From mboxrd@z Thu Jan 1 00:00:00 1970 From: Nikolay Kichukov Date: Mon, 11 Dec 2006 18:04:14 +0000 Subject: Re: [LARTC] traffic shaping vpn (GRE) traffic Message-Id: <457D9D9E.1020308@oldum.net> List-Id: References: <8cf5f0480612100855k56470461hdac146e0f2db7757@mail.gmail.com> In-Reply-To: <8cf5f0480612100855k56470461hdac146e0f2db7757@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org Hello Craig, Is it linux flavour specific kernel you are using? I guess there might be no tc support for the kind of match you are tring to do, but iptables support included. Those I presume might be different kernel options. In the first place, if anyone can say if the syntax of the following command is okay would be best choice: tc filter add dev eth2 parent 1:0 protocol ip u32 \ match ip protocol 47 0xff \ match ip u16 0x10 00ff at 24 \ classid 1:10 I am also CCing the LARTC list hoping anyone with more experience will know the answer. -Nik syncmaster4 wrote: > Hi Nikolay, > > I am using the standard kernel but we are able to successully allow GRE > traffic through IPTABLES running on this same computer. So I am > assuming we > do have support for GRE since we are able to successfully NAT it. > > I am far from a kernel/iptables/tc expert so maybe my assumption is > completely wrong... > > Thanks! > Craig > > > On 12/11/06, Nikolay Kichukov wrote: >> >> Hello syncmaster4, >> I am not much of an routing expert myself, but if you are getting the >> Illegal match error message, try looking in the command syntax or the >> kernel config to check if you compiled all the necessary modules for the >> command you are using. >> >> Have you got support for protocol 47? Just guessing here. >> >> -Nik >> >> syncmaster4 wrote: >> > Looking for some advise from the experts out there. >> > >> > We do simple traffice shaping and I'm having trouble figuring out >> how to >> > shape vpn traffic using a tc filter. >> > >> > The following filter works fine for SSH >> > tc filter add dev eth2 parent 1:0 protocol ip u32 match ip sport 22 >> > 0xffff classid 1:10 >> > >> > The following throws and "Illegal match" error when trying to filter >> GRE >> > traffic. >> > tc filter add dev eth2 parent 1:0 protocol ip u32 \ >> > match ip protocol 47 0xff \ >> > match ip u16 0x10 00ff at 24 \ >> > classid 1:10 >> > >> > Any pointers are greatly appreciated! >> > >> > CentOS 4.4 - 2.6.9-42.0.3.ELsmp >> > >> > Thanks! >> > Craig >> > >> > >> > >> ------------------------------------------------------------------------ >> > >> > _______________________________________________ >> > LARTC mailing list >> > LARTC@mailman.ds9a.nl >> > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc >> > _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc