11:16 +0000 [thread overview]
Message-ID: <449B31A4.6060500@securesystems.ro> (raw)
In-Reply-To: <00e801c69608$127b67e0$0900fe0a@LucianoNotebook>
Torsten Luettgert wrote:
> On Fri, 2006-06-23 at 01:17 +0300, Radu Oprisan wrote:
>
>> Torsten Luettgert wrote:
>>
>>> On Thu, 2006-06-22 at 11:28 -0300, Luciano wrote:
>>>
>>>
>> Let me explain...
>> Due to the fact that vlan id's add some 4 bytes to the header of the
>> packet, tc filter does not work properly unless you feed it with an
>> offset and a hex match. I use 801.q and TC with iptables and tc filter
>> rules based on iptables mark with great success. I admit it is more
>> complicated this way, but it works...
>>
>> iptables -A FORWARD -t mangle -d xxx.xxx.xxx.xxx -j MARK --set-mark 12
>> iptables -A FORWARD -t mangle -d xxx.xxx.xxx.xxx -j RETURN
>>
>
> Oh, I see. Didn't ever think of those problems, because I never
> use tc filters. My setup would look like
>
> iptables -t mangle -A FORWARD -d x.y.z.t -j CLASSIFY --set-class 10:112
>
Ok, you can do it with -j CLASSIFY ... forgot about that. But anyway,
the best solution for this if you want speed is to adapt, as in, use the
offset trick in u32. I had an email once from somebody who was kind
enough to assist me in this problem and if i find it, i will gladly post
the translation.
Btw, all this marking and -j CLASSIFY uses quite a bit of processing
power, which amounts in a bigger timespan from the time the packet
enters the system until if finally leaves it.
> which removes a bit of the complexity.
>
> Regards,
> Torsten
>
>
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
prev parent reply other threads:[~2006-06-23 0:11 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-06-22 14:28 [LARTC] TC using vlan interface Luciano
2006-06-22 16:47 ` Torsten Luettgert
2006-06-22 22:17 ` Radu Oprisan
2006-06-22 23:44 ` Torsten Luettgert
2006-06-22 23:54 ` Gafton Claudiu
2006-06-23 0:11 ` Radu Oprisan [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=449B31A4.6060500@securesystems.ro \
--to=radu@securesystems.ro \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.