From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Christian Bauer" Date: Wed, 01 Jun 2005 12:51:20 +0000 Subject: [LARTC] TC Filtering Problems Message-Id: <490877975@web.de> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable To: lartc@vger.kernel.org Dear Admins and Hackers, maybe i am to stupid to use 'tc'. But i having logical Problems to understa= nd the Filter Rules in tc. Common Config: There is a Linux Engine (Debian) with a 2.6.11.11 Kernel which act as Packe= tshaper.=20 Two Interfaces eth0 and eth1 are installed. Interface 'eth0' is the Firewal= l Side Net 195.185.185.0/24. Interface 'eth1' goes to the Internet (switch and Routers= to the isps). Both Interfaces are bridged. The TEST Client is located on the eth0 Device = of the Packetshaper.=20 Kernel Module: (lsmod) Module Size Used by mirred 7744 0=20 sch_dsmark 7424 0=20 police 10976 0=20 pedit 7648 0=20 gact 7008 0=20 cls_rsvp 7424 0=20 cls_route 7808 0=20 sch_prio 5888 0=20 ipt_state 2048 0=20 ipt 8288 0=20 sch_htb 18816 0=20 cls_tcindex 8192 0=20 cls_u32 9220 0=20 cls_fw 5504 0=20 TC Config (a htb Qdisc): for d in eth0 eth1; do tc qdisc add dev $d root handle 1:0 htb default 12 tc class add dev $d parent 1:2 classid 1:2 htb rate 8096mbit tc class add dev $d parent 1:2 classid 1:10 htb rate 64kbit ceil 64kbit pri= o 0 tc class add dev $d parent 1:2 classid 1:12 htb rate 1024mbit ceil 1024mbit= prio 0 done Http Filter ( looks for (Source)Port 80 on Offset 20 in the Ip Packet (Http= server Answer) ): tc filter add dev eth0 parent 1:0 protocol ip prio 100 u32 match u32 0x5000= 00 0xffff0000 at 20 classid 1:10 This Filter is working and the http download on the Firewall Side is restic= ted to 64 kbit=20 as you can see below. tc -s filter show dev eth0 : filter parent 1: protocol ip pref 100 u32=20 filter parent 1: protocol ip pref 100 u32 fh 800: ht divisor 1=20 filter parent 1: protocol ip pref 100 u32 fh 800::800 order 2048 key ht 800= bkt 0 flowid 1:10 (rule hit 151 success 129) match 00500000/ffff0000 at 20 (success 129 )=20 But why i !cant! filter Packets with dstPort 80 or Src Ip on eth0: Dstport 80: tc filter add dev eth0 parent 1:0 protocol ip prio 0 u32 match u32 0x50 0xf= fff at nexthdr+0 classid 1:10 or Source Ipaddress: tc filter add dev eth0 parent 1:0 protocol ip prio 0 u32 match ip src 195.1= 85.185.2/32 classid 1:10 On these Filters are no success Counters. Our Firewall cant it be. I connec= t our Testlaptop directly to the eth0 Packetshaper Device. When i run a "tcpdump -i eth0" on the Packets= haper i saw the Src Ipaddress 195.185.185.2 and dstport 80 Packets. I cant understand why tc no= t able to find the SRC IP Fields in the Packets on eth0 of the Packetshaper. At first i though= t the problem will be the br_fw (bridgerouter) Option in the Kernel. Without these Option the Pro= blem is still alive. In my Eyes it=B4s not logical! Please can anyone help me? Have no Idea left. I hope there is a Hacker or Admin which can me tell the Filterlogic. thanks in advance Christian ______________________________________________________________ Verschicken Sie romantische, coole und witzige Bilder per SMS! Jetzt bei WEB.DE FreeMail: http://f.web.de/?mc=021193 _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc